Thousands of fake cryptocurrency sites trap users in fake reward schemes

Bitcoin mining
(Image credit: Pixabay)

A major cryptocurrency scam operation involving “over a thousand” fraudulent websites has been uncovered by security experts.

Cybersecurity researchers from Trend Micro announced their discovery of a crypto operation whose goal was to trick people into giving away their bitcoin, called Impulse Project. The scam was run by a similarly-named group called Impulse Team which, the researchers believe, is a Russia-based threat actor.

The scheme actually appears to be the old “Nigerian prince” scam but with a modern twist. In the Nigerian prince scheme, the victim would receive an email from a “royal” in Nigeria trying to get their money (often in the millions) out of the country - the only catch is that they need someone to cover the costs of the transaction. Gullible victims would then wire some of their money (usually a few hundred or thousand dollars, minuscule in comparison to what they expected to get in return), which would then disappear without a trace.

The Impulse Project operation is relatively similar - a victim would receive an SMS, or an email message, saying they were picked as winners in a charity giveaway organized by a cryptocurrency trading company, or similar. For the reward, they are set to receive roughly 0.7 BTC, which is approximately $18,000 at current prices. The only thing they need to do is set up an account with the company and top it up with 0.01 BTC (~$250) to “activate” it.

At first, the researchers only discovered one such website, but further investigation uncovered “over a thousand domains” related to the fraud, all created between January 2021 and May 2023. The researchers also suspect that the operation might have been active since 2016, as some of the domains were already active six years ago. Many were registered by the same people, and on the same day. Furthermore, many of the websites use the same template and look exactly the same, save for the website logo.

Usually, it would be relatively simple to find out exactly how much money the scammers stole, given the transparent nature of the Bitcoin network. However, the researchers are yet to pinpoint all of the project’s wallets. They did, however, find the Telegram bot that claims to serve as a logging system for the project, displaying bot messages whenever a victim makes a deposit. So far, the according to the bots, the victims deposited roughly $5,000,000. 

The researchers suspect that the Telegram channel might also be fake, to entice affiliates and get them excited about participating in the scheme. 

Analysis: Why does it matter? 

Bitcoin, as well as other cryptocurrencies, remain a popular investment for many - with the total market capitalization of the crypto industry sitting at roughly $1 trillion according to figures from Coinmarketcap. The same source also claims there are now more than 25,000 various cryptocurrency projects. At the same time, the crypto market is relatively young and not properly regulated, making it ripe for various fraudsters and cybercriminals. 

The amount of money being stolen in cryptocurrency scams is growing exponentially. In 2021, for example, the FTC reported retail investors losing more than $1 billion in scams, and last year - that number rose to $4.3 billion. The ease of use, and global reach, make cryptocurrencies an ideal asset for state-sponsored threat actors, too, with earlier reports suggesting that North Korea uses stolen cryptos to fund its missile operations

What have others said about this cryptocurrency scam? 

Dark Reading reported how Trend Micro describes Impulse Project and “perhaps one of the largest-ever crypto scam campaigns.” It compared it to the OneCoin fraud scheme, currently considered the biggest scam ever that resulted in the theft of more than $4 billion, from 3 million unwitting investors. 

"While the total financial impact of the Impulse Team's operation is not specified in the Trend Micro report, its vast network of over a thousand websites suggests a considerable potential reach and impact," Craig Jones, vice president of security operations at Ontinue, told the site.

Karl Steinkamp, director of delivery transformation and automation at Coalfire, told Dark Reading that the main difference between OneCoin and Impulse Project is the latter’s care when it comes to picking targets. According to Steinkamp, the Impulse Team is “being tactical.” “These individuals are content in getting fewer, higher value targets and access vs the 'spray and pray' method of malware distribution, whereby malware is widely distributed with the malware expectation of impacting more potential, yet less valuable targets." Finally, being “tactical” means the team is also harder to spot, he added:

"When malware is more broadly distributed, the time for systems to identify and quarantine it is dramatically more," he says. "The focus here drives home the cybercriminal's approach and motive."

Go deeper

If you want to learn more about cryptocurrency scams, you first need to know what is bitcoin, what is a cold wallet, and what is phishing. Also make sure to check out our guide on the best bitcoin wallets, as well as our guide on how to safely buy bitcoin.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Paper craft illustration of a suspicious email that contains a snake
How to spot a phishing email
An illustration of a hooded hacker with an obscured face holding a large fingerprint against a red background.
ID theft – what happens when someone steals your identity
Ethereum
Hackers steal over $1bn in one of the biggest crypto thefts ever
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring