• A scammer or group of scammers have used a fake phishing version of the crypto exchange HitBTC’s website to steal some $15 million worth of crypto.
• The stolen assets include Bitcoin (BTC), Ether (ETH), Tether (USDT) and other cryptocurrencies.
• MistTrack identified four crypto addresses that it said belonged to the scammers, and also suggested that several other phishing sites were active under the control of the same hackers.
Advanced Laundering Techniques Used to Clean Stolen Crypto Worth $15 Million
Fake Phishing Site Used To Steal Crypto
A scammer or group of scammers have used a fake phishing version of the crypto exchange HitBTC’s website to steal some $15 million worth of crypto. According to a Twitter thread from crypto compliance firm MistTrack, the phishing website that was used looked almost identical to HitBTC’s real website, except for a minor difference in the URL, which was hitbt2c[.]lol instead of hitbtc[.]com.The stolen assets include Bitcoin (BTC), Ether (ETH), Tether (USDT) and other cryptocurrencies.
Hacker Addresses Identified
MistTrack also identified four crypto addresses that it said belonged to the scammers, with one of them being a Bitcoin address, two being Ethereum addresses, and one a Tron address. At the time of writing, the Bitcoin address did not contain any funds but has since its creation in July 2022 transacted more than 400 times and received over 52 BTC, worth some $1.4 million by today’s price. The Tron address contained 242 USDT received in a single transaction while the first Ethereum address contained a few thousand dollars of stablecoins after having transacted for millions of dollars with many different ERC-20 tokens since its creation in June 2022. The last Ethereum address listed by MistTrack has so far not recorded any activity.
Multiple Phishing Sites Active
In addition to warning about this ongoing attack on HitBTC, MistTrack also said that many other phishing websites appear to be active and under the control of these same hackers. According to a screenshot shared by MistTrack with a list of websites using an identical filename as one used by these hackers; there are numerous phishing sites still active under their control at this time.
Advanced Laundering Techniques Used
In total approximately $15 million have been received by these wallets indicating extensive use for illicit purposes for close to 1 year now; possibly due to advanced laundering techniques employed by these criminals such as mixing services where they can obscure their transactions making it difficult for authorities track down their exact movements with stolen funds/assets.
What You Need To Know?
It is important users are aware when entering sensitive information online only access trusted websites/URL’s & ensure they read through all terms & conditions before approving any transactions on browser based wallets like MetaMask etc or else risk falling prey similar attacks like this one & potentially losing all holdings if approved accidentally on such malicious sites/URL’s