Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube.
The scheme is the old “double your investment” ruse that promises to pay back twice the cryptocurrency amount the victim sends the scammer.
The fraudsters made more than $1.3 million after re-streaming an edited version of an old live panel discussion on cryptocurrency with Elon Musk, Jack Dorsey, and Cathie Wood at Ark Invest’s “The ₿ Word” conference.
In the past, scammers used other videos related to Elon Musk, including SpaceX launches or Tesla videos, to successfully promote fake giveaways and steal millions of dollars while doing so.
Simple operation
At a quick search, BleepingComputer found that close to 10 YouTube channels have published the discussion, albeit in a smaller format edited to include additional elements that promoted the scam, including the link to the fraudulent crypto giveaway website.
Our findings are just a glimpse of the entire scheme, which we observed unfold since March. However, there are reports of it going as far back as January and bringing scammers $400,000 in just seven hours.
Security researchers at cybersecurity firm McAfee were also monitoring the scam and published a report on Thursday in which they identified 11 fraudulent websites.
McAfee updated the post the next day saying that the number of these websites had increased to 26 in just 24 hours.
“The YouTube streams advertised several sites which shared a similar theme. They claim to send cryptocurrency worth double the value which they’ve received. For example, if you send 1BTC you will receive 2BTC in return” – McAfee
However, these websites appear every day and scammers generate new wallets to receive funds from gullible cryptocurrency users. Here’s some that BleepingComputer and McAfee found
ake2x[.]org
arknow[.]org
teslabtc22[.]com
musk-official[.]net
arkinvest22[.]net
tesla-eth[.]org
2x-musk[.]net
elontoday[.]org
teslaswell[.]com
2022ark-invest[.]net
elonnew[.]org
twittergive[.]net
22ark-invest[.]org
elonnew[.]com
doublecrypto22[.]com
22invest-ark[.]com
2xEther[.]com
teslabitcoin[.]org
tesla-2x[.]org
Some of the sites in the table above are still up and running. The list is far from being complete as scammers continue to set up new websites promoted in new streams playing a modified version of cryptocurrency talks.
The researchers said that the sites promoted in the videos tricked the visitors into thinking that others were sending cryptocurrency and had received double their “investment,” showing a table with recent transactions as proof.
To create the fake table, the scammers used JavaScript code that generated a list of random cryptocurrency wallets and paid amounts.
The money stolen
Below is a list of Ethereum and Bitcoin wallet addresses and the amount stolen by scammers using the Ark Invest cryptocurrency scheme:
Bitcoin:
bc1qz50pclcp7a7wl0au2m4rkleaxl7wryktmsy9sk (Value: $0)
1HBt1KrtWMSkjgGzuvTEPsePk24ChoQ33t (Value: $4,632)
1A4GEKCKrRhjgsNCQfRaGmbZVPW8qsxfwW (Value: $29,706)
bc1qcawgs6gpmqyx35c0a0yldhak7ggagwxdpget7e (Value: $16,933)
bc1qc66cl4eap9d0r3fmydwxufa0yk6natdv72qe87 (Value: $19,439)
bc1quu3ltey8vndcx6ma9zukazyffsw50hz8s4zhrw (Value: $20,983)
1DU2H3dWXbUA9mKWuZjbqqHuGfed7JyqXu (Value: $0)
1Q3r1TzwCwQbd1dZzVM9mdFKPALFNmt2WE (Value: $41,219)
17XfgcHCfpyYMFdtAWYX2QcksA77GnbHN9 (Value: $49,311)
1GLRZZHK2fRrywVUEF83UkqafNV3GnBLha (Value: $5,787)
1NKajgogVrRYQjJEQY2BcvZmGn4bXyEqdY (Value: $0)
1DU2H3dWXbUA9mKWuZjbqqHuGfed7JyqXu (Value: $0)
bc1qas66cgckep3lrkdrav7gy8xvn7cg4fh4d7gmw5 (Value: $11,846)
18wJeJiu4MxDT2Ts8XJS665vsstiSv6CNK (Value: $119,147)
1CHRtrHVB74y8Za39X16qxPGZQ12JHG6TW (Value: $4,790)
bc1qdjma5kjqlf7l6fcug097s9mgukelmtdf6nm20v (Value: $0)
1EX3dG9GUNVxoz6yiPqqoYMQw6SwQUpa4T (Value: $95,974)
Ethereum:
0x7a619530988a266fd39a4acccc5315d90c9544aa (Value: $36,449)
0xa15ebabdda7b5401d642893b843cf94be2293172 (Value: $16,311)
0xb8e257c18bbec93a596438171e7e1e77d18671e5 (Value: $25,209)
0xac9275b867dab0650432429c73509a9d156922dd (Value: $0)
0x7007fa3e7db99686d337c87982a07baf165a3c1d (Value: $9.16)
0x436f1f89c00f546bfef42f8c8d964f1206140c64 (Value: $13,377)
0x9b857c44c500eaf7fafe9ed1af31523d84cb5bb0 (Value: $70,602)
0xbd73d147970bcbccdde3dd9340827b679e70d9d4 (Value: $57,573)
0xac9275b867dab0650432429c73509a9d156922dd (Value: $0)
0x12357a8e2e6b36dd6d98a2aed874d39c960ec174 (Value: $0)
0x2605df183743587594a3dbc5d99f12bb4f19ac74 (Value: $11,468)
0x18e860308309f2ab23b5ab861087cbd0b65d250a (Value: $14,766)
0x5081d1ec9a1624711061c75db9438f207823e694 (Value: $4,029)
0x820a78d8e0518fce090a9d16297924db7941fd4f (Value: $63,301)
0xcaaa38911bfe60933e39acbb59f0ba8dda491331 (Value: $18,929)
0xdbb8c934650bd1a88b4ba12f4acb042d9a8a0cbe (Value: $43,604)
0x2d18a797b68a4f0bf15f21b55e76e2367a716942 (Value: $64,585)
0x24310fb34afccbe29f80c46b4b5e17601bf11c56 (Value: $16,778)
The amounts received may not look like much but it’s good money considering that the entire operation requires little effort and technical skills. Once the video is edited and the site up and running, the fraudster just needs to wait for victims to transfer the digital coins.
McAfee says that the wallets listed on the malicious sites they found recorded a high number of transactions that amounted on May 5th to $280,000 worth of cryptocurrency.
The next day, that combined value surged to $1.3 million. The largest wallet had over $90,000 in Bitcoin from 13 transactions.
The YouTube channels
From BleepingComputer’s own research based only on a brief scan of all the scam videos currently running, the fraudsters stole an additional $100,000 today.
BleepingComputer has found nine YouTube channels luring cryptocurrency users to scam websites at the time of this writing. The name of almost all of them included the strings Tesla, Elon Musk, Ark Invest, or a combination of them.
Curiously, some of these channels promoting a cryptocurrency scam website have large followership, between 71,000 and 1.08 million subscribers.
In most cases, the number of subscribers for these channels appears to have been artificially blown to add credibility to the videos promoting the scam, since they have no other content available.
At the time of writing, some channels removed the modified video from public access by either taking it down or restricting it to paying members.
This type of scams appear to be extremely common, with YouTube chasing them away every day but not quick enough. Based on what we’ve seen, there are at least 40 such videos up right now.
BleepingComputer has found that these live streams are running multiple times a day and they are taken down once they end.
Cryptocurrency users are a constant target of threat actors, who seek new ways to make victims fall into a trap. Although the promise to double the crypto assets is an old trick, it appears that it is still lucrative.
In the past, scammers used other videos related to Elon Musk, including SpaceX launches or Tesla videos, to successfully promote fake giveaways and earn millions of dollars while doing so.