My journey on this scam all started with a suspicious DM in Twitter:
My immediate thoughts that this was a scam. Even Twitter thought so and flagged it as such. I was initially going to delete the message and move along. But then I thought, what if I see where this goes? So long as I don't give any personal details over, it should be OK (well that was my thinking).
So off I went. The first step was to get an email address that couldn't be associated with myself. For this I used the amazing service Fastmail. They have a service called Masked Email, that keeps your real email address private. Obviously the first step was to create an account on the exchange.
Well this is where the first surprise came about. I put in the promotion code from the Twitter DM in, and viola! I was ₿ 0.77242762 richer! This even more than what was said in the DM message.
So me being the evermore pessimist, I knew something wasn't right. I knew it was a scam. No one is simply going to randomly give that kind of money away. Even more so was the fact that the Twitter account that sent me the DM had been suspended by Twitter. It had be pondering for a few days what the angle could have been.
On the face of it, the exchange looked legitimate, to me at least. Someone would have had to gone through a lot of effort to get all the functionality in place for it to me some type of credential harvesting or personal detail information harvesting effort. There are real wallets, the ability to withdraw and deposit. Even the ability to convert.
The Catch?
So I had all thoughts going through my head. Could it be some type of money laundering through a legitimate exchange? What else could it be?
Well last night I found out. I had purposely let it be for a few days to see if anything happened. Nothing did, so the next logical step was to withdraw the Bitcoin (BC). I certainly wasn't going to put in my personal banking details in, so I thought that I would move the Bitcoin to a wallet that I have in a well known and reputable exchange. And this was the message that I got:
Strange! I don't seem to recall that happening in any other exchange that I've dealt with before. But granted I'm no expert on this stuff, so perhaps the promotion code had something to do with it. Now I knew this was going to be a gamble. But decided to take the risk, and more importantly I still really wanted to find out the catch! So off I went, deposited the required 0.01 BTC.
Shock, horror! That was simply not enough. Because the next message I got when I tried another withdraw attempt was:
Ah! So that's the catch. They keep on getting you to deposit more and more in order to withdraw your funds. I tried different things to try get my balance below the magical 0.3 BTC number but even transferring was met with another message:
So yeah, I'm down 0.01 BTC (and I knew that was technically a possibility). But the funds are still technically available to me I suppose, so I will be keeping an eye on it and see how things play out.
Hindsight is a wonderful thing! With bitcoin, transactions and balances on wallets is public, so long as you have the address of the wallet. This really is something that I should have checked for first. Because had I, I would have seen that the wallet actually didn't contain anything in the first place!
https://blockchair.com/bitcoin/address/1Bymmgeu2j9pcpnMzibMbpxhKN44GhAZLm
Questionable Security
If this were a legitimate exchange (there still is a possibility after all), they still have some questionable security around their platform:
This is totally fine… nothing to worry about at all 🙀 pic.twitter.com/WK5d3jr476
— Sean Wright (@SeanWrightSec) August 14, 2022
And yes, that is both the email address as well as the plaintext password for your account, being sent in an email (plaintext). For something handling financial data, this is pretty worrying.
Conclusion
So this was an interesting journey, and it does give you an insight into why scams work. Scammers know that people generally are motivated by greed or financial gain. So anything with the promise of "free money" will almost always net a few victims. Heck I even got a bit carried away, knowing full well the risks at play (and a small part of me even believed that this may have been real). If you do see some offer of "free money", especially if it is a significant amount, be very wary and try err on the side of caution and simply ignore it. Lastly, if you wish to dabble in cryptocurrency, stick with the well known and reputable exchanges such as:
Update 17 August 2022
So a further update. The Bitcoin that I deposited was withdrawn on the same day:
And surprise, surprise it doesn't show in their platform:
There is beyond a shadow of a doubt that this exchange is a scam. Looking at whois records shows this to be a Cloudflare fronted service:
It looks like they are making a tidy profit as well:
