Bitcoin Scam Exposes Thousands to Data Breach

Published on by Cointele | Published on

Mentioned in this article
Fraudulent websites successfully have stolen the personal records of a number of individuals from the U.K., Australia, South Africa, the U.S., Singapore, Malaysia, Spain, and more.

The attack was executed as a targeted multi-stage Bitcoin scam propagated by a number of fraudulent websites.

According to the Singapore-based intelligence company, Group-IB, the attack exposed personal data for thousands of people.

Impersonating recognized media outlets and personalitiesVictim's phone numbers, which in most cases came with names and emails, were contained in personalized URLs used to redirect people to websites.

Analysis conducted on the leaked numbers allowed Group-IB to establish where the majority of the data had leaked from.

The report details that victims commonly received a text message, or SMS, which mentioned the name of the recipient.

"Fraudulent schemes have become more complicated. They now involve several stages, complex distributed infrastructure, and abuse of personal and corporate brands that is hard to track down and block using traditional detection methods. Companies and celebrities whose names were hijacked by fraudsters suffer reputational damage and face diminished customer trust."

Different names for the same fraudulent investment platformResearchers spotted six active domains featuring the same Bitcoin investment platform.

"Further analysis of the URLs revealed that a short link takes a victim to another URL which already demonstrates their personal data, such as the phone number, first or/and last name, and sometimes an email address, and used for redirects to fake websites masquerading as a local media outlet. The experts believe that the personal information info could have been obtained by fraudsters through a separate fraudulent scheme or simply bought from a third party."

The Group-IB team has analyzed the exposed info using a number of data breach repositories.