Overview
Early in 2018, Proofpoint researchers observed a rise in so-called “cryptocurrency giveaway scams.” The scams often target users of Ethereum and Bitcoin and typically request that victims send a small amount of the currency in exchange for a much larger payout in the same cryptocurrency. While threat actors frequently distribute coin mining malware or engage in credential phishing for cryptocurrency wallets and exchanges, the giveaway scams represent a new tactic for cryptocurrency theft reminiscent of the “419” scams common 10 to 15 years ago. The success of this scam shows that threat actors continue to look for new ways to exploit the human factor -- and people are inclined to fall for scams that can net them hot commodities like cryptocurrencies.
Cryptocurrency giveaway scam activity appears to have peaked in April of this year, but given rebounding cryptocurrency values and ongoing interest in these currencies, we will continue to monitor related schemes. To date, we have identified a number of patterns that may be of use to those tracking this and similar activities as many actors appear to be engaging in these schemes.
The scam usually begins with a tweet or email enticing the victim to send cryptocurrency to a wallet with the promise that more will be sent back. We frequently observed these tweets originating with fake accounts designed to generate clicks and retweets. Figure 1 shows Twitter conversation threads laying the social engineering groundwork for nearly identical scams run by two threat actors.
Figure 1: Twitter conversation threads demonstrating the similarity of scams among multiple actors
A Twitter search for “eth left” or “sent 5 got 50” demonstrates the sheer number of actors engaging in these scams.
Figure 2: Fake Twitter accounts promoting their scam landing pages
Many accounts will impersonate exchanges, currencies, cryptocurrency founders, developers, celebrities, and products to try to get users to click. Below, fake accounts respond to tweets from legitimate accounts to insert themselves into conversations and confuse Twitter users who might accidentally click on replies from fraudulent accounts with the same avatar.
Figure 3: Fake Twitter accounts attempting to steal clicks from legitimate accounts
Some scammers still opt to use link shorteners like bit.ly, which currently show very low click volumes. Others may chose to use an image to show users where to go in an attempt to evade restrictions Twitter imposes on some URLs linked directly in tweets (Figure 4).
Figure 4: Fake exchange account promoting scam with image
When a user clicks the link or enters the URL from the image, they are generally taken to a landing page like the one shown in Figure 5. The template attempts to establish legitimacy by showing a number of fake transactions, falsely suggesting that large amounts of coins are being sent back to those who send small amounts of coins to the scammer’s wallet.
Figure 5: Typical cryptocurrency giveaway scam template
Figures 6 through 10 show several additional templates in circulation.
Figure 6: BTC variation on the typical giveaway scam template
Figure 7: BTC giveaway variant
Figure 8: Fake partnership variant hosted on a free webhost
Figure 9: ETH giveaway variant
Figure 10: Kucoin cryptocurrency exchange giveaway variant
In other cases, scammers do not promise rewards but instead emulate crowdfunding models, as in Figure 11 that shows a page promising to help free Julian Assange.
Figure 11: Julian Assange BTC donation fundraising variant
Others leverage celebrities or popular brands in variations on the giveaway scam (Figure 12).
Figure 12: Kim Dot Com ETH giveaway variant
Domain/IP Analysis
Although we see some IP reuse in the hosting of these landing pages, the majority of them are unique per IP. A full listing of identified domains can be found in the IOCs at the end of this report.
Figure 13: Top IP addresses hosting cryptocurrency giveaway scams
HTML Page Title Analysis
As the pages deployed are usually very slight modifications of reused templates, examining the page titles allows us to analyze variations on the scam. The most are “please confirm the transaction” and “payment request” but we also see many variations on “[Number <9999] eth left” as the title. This would likely be the most popular page title if the specific number is disregarded.
Figure 14: Most common page titles for cryptocurrency giveaway scams
Scammer Wallet Addresses
While some of the wallet addresses associated with these scams have very few transactions, some of them are growing and do not reflect the “giveaway” nature of the intended interaction. Figure 15 shows one example of a wallet with only incoming transactions and no giveaways.
Figure 15: Active scammer-owned Ethereum wallet via etherscan.io https://etherscan.io/address/0xaf223B8B73B4bA849e69cB719D061824fFc582C3
Typically a scammer will use a new wallet for each scam, but we also observed some reuse (Figure 16).
Figure 16: Repeating ETH and BTC addresses involved in cryptocurrency giveaway scam
In the case of an ETH wallet that appeared 10 times in our data, the wallet was dumped (all funds were removed) on May 5, 2018. The market value of Ethereum on that date was roughly US$830, making the stolen value worth roughly US$21,700. Searching through the wallet transactions, it appears that the actors may have better luck phishing with Ethereum as opposed to Bitcoin (Figure 17).
Figure 17: Dumped cryptocurrency scam wallet
Conclusion
An examination of the Ethereum and Bitcoin wallets associated with these scams shows that the combination of social engineering and desire to “get rich quick” has fooled many victims into sending cryptocurrency to a growing group of actors running the modern-day equivalent of 419 scams. While many actors distribute coin-mining malware, phish for cryptocurrency wallet credentials, or steal cryptocurrencies directly, others are successfully bilking victims out of hundred of dollars at a time by offering to give away large sums of Ethereum or Bitcoin to anyone willing to send small payments in advance. These are essentially the advance fee scams that made Nigerian princes a running joke, as well as a lucrative lure for early Internet scammers.
As with most of these scams, if it seems too good to be true, it probably is, but the appeal of nearly-free cryptocurrency and new approaches to social engineering, primarily via hijacked conversations on social media platforms, are proving too tempting for many users.
Indicators of Compromise (IOCs)
Domains
|
10000ether.com |
10000ether.net |
3000ethereum.online |
|
5000eth-free.kissr.com |
5000ethereum.com |
5000ethereum.info |
|
5000ethereum.online |
binance-bounty.com |
binance-eth-giveaway.com |
|
binance-give.com |
binance-promo.info |
bit-coin.vu |
|
bit-coins.cloud |
bit-coins.live |
bit-coins.name |
|
bitcoin-giveaway.com-oml.ga |
bitcoin-giveaway.net |
bitcoin-share.us |
|
bitcoincash-giveaway.com-oml.ga |
bitcoins-giveaway.com |
bitcoins-share.com |
|
bitcoins-shares.com |
bitcoinsdrop.com |
bitfinex-give.com |
|
bitmain-btc.com |
bittrex-give.com |
btc-24h.com |
|
btc-crypto-rewards.cash |
btc-drop.com |
btc-funds.today |
|
btc-get.net |
btc-give.com |
btc-giveaway.net |
|
btc-giving.com |
btc-grant.com |
btc-promos.com |
|
btc-share.com |
btc-share.us |
btc-transfer.site |
|
btcdonation.online |
btcdurov.com |
btcgifts.info |
|
btcoin-free.com |
btcoin.vu |
btcpromoverge.com |
|
btcs-share.com |
btcsecurepay.com |
btcshare.us |
|
claim-ether.com |
claim-ethereum.com |
coinbase-btc-giveaway.com |
|
coinbase-eth-giveaway.com |
coinbase-eth.com |
coinbase-give.com |
|
coinreturner.com |
coinsgiver.com |
collect.ethforyou.com |
|
com-ethereum.gifts |
confirmeth.info |
cryptocurrencies-bitcoin.com |
|
cryptosecuretransaction.com |
dragonchain.online |
entryetherpromo.com |
|
eth-coin-giveaway.com |
eth-payment.online |
eth-request.org |
|
eth-secure.online |
eth-securepay.com |
eth-share.com |
|
eth-share.org |
eth-share.us |
eth-shares.com |
|
eth-transactionssecure.com |
eth.vu |
ethbtcgiveaway.com |
|
ethc.cash |
ethc.cc |
ethc.fund |
|
ethc.gift |
ethc.live |
ethconfirm.info |
|
ether-free-promo.com |
ether-free.com |
ether-giveaway.site |
|
ether-giveaway.tech |
ether-pay.info |
ether-share.com |
|
ether-share.us |
ether-transfer.info |
ether-transfer.online |
|
ether.vu |
ether10000.win |
ether33.online |
|
etherbigiveaway.info |
etherbonus.info |
etherboosts.com |
|
etherclaims.com |
etherdrop.online |
etherdrops.com |
|
ethereum-drop.com |
ethereum-drops.com |
ethereum-eth.life |
|
ethereum-free.site |
ethereum-givaway.social |
ethereum-giveaway.com |
|
ethereum-giveaway.info |
ethereum-giveaway.promo |
ethereum-giveaway.site |
|
ethereum-given.com |
ethereum-online.site |
ethereum-promo.borec.cz |
|
ethereum-promotion.com |
ethereum-promotion.info |
ethereum-share.com |
|
ethereum-wallet.cf |
ethereum.org.give-eth.news |
ethereum.vu |
|
ethereum4free.site |
ethereum5000.com |
ethereumbonus.online |
|
ethereumdrop.info |
ethereumgive.com |
ethereumgiveaway.info |
|
ethereumgiveaway.site |
ethereumgiveaway.win |
ethereumpromo.info |
|
ethereumpromo.net |
ethereums-live.net |
ethereums.cloud |
|
ethereums.live |
etherfaucet.tech |
etherfree.online |
|
etherfree.tech |
etherfreegives.com |
etherget.net |
|
ethergiveaway.info |
ethergiveaway.net |
ethergiveaway.site |
|
ethergiveaway.win |
ethergiveme.com |
etherium-giveaway.com-oml.ga |
|
etherpay.site |
etherpays.site |
etherpromo.net |
|
ethers-free.com |
ethers-promo.com |
ethers.cash |
|
ethers.deals |
ethers.fund |
ethers.gift |
|
ethers.gifts |
ethers.win |
ethershare.us |
|
ethgive.online |
ethgiveaway.com-limited-offer.arcepa.com |
ethgiveaways.com |
|
ethn.cash |
ethn.cc |
ethn.fund |
|
ethn.gift |
ethn.li |
ethpayethers.com |
|
ethpromo.com |
ethpromo.org |
eths.bz |
|
eths.fyi |
eths.li |
ethsecure.info |
|
ethsecurepay.com |
ethtopromo.com |
ethtransfer.online |
|
event-ethereum.org.uk |
free-btcs.com |
free-ethereum.site |
|
free500btc.com |
freecoindrop.com |
freecoiners.com |
|
freecoingifts.com |
get-5000-ethereum.com |
get-5000-ethereum.org |
|
get-5001-ethereum.com |
get-5001-ethereum.org |
get-5002-ethereum.org |
|
get-bitcoin.cc |
get-bitcoin.fund |
get-bitcoin.gift |
|
get-bitcoin.li |
get-bitcoin.me |
get-bitcoin.us |
|
get-btc.gift |
get-contestcoin.win |
get-eth.online |
|
get-eth.promo |
get-ether.cash |
get-ether.fund |
|
get-ether.gift |
get-ether.me |
get-ether.st |
|
get-ethereum.cc |
get-ethereum.gift |
get-ethereum.info |
|
get-ethereum.org |
get-ethereum.site |
get-ethers.com |
|
get-ethers.net |
get-event-ethereum.info |
get-event-ethereum.org |
|
get.it-eth.com |
get3000btc.com |
geth.cc |
|
geth.fyi |
gether.cash |
gether.cc |
|
gether.fund |
gether.gift |
gether.li |
|
give-binance.party |
give-btc.info |
give-eth.online |
|
give-eth.org |
give-ethereum.info |
giveaway-ethereum.com |
|
giveawayether.com |
giveawayethereum.online |
giveawayethereum.win |
|
giveawaysbtc.cash |
givefreebtc.com |
givingawayethereum.com |
|
got-btc.com |
got-eth.com |
hitbtc-give.com |
|
johnmcabtc.com |
kkucoin.info |
kraken-get.com |
|
kraken-give.com |
kucoin-give.com |
kucoineth.com |
|
litecoin-giveaway.com-oml.ga |
more-btc.com |
myetherreward.com |
|
myetherwallet-admin.com |
paygiveaway.com |
payment-ethereum.online |
|
promo-bitcoins.com |
promo-ether.com |
promo-ethereum.org |
|
promo-ethereums.com |
promo-give-ethereum.org |
promobtc.win |
|
promoether.com |
promotionbtc.com |
quickinvest-ethereum.com |
|
reward-btc.com |
ripple-gives-btc.com |
ripple-gives-eth.com |
|
saferpayether.com |
secure-give-eth.com |
secureceth.com |
|
securegeteth.com |
securepay-eth.com |
securepayeth.com |
|
securepayeth.net |
sophiecoin.app |
start-giveaway-ethereum.org |
|
tronfoundation.gift |
trusted-ethereum-giveaway.com |
vergepromobtc.com |
|
waveswallet-free-coin.win |
webcryptopayment.com |
winethergiveaway.com |
|
zclassiccoins.com |
|
|
Registrants
|
edvinas.krivinstinas@gmail.com |
ethdrop4@eth2btc.info |
coub999@gmail.com |
|
alex912@protonmail.com |
ethdrop3@eth2btc.info |
ulyana6zmnu@mail.ru |
|
basmi.musnahkan@gmail.com |
svogunas@protonmail.com |
acegreen900@gmail.com |
|
carrospt2018@gmail.com |
ethbtcgiveaway@gmail.com |
dasdasds22@eth2btc.info |
|
icostartex@keemail.me |
omalley.minor@yahoo.com |
daynstorm@mail.ru |
|
thotrdetnx@protonmail.com |
m.gant2016@yandex.com |
brigittehayhurst12730@gmail.com |
|
smirnova.varva@yandex.ru |
florea.cristiannn000@gmail.com |
yorannic@gmail.com |
|
ethdrop10@eth2btc.info |
kingofgods271@gmail.com |
jo4n5m1t4@yandex.com |
|
ethdrop11@eth2btc.info |
luereamu32@usa.com |
|
|
ethdrop8@eth2btc.info |
shavkabon1337@mail.ru |
|
|
ethdrop6@eth2btc.info |
lidiyakoz0y@mail.ru |
|
ETH wallets involved in cryptocurrency giveaway scam
|
0x005b9f4516f8e640bbe48136901738b323c53b00 |
0x024C344DA7208e60356378a252dAb771c34Be111 |
0x04272850Ebb3d8a67c3dB7f618231328Eb2c33F1 |
|
0x06D4086CebE6533b86EFa501Be6A753A89E7D1b8 |
0x07A79A050E0DC8AbfEcB8d94A91aA0B0990abC82 |
0x07Bc847F898d370Ae6991eE9CC3aBd16797E5cfF |
|
0x07cfB04588154b06E3958b5d70408244102014D5 |
0x085f9b53aCBff0E4683463FEf1A583d299bd4e25 |
0x08f9317FbA93d532aB890F98186cF5E612470Bac |
|
0x0A9f58EE19A7131Ed031eA66a032c05C7efe965A |
0x0E6346b40713eE79047eA26200Fd0C1ffbc8B1f5 |
0x0ef6822bd6f1a2abc1ab509a355d3b2f8cc64808 |
|
0x1056d8d9EbB0E0d8710A0E2A1852d4A09d56464A |
0x11308910D641554136D618f3a1a5929cA8c481fE |
0x12ea7DF6b2fb4e5E410fB1aB4D221DD32831D7bC |
|
0x14470A79Cd23BDbc5e34ba1bE37f69Ff01F79e2b |
0x157E3A16a7e69f88A1A3626d5Fe8ca0F5f65E206 |
0x178d19884309b5770c08eeada60e0a8f3b451f46 |
|
0x1901D590f5dDBE8d58c69B324c13F884ca1d0B31 |
0x199A581E401d1A1BE78535729FBE5Fb8F349B6B6 |
0x1b8ee5cB5520ea3d12F64a8973c2A4F0cbcB1564 |
|
0x1e4C271cEc5a72fa8438ce3ce9e6F182c279C265 |
0x2276f412d2ae5dc2cdc293b0df70a8273f6f6771 |
0x2354de78614b8fc28b425fcb6e704fd2555fa4ec |
|
0x23d56797f64640e96FEaF57b7874C897b53ef0E4 |
0x28CCdB023ccf37041d851A9483Db55f6C105f507 |
0x29518969359C6a6a643D62f256202feE94e0be90 |
|
0x2A20db05eF7AB4780d0B734C1D180C7DEECFCBFF |
0x2C05D74Cd9F878b9834a50092043BDE944A60eF8 |
0x2D92D7bF172D7cA5F3Cb4D292B0Eb0ecB83b68E7 |
|
0x2da874bd07d91e71200fc9b31f54f2c316f1098a |
0x3232d99007e509D29564099c622a89e143fdc05c |
0x3614E0bba4679C95DAa45201821cD212f9164205 |
|
0x371999e7F1720b2519eD33245df55D2610D8E075 |
0x3aBC318F0bDfFA6B7acCAE1d3F9653Fb0455FcAf |
0x3Cf5b9484aB874aF65eBF7713337a03814538B0d |
|
0x408FaC2d2d3D3AC4E356aA188119F5624FD8C9f6 |
0x40949225c4a1745a9946F6AAf763241c082cb9ac |
0x40afc43212F407FA717AB3315b37b6Cb3480C23c |
|
0x41Cd1343C6e497C075b7ed1E9f003d65141833E2 |
0x4283f88552e9c999fef745a74af42e28b2432f0d |
0x439d22082F52dE606fE101D3415fAA840C7C8874 |
|
0x4454C43762a5c1b1709d5b00bc9cBa24EFEBb81f |
0x458DEa31f89D70eD1923D414E4d4A72E98AD0A4C |
0x45d6D4C1f56e51b05de3Df70f506cc52c99fC6eB |
|
0x474057ADF42f9F955e86aa1142740f9d7763e41E |
0x4800DcA78541D61e8fdF54F6DA019cA0a68bd49a |
0x48767aA31Ed667d244E194aE391D258B523C875A |
|
0x4a8264933388E0f526FEE7b5E2b8A9AD74d1a11c |
0x4a8D9B64ee9c7e058fe9c8cBF96375b02Da006E2 |
0x4ac5dc39ddddd91e336ba74f54b049db488269b2 |
|
0x5001c5348DF123464F2eBddFCe34311F0116f07B |
0x534fa29f026bdc77ba086f383e8008e6e12cc672 |
0x539b3dd0cd190402acb15152303492ee03c4a399 |
|
0x5580FB6E95230BF16AE7e2c6467D11566ed5b3Ea |
0x5951b8a84e2BB718f9C8556b76F42a1e543a81E6 |
0x5caa556D0b8Fa8622b1746BcC1211429737DCaFc |
|
0x5e2ded464a4B4Dc27EAeFDcCEde093f66EA9a067 |
0x60e6a89060B325148FE247e9E1C0d090e2764ec2 |
0x61d2402673207993C0cDa205B4EB7233f68Db3bC |
|
0x642430E36695EA0a1c3b72E61168c5E797e6b80B |
0x642430e36695ea0a1c3b72e61168c5e797e6b80b |
0x64AAF2Fd9910e9ad85dbBB695664fF8812664e10 |
|
0x65F6C0e45758526982Fa5f63AC877384ea5a91Bd |
0x67e9E95DCbBCF51010c742225402635eB3006659 |
0x6980B1D2f037a1D0cDF3d413afB96A2cA74a2D79 |
|
0x6a0e59Af84F7a9afa5708B5E43C4845b17AedAAc |
0x6C441eC1c3464eEb459894325ecDdfd0CA51e6E9 |
0x6c561b72f34Dd3727fC1A8C22c0BfE00e5cB4bF0 |
|
0x6d2c5b9a236ebf59dc2a218edc0d11fdf25774d9 |
0x6Ef4eed47f71a75216a17C781756Fe0bcF945251 |
0x70486a6267184EF6a4bf1349DFa6563C23C97DEf |
|
0x718eE443Ffdf50b30a5e8226d4Ff71E605C5cA7C |
0x71A216D9B7e5e95C2476dca19c1b6bcbe51baA7B |
0x72335af49648E35A0f885C3915e9aC8198c50054 |
|
0x73f7B2257C688677fF9Cc7BDd2D05e5076E0AE42 |
0x74f59fD3Fb42295A05975456A6cdfF4e71174Cd5 |
0x754a7657092Fd2862338fF06ce02cFc389D49E21 |
|
0x754Fb6a142eD0043937b676A067F2E367db52fA6 |
0x75946712fc2Dc9cbb325AF69BA7A94e8AAd080fa |
0x777c6aD16B303639489a38b369e423AA2c491884 |
|
0x77b4518b39585BA84cde31D46b780E56e2AFB01A |
0x7aBf92C5841dc0aA5BB167B53c32bCE381634Ed7 |
0x7aFB440df737f1AA47411E46FfBa210E76f258cD |
|
0x7C14369F68d7812C105a597Beb13FF8dA64520c5 |
0x7D922A4f7F24fFcb130c4EEAF291A6475e3e4Dd2 |
0x7E2Baea9C02AD2a7FAa6fF6a44bD76BDaE599360 |
|
0x821Efcb121B9c646dc8D5FB61E9c8ee9C30BA9e4 |
0x8408263f4f0691db34Bd7666b5Af61e19cb91B91 |
0x8658204183A0daf8592343b055E60C29A2A46E33 |
|
0x8aF1380c436fC019b8055C61d09e3Ee5F182278C |
0x8C9D135aC2778e1A7d326932AaD302e7c22c94D7 |
0x915c95415D3449212FD0991CCF5eB42864118EC9 |
|
0x92FA227D01DedeDAE2a50B9Da02413C48a872424 |
0x934f49fCF451A34026E3dFc3f26a1De01b83b509 |
0x935E0BE039b5D40aaFf0CCF1096e7cB7Eba7CFFE |
|
0x961e8b2e14E5B33a220028ea8D4007040FA7cDe3 |
0x9B76AD3435E2cBd4e08FEeA210a9972465a4748C |
0x9c55110255650462bF53fAf1db1f49B400675CdC |
|
0xa1a111bc074c9cfa781f0c38e63bd51c91b8af00 |
0xa2b2339AeE76A45EDbC10ae515fbf23323901597 |
0xa4Fe2874A4aD464A50CB72a8C0b1a6ab221A7C17 |
|
0xA51d2F78D1B9662fB28a8f33f064F0F2112b0cA9 |
0xa6048aF9Aee7A179777524A6968C20Ac0EB1f125 |
0xa62cB4bD9E69E9170a2d973AA3aECE5A1215D41C |
|
0xa8b3c9c2a45d68eb435b5f3ef6712fa50cdbd996 |
0xAba9897C9422b1C30733169D3dA7Ff83D7f23044 |
0xb0D2d2791657ce6CdF48b77A1E10F62E9b4Ee74B |
|
0xb1D9f70eFAdfdf825ea5C978aAD4F9821328Bc88 |
0xB23fB6cC17026D1Ce9cD543Cb69A023569503e4c |
0xb2Ecb86125ee401b60F8a443eea36fda8c5114Cc |
|
0xB411869ea04C9982b84Bf95d20c35C690a4f6e7a |
0xb4820dE6A82D4B0C4981b13f951f8c2b2863EaD2 |
0xb53e95a4b7c5e15a790df3a66709b2e9f1cf9e3f |
|
0xb82bFd79d5A8C0cc0d4C045633288b48A2beDdcB |
0xBD937ea45ACE22d90C4F8f7aF0545c7d3C956db3 |
0xc3a7bDb6683e989F784aE158FfF121E44173967c |
|
0xc6C33864f06fFA344DCb8Ea7e17cc4CD8c29388c |
0xc6d9d2cd449a754c494264e1809c50e34d64562b |
0xC757261913b618B7371C8ea91bec451f7c343D3D |
|
0xCC13856aC5ec565c2Ef8770a347a224351163DcA |
0xcc2307E7C0038449De57dd00621F44be815CB02E |
0xCd3Bb50eC5Ae57E47bEF5F0f5f261814d812BA8C |
|
0xD0206f494e1834A0aD76b202BEBFc916317884cB |
0xd0E45dceB9B9A3aB8bD59A989cbdbc03D1507afd |
0xd3684115C5aEc3736EB02CD835c53DCc7aD09ff2 |
|
0xD3cbC1CA0c8a22eAbDAddb4F10Ad3c3b9Dfa515a |
0xd48184C74aaec4f447a1dF2dC7276E6A0f9a0749 |
0xd52fcaf53cd3eFd7E1d484fd9cd2dd21355063e5 |
|
0xDc261F7A835C3692e22485AB2d78cbADf3842490 |
0xDC3896Be3EB4bB3B3eb2f936348E942796078920 |
0xdC49e05865F0E11bd88681A29a0bb2732E8F85b5 |
|
0xdc49e05865f0e11bd88681a29a0bb2732e8f85b5 |
0xDE4B804bFf00623046b253D9D9ce46654ab3f00f |
0xDF0C78e25F3456B7Bc6Fa26d00F94141cdb8e46b |
|
0xDfa8e0d144B1bD7B9f08Cd05A7726cC20121292f |
0xe00e1f7117a69c34694ac1815177c93491fc448f |
0xe1Fd9c35302D52809Fe5A47fd48b85B4e93A4f4B |
|
0xe2972F7b92E32162E8dD4c30B0516bAa2A24C3c9 |
0xE30ee6f6a973a07687c60BE30C1b17818BC1C2A5 |
0xE3224fA0197DE258ba065C35380d7DfD2396ec89 |
|
0xE3400442Ed7754cB2a43beCB83f801Cce1055Db9 |
0xe344e4B209E8EAbAa2A6ddd1B0Aa120B7599Af25 |
0xe3Cb256171acC2778e3080560e26b587d3187156 |
|
0xE3D69d7d66ac72Eb7330aBb7C39ED43757d50f90 |
0xe4c3dcd207ee2fd92a9394d6650d679ef4f177fc |
0xe7AA67c33433b565Cff97BA3003100AC3C644D48 |
|
0xe87d279d090df4ba19c0e19958d9ac61be5c6909 |
0xEB85b4777698c0f41168087cD8d43A2FdEF37BdB |
0xEcc2AeA9C7C94C9b7373Cf5C34E6A27Fef62E475 |
|
0xEd51c3c2fb6E6965aEd7beeC167B0596dc36116D |
0xEE79dCfD0EED41DD717418aEd0Ce90B5ef8D7304 |
0xeeee02329c0f38f5d6aa6cee6237a57153bcd7c0 |
|
0xEF06a8A8Bc94A5b04e59C5c9238CD2D831ba53b0 |
0xF36AdA915355Aa0E2c11a5E021172E1451b5A33C |
0xf3cefe57b4716e11a8c16dd76b73ef0ca707c50e |
|
0xF42788CBBdb00a32a981355ec5b9143b3C639c74 |
0xF487d016B2EA5beBdeeA03fA12AdCAB51237bc25 |
0xf51b4021c6F1aF31f44Bf575188986E733A971Fe |
|
0xf6238cBC1b74b183E54d63A555f867bAA00D92dF |
0xf6f7CAc4adEf7E448cEf8FCEb14032e6E55A0dfA |
0xf7355cb5278fc4be2f53ce373f7cd9b543d042a1 |
|
0xf8178B379Ec4Fd758230D28c55c89c064708DFE5 |
0xF87c1c2Ec85ABB5c3bc5a951078B0D2594Ae6Bf3 |
0xfbb62df5cbc8d0bc4c2a0e5c53b8602d49471495 |
BTC wallets involved in cryptocurrency giveaway scam
|
112PxfMQds51WdAh3FCRXChS6kVXqw2qfM |
124H2inWtxd1aFvPsFN3gDB2nFuEDbX11S |
13eqoBzsnvYL4Q4uEjYdgvxXRA3yzp9DVM |
|
14h4Zrd1xVg6Mj3JcYApoi2wY2UXue2ETb |
14Sfnn3jveSPvZgHcpG7c15m58sM4KeAqD |
16m1NSpabAD1FJdfDc5oBYN5swX1DCDKo2 |
|
17mNEsTU6Gmqxf2a2oMv1Ue7gAWi28ief5 |
17mS1NbtDmrmwaomLFG7dQt2w2oDmnaXhc |
17SSsp1q9NAMPDkgbQbUkAMYQZV8hgCsia |
|
17YYbFvjutzWFvbkm8mkCRy53gXniwu38g |
18PEMazZ34wBGVxkvw4GqARhRxJjTKGVR5 |
18wkt91RjWRH3pqokfdvoMxUgyS7KHmJuj |
|
19ccw2te91ztpjnpWuQNkTcGgniktBLRum |
19e1VbMwBPHyppF78BHXEkKo4cJc5udbut |
19FcBPi7q36zNp9unfGWURVUMtMiSqn2cf |
|
19zfbrhYeFVDcCrDsdpKj3WGCD6KvJbzt7 |
1AYS5sCGJ6U2zgS89rpAug2DdLYogoSGjB |
1CB5oeQ5cSPhdQWcRnd9pNm7jSSqqEMBXu |
|
1CdWXJeyNt5L14kUJDWPBHVFUpDjsQqEig |
1CwTj63YAfmJa7t2RFwfByjbvBhaCmwfJF |
1D3h6oUtRW36CZWp5cvKb8uQJuR2jZ4bNB |
|
1Edm4cKtkw8brihC1GL9fbqEcfixBRnCpw |
1Edm4cKtkw8brihC1GL9fbqEcfixBRnCpw5 |
1GxaDPhN6BZtdJLaerKACCs192YcXiEPv8 |
|
1HxN8i1dNX1ngUWFUM7rBsEfGoCWNgxD9Z |
1ioneizgqnUKyec62roYYrkLkpvhmAKsh |
1JMb25PvkjnFaTxmzXU93Le1ZdbhJe2JVn |
|
1Kh6xPwFsL7mTLSx8R8d2Kgu6WRhWH3Hqa |
1LW3j8EJtur3wUBkA47Bs3cFD9FKwijiht |
1N2GSugUiQ9bgG94YFhexLqdEXrLZ9CQXa |
|
1NCgEAK5zoDx6xcFauE6UM8B3Q8QkbVrc |
1T1Ez8umTevsRCihp6FPhwNdrnUT4bpZZ |
375rxyR39sH7nanwV37CrAZCaisXtXh777 |
|
37762eEWdPaQKguMMaH5XGtjzgLzTXohfq |
3JR5Ez6hLHzveoRNpWi49u5XAEHkyTCLM4 |
3MxFfngoJg1LkurYx6z3GvyNSYG1hoKR9r |
|
3NePzRpuYMRhxE6nW5jrr25PZkzTyTgZm2 |
|
|
IP addresses
|
104.219.248.27 |
104.236.252.26 |
104.24.104.152 |
|
104.24.105.34 |
104.24.122.135 |
104.24.96.79 |
|
104.27.139.55 |
104.27.140.92 |
104.27.150.199 |
|
104.27.158.216 |
104.27.163.171 |
104.27.168.198 |
|
104.27.169.198 |
104.27.170.210 |
104.27.191.24 |
|
104.28.20.40 |
104.31.69.209 |
104.31.71.5 |
|
104.31.72.174 |
104.31.81.78 |
108.178.54.58 |
|
109.234.157.59 |
111.90.149.124 |
112.175.184.66 |
|
112.175.184.69 |
112.78.1.121 |
124.158.12.21 |
|
128.199.78.187 |
144.208.125.125 |
144.217.165.158 |
|
145.14.144.105 |
145.14.145.119 |
145.14.145.168 |
|
145.14.145.45 |
145.14.145.63 |
145.249.105.165 |
|
146.71.86.197 |
156.67.222.136 |
156.67.222.142 |
|
160.153.198.108 |
162.144.51.201 |
162.144.83.154 |
|
162.210.102.230 |
162.213.253.83 |
162.255.119.215 |
|
166.62.10.224 |
172.82.148.100 |
173.255.251.230 |
|
176.31.40.183 |
185.175.208.217 |
185.207.206.136 |
|
185.209.21.23 |
185.217.94.158 |
185.217.95.144 |
|
185.221.200.139 |
185.224.137.112 |
185.224.137.128 |
|
185.224.137.131 |
185.224.137.173 |
185.224.137.209 |
|
185.224.137.211 |
185.224.137.55 |
185.224.137.67 |
|
185.224.138.30 |
185.61.137.36 |
185.61.152.24 |
|
185.61.152.29 |
185.61.152.69 |
185.62.189.36 |
|
185.64.219.5 |
188.165.2.51 |
188.241.39.10 |
|
192.157.231.100 |
192.186.220.5 |
192.64.119.107 |
|
193.233.15.122 |
195.161.41.141 |
195.208.1.106 |
|
195.208.1.108 |
198.144.157.169 |
198.185.159.145 |
|
198.187.29.19 |
198.187.29.20 |
198.23.57.183 |
|
198.252.108.77 |
198.54.116.142 |
198.54.116.149 |
|
198.54.116.177 |
198.54.116.23 |
198.54.126.124 |
|
198.71.232.3 |
199.79.62.93 |
206.189.161.71 |
|
207.246.90.126 |
208.123.116.168 |
208.123.117.186 |
|
208.123.117.80 |
209.205.209.34 |
212.193.246.199 |
|
212.193.248.210 |
212.193.251.188 |
212.193.251.204 |
|
212.8.242.158 |
212.8.242.159 |
216.158.236.123 |
|
217.107.34.41 |
31.131.16.175 |
31.131.18.85 |
|
31.131.22.224 |
31.170.161.45 |
31.170.161.83 |
|
31.170.161.96 |
31.31.196.134 |
31.31.196.160 |
|
31.31.196.58 |
34.201.34.142 |
35.199.185.63 |
|
37.140.192.197 |
43.255.154.26 |
45.33.32.145 |
|
46.101.33.163 |
5.101.152.175 |
5.189.146.107 |
|
5.189.175.165 |
5.196.105.25 |
67.205.178.158 |
|
68.65.122.50 |
68.65.123.230 |
68.65.123.231 |
|
80.211.14.136 |
80.211.9.223 |
86.104.15.67 |
|
86.106.93.230 |
91.217.9.130 |
91.217.9.216 |
|
91.227.16.128 |
93.157.63.185 |
93.186.251.18 |
|
93.189.4.38 |
94.102.60.3 |
94.138.197.170 |
|
94.156.175.8 |
94.23.163.222 |
|
Subscribe to the Proofpoint Blog