Unveiling the $6.8 million HT arbitrage scam: A phishing trap in the world of crypto

share
Unveiling the $6.8 million HT arbitrage scam: A phishing trap in the world of crypto

PeckShield statistics show that the "HT moving brick arbitrage" scam, which has been ongoing for nearly a year, has involved 669 users, with a total scam amount of 47,237 ETH, equivalent to approximately 6.8 million US dollars.

Table of Contents

Original Title: "Revealing the Process of HT Brick Moving Arbitrage: The "IQ Tax" Trap in the Cryptocurrency World"
Written by: PeckShield

In the internet world, many people have received emails claiming they have won a big prize, such as 58,000 yuan and a Samsung Q30 notebook. Most people would feel ecstatic upon seeing this, thinking they are the luckiest person in the world. However, when they go to claim the prize, they realize they need to pay a handling fee first. It turns out to be a scam, and the money given could have bought a computer.

This is one of the most common phishing traps on the internet, exploiting people's dreams of winning a big prize and their desire for easy gains. Currently, there is a similar scam in the cryptocurrency world, which, although low-level in sophistication, has been ongoing for about a year, resembling a "IQ Tax" trap in the cryptocurrency world.

The scammers claim that due to significant market price fluctuations, there is arbitrage space between exchanges for the same currency. Users only need to open the imToken wallet and send ETH to a smart contract address starting with 0xe55bB8, to receive HT at a ratio of 1:48. They can then deposit the obtained HT into the exchange, sell the extra ETH, and make a profit from arbitrage.

Some users found that initially depositing a small amount of ETH could indeed receive real HT in return. However, when they became more greedy and deposited a large amount of ETH, they either no longer received the HT in return or received HT that had no trading value. By the time they realized they were scammed, it was too late.

Currently, this scam has grown to a considerable scale, with CoinHunter website listing many victim cases.

The PeckShield security team conducted an in-depth analysis of the entire event, using our developed digital asset tracking and visualization tools to reconstruct the entire event and track the scale and flow of the defrauded assets.So far, we have tracked at least 669 affected users, with the scam group defrauding a total of 47,237 ETH, valued at over $6.8 million at the current ETH price. Additionally, 6,311 ETH has already flowed into exchanges, completing the money laundering operation. For specific fund flows, please refer to the table attached at the end of the article.

We also used our CoinHolmes visualization digital asset tracking platform to draw the complete fraudulent money laundering path as follows:

Phase One: Operating Arbitrage Community, Inducing Victims

The scammers created a Telegram group with over a hundred thousand members named "Huobi Global Official Brick Moving Arbitrage Group" and continuously attracted victims through customer service and individual users. As shown in the image above, these victims mainly come from withdrawal users of 9 exchanges including Huobi, Binance, Gate.io, KuCoin, OKEx, ZB, etc. The scammers directly provide victims with different deposit addresses, guiding them to withdraw coins directly from the exchange to the fraudulent address, completing the first step of the money circle operation.

Phase Two: Aggregation and Dispersal Transfer, Evading Tracking

After accumulating a large amount of funds, the scammers began to aggregate the money from the fraudulent addresses to several core addresses such as 0xb21c, 0x50be, 0x6e8d, 0xf0c5, 0xe481, and then cross-transfer and disperse them to several different amounts to intermediary addresses such as 0x14bd, 0x6029, 0x2b3f, to evade tracking.

Phase Three: Importing into Target Exchanges, Completing Money Laundering

After completing the fund dispersal transfer, the scammers washed 6,311 ETH into exchanges at opportune times. The largest inflow went to Bity Exchange with 5,958 ETH, HitBTC with 181 ETH, Tokenlon with 589 ETH.

The largest inflow was into Bity Exchange, and we have compiled the statistics of funds inflowing into Bity Exchange as shown in the figure below:

Through comprehensive analysis, we found that the scammers' tactics were not sophisticated, and their money laundering methods were not complex. However, their simple tricks led many people into the trap.

1) First, the scammers exploited people's cognitive bias towards the arbitrage principle in the digital asset market, creating a trap where transferring ETH at a high ratio would yield HT. Due to the popularity of Huobi and imToken as blockchain platforms, users inadvertently let down their guard;

2) Secondly, the scammers continuously set up fake stories of getting rich in the community, then used the psychology of wanting to profit from arbitrage to gather a super large community of over a hundred thousand people, with so-called official personnel and fake stories, attracting victims to participate;

3) Finally, the scammers used the greed of a small number of people to continuously induce and expand the amount of the scam, thereby completing the fraud process.

As the cryptocurrency industry is still in its early stages and has a certain technical threshold for ordinary users, such as distinguishing between real and fake coins, understanding the arbitrage process, etc., these types of scams will continue for a long time.Although imToken and Huobi officials have repeatedly refuted such unreliable messages, some people cannot resist the desire for wealth and fall into the trap set by scammers.

CoinHolmes reminds users to be cautious with every transaction in the cryptocurrency world. Once an operation mistake occurs, the difficulty of tracking and recovering the coins is high. To address this, the CoinHolmes team has opened a coin retrieval window for ordinary users. If you are already trapped in a scam and need assistance in tracking and retrieving coins, or if you are unsure if a project has suspicious elements of fraud, you can come to us for answers.

Furthermore, we have noticed an increasing number of scammers using exchanges as an entry point for deposit and withdrawal scams. Ultimately, the illicit funds will flow into exchanges for money laundering, which also imposes requirements on exchanges' KYT compliance. We recommend that exchanges, with the assistance of third-party security companies, verify the funds flowing in according to compliance standards. Once illicit funds are detected flowing in or out, measures should be taken promptly to block them.

Appendix:

1 CoinHolmes Digital Asset Fraud Reporting Window https://forms.coinholmes.com

2 HT Brick Moving Arbitrage Fund Statistics Table

This article is authorized by ChainNews for reproduction, article source: ChainNews (ID: chainnewscom)

Further Reading

  • 【Special】In the Era of Zero Interest Rates, Cryptocurrency Fixed Deposit Commodities We Should Know

  • Faith Does Not Interfere with Rational Investment! Adjusting Investment Portfolio, Tezos Foundation Avoids Millions of Dollars in Losses

Join Telegram now for the most accurate blockchain news and cryptocurrency updates!