Reverting HT moving bricks arbitrage process: "IQ tax" trap in the encrypted world

In the Internet world, many people have received a winning email. The bonus is 58,000 yuan and a Samsung Q30 laptop. The average person will be overjoyed when they see it, feeling that they are the luckiest person in the world, but if you When I went to claim the prize, I found that to receive the prize, I had to pay a handling fee, one by one, and finally found that the prize was not received, and I could buy a computer for the money given.

This is the most common phishing trap on the Internet, taking advantage of everyone's dream of winning big prizes and being cheap and cheap. At present, in the crypto world, there is also such a scam trap, and the scam method is also very low-level, but it has lasted for about a year.

Fraudsters claim that due to large fluctuations in market prices, there is arbitrage space for the same currency between exchanges. As long as users open the imToken wallet and send ETH to the smart contract address starting with 0xe55bB8, they can get HT at a ratio of 1:48 and then receive The HT is recharged into the exchange, and the extra ETH sold is your arbitrage income.

Some users found that depositing a small amount of ETH at the beginning can indeed return the true HT, but when the greed becomes larger, after depositing a large amount of ETH, it is found that the returned HT is no longer received, or the returned HT becomes no transaction value Counterfeit currency, but it was too late to find out when it was cheated.

At present, this fraud case has a considerable scale, and the CoinHunter website contains many cases of victims.

The PeckShield security team conducted in-depth tracking and analysis of the entire incident, using the digital asset tracking and visualization tools we developed to restore the ins and outs of the entire incident, and the size and flow of scammed assets. As of now, we have tracked at least 669 victim users. The fraud gang has scamed a total of 47,237 ETHs. The current ETH price is over US $ 6.8 million, and 6,311 ETHs have flowed into the exchange, completing money laundering operations. . Please refer to the attached table for the specific capital flow.

We also used the CoinHolmes visual digital asset tracking platform of PeckShield to draw the complete fraud money laundering path as follows:

Stage 1: Operate the arbitrage community and induce the victims

The scammers created more than 100,000 people on Huobi's "Huobi Global Official Moving Arbitrage Main Group", and then used customer service numbers and individual users to send non-stop participation methods to attract victims. As shown in the figure above, these victims mainly come from the withdrawal users of 9 exchanges such as Huobi, Binance, Gate.io, KuCoin, OKEx, ZB, etc. The fraudsters directly give the victims different deposit addresses to guide the victims Take the coins directly from the exchange to the fraud address and complete the first lap money operation.

The second stage: gathering and decentralized transfer, escape tracking

After gathering a large amount of funds, the scammers began to gather the money on the fraud address to multiple core addresses such as 0xb21c, 0x50be, 0x6e8d, 0xf0c5, 0xe481, etc., and then cross and converge to different amounts to be dispersed to 0x14bd, 0x6029, 0x2b3f Wait for several transit addresses to escape tracking.

The third stage: remittance to the target exchange to complete money laundering

After the decentralized transfer of funds, the fraudsters washed 6,311 ETH into the exchange before and after finding suitable opportunities, of which 5,958 ETH, HitBTC 181 ETH and Tokenlon 589 ETH flowed into the Bity Exchange.

Among them, the largest inflow is the Bity Exchange. We counted the funds flowing into the Bity Exchange, as shown in the following figure:

After a comprehensive analysis, we found that the fraud tactics of the fraudsters are not clever, and the means of money laundering are not complicated, but its simple routine has made many people fall into the trap.

1) First of all, fraudsters use everyone's cognitive deviation on the principle of moving arbitrage in the digital asset market, and concocted the trap of transferring a high percentage of ETH back to HT. Since Huobi and imToken are well-known blockchain platforms, users unconsciously Relaxed vigilance;

2) Secondly, scammers continue to set up and compile wealth stories in the community, and then use the psychology that everyone wants to move the wool, gather a super large community of more than 100,000 people, and use the so-called official staff to perform with mutual support Victim participation;

3) Finally, fraudsters use the greed mentality of a small number of people to hook, and continue to induce the expansion of the amount of fraud with falsehood, thus completing the fraud process.

Since the crypto world industry is still in its infancy, and there are certain technical thresholds for ordinary users, such as the distinction between real and fake currency, the brick arbitrage process, etc., such scams will continue for a long time. Although imToken and Huobi officials have repeatedly rumors that such news is unreliable, there are still people who ca n’t help but want to fall into the trap set by fraudsters.

CoinHolmes reminds users that every transfer transaction in the crypto world should be vigilant and cautious. Once the operation error occurs, it is more difficult to chase the currency and find the currency. In response to this, the CoinHolmes team opened a currency search window for ordinary users. If you are already in a scam and need our assistance in tracking the currency search, or if you are not sure whether a project is suspected of fraud, you can come to us to find the answer.

In addition, we also noticed that more and more fraudsters will use the exchange to deposit and withdraw fraud, and finally the stolen money will also flow into the exchange for money laundering. This also puts forward requirements for KYT compliance of the exchange. It is recommended that the exchange On the other hand, with the assistance of a third-party security company, the inflow of funds can be verified for compliance standards. Once the inflow or outflow of stolen money is found, measures should be taken to block it in a timely manner.

appendix:

1) CoinHolmes digital asset scam breaking news window https://forms.coinholmes.com

2) HT moving brick arbitrage fund statistics table