Anatomy of a crypto/banking scam
The target: Fund Nation
While browsing the Internet, I came across a relatively classic crypto scam that represents this increasingly common type of trap.
But since not every trap is perfect, let’s see what gives it away.
At first, the website is pretty well-made, it has all the components we are used to: homepage, about page, login and registrations buttons, animations…
We also have an address, with a registration number that seems valid.
spoiler: those informations are fake (see next parts for more).
What is it about ?
This company invest your crypto for you. You send them Bitcoin, Ethereum… and they give you a (huge) share of the profits.
Of course, none of this is true, let’s see why.
What betrays it
First off, the website is listed on numerous financial markets authorities as untrustworthy, indicating that this company isn’t authorized to perform crypto trading in your region.
When dealing with financial services, always check your local resource to make sure the entity is legitimate, but often, other sources are needed because it takes time for a government authority to list a site as fraudulent.
- Crazy returns 📈
The first and major thing that tells you to run away from this platform is the stupidly huge return amount from your investment they promess.
Compare it with other platforms. There’s a catch. You can’t expect that, even when crypto is quite volatile.
Too good to be true ? YES.
- Bad I.T handling 👎
While trying to register for an account, some details should warn you about the amateurishness of this platform.
When creating an account, the sending email for confirmation comes from the admin address, something clearly not usual and trustworthy.
Confirmations are automatic processes, coming from emails like “noreply@” or “confirmation@”…, an admin email is very sensitive and using it to deal with registrations is an evidence of a blatant lack of security.
Inside the confirmation email, we see all of our account information. I used a temporary email as the password to check for proper validations (that is not there).
Giving the password in plaintext is more than bad, indicating that passwords are not hashed, and maybe stored in clear text, so the database owner can retrieve them and take over your account when he wants.
This is a major security concern, not a single website should do that.
Now, that’s a lot of evidence of the platform’s lack of seriousness. (And that’s just the beginning…)
- Telegram for support ☎️
The platform also used Telegram for support (has been changed since a few months), it’s also a red flag as Telegram is often used for illicit activities.
Rerverse image don’t work with this person and no other “Roy Percy” online profile have been found, it’s probably a legitimate person that has been impersonated.
Think of it, why a company would use Telegram for support instead of a centralized platform such as Zendesk or even email ?
Moreover, this profile does not even correspond to Fund Nation support…
- Fake company 🏚️
The address corresponds to an IRCC office, and has been used by other crypto scams websites (can’t confirm if they all are from the same group/person.).
The registration number is also put forward as a proof of trust, except that this is not the case at all.
A simple search on the Canadian Business Registry shows that the number does not belong to the same company.
In fact, it could belong to the same person who owns Fund Nation, and reuses the number at will, running an “undercover” operation but I can’t confirm that from now.
So, there are strong doubts that it is false, and in doubt, we say “no”.
- Fake humans 👽
On the front page, a video is shown of someone working for Fund Nation, explaining the platform for newcomers.
I would put my hand to cut that this person is an actor, which would be legitimate for most ads, but here, the bad-ish greenscreen and the dialogues seems off.
The most popular platform to recruit for small gigs is Fiverr, where thousands of creators sell their services.
The actor is certainly working legitimately, and has no idea he’s part of a scam.
After refining my research to match this actor face, I found his profile, which clearly corresponds to the person in the video :
But that’s not all.
Another picture is shown on the website, with all the (supposed) employees.
They all wear masks, too bad, we can’t identify them (?)
There is another way to show that this photo is fake…
Using some tools to analyse the errors behind the image, we see that the logo as been added to a legitimate picture, as it does not match the same lighting environment.
Analysis of the blockchain traffic
The platform often reuses the same addresses, which can be tracked for transferred funds.
In itself, the sums are not huge, however, a police authority could contact the victims but also the (legitimate) exchange platforms to unmask the owner(s) of the addresses in order to stop this scam.
Conclusion
All these steps have demonstrated the problems related to this kind of platform, which at first glance seems rather convincing, but after some research (and OSINT!), proves that few things make sense, so we might as well not fall into it and regret not seeing our money anymore.