Fake Crypto Giveaways Steal Millions Using Elon Musk Ark Invest Video

Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube.

The scheme is the old “double your investment” trick that promises to pay back double the amount of cryptocurrency the victim sends to the scammer.

Fraudsters have won more than $1.3 million after rebroadcasting an edited version of an old live cryptocurrency panel discussion with Elon Musk, Jack Dorsey and Cathie Wood at ‘The ₿ Word’ conference. ‘Ark Invest.

In the past, scammers have used other Elon Musk-related videos, including SpaceX launches or Tesla videos, to successfully promote fake giveaways and steal millions of dollars doing so.

Simple operation

During a quick search, BleepingComputer discovered that nearly 10 YouTube channels had posted the discussion, albeit in a smaller format edited to include additional material that promoted the scam, including the link to the site. Fraudulent web of crypto giveaways.

Our findings are just a snapshot of the entire program, which we have watched unfold since March. However, there are reports that this dates back to January and nets the scammers $400,000 in just seven hours.

Security researchers from cybersecurity firm McAfee were also monitoring the scam and released a report on Thursday in which they identified 11 fraudulent websites.

Fraudulent websites hosting a crypto scam
source: McAfee

McAfee updated the post the next day saying the number of such websites had grown to 26 in just 24 hours.

“YouTube feeds advertised several sites that shared a similar theme. They claim to send cryptocurrency worth double the value they received. For example, if you send 1BTC, you will receive 2BTC in return” – McAfee

However, these websites pop up every day and the scammers generate new wallets to receive funds from gullible cryptocurrency users. Here are a few that BleepingComputer and McAfee found

ake2x[.]org
arknow[.]org
teslabtc22[.]com
musk-official[.]net
arkinvest22[.]net
tesla-eth[.]org
2x-musk[.]net
elontoday[.]org
teslaswell[.]com
2022ark-invest[.]net
elonnew[.]org
twittergive[.]net
22ark-invest[.]org
elonnew[.]com
doublecrypto22[.]com
22invest-ark[.]com
2xEther[.]com
teslabitcoin[.]org
tesla-2x[.]org

Some of the sites in the table above are still operational. The list is far from complete as scammers continue to create new websites promoted in new feeds carrying a modified version of cryptocurrency discussions.

The researchers said the sites promoted in the videos tricked visitors into thinking others were sending cryptocurrency and had received double their “investment,” showing a chart with recent transactions as evidence.

To create the fake table, the crooks used JavaScript code that generated a list of random cryptocurrency wallets and paid amounts.

Fake table with cryptocurrency transactions
source: McAfee

stolen money

Below is a list of Ethereum and Bitcoin wallet addresses and the amount stolen by scammers using the Ark Invest cryptocurrency scheme:

Bitcoin:

bc1qz50pclcp7a7wl0au2m4rkleaxl7wryktmsy9sk (Value: $0)
1HBt1KrtWMSkjgGzuvTEPsePk24ChoQ33t (Value: $4,632)
1A4GEKCKrRhjgsNCQfRaGmbZVPW8qsxfwW (Value: $29,706)
bc1qcawgs6gpmqyx35c0a0yldhak7ggagwxdpget7e (Value: $16,933)
bc1qc66cl4eap9d0r3fmydwxufa0yk6natdv72qe87 (Value: $19,439)
bc1quu3ltey8vndcx6ma9zukazyffsw50hz8s4zhrw (Value: $20,983)
1DU2H3dWXbUA9mKWuZjbqqHuGfed7JyqXu (Value: $0)
1Q3r1TzwCwQbd1dZzVM9mdFKPALFNmt2WE (Value: $41,219)
17XfgcHCfpyYMFdtAWYX2QcksA77GnbHN9 (Value: $49,311)
1GLRZZHK2fRrywVUEF83UkqafNV3GnBLha (Value: $5,787)
1NKajgogVrRYQjJEQY2BcvZmGn4bXyEqdY (Value: $0)
1DU2H3dWXbUA9mKWuZjbqqHuGfed7JyqXu (Value: $0)
bc1qas66cgckep3lrkdrav7gy8xvn7cg4fh4d7gmw5 (Value: $11,846)
18wJeJiu4MxDT2Ts8XJS665vsstiSv6CNK (Value: $119,147)
1CHRtrHVB74y8Za39X16qxPGZQ12JHG6TW (Value: $4,790)
bc1qdjma5kjqlf7l6fcug097s9mgukelmtdf6nm20v (Value: $0)    
1EX3dG9GUNVxoz6yiPqqoYMQw6SwQUpa4T (Value: $95,974)

Ethereum:

0x7a619530988a266fd39a4acccc5315d90c9544aa (Value: $36,449)
0xa15ebabdda7b5401d642893b843cf94be2293172 (Value: $16,311)
0xb8e257c18bbec93a596438171e7e1e77d18671e5 (Value: $25,209)
0xac9275b867dab0650432429c73509a9d156922dd (Value: $0)
0x7007fa3e7db99686d337c87982a07baf165a3c1d (Value: $9.16)
0x436f1f89c00f546bfef42f8c8d964f1206140c64 (Value: $13,377)
0x9b857c44c500eaf7fafe9ed1af31523d84cb5bb0 (Value: $70,602)
0xbd73d147970bcbccdde3dd9340827b679e70d9d4 (Value: $57,573)
0xac9275b867dab0650432429c73509a9d156922dd (Value: $0)
0x12357a8e2e6b36dd6d98a2aed874d39c960ec174 (Value: $0)
0x2605df183743587594a3dbc5d99f12bb4f19ac74 (Value: $11,468)
0x18e860308309f2ab23b5ab861087cbd0b65d250a (Value: $14,766)
0x5081d1ec9a1624711061c75db9438f207823e694 (Value: $4,029)
0x820a78d8e0518fce090a9d16297924db7941fd4f (Value: $63,301)
0xcaaa38911bfe60933e39acbb59f0ba8dda491331 (Value: $18,929)
0xdbb8c934650bd1a88b4ba12f4acb042d9a8a0cbe (Value: $43,604)
0x2d18a797b68a4f0bf15f21b55e76e2367a716942 (Value: $64,585)
0x24310fb34afccbe29f80c46b4b5e17601bf11c56 (Value: $16,778)

The sums received may seem small, but it is money considering that the whole operation requires little effort and technical skills. Once the video is up and the site is up and running, the fraudster just has to wait for the victims to transfer the digital coins.

McAfee claims that the wallets listed on the malicious sites they found recorded a high number of transactions which amounted to $280,000 worth of cryptocurrency on May 5.

The next day, that combined value jumped to $1.3 million. The largest wallet had over $90,000 in Bitcoin from 13 transactions.

YouTube channels

According to BleepingComputer’s own research based only on a brief analysis of all running scam videos, scammers stole another $100,000 today.

BleepingComputer has found nine YouTube channels luring cryptocurrency users to scam websites at the time of this writing. The name of almost all included the chains Tesla, Elon Musk, Ark Invest or a combination of these.

Interestingly, some of these channels promoting a cryptocurrency scam website have a large following, between 71,000 and 1.08 million subscribers.

In most cases, the subscriber counts of these channels appear to have been artificially inflated to add credibility to the videos promoting the scam, since they have no other content available.

YouTube channels with many subscribers promoting cryptocurrency scam

As of this writing, some channels have removed the edited video from public access by deleting it or restricting it to paying members.

These types of scams seem to be extremely common, with YouTube chasing them every day but not fast enough. From what we’ve seen, there are currently at least 40 such videos.

BleepingComputer has found that these live streams run multiple times a day and get deleted once they’re done.

Cryptocurrency users are a constant target for threat actors, who are looking for new ways to trick victims. Although the promise of doubling crypto assets is an old trick, it still seems to be lucrative.

In the past, scammers have used other Elon Musk-related videos, including SpaceX launches or Tesla videos, to successfully promote fake giveaways and earn millions of dollars doing so.

John C. Dent