Type of Scam: Impersonation and Fraudulent Transfer Scam
URL of Scam: blockcypher.com
Cryptocurrency Address: bc1qtufty5h5xg2ta49s565jqf8904y2c44rq7hnrk
Amount Lost: $25,682

Description: The victim was contacted by an individual claiming to be “Jack White” from Microsoft, alerting them of unauthorized login attempts and a subsequent data breach involving their email accounts. This caller, falsely claiming an association with Coinbase, advised the victim to transfer their Bitcoin to a supposedly more secure wallet due to the breach. Following the transfer, the funds were quickly moved from the controlled wallet without the victim’s consent or authorization.

Reported to: Coinbase (Case Ref. #20394369) and Action Fraud (Ref: NFRC240906905602). Case closed on September 24.

Open-Source Intelligence Analysis: Investigative Report on Fraudulent Activities at blockcypher.com

Current Website:
blockcypher.com is associated with a sophisticated scam involving impersonation and unauthorized cryptocurrency transactions, misleading the victim to believe that they were interacting with legitimate Microsoft and Coinbase representatives.

Domain and Hosting Information:

Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registered On: 2014-01-26
Expires On: 2027-01-26
Updated On: 2024-10-02
Status: ok
Nameservers:alec.ns.cloudflare.com
lady.ns.cloudflare.com

Technical Analysis and Legal Action Recommendations:

Domain Registrar: PDR Ltd. d/b/a PublicDomainRegistry.comAction Recommended: Obtain comprehensive registration and ownership details to trace the entities behind the site.
Nameservers: Managed by Cloudflare, Inc.Action Recommended: Request DNS logs and settings to investigate the domain’s network activities and identify any linked malicious operations.

Critical Observations:
The use of Cloudflare nameservers may enhance the site’s performance and reliability while potentially complicating efforts to trace the site’s actual operational base. The long-term domain registration suggests a potentially legitimate facade used to lend credibility to fraudulent activities.

Conclusion:
The deceptive operation conducted through blockcypher.com illustrates a complex scam employing identity impersonation and exploitation of trust. Immediate, detailed legal actions, including subpoenas for domain registration and DNS activity, are essential to dismantle the fraudulent infrastructure and explore potential avenues for recovering the victim’s funds. The scam’s sophisticated nature and the involvement of supposed security advice from recognized corporate entities highlight the need for increased vigilance and education among cryptocurrency users regarding security practices.