A scammer or group of scammers have used a fake phishing version of the crypto exchange HitBTC’s website to steal some $15 million worth of crypto.
According to a Twitter thread from crypto compliance firm MistTrack, the phishing website that was used looked almost identical to HitBTC’s real website, except for a minor difference in the URL, which was hitbt2c[.]lol instead of hitbtc[.]com.
The stolen assets include Bitcoin (BTC), Ether (ETH), Tether (USDT), and other cryptocurrencies, MistTrack said in the Twitter thread, where it also outlined how the entire scam website worked.
Once users click “Approve” on their browser-based wallets like MetaMask while on the phishing website, the hackers can potentially get free access to all of the users’ holdings, MistTrack warned.
In the Twitter thread, MistTrack also identified four crypto addresses that it said belonged to the scammers, with one of them being a Bitcoin address, two being Ethereum addresses, and one a Tron address.
At the time of writing, the Bitcoin address did not contain any funds, but has since its creation in July 2022 transacted more than 400 times and received over 52 BTC, worth some $1.4 million by today’s price.
The Tron address contained 242 USDT received in a single transaction, while the first Ethereum address contained a few thousand dollars of stablecoins after having transacted for millions of dollars with many different ERC-20 tokens since its creation in June 2022.
The last Ethereum address listed by MistTrack has so far not recorded any activity.
The large number of transactions to and from some of the wallets suggest that they have been used extensively for illicit purposes for close to a year now.
In total, approximately $15 million have been received
Read more on cryptonews.com