32 Scam Reports

Malware Scam

1

Doenerium stealer with clipper and miner. XLM addresses: GBJZGUGN3X3GNYAJ62HLITQH3NPLBQ6NB644OX5DDMVAOZBAIXRXV4NM GB7HQ2WNBSUNHATASST44ADP2ND34BRTHKWWLIKRU6YP54SJUK53OLQG XMR addresses: 43P5XxZFPMyXjDjYU5ZrYY2ASXKXDfb38cKKCRnPaWJfVk8boEhkR52FZfioi76n9tZgvfXkaekpxM4GzsWWeuS61KK5qGg 4B4D15Q6kas9YGxASZsqhBJVTvyDmS4kb522N8AvzNPx4zRgsxxBDzxPXwpZoCToJVMUffwjRDxNn9e8YbSTj7Sw5jGbwGS XRP addresses: rD1kMAqwNY3d4HGDEzQk9yi9SQ87bohN6v rJvtArsqqv7LEmb3BF6e1vHudGPCQppaxf BCH addresses: qz6ql5jqxuk9enjsse9pxza62j46rw4725hkf88pxq qzmckzguqmnldh825gjwv49p8zw5c5p02v0605gf5j DASH addresses: XdfTVs5AbJuXBJ11JNqh5Gd7SfQhSAt4kX Xn6Mnu6aDxYz2cmka77JE6w8YTULbHyYBR NEO addresses: AeToyzhytTEDouZdZAWfJ1QTFVqDjEvDKU ANn5THmQidTh6zENyCytJV98i6po1dLJhh DOGE addresses: DGSeUm9yozvfdza24ENepRy2XnFVtxdvTC DQ5eZQyMbCsAGDoE7vq3zsPH7v43EvfUV6

0
1
Reported Addresses
Reported Address
0x8d12090e40f89a4d4be2a148a3e64d09abd9e213
Reported Address
0x2086a641D1dD2C3557e6b880E8A97cfdfDb04d4E
Reported Address
bc1q08fy4km3rrfys0qu7yne24nw2cuqz7ufn83nu6

+ 3 more

Malware Scam

1

RedLine Stealer malware and wallet drainer attempt against Luis Buenaventura (cryptopop). Attacker impersonated as part of Foundation. The wallet drainer attempt is super interesting... As this malicious actor/s was desperate to get Luis' assets, a link was sent under the guise of a "blog website" foundation-interview[.]app When visiting the wallet drainer, the IP is logged and sent straight to the malicious actor via a Telegram bot. Used for other notifs as well. Пользователь ipAddressHere зашел на сайт id: 5759151142 - Drainer Bot - ethewrearfsafda_bot id: 5124701409 - Дора - doramoney The receiver for the foundation-interview[.]app wallet drainer is 0x53EfD488038E5f8c4a922a8aD6498FA1cd7db3DA A quick check on @MistTrack_io shows the flow of funds and ties to several victims, namely: @casperdefi, @Cryptezz1, @toastpunk, @Kuhrak...(there could be more) The wallet drainer configuration abuses these API providers @MoralisWeb3 FIH13rwF3rZLDHtfqt7iDS0t9Nb9CskjJXKfZy5j0suhhHfFSGmi50cz039HpqNs @zapper_fi Basic MmYyOWI3NDUtMjRlNy00MjMxLWIyODQtNzk3MmY2ODczY2IwOg==

0
1
Reported Addresses and Domains
Reported Domain

foundation-email.app

Reported Domain

foundation-interview.app

Reported Address
0x53EfD488038E5f8c4a922a8aD6498FA1cd7db3DA

Malware Scam

1

Observed targeting discord users through malware

0
1
Reported Addresses
Reported Address
LcJ5YgL4eHvrHcHBXDw2ehh6mzt42Sp5jB
Reported Address
LRJKtBj9x5WXhi5FzMSTTeJYnzg9gPUmCJ

Malware Scam

3

Cthulhu World. Lures via numerous alt accounts on Twitter under the guise of: - advertising - game testing Upon interacting, you will be given a code to download the "game." The earliest activity was on Aug 15, 2022. Shows similarities to the "Reptile World" malware campaign. Likely to be the same malicious actor/s. Distributes three kinds of malware: Raccoon Stealer, Async RAT, and RedLine Stealer.

0
3
Reported Addresses and Domains
Reported Domain

cthulhu-world.com

Reported Address
0xd6eeC5902E37818BA43eadC5e7419bC51346d314

Malware Scam

2

Cagyjan, a crypto gaming influencer, was hit by a Redline stealer malware that pretended to be an installer for a new game.

0
2
Reported Domains
Reported Domain

metastaxel.com

Reported Domain

metastaxel.com/StaxelLauncher.exe

Malware Scam

3

The Ascended NFT Origin - NFT promo drop to Users on Opensea “Hidden” address . Suspected reentrancy malware contained in smart contract. DO NOT INTERACT

0
3
Reported Addresses and Domains
Reported Address
0xE29894DA1d40BB9E55CE25A24617F7B83e72e5C1
Reported Domain

https://opensea.io/collection/the-ascended-nft-origin-v2

Malware Scam

3

Installed Chrome extension called, HederaverseNFT Toolkit, to mint NFTs several months ago. I believe it was a key stroke hack of my password for Hedera community wallet, Hashpack app.

0
3
Reported Address
Reported Address
0.0.1097432

Malware Scam

2

Impersonating Trust Wallet. Distributing backdoored version of Trust Wallet apps on both Android and iOS. Exfil to trustswallets[.]com

0
2
Reported Domains
Reported Domain

trustwailet.cn

Reported Domain

walltetrust.com

Reported Domain

zhurf.cc

+ 1 more

Malware Scam

3

Impersonating Trust Wallet. Distributes an Android app that has a backdoor to exfiltrate seed phrase. Admin panel links to a possible Chinese malicious actor/s.

0
3
Reported Domains
Reported Domain

trusstwallet.site

Reported Domain

trusrtwallet.in

Reported Domain

trustwallet.life

+ 3 more

Malware Scam

4

On discord someone (0.0.630505)? impersonated to be a XACT admin and made me install some malware. Afterwards my hbar was gone and sent to (0.0.16952 and 0.0.16953 are Binance addresses). Van: Alban Barbosa <albanbarbosa@hotmail.com> Verzonden: dinsdag 10 mei 2022 13:23 Aan: Patrick.hendriks@poliitie.nl <Patrick.hendriks@poliitie.nl> Onderwerp: Waar zijn de munten en NFTs nu Zie hieronder voor de hbars en : • green one • [ 12:36 PM] https://hashscan.io/#/mainnet/token/0.0.597936 Just change the token # and you can track them all, put a tweet about this account. • [ 12:38 PM] https://hashscan.io/#/mainnet/account/0.0.630505 • [ 12:42 PM] good luck tracing, but this is the main account I think https://hashscan.io/#/mainnet/account/0.0.407219 En dit hierboven voor mijn NFT's. Mvg, Alban Van: Alban Barbosa <albanbarbosa@hotmail.com> Verzonden: dinsdag 10 mei 2022 11:01 Aan: Alban Barbosa <albanbarbosa@outlook.com> Onderwerp: politie Actually, your funds were received, but then moved <Screenshot (58).png> <Screenshot (59).png> Receiving (deposit) transactions: https://app.dragonglass.me/hedera/transactions/00169531649589201394522221 https://app.dragonglass.me/hedera/transactions/00169531651396495280907982 Sending (withdraw) transactions: https://app.dragonglass.me/hedera/transactions/005129221649589551726680621 44,000 to Binance (no memo) https://app.dragonglass.me/hedera/transactions/005129221651403002436747413 42,000 to 0.0.630505 Then, 0.0.630505 sent to 0.0.407219 (apparently, binance too with memo ) https://app.dragonglass.me/hedera/transactions/006305051651403138816902418 Contact Binance as soon as possible, share with them the fact you've been scammed, with those transactions ASAP to block it: https://www.binance.com/en/support/faq/360000006051 Send to another account all the assets you have too!

0
4
Reported Address
Reported Address
0.0.630505

Malware Scam

4

What happened: I myself am a developer and often work with clients to get blockchain jobs done. This client reached out to me about creating an NFT collection for them. They already had the base characters and wanted the attributes plus the mint and everything made. Seemed like a normal job, but in hind-site there budget was suspiciously large although we never settled on final price and he seemed to want some integration work done as well so I didn’t think much of it. After talking back and forth (discord chat attached) we seemed like we were good. We hopped on a call and spoke about final details and he mentioned I could download both a beta version of the game and the artists files online and sent me the link. The game appeared legit and I saw they had a twitter and a discord that looked legit as well. I obviously didn’t look into them as much as I should. I downloaded the files and unzipped them. Clicking through them I tried running one that was the game to see what it was about, and this was obviously the biggest mistake. An hour or so later I checked my wallets and all sol was gone and most NFTs I panicked and tried to save whatever I could. From about 12 different wallets, all drained. About 1200 total SOL plus multiple NFTs. I then noticed my metamask wallet had the same thing happen to it. About 10 ETH in total was taken from that plus they floored multiple NFTs of mine and cashed that out before I had time to send out anything that was left. I know I made many mistakes in this process and also know I probably wont get that money back but any chance I have im willing to take cause that was almost everything I had. Thankfully I had some bitcoin and a couple NFTs on my ledger, but had all my SOL and eth on hot wallets because ive been day trading with it. I estimate that I lost around $70,000 worth of stuff (about 550 SOL of that was my projects treasury). I know one other project founder also lost everything from this same scam. Over 1000 sol. My compromised SOL wallets (from largest funds to smallest): 2eUQKVR5jqk9qHsx75fCAwwVosuM9Eprpryt3wNT8uxj 5HgM9TCvNbLddDqUVkHv7W1jBcAYt8VptgX5D6P8SNE3 Bp4vdRUUfygTj3RgQrFvDSQDka4aBzRyvP7do7Jus3Ee 63xA3EqYaR7UosdcZcBQgPyLBttrzaHwxvmoSiTSDQbC zo4PwdyqCuu86BGeVk5N71jAq516CD5vRYy63n6uSzg Aa586CoHSmRXKt4NSAN75YaNecms5UVMbhWx5HvL9pg3 6Y3DKHgWX5tU6S4smXt9mstrEzn4krEyibqbn16LgFe7 There was a few other wallets compromised but nothing of much value was in it or taken. My eth wallets compromised: 0x68f7036f41Bf4FC370E273Eb3dc7f95A979afc9A 0x7098C5846c570Fc30315e31d9F6545A71034ABFa I was able to save some NFTs but not much of value.

0
4
Reported Addresses and Domains
Reported Domain

https://idlemaster3d.com/

Reported Address
DJ7doi4vLtL8N3kpQjh1YK91gcK1a4JYmeUPtJL4bE4K
Reported Address
Abih5VzqFR8qMCJZNi1C7pJjkVZThgaKk9r6gjv1kYmC

+ 11 more

Malware Scam

3

I was approached as an artist to do the artwork for the Idle Master 2d nft collection which was apparently coming out. I agreed, we talked through artwork and then they invited me to test out the newly released beta of their game. Went onto the website to download (code - F3H2-HF52 for the download), tried to install and it came up with an error - they said it was because they were in beta and had some bugs. Then a couple of days after a number of wallets that i had access to got drained and they also tried deactivating my twitter account. Have spoke to a couple of other people who also got drained and this was the same experience they had. It looks like he also did this 2 months ago to a number of other NFT developers. search this wallet (one that he transfered 12 sol to after the scam) 6uhD4cWsiFgRaH7KC39waEVb6quJprgrUhkCTH65pwPM https://mobile.twitter.com/heisenbergsol on this profile

0
3
Reported Domains
Reported Domain

https://idlemaster3d.com/

Reported Domain

https://solscan.io/account/Abih5VzqFR8qMCJZNi1C7pJjkVZThgaKk9r6gjv1kYmC

Malware Scam

2

Artist of my project was approached as an artist to do the artwork for the Idle Master 2d NFT collection which was apparently coming out. They agreed, they talked through artwork and then they invited them to test out the newly released beta of their game. Went onto the website to download (code - F3H2-HF52 for the download), tried to install and it came up with an error - they said it was because they were in beta and had some bugs. Then a couple of days after a number of wallets got drained and they also tried deactivating their twitter account. Have spoke to a couple of other people who also got drained and this was the same experience they had. We have lost 138.72 SOL.

0
2
Reported Addresses and Domains
Reported Domain

https://idlemaster3d.com/

Reported Address
Abih5VzqFR8qMCJZNi1C7pJjkVZThgaKk9r6gjv1kYmC

Malware Scam

2

= Crossposting old reports = Reached out for a potential collaboration. Sent a wetransfer link to download a "contract". Upon checking, a bloated screen saver file is given, which is a Redline stealer malware. Impersonated ayzd.

0
2
Reported Domain
Reported Domain

myaquare.com

Malware Scam

2

Fake Reptile Chronicles beta game test. Serves Redline stealer malware. Leverages on the fact that players are eager to test a new P2E game. Same threat actor who impersonated Stellar Fantasy. second rar pw: RW073

0
2
Reported Domains
Reported Domain

reptileworldp2e.com

Reported Domain

rworldp2e.com

Reported Domain

rworld-p2e.com

Reports by Chain

;
Backed By
TRM logoSolana logoCircle logoOpensea logoAave logoBinance logoCivic logoHedera logoRasomwhe.re logo