Feb 19
Lost your Bitcoin? Sorry, it’s not coming back — Uncovering Bitcoin Recovery Scams
This article encompasses following topics:-
1. INTRODUCTION
2. SO-CALLED “BITCOIN RECOVERY” SITES
3. CASE — 1: bitcoinrecovery.co
4. CASE — 2: moneybackagency.com
5. MODUS OPERANDI: BITCOIN RECOVERY SCAM
6. BITCOIN RECOVERY OPTIONS
7. WHAT HAPPENS TO LOCKED/LOST BITCOIN?
INTRODUCTION
“BITCOIN LOST” is a commoner’s problem which has not yet been found any effective solution till now. As a result, a whopping amount of 3.7 Million Bitcoins are locked out permanently and gone out of circulation due to the loss of private key or wallet inaccessibility.
Unfortunately, this space has been conquered by Scammers for Crypto Extortion from the victims by posing as legitimate Crypto Recovery Teams via dedicated websites.
It is an undeniable & bitter fact that the lost bitcoins cannot be recovered unless you have a master key or Seed Mnemonics to recover them.
Most of the Crypto-Holders are NOT aware of this fact, which makes a perfect loophole for Attackers/Scammers to exploit. Scammers lure their targets by convincing them to get back the Lost/Stolen bitcoins from the victims to extort.
SO-CALLED “BITCOIN RECOVERY” SITES
While doing a common search on Google or Bing, you may come across a large number of Crypto Retrieval Services who assure you to get back your lost/locked bitcoins. Now, you may know NOT to fall for it as they are pulling out a pure SCAM.
Let’s examine a few such sites…
CASE — 1: bitcoinrecovery.co
The website with impressive UI for the newly arriving netizens will find this service as Genuine as clean UI catches the eyeballs at first and gains trust unconsciously.
Let’s dive into each parameter to prove its authenticity.
CHECKPOINT 1: POP UP WINDOW
At initial contact, a pop-up will be displayed to understand the nature of Bitcoin Loss. After feeding details, there would not be any follow-up as this dialog box is an empty bullet to lure the visitors.
CHECKPOINT 2: CONTACT NUMBER
The contact number [+1.800.821.0520] provided by the company appears for similar 2 other sites namely:- cybersecgroup.info and desifad.com
CHECKPOINT 3: MEDIA BOASTING
Another shady thing about the site is: It claims to get featured in various popular media such as Forbes, Bloomberg; but none of them have any direct link to back the statement.
CHECKPOINT 4: GHOST REVIEWS
Coming down to the Customer Satisfaction Reviews, it is found that those are again pseudo reviews pumped up for the authenticity of the site.
Let’s break this down into Images and Quotes.
IMAGES
Upon investigating, it is found that the people found on the site do not have any sort of connection with the Company and even their names are just Ghost Identities.
Let’s pick the Reviewer David Johnson. The same avatar is being used in various other sites such as:-
From the above image, it can be assumed that the real person is Brian King. But wait…
Upon investigating further, found the following image; found in a UI company called Bryte.
From this, it is found that the Reviewer George Smith became John Burgundy in Bryte.
Woah…. Swapped Personality!
Finally, let’s find out the real source of these people:-
This is the real source of the image, which had been cropped to make avatars for criminal/abusive activities such as Ghost Reviews, Scam Promotion, etc on various platforms. By observing closely, you may see those 3 faces have been illegally used for dummy promotions on the previous image.
QUOTES
“Would you believe I completely forgot my password and couldn’t access my Ethereum. I was really upset with myself and thought it was gone forever — — but Bitcoin Recovery Co. came to the rescue. I gave them some ideas of what my usual passwords are and they were able to quickly discover what the necessary password was to access my Ethereum. I’m really appreciative of their efforts because I would have been very upset if my faulty memory cost me my investment for good!”
This review quote can be found on all SCAM Services.
NOTE: Some of the sites are shut as they proved to be fake. The same applies to other Quotes as well.
If you have any Team Images in your Business Portal, double-check yourself. Somewhere someone may stealthily utilize your goodwill images to run their vicious business.
CHECKPOINT-5: OFFICE ADDRESS
The address provided by the website is being in use for more than 5 sites, again relating to Crypto Recovery.
741 Madison Avenue
New York, NY 10065, USA
There are same-themed websites set up by scammers to extort Bitcoin from the already defrauded customers/victims.
CASE — 2: moneybackagency.com
Landing upon this Central Authority-themed website will give visitors a sense of authenticity. Just like this:-
Most of the visitors will get confused at an initial glance as all the major keywords are present such as “Complaint Center”, “IC3” etc.
NOTE: Always remember to check the URL, not to get duped.
The company named MoneyBackAgency is said to be functional in Israel and is claimed to be regulated by FCA, which is the financial regulatory board in the UK. According to FCA:-
It may be more difficult for us to effectively identify shocks or prevent risky behaviors that originate from an international firm’s activities outside the UK but could cause significant negative impact in UK markets. This may be particularly the case if the firm’s UK branch is highly interconnected with or reliant on its overseas off ices, and if supervisory cooperation in oversight and information sharing is insufficient.
You can read the full guidelines of FCA here.
In short, FCA does not have anything to do with MoneyBackAgency; which is located in Israel.
One of the interesting things about this site is the signature used in the website.
Can you guess, who’s signature is that?
It’s Founding Father of the United States of America — Benjamin Franklin.
The same can be found on the Crypto fraudulent site MoneyBackAgency as “Fraud Asset Recovery Director”.
While checking the domain history, it is found that the website is relatively new and is registered on 4th January 2022 under the Registrar CheapName and had availed the service With Held of Privacy to mask the real identities with a permanent Icelandic Address.
NOTE: Most of the malicious domains had availed this (Privacy) service previously on various Ransomware/Hack Series.
TRACING CRYPTO ADDRESSES
Let’s take the Bitcoin Addresses reported to various Scam Hunting Channels from the victims who got defrauded with MoneyBackAgency. Some of the addresses are:-
17BSLhc597GybEuZ4DyFpdtceY3Moi3nWo : Active since Jan 19, 2022 (0.06BTC)
34fzTpqE6vfygjshamqyPpSfadMUqFHy78 : Active since Sept 19, 2021 (31BTC)
16fCfA47XsEX5UK2mjpfjtKk29af9t3wCG : Active since Nov 5, 2020 (9BTC)
3D4J6hZEm8NhUSYTfFguxeipiXCcmgC8kG : Active since March 24, 2021 (0.32BTC)
1CKNWAUabjQZoi3ACPMkNJyw8KHDVN8g64 : Active since March 31, 2016 (8.4BTC)
1oW9eLXMqXgvaXS5mxXUZX3c6uSZtWhkM
bc1q2gu0cywvqwps43ym8zcjv5xy6lw3t859tumd5m
bc1q8cm0dg4a2w345xd7y44eut6d8zj9mpnk3a3pur
bc1qzjzjvxjtd88zcxmw8spg5se9mhvf0w32p53lv9 : Active since Nov 25, 2021 (0.024BTC)
All these addresses are involved in various other dark businesses such as:-
>> Sextortion
>> Ransomware
>> Blackmail
>> Investment Fraud
>> Darknet Market SellerNOTE: Always vet the Bitcoin Address that you receive in order to check for any malicious historic fingerprints. The Scammers/Criminals may use fresh addresses as well. Beware!
From the above Case Study, it is crystal clear that the Scammers/Criminals make use of legitimate key points in order to disguise as Concerned Authority/Department.
The above 2 Cases are just a tip of an iceberg in Crypto Arena.
Here is a shortlist of similar sites:-
moneybacklimited.com
moneybackagency.com
Competentfund.com
fraudscan.org
cryptowalletsrecovery.com
bitcoinrecovery.co
hackerspro.com
hackethicsrecovery.com
cryptorecoverycenter.com
retrievelostfunds.com
myassetrecoverynetwork.comFor further extended list, I found a good resource here:-
https://scamrecovery.net/recovery_category/blacklisted/
MODUS OPERANDI: BITCOIN RECOVERY SCAM
- Promise to get the money (Crypto) back and charge the victim (Euro 3K+ VAT) for the total recovery service.
- Send a Picture of the Wallet (Probably Photoshopped/Internet Search).
- Replicating a Parcel Delivery Site and allotting fake Tracking Number.
- Charging for Parcel Delivery (Bitcoin Hard Wallet — probably).
- Asking Victims to invest money in less popular Crypto projects which are mostly fake ICOs.
- Ask the clients/victims to contact them directly over Whatsapp to avoid Public Red-Flagging.
- Fake boasting about Money Recovery in Public Spaces like Quora. Broadcasting email ids like professionalexperthacks@aol.com or
cybertechrecoveryspot@gmail.com and Contact Numbers such as +1.800.821.0520 and +1(530) 628–3819 etc. - Identity Theft: Stealing profile pictures from various sources like LinkedIn or other media and creating a fake account in public spheres like Quora to promote Crypto Scams. Here is a live example of the same:-
9. Scammers follow Scammers back in Social Media.
10. Claims to get featured on various media, but no articles or links are available to prove the advertised statement.
BITCOIN RECOVERY OPTIONS
- Access to Wallet.dat file.
- BIP32 Key: For this, you may need Master Key
- BIP39: It is the Private Key in Mnemonic Form (That’s why you write down 12–24 random words generated). That Private Key allows you to spend your Bitcoin.
- Brute Force Attack on passwords that are weak.
Any of the above said (First 3 points) should be with you, in order to recover your lost/locked crypto funds.
NOTE: If you have already sent a transaction or someone had already access to your wallet, then the recovery is highly unlikely unless you have access to your Seed or Private Key.
Mnemonic Phrases are to be kept private — Not to feed into any online service in order to recover your encrypted password, because it depends on the entropy.
WHAT HAPPENS TO LOCKED/LOST BITCOIN?
Locked/Lost Bitcoins are generally going out of circulation from the total supply.
There are 2 categories namely:-
Burn Addresses: Cryptocurrency tokens that are intentionally sent to remove them from the total circulation are sent to Unusable Bitcoin Addresses. These are outside the network and the funds transferred to them are considered as burned.
Zombie Addresses: These are the sleeping addresses which does not have any recent transactions. Most of the criminal funds are categorized as Zombie Addresses where the funds are untouched for a long time, hence becoming dormant.
As there is no central authority to control the flow of Bitcoins, it is logical to think that there is no coming back of your funds, once it is lost. If anyone claims to get back your hacked funds, I request you to smirk at them and move on to the next thing.
Follow me on Twitter for interesting DarkWeb/InfoSec Short findings! ;-)
NOTE:- The article is purely an Individual Research and is not subjected to be used/published anywhere without the Author’s consent.
#bitcoin #hacked #infosec #cybersecurity #OSINT #darkweb #deepweb #tor #darknet #hack #tutorial #blockchain #hacking #investigation #research #cryptocurrency #crypto #FBI #cybercommand #bitcoinlost #cryptocurrency #bitcoinrecovery #bitcoinscam
Join Coinmonks Telegram Channel and Youtube Channel learn about crypto trading and investing
Also, Read
- Bookmap Review | 5 Best Crypto Exchanges in the USA
- The Best Crypto Hardware wallet | Bitbns Review
- 10 Best Crypto Exchange in Singapore | Buy AXS
- Red Dog Casino Review | Swyftx Review | CoinGate Review
- Best Crypto to Invest in India | WazirX P2P | Hi Dollar Review
- Best Crypto Trading bots in Canada | KuCoin Review
- Crypto Trading Signals for Huobi | HitBTC Review
- How to trade Futures on FTX Exchange | OKEx vs Binance
