CoinEgg Crypto Scam Steals Victims’ Data, Total Losses Pegged At Rs 1,000 Crore

Cyber security experts from CloudSEK claim to have unearthed a new type of scam targeting cryptocurrency users. It involves multiple payment gateway domains and Android-based applications that dupes unsuspecting people into a mass gambling scam. 

According to experts, the fraud is estimated at a whopping Rs 1,000 crore.

“We estimate that threat actors have defrauded victims of up to Rs. 1,000 crore via such crypto scams” said Rahul Sasi, founder and CEO of CloudSEK.

CloudSEK said they have found a number of fictitious domains that have used the keyword “CoinEgg” to target users of authentic cryptocurrency trading platform.

CoinEgg Scam: How Does It Work?

Findings have revealed that threat actors conducted the crypto scam in seven stages. 

They created a number of fake domains impersonating cryptocurrency trading platforms that had the word 'CloudEgg’ in them. 

“The sites are designed to replicate the official website’s dashboard and user experience,” CloudSEK said in its report. 

In the first stage, CoinEgg users are duped into depositing money into a fake wallet in order to invest in a listed cryptocurrency. Threat actors then freeze the funds in the CoinEgg VIP wallet and prevent users from accessing it.

Additionally, a number of phoney phishing programmes masquerading as CoinEgg are spread online. These applications typically need unnecessary rights during installation, and are flagged as malicious on different systems.

So far, threat actors have built a number of phoney CoinEgg domains to ensure that their malicious campaign is unaffected by the deletion of any of these domains. To avoid users noticing the massive scam, they also switch domains and engage with them on email or Telegram.

“In the process of scamming unsuspecting users, the operators behind CoinEgg VIP implemented some conditions,” the report said. 

According to CloudSEK, the scams is orchestrated in the following manner.

1.    Customers have to pay 22 per cent of their earnings/deposits as “tax” prior to claiming their funds. 
2.    There is also a clause of imposition of “deposit”, if account earnings cross $250,000
3.    If the aforementioned requirements are not met, investors are told that their assets will be permanently frozen.

As a result of these conditions, customers of CoinEgg VIP began expressing their concerns about the shady cryptocurrency trading website's operations on numerous platforms. 

Surprisingly, a lot of dubious investigation agencies jumped in to back up these accusations. On numerous occasions, they approached the victims and gained their confidence to divulge vital information related to their assets, including images of their ID cards, and then reclaimed the frozen assets for themselves, CloudSEK said.

CloudSEK’s threat research team has also discovered an APK (Android Package) for CoinEgg with the option to download.

Once the application is installed, a message pops up in the notification bar.

The URL has been classified as malicious by security vendors, and VirusTotal has classified it as a phishing site.

A victim who allegedly lost $64,000 in addition to other fees like deposit money, tax, etc. to a cryptocurrency fraud contacted CloudSEK, which ultimately unearthed the scam. 

Incidentally, the CoinEgg VIP telegram group has more than 2,000 subscribers and is active.