Scammers have reportedly stolen millions of dollars in cryptocurrency by impersonating HitBTC, a lesser-known crypto exchange founded in 2013. According to MistTrack, a crypto compliance platform owned by cybersecurity-focused SlowMist, an imitation website (hitbt2c.lol) has been set up to closely resemble HitBTC’s legitimate site (hitbtc.com), tricking users into depositing their crypto funds into scammers’ wallets. These wallets have allegedly accumulated over $15 million worth of cryptocurrency.
Victims of the scam have supposedly had their funds directed to four different blockchain addresses: one for Bitcoin, two for Ethereum, and one for Tron. Activity on these addresses dates back to June 2022. The Bitcoin address, which has received over 52 BTC, has sent most of these funds to an address that might be an OTC trading service, permitting users to buy and sell crypto outside of significant exchanges.
The supposed OTC address has reportedly been flagged repeatedly by victims of various scams. This suggests that either this fake HitBTC phishing scam is just another scheme by a serial fraudster, or that multiple scammers are using the same service to cash out stolen crypto. According to Bitcoin Abuse Database, the wallet has been linked to similar phishing scams and other fraud schemes, where scammers pose as someone wishing to engage in online transactions with a victim, encouraging them to invest in non-existent crypto projects. Some users indicated that cybercriminals may prefer to use OTC brokers to process Bitcoin.
Interestingly, the wallet in question often swaps Bitcoin for wrapped Bitcoin (wBTC) on Ethereum, using a service launched in 2018 by BitGo, Kyber Network, and Ren. The wallet sends significant amounts of Bitcoin to an address on the official proof-of-reserves list for wBTC, meaning it’s likely one of the authorized wBTC custodians.
Further investigations into the Ethereum address from MistTrack’s findings show that it has received SHIB tokens and various stablecoins, surpassing 11.5 million over the past year and a half, and sent them to a centralized exchange, OKX. Another Ethereum address regularly receiving funds from an alleged phishing scam wallet also sends USDT to addresses belonging to OKX, one of the major centralized exchanges. The data appears to indicate that the owner(s) of the flagged wallets are running multiple scams, utilizing both decentralized finance (DeFi) tools and centralized methods like OTC brokers and exchanges to cash out their stolen crypto.
As of now, HitBTC has not reacted to MistTrack’s tweet, nor has there been any mention of the phishing threat on its official website, Twitter page, or Telegram channel. The exchange has not responded to a request for comment.
Source: Coindesk