Welcome, Hacker.
Join the community to take advantage of all its opportunities
Sign up

Fraud Masters




Aug 3, 2019

Hey bro, today I will tell you about one huge scam, happen a year ago. Some time passed, but it still doesn't go out of my head.

Do you remember, when at the beginning of 2018, some smart guys appropriated $4 million by stealing IOTA cryptocurrency? At that time, the rate of the coin was really huge. Today I would like to analyze step-by-step actions of fraudsters, calculate approximate costs, risks and time periods.

When you create an IOTA wallet, you have to enter a phrase of 81 characters, in other words, a seed-phrase. The feature is that you need to enter such data by yourself. These characters could not be generated automatically, as Bitcoin does, for example. But 90% of users don't know that it's possible to generate seed-phrases in Linux or Mac terminal.

The essence of the scam was that the user (because of inexperience) didn't know where to get these seed-phrases. And what do we do when we have a headache? That's right - we are using google to solve the trouble. If you tried to Google it at that time, you would find the special AdWords paid link with keyword "Seed". Then the user follows the link and generate a seed-phrase for his iota wallet. The name of the site itself prompt to go to this particular link.

IOTASEED.IO looks like the official service, doesn't it?

The user, using the generated words, successfully registers his wallet and starts actively using it. Having huge traffic from google search, our fraudsters received a many and many of generated seed-phrases, and wallets in fact. IOTASEED.IO stored data about each generated key. The owner of the resource just had to wait until the wallets are filled. It should be noted that the preparation of this scam took a year approximately. And you remember 2018: the cryptocurrency boom, when any coin gave x10 profit per month.

Let's start from the beginning. Iotaseed.io domain has been registered in early 2017. Probably, they (or he) worked on the functional and design for half a year approximately. Active promotion of the site began in the summer of 2017. Promotion was carried out both through search queries and manually, as in the good old days. You can take a look at manual promotion:

Something special is hidden here. A newbee asks a question, and he is kindly answered and prompted how to proceed and where to get the phrases.

And then the fun begins. Instructions for using iota wallets appear across web and iotaseed.io appears there as instructions for creating wallets. People told to each other about that service, information passed from hand to hand.

What we have?
  • Search queries
  • Google AdWords
  • Manual promotion with twitter / reddit / bitcointalk (posts deleted) / facebook / forums
  • Word of mouth
  • The project started roughly at the beginning of the summer and finished in the autumn.
  • Preparation began from January / February 2017 with a total duration to completion = 8-9 months.
  • The main cost was the promotion of the product through Google adwords, they spent about $ 15.000 for it.
Technical realization:
  • Seed-phrase generator on site
  • Design
The technical realization was very simple. All data was just saved on the server and waited for the right moment.

  1. Simple technical realization
  2. Good marketing and promotion
  3. Implementation in current topics
  4. Waiting for the right moment
  5. Attack.
So, in about 8-9 months, the owners received $4.000.000. Not so bad, huh?

Members, viewing this thread

No members online now.