WhatsApp cryptocurrency scam goes for the cash prize

This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business.

I received one message from a number hailing from the Togolese Republic.

Scammer sends me login details by WhatsApp intended for "Jay"
WhatsApp message from an unknow sender

“Jay, your financial account has been added. Account Csy926. Password [********] USDT Balance 1,660,086.50 EUR: 592,030.92 [domain] Keep it in a safe place.”

I asked them to send the message in English, pretending not to understand Dutch, but received no reply.

But since it was a rainy day and I’d never seen this type of WhatApp scam before, I decided to investigate.

Sometimes it takes some effort, especially when the domain is blocked for fraud by your favorite security software, but nothing was going to stop me now from looking for my new-found wealth.

Domain blocked by Malwarebytes
Malwarebytes blocked the domain for fraud

To fully understand the message, it’s good to know that USTD stands for Tether, a cryptocurrency referred to as a stablecoin because its value is pegged to a flat currency. In the case of USTD the flat currency is the US dollar. The link makes a stablecoin’s value less volatile than that of other cryptocurrencies, which is attractive for traders that like to switch quickly between cryptocurrencies and flat currencies.

So, I visited the domain which, no surprise there, turned out to be a fake trading platform. I tried the login credentials which were so kindly provided to me.

Login form asking for Account, Password, and an easy verification
Welcome to login

Once logged in I checked my wallet and lo and behold, I’m rich! (Or “Jay” is.)

Wallet belongs to Csy926 who has VIP5 access and contains 1658670.31 USDT or 602,494.07 US$
Nice wallet

The wallet belongs to Csy926 who has VIP5 access and contains 1658670.31 USDT or $602,494.07.

I can either recharge, withdraw, or transfer my USDT tokens or transfer the cold hard cash in dollars. Knowing that in this type of scam the victim always has to invest a—relatively–small amount to get the bait, I knew what to expect.

The easiest way would have been if I could transfer the dollars to a bank account, so I tried that first.

VIP members can transfer assets without KEY
Transfer form

Sadly, there were obstacles:

  • Transfers can only be done to other accounts on the platform and the recipient needs to be at least a VIP1 level.
  • Only VIP members can transfer without a key. Assuming Jay is the one with the key, it’s a good thing that the account has a VIP5 status.

So, to be a recipient of a US$ amount, I’ll need a VIP1 level account on the same platform.

Sadly, that’s not me. So I decided to see what I can do with the USDT tokens.

The form shows a security tip telling users to please fill in your withdrawal account accurately, because assets can not be returned after transfering out. That sucks for Jay.
Withdraw form

The form shows a security tip warning users to fill in their withdrawal account accurately, as assets can’t be returned after transferring them out. That sucks for Jay.

But all in all, that looks promising, but again there are some problems.

  • I’ll need a TRC20 wallet. A TRC20 wallet app is an application, accessible on mobile/web or desktop devices, designed specifically for storing, managing, and engaging with TRC20 tokens.
  • Once I filled out the form and clicked on Withdraw, it turned out I needed a key.
Please enter KEY

Looks like it’s time to read the FAQs. Fortunately, this has the answers to all the “right” questions.

What should I do if I forget my KEY?
What should I do if I forget my KEY?

Long story short. You set the key when you open the account, and it cannot be retrieved. But…..if you have two VIP accounts you can transfer funds from the old account to your new account. And there is no need for a KEY if you have a VIP account. Considering Jay has a VIP5 account there lies an opportunity.

How to activate VIP?
How to activate VIP?

And here comes the catch all of our regular readers saw coming by now, VIP accounts that are able to receive funds cost money. The cheapest—VIP1—requires a deposit of 50 USDT (roughly $50) which is not refundable and can’t be canceled. But with a VIP1 account I can only receive $30 per month and it’s only valid for 2 months. So, that’s not a big help when you are as rich as I am, sorry, Jay is.

Specifics for a VIP1 account
VIP1 account is the lowest level and the cheapest

It would take me until the next ice age—4600 years—to transfer the entire amount at that rate, with the off chance that the rightful owner would drain the account or change the password as soon as they noticed the leak.

Any unsuspecting victim that has come this far and is willing to steal from the treasure dropped in their lap, now realizes that before they can enjoy all that money, they first:

  1. Need to open a new account.
  2. Make a deposit to turn it into a VIP account. The amount depends on their greed and impatience because the higher the VIP level, the larger the amount you can transfer in one day and per month.
  3. Transfer the funds from Jay’s account to their own account.
  4. Set up a TRC20 account.
  5. Withdraw the money from the new account to their TRC20 wallet.

We decided not to sponsor the scammers, so this is as far as we were willing to go, but we have a distinct feeling that along the steps we outlined there might be other fees and deposits needed.

Don’t fall for scammers

  • Any unsolicited WhatsApp message from an unknown person is suspect. No matter how harmless or friendly it may seem. Most pig butchering scams start with what seems a misdirected message.
  • Don’t follow links that reach you in any unexpected way, and certainly not from an untrusted source.
  • If it’s too good to be true, then it’s very likely not true.
  • Scammers bank on the fact that the more time and money you have invested, the more determined you will become to get to the desired end result.
  • Use a web filtering app to shield you from known malicious websites. Preferably Malwarebytes Premium or Malwarebytes Browser Guard.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://blog.malwarebytes.com/feed/