Bitcoin scam exposes thousands to a data breach

Fraud websites have successfully stolen the personal records of a number of individuals from the United Kingdom, Australia, South Africa, the United States, Singapore, Malaysia, Spain, and more. The attack was carried out as a targeted multistage Bitcoin (BTC) scam circulated by a number of fake websites.

A Bitcoin scam exposed thousands of people to a breach in personal data https://t.co/8ugatjOC6L

— Cointelegraph (@Cointelegraph) June 30, 2020

As per a Singapore-based intelligence company Group-IB, the attack revealed personal data for thousands of people.

Victim’s phone numbers, which in most cases came with names and emails, were contained in personalized URLs to redirect people towards websites. These sites constituted as local news outlets, even including fabricated comments from key local personalities.

Analysis performed on the leaked numbers allowed Group-IB to find out where most of the data had leaked from. It was discovered that the U.K. was the most affected place with 147,610 personal records.

The report states that victims commonly received a text message which mentioned the name of the recipient. This was followed by a phishing message meant to impersonate a recognized media outlet.

The head of Group-IB’s brand protection team, Ilia Rozhnov, stated:

“Fraudulent schemes have become more complicated. They now involve several stages, complex distributed infrastructure, and abuse of personal and corporate brands that are hard to track down and block using traditional detection methods. Companies and celebrities whose names were hijacked by fraudsters suffer reputational damage and face diminished customer trust.”

Researchers identified six active domains with the same Bitcoin investment platform. Each however operated with a unique name. Some of these are Crypto Cash, Bitcoin Supreme, Banking on Blockchain, and Bitcoin Rejoin.

The Group-IB team has detected the exposed data through a number of data breach repositories. They have also examined a number of underground marketplaces for the presence of this data. So far, they have not found any evidence of the information.

The source of the leak has not yet been established. The team has reported the study’s findings to the proper authorities in each affected country.