• Creator
    Topic
  • #4298 Reply
    Manju Ram
    Participant

      Type of Scam: Investment (Phishing)
      URL of Scam: arculus.at
      Victim Description: The victim, Himanshu, fell prey to a sophisticated phishing attack that impersonated “ARCULUS,” the brand of a hardware wallet he uses. The phishing email, which was cleverly personalized with his name, directed him to a fraudulent website that mimicked an official Arculus service. Unaware, he entered his 12-word recovery phrase on this site, leading to the immediate draining of his wallet containing significant amounts of cryptocurrency.

      Crypto Addresses:

      0x7D1AfA7B718fb893dB30A3aBc0Cfc608AaCfeBB0 📋
      0x514910771AF9Ca656af840dff83E8264EcF986CA 📋
      0x3B950a8154Bed8713D71d5e214416b5ad6df0051 📋
      bc1qh6yzx4ynjft745ya2hxw0esgq6agqtxrqstwjy 📋
      0x0D8775F648430679A709E98d2b0Cb6250d2887EF 📋
      0xc944E90C64B2c07662A292be6244BDf05Cda44a7 📋
      0x0F5D2fB29fb7d3CFeE444a200298f468908cC942 📋
      0xa0Bb13B2A0D14ab281a24c6B0b7B975f5471D9db 📋

      Amount Loss: $102,818.00

      Open-Source Intelligence Analysis: Preliminary Findings on Fraudulent Activities Associated with arculus.at

      Current Website:
      The website arculus.at is currently down, but it was involved in a phishing attack, using the reputable name of “ARCULUS” to deceive victims into disclosing sensitive recovery information.

      Domain Information:

      Domain: arculus.at
      Registrar: Key-Systems GmbH
      Nameservers: ns1.dispute.finedomain.at, ns2.dispute.finedomain.at

      Technical Analysis and Subpoena Recommendations:

      Domain Registrar: Key-Systems GmbHRecommendation for Subpoena: Obtain registration details, historical DNS records, and any available logs that might reveal identities or trace the phishing activities.
      Nameservers: Managed under dispute resolution, suggesting post-attack remediation or investigation.Recommendation for Subpoena: Investigate the nameservers’ logs for clues on the domain’s operational history and any associated malicious activities.

      Key Observations:
      The targeted phishing attack employed an email spoofing strategy that included personalized details, making the communication appear credible. The use of a temporarily active, authentic-looking website to collect sensitive security information is indicative of a high-level organized cybercrime operation.

      Conclusion:
      The phishing scam at arculus.at targeted users of the Arculus hardware wallet, leveraging detailed personal information and sophisticated mimicry of legitimate services to execute theft. Immediate legal actions, including detailed subpoenas to the domain registrar and an examination of associated nameservers, are essential for tracing the perpetrators and addressing the domain’s misuse in the scam.

    Viewing 0 reply threads
    • Author
      Replies
      • #6637 Reply
        Admin
        Keymaster

          You need to know about a phishing scam targeting cryptocurrency holders through a fake website, arculus.at. The scammers impersonated Arculus, a trusted hardware wallet provider, to steal recovery phrases. Victims received emails with a subject like “Private Invitation.” These emails appeared authentic, even addressing the recipients by name. When they clicked the link, it led them to a website mimicking the real Arculus platform. The website tricked them into entering their 12-word recovery phrases. Using this information, scammers drained wallets, transferring BTC, ETH, LINK, and other assets. Traces of these stolen funds show cashouts through Gate.io, Whitebit, KuCoin, MEXC Global, and XT. The fake website stopped working on October 15, 2024, but its damage remains.

          We understand how devastating this can be. That’s why CNC Intelligence got involved in this case. We traced the stolen funds and identified exchanges linked to the cashouts. Our investigators shared the findings with the victim and prepared a comprehensive report. The process isn’t over yet, but every piece of evidence strengthens the case against these criminals.

          This scam highlights how sophisticated phishing attacks have become. Always double-check links in emails, even when they seem legitimate. Never share recovery phrases online, no matter who asks. If you fall victim to a scam like this, act quickly. The sooner experts begin tracing your assets, the better your chances are of recovery. Yes, this is undoubtedly a scam. Don’t ignore the red flags. Stay informed and protect your investments.

      Viewing 0 reply threads
      Reply To: Sophisticated Phishing Scam Targeting Arculus Wallet Users via Arculus.at
      Your information:




      Scroll to Top