Crypto forensics experts at Xrplorer warn that an elaborate phishing scam is attempting to steal the secret keys of XRP users by telling prospective victims that Ripple is giving away tokens.
The scammers reportedly send extremely small amounts of XRP to various addresses on the XRP ledger with a memo that reads,
“Starting February 1st, 2020, Ripple is releasing 3 Billion XRP to incentivise network users. Get 25% more XRP added to your account balance in just minutes.”
The objective is to direct unsuspecting users to click what appears to be Ripple’s Insights blog offering a grand promotional giveaway.
To the untrained eye, the bogus websites appear legitimate, but the scammers actually use good replicas of websites that are familiar to XRP investors in order to lure victims into handing out their account information and secret keys.
The knock-off sites use homoglyph domains which swap the characters of the official domains with similar looking characters from different scripts to deceive users. For example, since a Greek ?, Latin O, and Cyrillic ? look similar but have different codes, they could be used to generate a spoofed web domain.
“The entire heist operation is an elaborate setup with messages sent to XRP accounts based on their holdings, homoglyph domains, fake but trustworthy marketing material, tools to collect secret keys that also checks balance on the XRPL and much more.”
The scammers are now also sending emails to individuals who may be interested in crypto. As of June 15th, they’ve stolen 2,100,000 XRP. Xrplorer says they also laundered 1,980,000 XRP mainly through crypto exchanges ChangeNOW and CoinSwitch.