Researchers at WithSecure™ have published a new report detailing their discovery of a network encouraging participation in fraudulent web-based apps posing as USDT (also known as Tether) cryptocurrency investment schemes.
The network consists of thousands of videos, some of which received inauthentic engagement from hundreds of YouTube channels managed by a small group of scammers using Telegram for communication and running operations. The group, which researchers estimate to have around 30 members, uses automation to copy/paste comments for the videos in an attempt to legitimize the fraudulent apps to potential victims.
While the researchers found over 700 URLs hosting these fraudulent web-apps served by the network, an analysis of associated cryptocurrency wallets implicated the possible involvement of thousands more. Potential investors successfully lured into participating in these scams would transfer money from an existing cryptocurrency wallet to one of the apps. However, the researchers did not observe any transfers from the apps back to the wallets.
“This network seems to be targeting existing cryptocurrency investors with low quality videos in different languages without localizing them to reach different regions, so I’d say it’s a pretty opportunistic approach,” said WithSecure™ Intelligence Researcher Andy Patel. “Typically, this results in a large volume of small transactions. But as that volume increases, so do the odds of them getting lucky and finding someone able and willing to invest more substantial amounts.”
Cryptocurrency scams aimed at defrauding potential investors have become a significant problem on the internet, particularly social media. According to the US Federal Trade Commission, 46 000 people have reported losing over a billion USD in crypto to scams between the beginning of 2021 and June 2022, with nearly half saying it started on a social media platform.*
Based strictly on the data WithSecure™ researchers collected during the latter half of 2022, they estimate that the fraudulent apps they discovered were able to generate just over 100 000 USD in revenue from approximately 900 victims.
“I do not believe these particular scams are very profitable. However, they’ve clearly figured out how to game YouTube’s recommendation algorithms by using a fairly straightforward approach,” explained Patel. “Moderating social media content is a huge challenge for platforms, but the successful amplification of this content using pretty simple, well-known techniques makes me think that more could be done to protect people from these scams.”
The report, Analysis of YouTube USDT crypto scams, details the anatomy of the videos and apps behind these scams, analyses two associated scam apps in detail, explores the #usdtmining YouTube hashtag, describes the blockchain analysis methodology used on crypto wallets associated with the scams, and presents recommendations for YouTube.
The full report is now available at https://labs.withsecure.com/publications/usdt-crypto-scams.