X2Y2 Phishing Scam, Around $200K Stolen

Key Takeaways

  • Hackers have used Google advertisements to make the scam URL precisely the same as the actual website and have stolen around 100 ETH, i.e., 200K USD.

Here is an example of a scam URL that hackers use.

X2Y2 Phishing Scam, Around $200K Stolen

After clicking on the Google Ad, We will be redirected to one of these phishing sites. Below is the same screenshot of multiple phishing links.

X2Y2 Phishing Scam, Around $200K Stolen
X2Y2 Phishing Scam, Around $200K Stolen

When users visit this site, it immediately asks us to connect our Metamask wallet. Below is the same screenshot of the MetaMask pop-up.

X2Y2 Phishing Scam, Around $200K Stolen

Twitter User Serpent has found that there were multiple phishing contracts, but they all led to one wallet. Below is the same screenshot by Serpent.

Multiple Phishing Contracts
Multiple Phishing Contracts

After searching the wallet address, Serpent has found one Twitter post, which is now deleted. Below is the same screenshot of that Twitter post.

Scam Fundraising
Scam Fundraising

This address belongs to the NFT project called “Px Skull”. Below is the screenshot of its Instagram profile.

X2Y2 Phishing Scam, Around $200K Stolen

All these phishing sites are hosted on a Ukraine hosting service. Below is the same screenshot of the hosting.

Website Hosting Details
Website Hosting Details

During his investigation, Serpent joined the Telegram and contacted the owner, Predator. He then asked to know more about the project and offered to donate to their cause. Meanwhile, Predator has replied to him, No thanks, I don’t need any donations. I have paid for everything then Predator left the chat. Below is the screenshot of the Telegram chat.

Phishing Site Owner
Phishing Site Owner

After that, Serpent directly confronted the Predator for the scam. As a result, Predator has deleted the Telegram group and blocked Serpent from all his social media. Below is the screenshot of the blocked Instagram account.

X2Y2 Phishing Scam, Around $200K Stolen

At this point, there was no way to go, but Serpent went to PxSkull’s first-ever post on Instagram and found a private account by the name of tuzemecc was the first like on PxSkull’s every post. Below is the screenshot of tuzemecc‘s first like.

X2Y2 Phishing Scam, Around $200K Stolen

Serpent also found that The first-ever domain hosted on the same IP address as the phishing websites also led to a website development service. Below is the web development service screenshot on the same IP address.

X2Y2 Phishing Scam, Around $200K Stolen

After that, Serpent requested to follow the tuzemecc‘s private Instagram account. But as a result, that account is also deleted now. Below is the same screenshot of deleted Instagram account.

X2Y2 Phishing Scam, Around $200K Stolen

Also, as of now, all the phishing websites are taken down.

X2Y2 Phishing Scam, Around $200K Stolen

So we want to advise our readers that many scammers are out there in full force. So users should always be highly suspicious when connecting their wallet to a website, and they should never type their seed phrase. Users should always make sure that they are on the correct URL, and they should never confirm random transactions. Also, they can use a cold wallet for better security,

Here are some other phishing links scams you should know about:
  1. LooksRare NFT Phishing Scam
  2. OpenSea Phishing Link Scam
  3. MetaMask Phishing Scam
  4. Moonbirds NFT Phishing Scam
Default image
Yash Kamal Chaturvedi

Btech Computer Science, Maharshi Dayanand University, Rohtak (2023)