Financial

Cybercriminals are posing as Ukraine fundraisers to steal cryptocurrency

The scams have picked up on Telegram.

March 10, 2022

A little girl and a baby wait next to the Red Cross station with mother (not pictured) as people fleeing Ukraine arrive on a train from Poland at Hauptbahnhof main railway station on March 4, 2022 in Berlin, Germany. (Photo by Maja Hitij/Getty Images)

Ukraine and charities supporting the nation have turned to soliciting cryptocurrency donations during Russia’s invasion of the country. The gamble on virtual currencies worked: Within a week of launching wallets to receive donations directly, the Ukrainian government raised more than $50 million worth of cryptocurrency.

But the innovative means of fundraising have also introduced opportunities for cybercriminals to scam donors for a cut.

Ukraine announced last week it would send free tokens of a new government-sponsored cryptocurrency as an incentive to donors. It ultimately scrapped the plans, but not before a group pretending to represent the country took advantage of the confusion to set up a token called “Peaceful World.” The con had some success, said Tom Robinson co-founder and chief scientist at Elliptic, a cryptocurrency compliance company. The value of the coin skyrocketed to $180 million within a week.

Researchers at InfoBlox observed purchases of another token, “SAVE UKRAINE,” through suspicious Ukraine-themed domains set up around the invasion, including one website meant to look like a decentralized anonymous organization (DAO) set up by Russian activists.

After careful consideration we decided to cancel airdrop. Every day there are more and more people willing to help Ukraine to fight back the agression. Instead, we will announce NFTs to support Ukrainian Armed Forces soon. We DO NOT HAVE any plans to issue any fungible tokens
— Mykhailo Fedorov (@FedorovMykhailo) March 3, 2022

Donations scams have also run rampant on Twitter and Telegram, experts tell CyberScoop.

Robinson has seen more than a dozen scams on Twitter where users pose as verified organizations to solicit donations to a specific crypto address. “It’s a very common type of crypto scam that has been repurposed to exploit Ukraine fundraising,” he said.

Telegram, a known hunting ground for cryptocurrency scammers, saw an uptick in accounts themed around Ukraine right before and after Russia invaded the country. Scammers were quick to take advantage, Brittany Allen, trust and safety architect at fraud protection company Sift, found.

Allen says the scams fall into three buckets: Users pretending to be in need of donations, users pretending to be companies collecting donations and offers to help others create fake donation websites.

One of the channels Allen observed, “Ukraine Support Donation,” tried to show its legitimacy by posting screenshots of emails from Coinbase noting new donations. (A CyberScoop review of the wallet addresses provided showed no transactions.) In another channel, a user posed as trading platform Binance collecting donations with the account “Binance Support.” Clicking on the account shows its actually registered as “Binancesuport” and is not the real company.

Fraudulent donation requests (credit: Sift)

Cybercriminals aren’t limited to social media. Multiple firms have noticed an uptick in email scams where hackers pose as legit charities to solicit cash or bitcoin. Organizations scammers have impersonated include Act for Peace, UNICEF and Ukraine Crisis Relief Fund, according to BitDefender. Security firm Cofense found one cryptocurrency donation scam targeting users with a spoofed email from the Ukraine Red Cross Society.

“So far, we’ve noticed that the attackers reacted very quickly to legitimate announcements of Ukraine and other organizations by mimicking the format of their messages,” Adrian Miron, antispam research manager at Bitdefender, said in a statement. “We expect the variety of phishing and malware campaigns, as well as the volume of messages sent daily, to increase steadily, and the attackers to adapt their persuasion methods accordingly.”

None of the wallet addresses affiliated with the scams provided by InfoBlox, Allenreviewed by CyberScoop appeared to have gained much success. Most of the wallets were empty, with the largest worth roughly $4,000 worth of bitcoin. It’s unclear if donors sent that money.

Safeguarding against scammers

Experts say that the best way to prevent scams is vigilance by donors and companies whom fraudsters may be intimidating and to only trust verified organizations. Recovering stolen cryptocurrency is also much more difficult than money sent from a traditional financial institution, adding additional risks to donors sending cryptocurrency.

The uptick in scams could give pause for some organizations trying to jump on the cryptocurrency trend.

“The more sophisticated the tactics that these legitimate groups use to try and fundraise, the more attack vectors open up,” said Robinson. “I think if the fundraising is just kept straightforward and simple, then that would minimize the potential for fraud.”

But Ukraine isn’t likely to back away from cryptocurrency donations anytime soon. After the canceled air drop, Ukraine’s vice minister last week announced that the country will instead roll out a non-fungible token (NFT). NFTs have been a popular target for cybercrime since the surge in popularity of the digital asset. Robinson says he’s watching for potential scams around a Ukraine NFT.