Reported As Possible Scam
-
Search Results
-
Cryptocurrency scams continue to evolve, and one of the latest examples involves a scammer impersonating a fraud prevention agent from Coinbase. The victim reported a significant loss of 0.40550574 BTC (approximately $25,682.00 USD) after falling for a phishing scheme. The funds were transferred to a wallet address linked to the scam:
bc1qtufty5h5xg2ta49s565jqf8904y2c44rq7hnrk 
.How the Scam Unfolded
The victim received a phone call from an individual claiming to be Jack White, a fraud prevention officer from Coinbase. The scammer had already gathered some personal information and used it to convince the victim that their Coinbase account was under threat. According to the victim, they had been receiving emails from Microsoft alerting them about multiple failed attempts to change the passwords of both their Gmail and Hotmail accounts.
The scammer claimed that because of these unauthorized attempts, the victim’s Bitcoin was at risk and needed to be moved from Coinbase to a more secure Coinbase Wallet. Initially hesitant, the victim was convinced by the scammer’s knowledge of their personal details, as well as the convincing back-and-forth conversation via an online chat platform that appeared to be legitimate.
The Fake Transfer: How the Funds Were Stolen
Once the victim was convinced that their Bitcoin was in jeopardy, they agreed to transfer their funds to the Coinbase Wallet for “security reasons.” However, once the transaction was confirmed, the victim was unable to access the funds and noticed that the money was transferred out to the wallet address
bc1qtufty5h5xg2ta49s565jqf8904y2c44rq7hnrk without any approval from their side.The victim further mentioned that the transaction was processed through BlockCypher.com, which facilitated the movement of the stolen funds. Despite reporting the issue immediately to Coinbase support, the support team claimed that the funds were still being verified. At the time of reporting, the victim could still see the funds in their Coinbase wallet but was unable to stop the transfer. Despite escalating the issue through Coinbase support and Action Fraud, the funds remained stolen, and the case was eventually closed on September 24, 2024, by Coinbase.
Investigation Results: One Trace Found at Binance
Our investigation revealed that the stolen funds from the wallet address
bc1qtufty5h5xg2ta49s565jqf8904y2c44rq7hnrk were cashed out at Binance, a major cryptocurrency exchange. While this trace doesn’t guarantee the recovery of the funds, it highlights how scammers are laundering stolen crypto through legitimate platforms. Binance and other exchanges are encouraged to improve their anti-money laundering (AML) protocols to prevent such transactions.Victim’s Report and Action
- Loss: 0.40550574 BTC (~$25,682.00 USD)
- Fraudulent Wallet Address: bc1qtufty5h5xg2ta49s565jqf8904y2c44rq7hnrk
- Facilitating Service: BlockCypher.com
The victim also reported the incident to Action Fraud and Coinbase, but unfortunately, the case was closed on September 24, 2024 without any resolution or recovery of funds.
Red Flags and Warning Signs
- Impersonation of Support Agents: Scammers often pose as customer support agents or fraud prevention officers to gain trust.
- Unsolicited Calls and Emails: If you receive a call or email out of the blue claiming that your account has been compromised, it’s crucial to verify the information independently.
- Pressure to Transfer Funds Quickly: Fraudsters may rush victims into making hasty decisions about transferring funds.
- No Approval for Transactions: Legitimate crypto transfers require user approval at every step. If you notice unauthorized transactions, it’s a major red flag.
- Fake Online Chats: Scammers use convincing fake chat platforms to mimic official customer support channels, further building trust with victims.
Conclusion
This scam demonstrates how fraudsters manipulate personal information and impersonate legitimate support channels to steal cryptocurrency. In this case, the victim lost over $25,000 USD due to the fraudulent use of a Coinbase Wallet. The mention of BlockCypher.com in facilitating the transaction emphasizes the need for additional scrutiny over third-party services used for cryptocurrency transfers. Always exercise caution when dealing with unsolicited communications, and ensure that your cryptocurrency transactions are fully verified before approval.
Scam Details: The victim was lured into an investment scam operated through BlockCypher.com. Promising substantial returns, the scam involved a total of 0.40550 BTC, leading to a loss of $26,000. After transferring the funds to the provided cryptocurrency address, the victim was unable to withdraw or recover the invested amount, indicating the fraudulent nature of the platform.Domain Information Analysis:
Domain: blockcypher.com
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Nameservers: cloudflare.com
Registration Details: Registered on January 26, 2014; set to expire on January 26, 2027.
Status: Active
Registrant Contact: Matthieu Riou
Location: Redwood City, California, US
Phone: +1.4158685675
The use of Cloudflare as a nameserver suggests an attempt to mask the platform’s true location or operators, which is common in fraudulent websites.Receiving Cryptocurrency Address:
BTC:
bc1qtufty5h5xg2ta49s565jqf8904y2c44rq7hnrk
Recommended Actions:Report to Cryptocurrency Exchanges: Notify cryptocurrency exchanges about the fraudulent transaction. Provide them with the cryptocurrency address to help monitor or trace any movement of the stolen funds.
Contact Law Enforcement: File a report with local law enforcement or cybercrime units. Provide full details of the scam, including the cryptocurrency address, transaction IDs, and any correspondence with the fraudulent platform.
Consult Legal Experts: Consult with a lawyer who specializes in cryptocurrency scams. Legal professionals can offer guidance on potential recovery options and how to navigate the complexities of international scams.
Secure Remaining Digital Assets: Ensure any remaining cryptocurrency or digital assets are stored securely in a trusted, non-compromised wallet.
Fraud Alerts and Monitoring: Set up alerts using blockchain monitoring services to track the scam-related address. This can help in tracing any future movement of the stolen funds.
Public Awareness: Share your experience on social media, cryptocurrency forums, and scam reporting platforms. Raising awareness will help prevent other investors from falling victim to the same scam.Conclusion: Engagement with BlockCypher resulted in a financial loss of $26,000 due to an investment scam. Immediate action, including reporting the scam to exchanges, law enforcement, and legal professionals, is critical to minimize further damage. Raising public awareness can help protect others from similar scams.
Type of Scam: Impersonation and Fraudulent Transfer Scam
URL of Scam: blockcypher.com
Cryptocurrency Address:bc1qtufty5h5xg2ta49s565jqf8904y2c44rq7hnrk
Amount Lost: $25,682Description: The victim was contacted by an individual claiming to be “Jack White” from Microsoft, alerting them of unauthorized login attempts and a subsequent data breach involving their email accounts. This caller, falsely claiming an association with Coinbase, advised the victim to transfer their Bitcoin to a supposedly more secure wallet due to the breach. Following the transfer, the funds were quickly moved from the controlled wallet without the victim’s consent or authorization.
Reported to: Coinbase (Case Ref. #20394369) and Action Fraud (Ref: NFRC240906905602). Case closed on September 24.
Open-Source Intelligence Analysis: Investigative Report on Fraudulent Activities at blockcypher.com
Current Website:
blockcypher.com is associated with a sophisticated scam involving impersonation and unauthorized cryptocurrency transactions, misleading the victim to believe that they were interacting with legitimate Microsoft and Coinbase representatives.Domain and Hosting Information:
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registered On: 2014-01-26
Expires On: 2027-01-26
Updated On: 2024-10-02
Status: ok
Nameservers:alec.ns.cloudflare.com
lady.ns.cloudflare.comTechnical Analysis and Legal Action Recommendations:
Domain Registrar: PDR Ltd. d/b/a PublicDomainRegistry.comAction Recommended: Obtain comprehensive registration and ownership details to trace the entities behind the site.
Nameservers: Managed by Cloudflare, Inc.Action Recommended: Request DNS logs and settings to investigate the domain’s network activities and identify any linked malicious operations.Critical Observations:
The use of Cloudflare nameservers may enhance the site’s performance and reliability while potentially complicating efforts to trace the site’s actual operational base. The long-term domain registration suggests a potentially legitimate facade used to lend credibility to fraudulent activities.Conclusion:
The deceptive operation conducted through blockcypher.com illustrates a complex scam employing identity impersonation and exploitation of trust. Immediate, detailed legal actions, including subpoenas for domain registration and DNS activity, are essential to dismantle the fraudulent infrastructure and explore potential avenues for recovering the victim’s funds. The scam’s sophisticated nature and the involvement of supposed security advice from recognized corporate entities highlight the need for increased vigilance and education among cryptocurrency users regarding security practices.