Popular on-chain sleuth ZachXBT has unmasked another crypto scammer responsible for stealing millions of dollars in digital assets using sophisticated phishing attacks.
The thief’s targets included the discord services for DeFi projects such as Orbiter Finance and Pika Protocol.
Impersonation and Confiscation
In a Twitter thread published on Monday, ZachXBT explained that the attacker, Soup (aka Dan) enacted his scam by impersonating Luke Hamlton – an employee for the crypto media outlet Decrypt.
In collaboration with other Scammers, Soup lured members of various crypto project teams into joining a fake Decrypt Discord server. He then tricked them into submitting KYC information as part of a fake application and interview process, only to later embed phishing attack in an “elaborate attempt to steal their Discord token.”
2/ Soup creates fake @decryptmedia websites and poses as Luke Hamilton (a real Decrypt employee)
He works with other scammers to approach team members of crypto projects to trick them into joining a fake Decrypt Discord server in an elaborate attempt to steal their Discord token pic.twitter.com/Oe6mX2zFk1
— ZachXBT (@zachxbt) July 17, 2023
A Discord token is an alphanumeric string acting representing a user’s login credentials, giving them access to any servers they own or are a part of.
The scammer compromised the Pika Protocol Discord server on May 30, 2023, posting a malicious link in the announcements channel, allowing them to steal $220,000 in crypto. In a private DM, Dan admitted to receiving 15% of the scammers’ profits.
The following day, the scammers attacked Orbiter Finance, using a malicious link to steal another $760,000. Soup confessed to receiving 30% of the stolen funds, of which 7.5 ETH was identified in one of his known addresses.
Soup spent some of the proceeds from his crimes on exclusive five-figure Roblox items.
ZachXBT added that Soup was involved in the theft of Mutant Ape Yacht Club (MAYC NFT #21080 last year. In collaboration with his scamming partner, Faint, the two minted a fake MAYC and offered to trade it to a victim for the real MAYC, which the victim accepted.
Soup also stole Cryptopunk #6983 in January of this year.
“Soup admits to having profited $1M himself while his partners have profited even more,” wrote ZachXBT. “He seems to show little remorse for his actions after financially harming projects and people.”
Connection to Blue
ZachXBT was able to track down one of Soup’s addresses after the scammer accidentally revealed it when proving that the ENS address purplelobster.eth was controlled by Blue – another scammer exposed by ZachXBT last week. Blue sent soup $25 worth of ETH at the time.
Blue, a former YouTuber turned NFT scammer, also had connections to Monkey Drainer, known for stealing over $24 million in digital collectibles and boasting about his thefts online. In some of his recent phishing attacks, Blue took, over $200,000 in crypto and NFTs from addresses yancy.eth and LoveMake.eth.
“It’s disgusting to see these phishing scammers show zero remorse and spend the funds on tasteless items,” said ZachXBT at the time.
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO50 code to receive up to $7,000 on your deposits.
Credit: Source link