24-year-old Arjun Shah from Australia lost more than $14 thousand dollars worth of Dogecoin to an online scam. There’s not much hope for him to get the money back, and yet Arjun wants you to read his story and learn from his mistakes.
The crypto world lures people in with promises of high returns and decentralized market space. However, it also comes with greater risks and the end-user being responsible for his own decisions. Therefore, caution and careful examination of the investment opportunities are a must for any crypto investor.
Arjun invested and traded crypto for roughly two years when he came across the coinskale.com training platform in July 2021. He had just joined Reddit and kept looking for some advice in the community on where to invest his money. Arjun trusted Dogecoin community members as they always seemed helpful and easy to relate to.
Then one day, a Reddit user calling himself Brandonjunsim (account no longer exists), contacted him personally and recommended using coinskale.com, supposably the greatest platform to invest Dogecoins. Arjun assumed that if a scammer was present on Reddit, he would have been busted a long time ago, so Brandonjunsim’s advice didn’t raise any red flags. They started discussing Dogecoin and the best platforms to invest and stake crypto.
“The Reddit user recommended using coinskale.com and said it’s the best one to stake/invest Doge for returns. I was interested in coinskale.com from the idea of staking Doge,” Arjun explained. Only he was not aware that Dogecoin could not be staked. Staking refers to rewards for holding specific cryptocurrencies. Doge is not one of them.
Arjun looked for some information about the newly recommended platform and found nothing that would raise concern.
“Coinskale.com had the logo of PayPal and other companies on the front page. I thought it to be trustworthy due to seeing a fake article on Issuewire.com about coinskale.com. I read reviews on Trustpilot and did not think anything was wrong. It was all five stars at the time. I wanted to stake Doge, and this website seemed like a hidden gem to do so,” Arjun said.
And so, on July 21, 2021, he made his first transaction on coinskale.com - 2,958.339 Doge (then worth $569.90). The trading platform showed his balance immediately, and so Arjun proceeded with the second transaction, only a much bigger one this time, and sent another 70,996.468 Doge ($13,676.90) to the platform.
“When I did the second transaction, it took a lot longer to update the pie chart, and I noticed I sent over $500 more than I intended. The website only shows what you say you put in, not the full amount sent to the wallet. So I opened a ticket for help and asked where the rest of the balance was, whether in Doge or dollars. There was never a reply,” Arjun said.
The website soon went offline, and a Reddit user, who recommended the “hidden gem” platform, blocked Arjun.
Arjun sent Doge to the following wallet: DAx7mDmM4yx5247nXYotybrvbm5WaNEywM. According to BlockChair, this wallet now has almost 74k Doge worth around $19 thousand at the time of writing this sentence. The wallet has not yet been reported to bitcoinabuse.com as associated with malicious activity. However, Arjun noticed some information about Coinbase in the transaction block and asked the company to look into the wallet.
“Thanks for bringing this to our attention. Having investigated the issue, we are working with a specialist to address it properly. We will follow up with you as soon as we have an update,” Coinbase said in an email to Arjun in the middle of August. He has not received any follow-up from the company.
Arjun has also reported coinskale.com to its domain provider, and it is now suspended. Some positive reviews had disappeared, although you can still find their cache on the internet. Arjun has also reported the scam to the police.
But the story does not end here. Soon afterwards, Arjun was contacted by refund-expert.com - a company which supposedly provides legal services for scam victims.
“They told me my money is stuck in bitcoin on trust-pocket.org and I need to change the password for the account which they have already made for me,” Arjun said. They claimed they were trying to help Arjun get his money back.
According to Whois, refund-expert.com was registered eight months ago. The website might look legit from the first look but once you start digging into it, it is easy to spot some signs of a scam, too. For example, this man in the picture below seems to be the company's representative but, using the reverse image search, we found out this is a stock photo of a businessman. The same goes for the alleged team of the company - William Stephen, Darcy Alec, and Daniel Dumbeldor.
And just take a look at ‘what people say’ about the company section.
“Refund-expert.org said they don’t have anything to do with trust-pocket.org, and the scammers have chosen trust-pocket.org as their wallet,” Arjun said. ‘Experts’ tried to trick Arjun into sending 3,7% of the total amount held in the wallet to verify the account, but Arjun didn’t follow through, suspecting the same threat actors being behind both scams.
How can you tell it’s a scam?
Coinskale.com is no longer online, but the information that we found signals quite evidently that it was created for scam purposes.
We used The WayBack Machine to look into the copy of a scammer website.
"We are a top earning platform that earns interest weekly on your crypro. there are no hidden fees no minimum balances. Get On The Ride," the front page reads. Any cybersecurity expert will assure you that poor grammar is the first clear sign of a scam.
It claims to be founded by Magnus Olav in 2017, Oslo, Norway: "When Magnus Olav first started out, with his goal of "Helping achieve Financial freedom" and also provide fair and transparent services that have been abandoned by banks - fair interest, zero fees, and lightning quick transactions which drove them to start their own Investment Management Algorithm."
The search for Magnus Olav is inconclusive. The contact page gives the address in Oslo - Akersgata 42, 0180. The place is located in Regjeringskvartalet - a collection of buildings situated in the center of Oslo, housing several offices for the Norwegian Government. The company has very little social media presence - a Twitter page, created in 2018, with as few as 24 followers, and tweets and replies, such as "Im 20 and still a virgin too".
According to Whois, the coinskale.com domain was registered in June 2021 by someone in Reykjavik, Iceland.
Here's what the Scam Complaint Registry says about it: "Coinskale is an unverified crypto broker with nothing but a trail of negative feedback." Scam News Channel has also listed it as a crypto scam.
CyberNews reached out to experts to see whether there's any hope for Arjun to get his money back, as well as for some investment tips for those excited about crypto.
Little hope to get the money back
"Unfortunately, there is a low possibility that the victim will get his money back. The crypto world offers great opportunities to ethical investors and, at the same time, is a great place for hackers, scammers, and other malicious actors to steal users' money without facing any punishment," Evgenia Broshevan, a co-founder of a global security ecosystem Hacken, told CyberNews.
According to her, law enforcement agencies do not have enough expertise and delegations to investigate these cases effectively in most countries.
Vygandas Masilionis, CEO of Lossless, also believes that law enforcement will not always help. Usually, it does not have enough competence to follow the trail of the cybercriminal. In most cases, intermediaries such as coinskale.com either leave no contact details at all, or provide inaccurate ones. Theoretically, it is possible to trace the transaction to its final destination, but those addresses are not associated with an identity of a person.
"The victim, theoretically, can try to trace the transaction - look with what other addresses, protocols, and exchanges it was associated with before. Suppose the cybercriminal has made a transaction from that address to a centralized exchange, which does KYC (know your customer). In that case, the victim can call that exchange with all the evidence and ask to suspend the cybercriminal's account and seek police help to get in touch with the cybercriminal," he told CyberNews.
In this case, it seems that Arjun chose an unreliable intermediary. Such scammers usually lure people by the promise of fast and high returns for users investing in cryptocurrency.
Coinskale.com, cached by The Way Back Machine, used to offer three different investment plans - Basic (4% profit paid weekly), Gold (8% profit paid monthly), and Platinum (15% profit paid quarterly). At this moment, there's no possibility to learn how it works. And probably, there's no need to anymore.
"In case you got scammed, you should immediately notify other users who are likely to fall victim to this incident,"Broshevan said.
And that's what Arjun did - he warned other users on social media about the scam, informed the domain provider, as well as the police.
"If you used the scamming website that was the imitation of a real one, please inform the company behind the real website of this scam attack so that it will share this information with other users to prevent further dissemination of the scam," Broshevan said.
As the crypto field is not regulated in many countries, the power of police when investigating such cases is low. However, it is still better to notify them instead of staying quiet.
One of the most important steps for you is to provide information about the scam (such as wallet addresses, contact info of scammers, etc.) to relevant resources. For example:
* You can report malicious wallet addresses to Etherscan or contact Crystal Blockchain to describe the incident.
* Report a phishing website to specialized resources such as Google Safe Browsing or ESET.
* Report phishing social media pages directly to their chosen social media platforms by following the reporting procedure specified by each media. For example, use [email protected] for Telegram phishing cases or report a phishing page on Twitter.
* Send a complaint about a phishing website to a Registrar of the original website, stating the IP addresses and registration dates of the phishing website and the original website.
"There is a chance that the stolen assets will be blocked before a malicious actor withdraws them. Also, many reputable crypto exchanges cooperate with the projects working on preventing money laundering and other malicious activities in the crypto world," she said.
How to invest safely
Do not trust strangers. That’s what grown-ups tell kids, but are you any wiser? In most cases, malicious actors are the first to contact you. On the other hand, according to Broshevan, legitimate market players and ethical actors provide information mostly upon users’ requests.
Poor grammar is another red flag, both Broshevan and Masilionis agreed. We’ve already learned that Coinskale checks this box, too.
“Check whether there is a padlock symbol in the address bar and whether the data you provide to this site is secured by encryption (URL contains HTTPS),” Broshevan added.
Inspect the website’s content further. Low-quality images and non-meaningful text blocks might be another indicator of a phishing website since malicious hackers are not interested in creating a high-quality website.
Use the Whois service to see whether the website in question is well-established. It indicated that the coinskale.com website existed only for about two months.
“Many pop-ups may also be the indicator of a phishing website. You should also look for trust seals placed on a website. Trusted websites often contain trust seals issued by reputable third parties,” Broshevan explained.
Masilionis suggested looking into the CEO and the whole team of the project you want to invest in. It’s helpful to check their profiles, learn about their competence and experience, even contact them to make sure they are up for the task. It’s also essential to check if institutional players, such as crypto funds or business angels, are investing in the project and are reliable market players. They don’t invest their money at random.
“For crypto transactions, you should always use well-established platforms. Its information, such as turnover and employees, should be publicly accessible (if the platform is centralized). For decentralized exchanges, you should also check their turnover and activity using defipulse.com or defillama.com,”Masilionis said.
Also, check if the project has any partners and has ever been audited by a third party.
Anyways, the crypto market is booming, and no matter what project you choose to invest in, do your homework properly.
While banks are more conservative, crypto exchanges are accessed worldwide, and their pressing challenges are to be up to date and transparent. These exchanges are hacked constantly.
You should check whether the exchange platform is certified (cer.live) and its cybersecurity rating.
“You should also check the information on how they process your data, what they do for security, do they do external audits, do they have bug bounty programs, how they work with ethical hackers, do they have some insurance,” Broshevan suggested.
For instance, Binance has a special insurance fund designed to cover losses. Gemini, Coinbase, Crypto.com, and Robinhood claim to have also ensured the safety of assets.
More from CyberNews:
Subscribe to our newsletter