A new report claimed on Tuesday that fake cryptocurrency exchanges have defrauded Indian investors out of more than $128 million (almost Rs 1,000 crore) as the global crypto market plummets.

CloudSEK, a cyber-security firm, has discovered an ongoing operation combining many phishing domains and Android-based fraudulent crypto apps.

How Does This New Scam Work?

Unwary people are lured into a massive gambling fraud by a widespread campaign. According to the research, several of these phoney websites pretend to be "CoinEgg," a reliable cryptocurrency trading platform with a UK location.

A victim who reportedly lost Rs 50 lakh ($64,000) to such a cryptocurrency fraud sought CloudSEK, on top of other expenses like the deposit amount, tax, etc.

According to Rahul Sasi, founder and CEO of CloudSEK, threat actors have allegedly used similar cryptocurrency frauds to swindle victims of up to $128 million (or around Rs 1,000 crore). Scammers and cheaters also devote their attention to the cryptocurrency markets as investors do, Sasi continued.

Threat actors start by constructing phoney websites that mimic reliable bitcoin trading services. The dashboard and user interface of the sites are created to be exact replicas of the original website. In order to approach the possible victim and develop a connection, the attackers then build a female profile on social media.

The victim is persuaded by the profile to buy cryptocurrencies and begin trading. The report said that the profile also offers a gift of $100 credit to a certain cryptocurrency exchange, which in this case is a replica of an actual cryptocurrency exchange. The victim first experiences a substantial financial gain, which increases their faith in the threat actor and the platform. After the victim appears to benefit, the con artist persuades them to invest more money by promising larger profits.

The threat actor freezes the victim's account when the victim deposits their own funds into the fictitious exchange, preventing them from withdrawing their investment, and then vanishes with their money.

When victims complain about losing access to their accounts on other platforms, the same threat actors—or new ones—reach out to them pretending to be investigators. They email their victims to request private information like bank account numbers and ID cards in order to release the frozen assets. According to the research, this information is subsequently utilised to carry out further malicious operations.

In order to combat threat groups over the long run, Sasi stated it is critical for crypto exchanges, Internet service providers (ISPs), and cyber criminal cells to work together.