Number of crypto giveaway scams is rapidly growing

Giveaway scams are booming in the crypto sector. The first half of 2022 saw a rapid growth in the number of domains used for promoting fraudulent projects.

Crypto giveaway scams are a type of social engineering fraud in which thieves try to trick users into sending a certain amount of cryptocurrency in exchange for a share of the giveaway. This type of scheme, usually involving YouTube streams, has been on the rise in the first half of 2022, according to the report published by Group-IB, a cybersecurity company headquartered in Singapore. The number of domains used in such schemes has increased fivefold and exceeded 2,000. Compared to the first half of 2021, the figure has spiked by a factor of 53.

Number of domains used for crypto giveaway scams
Source: Group-IB

"ETH" and .com – top choices for crypto scammers

Over 60% of the names were registered with registrars based in Russia as you can see on the chart below. Swindlers typically utilize addresses with global top-level domains (TLDs), which helps in targeting users from Western countries, where such endings – sometimes on par with local country-code TLDs – are most popular and trusted.

Registrars preferred by crypto scammers
Source: Group-IB

The top three zones used for setting up scam websites were:

  • .com (31.65%),
  • .net (23.86%),
  • .org (22.94%).

The content on the websites was mainly in English, though some resources were available in Spanish.

Group-ID experts have also identified the keywords used in the scams and rated them based on the usage frequency. "ETH" turned out to be the swindlers' "favorite" one, with "Ark" coming second, followed by "Elon Musk."

TLDs and keywords used in crypto giveaway scams
Source: Group-IB

Crypto scammers "feature" celebrities

Scammers are up-to-date with the headlines and eager to exploit the names of crypto celebrities as well as other famous people linked to the crypto world. In their streams, they have "featured" Vitalik Buterin, Elon Musk, Brad Garlinghouse, Michael J. Saylor, and Cathie Wood, among others. In the period covered by the report, they have also started exploiting the name of Nayib Bukele, the president of El Salvador, and Cristiano Ronaldo, the soccer superstar.

The choice is not accidental. In 2021, Bukele went all-in on Bitcoin, announcing a bill to adopt the cryptocurrency as the country's legal tender. As regards Ronaldo, last year, he became the first world-famous football player to be rewarded for his achievements in cryptocurrency tokens, and in June this year, he signed an exclusive partnership deal with Binance.

According to the report, the criminals used the footage of crypto and non-crypto celebrities to lure viewers into visiting fraudulent websites for fake giveaways. Users were urged to transfer their "coins" to the given address or disclose the seed phrase of their wallet for the promise of a payout.

Scam accounts: hijacked, bought, or rented

The main traffic driver for crypto giveaway scams is YouTube, followed by Twitch and crypto streaming platforms. The accounts used for scams are frequently hijacked with dedicated stealer software. The thieves then rename the channel, delete the existing content, modify the design, and upload fraudulent crypto-related videos.

Sometimes scammers strike up deals with streamers and buy or rent their accounts for a percentage of the stolen funds, usually ranging between 10% and 50%. The price and conditions depend on the number of the channel's subscribers. The higher number of subscribers makes the account harder to block because the volume of user complaints is the main factor contributing to the suspension. Other costs include various performance tools for targeting and attracting viewers through recommendations features on the relevant platforms. The fake streams attract quite a number of viewers, with an average of 15,000.

Crypto scam toolkit as a subscription service

The key factor driving the growth of crypto scams is the availability of easy-to-use tools for fraudsters. Even apt first-timers can easily find relevant information, resources, and "assistance" from fellow scammers on underground forums. It's also worth noting that most of those websites are Russian, which inspires thoughts about the possible political aspect of the phenomenon.

The market is well-advanced with a wide range of tools and services. These include exchange platforms for hacked accounts, viewer-targeting solutions, manuals, safe hosting, website editors, and even software for creating deep fake videos.

The underground offer also covers "B2B" cooperation. For example, for $30, you can order production of a deepfake with a celebrity, $200 will get you an appealing design for your fraudulent stream, and for a few hundred bucks, you can have a neat website to promote your fake giveaway. A subscription fee for a suite of tools for scammers starts at $500 per month.

In any case, we suggest that you don't go looking for deals in those types of marketplaces. Not only for moral but also legal reasons.