SPECIAL REPORT identify related infrastructure , and uncover additional scam sites using the same kit .
Key takeaways
• The victim was lured into a flirtatious correspondence with the actors hiding behind a dating application profile .
• Scammers have continued to harass the victim after stealing his cryptocurrency .
• Tracking wallet addresses and the web address of the scam pool , Sophos was able to track the wider scam , and uncover additional scam sites using the same kit .
• Sophos found 13 additional domains hosting the same fake decentralised finance application , which targeted users of Trust Wallet .
• Sophos has also identified hundreds of other scam sites that follow the same formula , netting millions in stolen crypto .
• These scams require no malware on the target ’ s device , and no hacking of any sort other than fraudulent websites and social engineering .
• It is extremely difficult to prevent these scams through software protection .
• Fraudulent wallets and domains are identified and blocked as they are discovered , but scammers can quickly deploy new websites and wallets .
• Cryptocurrency stolen by these scammers is rarely recovered .
• People who are isolated , seeking romantic contacts , or are otherwise emotionally vulnerable are more likely to be targeted .
Sophos found 13 additional domains hosting the same fake decentralised finance application , which targeted users of Trust Wallet . These sites , over a period of five months , pulled $ 1.08 million worth of cryptocurrency from victim ’ s wallets , with a peak of activity in June through August that netted 86 % of that total .
Sophos has also identified hundreds of other scam sites that follow the same formula , netting millions in stolen crypto . These scams require no malware on the target ’ s device , and no hacking of any sort other than fraudulent websites and social engineering – convincing targets to connect their wallet to an Ethereum smart contract that gives the scammers permission to empty the wallet .
As a result , it is extremely difficult to prevent these scams through software protection .
Fraudulent wallets and domains are identified and blocked as they are discovered , but scammers can
60 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com