The $100/month subscription service that hit Coinbase, Robinhood, users with a tidal wave of ‘Scam-as-a-Service’ bot calls
Where there’s money, there’s a scammer ready and waiting to carve out an undeserved slice of it, and for the multi-trillion dollar cryptocurrency market, the arrival of scammers was always an inevitability.
Scams come in all shapes and sizes, but perhaps it’s true what they say: there’s nothing quite like the classics. As ridiculous as some may seem, the old-fashioned phone scam is battle-tested, costing Americans nearly $30 Billion in 2020 alone.
A growing army of botcall services is brewing behind the scenes, targeting the crypto portfolios of millions of investors around the world. The first wave has already caught the attention of the media, and liquidated tens of millions in hard-earned investments.
And for the low, low price of just $100 a month, this torrential swarm of bot-driven spam callers can be at anyone’s fingertips.
Anatomy of a Scam
There is a distinctly classic flavor to the spam call – a simple confidence scam that we can break down into simple steps:
- Identifying the mark/victim
- Gaining their confidence
- Extracting seemingly innocuous but critical information
In the case of the increasingly common crypto-hunting bot call, the call or even text message paints the caller as Coinbase, Robinhood, Paypal, etc. account services. Utilizing a list of ‘leads’, anything from phone numbers to email addresses that could be associated with an account, the bots reach out in droves, informing each would-be victim that their account has been compromised, and prompting immediate action to ‘secure’ their funds.
All the while, the scammer has prompted the delivery of an OTP (one-time password) or 2FA (2-factor authentication) code from the platform itself. The moment the victim reveals the OTP/2FA to the scam caller, their account is compromised and their funds quickly drained.
Nearly everyone has experienced this type of scam before, and to the unsuspecting, it’s undeniably effective, but there’s something even more unsettling about this latest wave.
The Next Evolution: Scam-As-A-Service
When you envision a scam-caller, you might picture a crowded, stuffy office in some far-off country, or a seedy, poorly-lit warehouse, perhaps even a dingy unkempt basement. What you probably don’t expect is savvy marketing, a slick UI, trendy recurring revenue model, and rave reviews.
Welcome to the world of commodified crime or, as we like to call it, Scams-As-A-Service.
For our first example let’s take a look at https://exeotpbot.sellix.io/, where criminals from far and wide can shop for scam service subscriptions like you or I might buy a Netflix subscription.
When we refer to the evolution of scams, this metamorphosis extends beyond sophistication or execution, but to the sheer scale at which they can be executed. The barrier to entry to leading a botcalling army has never been sky-high, but in the modern era, even an otherwise clueless criminal is but a subscription away from terrorizing crypto-investors around the world.
Further Investigation
On February 15th, 2022, the AnChain.AI Threat Research team donned decoy identities and ventured into the heart of this thriving criminal economy: Telegram
What they found was a thriving marketplace, complete with a slick sales pitch, helpful user guides, and surprisingly excellent customer service.
They also got to see the service in action, and it only takes one look to see that it couldn’t be simpler to operate. With this sort of service, practically anyone could become a menace to unsuspecting investors within minutes.
Once the scam operation is up and running, it’s simply a matter of waiting for the money to flow in. From there, laundering the ill-gotten cryptocurrency is simply a matter of following one of many free tutorials available within the chat group, utilizing a variety of methods including mixers like Tornado.cash, hacked accounts from other cryptocurrency exchanges, proxies, and beyond.
By the time the funds hit a criminal’s pre-designated CashApp or Venmo account, the trail left behind, while traceable, is one of many hundreds or even thousands, rendering the recovery process tedious at best and, all too often, manually unfeasible.
Takeaways/Conclusion
The arrival en masse of botcall scammers in the cryptocurrency space presents a uniquely challenging problem, as no single solution can fully address the problem.
Resolving this rising threat requires a holistic approach of blockchain forensics, smart contract expertise, and threat intelligence, seeking out scammers where they operate – in the darknet, underground chat rooms, and beyond – to address the problem at the source. The AnChain.AI team has spearheaded incident response and security hardening efforts across the entire Web3 ecosystem, and while this scam may not be the most sophisticated, it may very well become the biggest we’ve seen yet.
In the meantime, it’s probably best to ignore any suspicious calls that come your way. Coinbase’s customer service is far friendlier than the bots are, after all.
