Author

Topic: [SCAM] Fake Crypto QR Code Generator Phishing - BEWARE! (Read 283 times)

jr. member
Activity: 59
Merit: 15
Unsubstantiated Accusations and Persistent Harassment by "icryptofbi" Exposed - A Case of Baseless Claims:

It is evident from the previous replies on this topic that the malicious individual "icryptofbi" has already contradicted himself.

Furthermore, I have noticed that this individual, "icryptofbi", has been making false and baseless accusations against random members of GitHub. These accusations lack any evidence, proof, or supporting documents.

Despite his unwavering belief in these groundless accusations, I have observed that "icryptofbi" persistently harasses GitHub members under the assumption that they are somehow connected to me or that I am impersonating them. This assumption is completely false and unjust, as I have reiterated before.

Alleged Connection Between Fraudulent Accounts "Bitadvisor412" and "icryptofbi" on BitcoinTalk Raises Concerns:

I have recently come across a newly registered account named "Bitadvisor412" which exhibits striking similarities to my username and replicates the style and content of my reports. This occurrence raises suspicions for me, as the fraudulent individual at the center of this case has previously utilized similar malicious tactics against those who have reported and exposed their cybercriminal activities.

I want to clarify unequivocally that I have no affiliation or connection whatsoever with the user "Bitadvisor412" on the BitcoinTalk forum. I emphasize this point to avoid any potential confusion or misunderstandings.

Considering the established pattern of "icryptofbi" or "cryptofbi007" harassing GitHub members by creating multiple accounts with names resembling those they seek to harass on other platforms, it is likely that the new BitcoinTalk account "Bitadvisor412" also belongs to the same individual. It is plausible that this account has been created for future social engineering purposes or other malicious intentions.

Unveiling Malicious Intent - Suspicious Behavior and Lack of Transparency in "Bitadvisor412" Forum Thread:

I asked "Bitadvisor412" some relevant and related questions in the thread he opened on the Bitcointalk forum (https://bitcointalksearch.org/topic/resolved-coinchangeio-coinchange-financial-5479174). I also referred to my assumption previously stated in another post (https://bitcointalksearch.org/topic/m.63397851). Additionally, I inquired about the reason behind his recent registration and the similarity between his username and mine, as well as the resemblance of his thread style text to mine, considering my reports.

However, "Bitadvisor412" did not respond to my inquiries, which adds to the suspicious and malicious nature of this situation, especially when it revolves around important matters such as evidence and questions. Moreover, he abruptly changed the original post text to "The issue has been resolved" without providing any explanation or further details. This action appears extremely unprofessional and raises further doubts about his intentions.

Reporting and Collaboration - Cooperative Investigation into Cybercriminal Activities Involving FixedFloat and Russian Federal Security Service (FSB):

In the latest update as of 12/29/2023, I have informed both FixedFloat and the Russian Federal Security service (FSB) about this case, and they are currently investigating the matter. I have provided them with all relevant details and will continue to keep them updated if any further information is required. Official paperwork from the FSB regarding their investigation has been attached here for reference. Additionally, I have facilitated communication between the FSB and FixedFloat, enabling them to collaborate and resolve this case together in order to hold the russian cybercriminal accountable for their crimes, including the theft of cryptocurrency from innocent victims and money laundering.

Quote

Uncovering Malicious Impersonation Tactics - Warning against Social Engineering and Impersonation on BitcoinTalk and GitHub:

Upon further investigation, I came across another newly registered account named "JackETH" that posted a reply in this thread: "https://bitcointalksearch.org/topic/m.63411731".

Interestingly, I discovered a connection between this topic and a GitHub account named "@JackWtx" (https://github.com/JackWtx), which is also a recently registered account on GitHub. Both accounts on BitcoinTalk and GitHub contain the name "Jack".

UPDATE as of 12/30/2023: After I created the post, "@JackWtf" (https://github.com/JackWtx) changed his name to "@PeterBxs" (https://github.com/PeterBxs) in an attempt to add complexity and evade detection, displaying highly suspicious and malicious activities that strongly support this fraudulent case.

One aspect that grabbed my attention is the accusation made by an individual named "icryptofbi" or "cryptofbi007" against the original Jack (@Jackofusu80) on GitHub, insinuating his involvement in phishing activities. However, it is essential to emphasize that original Jack (@Jackofusu80) has built a solid reputation on GitHub for diligently reporting any phishing websites he encounters and promptly taking action against them. There are no public associations between the original Jack (@Jackofusu80) and any phishing websites.
Nevertheless, fraudsters have targeted him with insults and harassment, feeling frustrated when their phishing websites get reported and subsequently blocked. Interestingly, some of the phishing websites from the crypto QR code phishing scam network created by "icryptofbi" have been exposed through Jack's vigilant reporting efforts.

I had previously encountered a multi-account situation involving "@cryptofbi007" (banned) and "@Ceytllle" (recently banned), targeting the original Jack (@Jackofusu80) with harassment, insults, and baseless accusations.

Now, the newly created GitHub account "@JackWtx" has posted a repository on GitHub related to MetaMask, linking to the same domain discussed in the BitcoinTalk link mentioned earlier in this post, where "JackETH" made a reply: "https://github.com/MetaMask/eth-phishing-detect/issues/14685#issuecomment-1872424439".

Within the GitHub repository, "@JackWtx" tagged the real Jack (@Jackofusu80), who was the target of harassment from "@cryptofbi007" and "@Ceytllle" (both banned GitHub accounts of BitcoinTalk user "icryptofbi"). This incident occurred shortly after the previous mentioned GitHub accounts created by the malicious individual were banned.

Update to this as of 12/30/2023: After I wrote this post, the GitHub User "@JackWtx" changed his name on GitHub to "@PeterBxs" (https://github.com/PeterBxs) in an attempt to manipulate and social engineer support teams and any readers of this post. It appears that he wants to erase any traces of his malicious activities, possibly in response to being exposed by me in this thread.

Adding to the complexity of the situation, "icryptofbi" assumes in his texts that I am the real Jack (@Jackofusu80) of GitHub, which is not true as I have clarified before.
Strangely, another newly registered account on BitcoinTalk has emerged with the name "Bitadvisor412", bearing similarities to my own name and even copying my thread reporting style.

Upon analyzing this situation, a notable pattern emerges, suggesting a distinct parallel between the potential employment of malicious impersonation tactics and the utilization of social engineering techniques. It appears that the individual known as "icryptofbi" on BitcoinTalk, operating under the aliases "Bitadvisor412" and "JackETH", may be connected to this dubious behavior.
Considering the circumstances, it is highly likely that all these recently created accounts on both BitcoinTalk and GitHub belong to the same malicious individual, "icryptofbi", active within the BitcoinTalk forum.

I urge everyone to remain vigilant and aware of these cybercriminal social engineering methods being exploited by the individual which goes under "icryptofbi" on BitcoinTalk and "cryptofbi007" around the internet.
hero member
Activity: 2212
Merit: 670
Signature designer - start @$10 - PM me!
Because the author is taking out the competition, that's how he has a site like this himself
What are the advantages of launching this kind of generator site that makes it worthy of competition? But wait, this means you are implicitly admitting that you own the site:
Code:
https://xmr-qr-code.com/8.php
and then you feel like you are competing with the OP?
hero member
Activity: 798
Merit: 702
With everything that is happening and occurring online recently, people are still ignorant enough to move to a random site they know nothing about to generate a QR code for their wallet address.
 
If you are not taking yourself to the scammer's house, I don't see that as a wise move at all. What does someone even want to do with a QR code online generator? If you have an old wallet that doesn't support the default wallet converted to code, you can easily import your key to any of the open source wallets that support that and get your QR for whatever you want it for, or better yet, create a separate new wallet with a trusted device and a trusted wallet. That way, you can be assured of your security and privacy all together.
 
It hurt me to see how ignorant a lot of people are and how unserious they take security matters, especially things that have to do with finances.
newbie
Activity: 16
Merit: 2
Thank you OP for the warning and for the detailed report.
However, my question is why does anyone needs to use such websites to generate qr codes for their addresses?
As far as I know, any reputable wallet app will generate a qr code along side with the address in plain text when you click on the receive button. So, why taking the risk and use a random online tool to do what your wallet can do in a safe manner for free?
Because the author is taking out the competition, that's how he has a site like this himself
https://cryptocurrency-qr-code.com/
legendary
Activity: 2744
Merit: 3096
Top Crypto Casino
Thank you OP for the warning and for the detailed report.
However, my question is why does anyone needs to use such websites to generate qr codes for their addresses?
As far as I know, any reputable wallet app will generate a qr code along side with the address in plain text when you click on the receive button. So, why taking the risk and use a random online tool to do what your wallet can do in a safe manner for free?
jr. member
Activity: 59
Merit: 15
Don't forget to add complaints about your sites and youtube channels, you're pathetic, and a rotten person.
See all this below is scam sites and scam youtube channels, you never complained about them on your accounts:
I would like to make it clear that I have no affiliation or involvement with any of the mentioned websites, channels, or addresses.

It is evident that you are attempting to divert attention from your fraudulent crypto QR code phishing scam.

However, all evidence has been documented and it is my hope that law enforcement will be able to apprehend individuals such as yourself who engage in such illegal activities.

I also hope that all the victims, including those affected by your actions, will find a way to recover their funds. I am committed to assisting those affected by providing detailed information and tracing the stolen funds to scammers like you and the one you mentioned if it's the case.

newbie
Activity: 16
Merit: 2
The author forgot to add that he himself copies other people's scam sites, and blocks them then that only his scam site would be on the Internet, what a miserable thing it is.
The user "icryptofbi" on the BitcoinTalk forum is engaged in unethical and fraudulent activities, attempting here to divert attention from his own crypto scamming activities by making baseless accusations against random competitors and users like me who uncovered this cybercriminal and their actions.

He falsely claims that anyone who reports them is also involved in the same malicious activities, exhibiting a cognitive bias whereby cybercriminals assume that everyone else is engaged in such activities, despite it being untrue. I personally have no connection to his linked sites or addresses. "icryptofbi" is misusing the BitcoinTalk platform to make false claims and harass those who expose their cybercrime efforts.

"icryptofbi" has even falsely accused me of owning phishing sites, which is a serious allegation. These claims are not only baseless but also dangerous as they can harm my reputation on this forum.
It's important to note that "icryptofbi" badmouths anyone who discovers their cryptocurrency cybercrime activities and traces.

Now, the user "icryptofbi" has been posting false accusations, without evidence, against random competitors and individuals, including myself, who report cybercrime activities involving cryptocurrency, resulting in harm to innocent parties, such as the BitcoinTalk community, and serving as a distraction from their own illegal activities, clearly indicating their deceptive intentions.

It is clear that "icryptofbi" is engaged in cryptocurrency scams, targeting unsuspecting individuals within the BitcoinTalk community. Their fraudulent practices undermine the trust of legitimate users.

By labeling anyone who uncovers their cybercrime as a competitor, "icryptofbi" manipulates the discourse and tries to discredit those who expose their wrongdoing. This intentional misrepresentation confuses our crypto community, damages the reputation of websites like BitcoinTalk, and can result in financial harm through cryptocurrency.
You forgot to mention how you found out about the Trustpilot, YouTube, and email accounts...
Namely:
The Trustpilot account complains about your scam sites.
YouTube has recordings complaining about your scam sites.
And you found out about 2 emails because I wrote to the owners of those scam sites...
You're pretending to be ignorant here, yet you only ban all competitors. Your complaints are purely about fake mixers, exchangers, and QR codes... the most interesting thing is that in your complaints, NOT A SINGLE ONE OF YOUR OWN SITES IS MENTIONED! ONLY YOUR COMPETITORS! You simply copy others' sites and file complaints against them just to ensure that only your sites work.

You're a clown, don't even try to wriggle out of this
I actively report every crypto scam I come across, but my busy job in the real world limits the amount of time I can dedicate to this.
However, I recently reported a massive crypto QR scam scheme, and certain domain and hosting companies relayed the messages from the fraudster who used the pseudonym "cryptofbi007". You attempted to substantiate the legitimacy of your fake phishing websites by creating manipulated videos and fictitious reviews, which you sent to the companies. They, in turn, forwarded these materials to me, as I was the reporter in this case.

I obtained these social media details after reporting these websites, and it was distressing to see you defending your scam and attempting to deceive more innocent people. It shows a heartless attitude, to say the least.
I want to clarify once again that I am not associated with your links or addresses, but fighting against scammers is always the right thing to do, and I am doing so by targeting you as an example. My aim is to protect innocent crypto enthusiasts from cybercriminals in the crypto world. As you have personally attacked me, you have inadvertently revealed your true character.

I hope that my thorough research will lead to your identification and hold you accountable for stealing hard-earned cryptocurrency from your victims.
Don't forget to add complaints about your sites and youtube channels, you're pathetic, and a rotten person.
See all this below is scam sites and scam youtube channels, you never complained about them on your accounts:

https://cryptocurrency-qr-code.com/
https://ethereummixer.live/
https://tornado-cash.io
https://btc-laundry.org
https://bitmixing.top
https://www.cryptomixer.ltd/
https://monero-mixer.net/
https://bitcoin-blender.top/
https://coinchangers.net/

https://www.youtube.com/@egg333/videos
https://www.youtube.com/@CoinChanger.
https://www.youtube.com/@BitXpress/videos
https://www.youtube.com/@BlockBrainiac/videos

https://github.com/Jackofusu80
https://bitcointalksearch.org/user/bitcoadvice-3535585

You can keep writing childish excuses, you're a stupid kid who stole over $100k.
Don't forget to complain about your ether wallet.
0xf9239d94bf8b0173f626ebefc1ae26c735201b78
It's yours.
jr. member
Activity: 59
Merit: 15
The author forgot to add that he himself copies other people's scam sites, and blocks them then that only his scam site would be on the Internet, what a miserable thing it is.
The user "icryptofbi" on the BitcoinTalk forum is engaged in unethical and fraudulent activities, attempting here to divert attention from his own crypto scamming activities by making baseless accusations against random competitors and users like me who uncovered this cybercriminal and their actions.

He falsely claims that anyone who reports them is also involved in the same malicious activities, exhibiting a cognitive bias whereby cybercriminals assume that everyone else is engaged in such activities, despite it being untrue. I personally have no connection to his linked sites or addresses. "icryptofbi" is misusing the BitcoinTalk platform to make false claims and harass those who expose their cybercrime efforts.

"icryptofbi" has even falsely accused me of owning phishing sites, which is a serious allegation. These claims are not only baseless but also dangerous as they can harm my reputation on this forum.
It's important to note that "icryptofbi" badmouths anyone who discovers their cryptocurrency cybercrime activities and traces.

Now, the user "icryptofbi" has been posting false accusations, without evidence, against random competitors and individuals, including myself, who report cybercrime activities involving cryptocurrency, resulting in harm to innocent parties, such as the BitcoinTalk community, and serving as a distraction from their own illegal activities, clearly indicating their deceptive intentions.

It is clear that "icryptofbi" is engaged in cryptocurrency scams, targeting unsuspecting individuals within the BitcoinTalk community. Their fraudulent practices undermine the trust of legitimate users.

By labeling anyone who uncovers their cybercrime as a competitor, "icryptofbi" manipulates the discourse and tries to discredit those who expose their wrongdoing. This intentional misrepresentation confuses our crypto community, damages the reputation of websites like BitcoinTalk, and can result in financial harm through cryptocurrency.
You forgot to mention how you found out about the Trustpilot, YouTube, and email accounts...
Namely:
The Trustpilot account complains about your scam sites.
YouTube has recordings complaining about your scam sites.
And you found out about 2 emails because I wrote to the owners of those scam sites...
You're pretending to be ignorant here, yet you only ban all competitors. Your complaints are purely about fake mixers, exchangers, and QR codes... the most interesting thing is that in your complaints, NOT A SINGLE ONE OF YOUR OWN SITES IS MENTIONED! ONLY YOUR COMPETITORS! You simply copy others' sites and file complaints against them just to ensure that only your sites work.

You're a clown, don't even try to wriggle out of this
I actively report every crypto scam I come across, but my busy job in the real world limits the amount of time I can dedicate to this.
However, I recently reported a massive crypto QR scam scheme, and certain domain and hosting companies relayed the messages from the fraudster who used the pseudonym "cryptofbi007".
You attempted to substantiate the legitimacy of your fake phishing websites by creating manipulated videos and fictitious reviews, which you sent to the companies. They, in turn, forwarded these materials to me, as I was the reporter in this case. Due to numerous reports and complaints filed against you for scamming innocent victims, the domain and hosting companies received an abundance of evidence, causing you to lose control over the order and your deceptive activities.


I obtained these social media details after reporting these websites, and it was distressing to see you defending your scam and attempting to deceive more innocent people.
It shows a heartless attitude, to say the least.
I want to clarify once again that I am not associated with your links or addresses, but fighting against scammers is always the right thing to do, and I am doing so by targeting you as an example.
My aim is to protect innocent crypto enthusiasts from cybercriminals in the crypto world. As you have personally attacked me, you have inadvertently revealed your true character.

I hope that my thorough research will lead to your identification and hold you accountable for stealing hard-earned cryptocurrency from your victims.
newbie
Activity: 16
Merit: 2
The author forgot to add that he himself copies other people's scam sites, and blocks them then that only his scam site would be on the Internet, what a miserable thing it is.
The user "icryptofbi" on the BitcoinTalk forum is engaged in unethical and fraudulent activities, attempting here to divert attention from his own crypto scamming activities by making baseless accusations against random competitors and users like me who uncovered this cybercriminal and their actions.

He falsely claims that anyone who reports them is also involved in the same malicious activities, exhibiting a cognitive bias whereby cybercriminals assume that everyone else is engaged in such activities, despite it being untrue. I personally have no connection to his linked sites or addresses. "icryptofbi" is misusing the BitcoinTalk platform to make false claims and harass those who expose their cybercrime efforts.

"icryptofbi" has even falsely accused me of owning phishing sites, which is a serious allegation. These claims are not only baseless but also dangerous as they can harm my reputation on this forum.
It's important to note that "icryptofbi" badmouths anyone who discovers their cryptocurrency cybercrime activities and traces.

Now, the user "icryptofbi" has been posting false accusations, without evidence, against random competitors and individuals, including myself, who report cybercrime activities involving cryptocurrency, resulting in harm to innocent parties, such as the BitcoinTalk community, and serving as a distraction from their own illegal activities, clearly indicating their deceptive intentions.

It is clear that "icryptofbi" is engaged in cryptocurrency scams, targeting unsuspecting individuals within the BitcoinTalk community. Their fraudulent practices undermine the trust of legitimate users.

By labeling anyone who uncovers their cybercrime as a competitor, "icryptofbi" manipulates the discourse and tries to discredit those who expose their wrongdoing. This intentional misrepresentation confuses our crypto community, damages the reputation of websites like BitcoinTalk, and can result in financial harm through cryptocurrency.
You forgot to mention how you found out about the Trustpilot, YouTube, and email accounts...
Namely:
The Trustpilot account complains about your scam sites.
YouTube has recordings complaining about your scam sites.
And you found out about 2 emails because I wrote to the owners of those scam sites...
You're pretending to be ignorant here, yet you only ban all competitors. Your complaints are purely about fake mixers, exchangers, and QR codes... the most interesting thing is that in your complaints, NOT A SINGLE ONE OF YOUR OWN SITES IS MENTIONED! ONLY YOUR COMPETITORS! You simply copy others' sites and file complaints against them just to ensure that only your sites work.

You're a clown, don't even try to wriggle out of this
jr. member
Activity: 59
Merit: 15
The author forgot to add that he himself copies other people's scam sites, and blocks them then that only his scam site would be on the Internet, what a miserable thing it is.
The user "icryptofbi" on the BitcoinTalk forum is engaged in unethical and fraudulent activities, attempting here to divert attention from his own crypto scamming activities by making baseless accusations against random competitors and users like me who uncovered this cybercriminal and their actions.

He falsely claims that anyone who reports them is also involved in the same malicious activities, exhibiting a cognitive bias whereby cybercriminals assume that everyone else is engaged in such activities, despite it being untrue. I personally have no connection to his linked sites or addresses. "icryptofbi" is misusing the BitcoinTalk platform to make false claims and harass those who expose their cybercrime efforts.

"icryptofbi" has even falsely accused me of owning phishing sites, which is a serious allegation. These claims are not only baseless but also dangerous as they can harm my reputation on this forum.
It's important to note that "icryptofbi" badmouths anyone who discovers their cryptocurrency cybercrime activities and traces.

Now, the user "icryptofbi" has been posting false accusations, without evidence, against random competitors and individuals, including myself, who report cybercrime activities involving cryptocurrency, resulting in harm to innocent parties, such as the BitcoinTalk community, and serving as a distraction from their own illegal activities, clearly indicating their deceptive intentions.

It is clear that "icryptofbi" is engaged in cryptocurrency scams, targeting unsuspecting individuals within the BitcoinTalk community. Their fraudulent practices undermine the trust of legitimate users.

By labeling anyone who uncovers their cybercrime as a competitor, "icryptofbi" manipulates the discourse and tries to discredit those who expose their wrongdoing. This intentional misrepresentation confuses our crypto community, damages the reputation of websites like BitcoinTalk, and can result in financial harm through cryptocurrency.
newbie
Activity: 16
Merit: 2
The author forgot to add that he himself copies other people's scam sites, and blocks them then that only his scam site would be on the Internet, what a miserable thing it is.

https://finance.yahoo.com/news/ethereum-mixer-specialists-enhancing-anonymity-193645069.html
https://finance.yahoo.com/news/coin-changer-launches-crypto-swap-213953443.html

I want to tell a story about a scammer, a thief, and just a bad person!

This person creates a huge number of cryptocurrency mixer sites, specifically BTC, ETH, LTC, XMR…

The most interesting thing is that he copies other sites and then bans them! He sends complaints to the registrar, hosting, creates threads on bitcointalk, and GitHub! This person starts by stealing sites, bans these sites, and then steals cryptocurrency!

He has profiles on GitHub and bitcointalk, where he simply destroys his competitors. He doesn’t ban his own sites and tries to keep them in the shadows! He advertises his sites through YouTube, his 3 accounts are @egg333, @BitXpress, @BlockBrainiac, all the links I’ll provide below, on YouTube, bitcointalk, and GitHub!

He has already stolen over $100,000 from people and continues to do so! He constantly creates new sites and redirects from old domains to new ones!

Here’s his email:

[email protected]

His profiles:

https://github.com/Jackofusu80

https://bitcointalksearch.org/user/bitcoadvice-3535585

https://www.youtube.com/@egg333/videos

https://www.youtube.com/@BitXpress/videos

https://www.youtube.com/@BlockBrainiac/videos

His cryptocurrency addresses:

0xF9239D94Bf8B0173F626ebEFC1aE26C735201b78 (ETH)

DSJongTtmP39kNTSbBxcz66nREDk9t1YNs (DOGE)

LYwDxx6kzBKfhBDrnj6m284MVJ9sTpGqab (LTC)

137vnTG1cRLqyTAUaD9Fh3okwDZe54A6wd (BTC)

12abmoYHRr2tMzowTDp67v84QVeyYmSsNn (BTC)

1EixFm25Vpsno81g8thpiK4Dy1zz8XkitR (BTC)

14kL8f8NA2QoLNFqhUNjwWvs25U3kZSygT (BTC)

1JQcJ4bM22eTA5S2WoC2wNQUbs7ULJyMfC (BTC)

43wbRovRwu6UswYGHjQEDp9hfLzuzUiytEhH2dRx6NECSaWQ4rSQcTZ4SMXJNVizFQJodBRtLbueaNg aSNPvBnx9CYDJrTN (XMR)

His current scam sites:

https://cryptocurrency-qr-code.com/

https://ethereummixer.live/

https://tornado-cash.io

https://btc-laundry.org

https://bitmixing.top

https://www.cryptomixer.ltd/

https://monero-mixer.net/

https://bitcoin-blender.top/

I also forgot that he has a fake cryptocurrency exchanger! https://coinchangers.net/
hero member
Activity: 1554
Merit: 880
Notify wallet transaction @txnNotifierBot
I believe every deposit address has their own QR codes, like for example if want to make deposit to my Binance account I may decide to QR displayed to deposit directly to my account. How do I get scammed now?
That's not every wallet or exchange features though.

I'm not really into specific in qr code generator sites because there are lot of them online but using a random qr code generator without testing it first is really a stupid move.
jr. member
Activity: 59
Merit: 15
I believe every deposit address has their own QR codes, like for example if want to make deposit to my Binance account I may decide to QR displayed to deposit directly to my account. How do I get scammed now?
Besides I won't just go the internet to scan any qr code to make deposit to that address whereby every deposit address has their qr code which one can easily scanned to make deposit and it's easily reflect to your account without being redirected to the scammer's address. The bottom line is we have to be very mindful with QR codes when scanning it.
The phishing websites mentioned above are generating the same QR code for all crypto addresses entered by unsuspecting victims. This QR code leads to the scammer's cryptocurrency address, which is operated by "cryptofbi007" and the creator of these fraudulent crypto QR code phishing websites.

This behavior contradicts the normal functioning of QR codes, as each deposit address should have its own unique QR code.
However, the operator "cryptofbi007" manipulates the QR code generation process on these websites to always display their own QR code with their own cryptocurrency address, regardless of the crypto address entered by the clueless victim.

This deceptive tactic enables the scammer to steal crypto funds from innocent victims who mistakenly trust the generated QR code. It is essential for users to exercise caution when scanning any QR code and to carefully verify the authenticity of the websites they are using.
hero member
Activity: 882
Merit: 800
I believe every deposit address has their own QR codes, like for example if want to make deposit to my Binance account I may decide to QR displayed to deposit directly to my account. How do I get scammed now?
Besides I won't just go the internet to scan any qr code to make deposit to that address whereby every deposit address has their qr code which one can easily scanned to make deposit and it's easily reflect to your account without being redirected to the scammer's address. The bottom line is we have to be very mindful with QR codes when scanning it.
jr. member
Activity: 59
Merit: 15
Attention, BitcoinTalk community:

Please be cautious and aware of the fraudulent activities carried out by an russian individual named "cryptofbi007" & "icryptofbi" (🇷🇺).
This evil person has created multiple fake crypto QR code generator websites, including "xmr-qr-code.com", "xmr-qr-code-generator.com", and "xmrqrcode.com".
These websites generate QR codes that only direct funds to the scammer's Monero (XMR) address:
84gHdF7rArqU6e9cbmfPi9iJR2QUU7CoX1XJEvAmQWXmSUkj3C3LVLW3ioHiqNc8iwGPcxCv5Fk13ZY k9fxQFLKuKEW54r6

Please note that a saved archive of the phishing website containing the fraudster's Monero address can be found here: https://web.archive.org/web/20231122120748/https://xmr-qr-code.com/8.php

This phishing scam involves tricking users into sending their cryptocurrency to the scammer's wallet through a QR code, resulting in significant financial losses. The scam operator, known by the pseudonym "cryptofbi007" on websites like GitHub, manipulates and social engineers hosting and domain teams to avoid suspension of these phishing websites. They consistently alter the websites' functionality upon receiving reports and even spam repositories to unblock their malicious domains in order to exploit innocent individuals.

To protect our community, it is crucial to exercise extreme caution and avoid engaging with any QR code generator websites associated with "cryptofbi007". If you come across any instances or suspicious activities related to these scams, please report them immediately.

The scam involving crypto QR code phishing works as follows: The victim enters the crypto address for which they need a QR code. Then, when they generate the QR code on one of the fraudulent crypto QR code websites, it always displays the same QR code on the final page, containing the fraudster's crypto address. Regardless of which crypto address the victim initially entered, the QR code will always belong to the fraudster, and the victim remains unaware. If someone sends cryptocurrency to the victim's "QR code", the funds will actually go to the fraudster, as the QR code belongs to them and displays their crypto address.

His email accounts: The operator is known to use the following email addresses: "[email protected]" and "[email protected]".
Due to this abuse, Proton Team has already banned the account "[email protected]", while the account "[email protected]" remains active.

His YouTube profile: The YouTube account "https://www.youtube.com/@gabrielenesto1", named Gabriel Enesto (as of 12/22/2023) with Channel-ID: "UCO5q0rVGQs4F4IKnNUbRERg" belongs to the notorious individual known as "cryptofbi007". The fraudster "cryptofbi007", previously known as "@gabrielenesto" on YouTube, recently changed his YouTube handle to "@gabrielenesto1" with the intention of misleading and socially engineering individuals involved in this case. While the old YouTube handle now leads to an error page, people might mistakenly believe the link is incorrect, false, or outdated, whereas the actual YouTube handle as of 12/22/2023 is "@gabrielenesto1" and can be accessed.

His Trustpilot profile: Additionally, the Trustpilot account "https://www.trustpilot.com/users/63c0b6a16503ee0012e7c049" also belongs to this despicable character.
He utilizes these platforms to defame legitimate companies due to the banning of some of his phishing domains and to sabotage his competitors, driven solely by his insatiable greed.
Also, "Cryptofbi007" and "iCryptofbi", who is named Gabriel Enesto on Trustpilot, changed his country to France in the settings, which is why it shows FR on his clearly fake reviews; however, he is originally from Russia, using this method to manipulate both people and law enforcement agencies.

His Reddit profile: The fraudster known as "cryptofbi007" went to the extent of creating a public and restricted Reddit group called "qr_code_" to bolster his deceptive crypto QR phishing scam websites in search engine rankings. This group can be seen at "https://www.reddit.com/r/qr_code_/".
To further his illicit activities, the fraudster operates under the Reddit username "Itchy-Attention8905". More information about his activities and profile can be found at "https://www.reddit.com/user/Itchy-Attention8905/".

His Medium Profile: The Medium profile "@cryptofbi007", which can be visited at "https://medium.com/@cryptofbi007" (banned), also belongs to the Russian cybercriminal who goes by "icryptofbi" on BitcoinTalk. Another Medium profile of this criminal fraudster is "@wilman0919" where he promotes his phishing mixer websites such as here: https://medium.com/@wilman0919/eth-mixer-the-tornado-cash-alternative-d4f8c581701c (Archive: https://archive.is/PXt0Z).

His GitHub profile: Additionally, they can be found on GitHub under the account: https://github.com/cryptofbi007 (banned), attempting to unblock their phishing domains from phishing warning systems.
Here are the relevant repositories and issues:
https://github.com/MetaMask/eth-phishing-detect/issues/13139
https://github.com/MetaMask/eth-phishing-detect/issues/13080
While "cryptofbi007" attempted to unblock his phishing domains, the request got declined. Additionally, he changed the titles of the requests on GitHub, making it difficult for potential victims to find the specific request related to unblocking his phishing websites.

I recently discovered that a malicious individual known as "@cryptofbi007" (banned) on GitHub has created a new account on Github with the username "@Ceytllle" (https://github.com/Ceytllle). This person, using the username "icryptofbi" on BitcoinTalk, is falsely accusing random individuals who report phishing websites of being me, just as he did on the GitHub platform under his new account named "@Ceytllle" (banned). This is how I came to understand that these are multiple accounts of the same individual. He have linked a BitcoinTalk topic on a GitHub comment where he claim I am somehow involved with websites that I have no association or connection to. It appears that this fraudulent individual is intentionally targeting anyone involved in the fight against crypto cybercrime, including myself.

Another GitHub profile which got created yesterday that might be of interest is https://github.com/AlbionNEO (AlbionNEO), as I follow a similar connection to the other profiles, including timings of creating and reporting.

I obtained some of his social media accounts by reporting the phishing websites to domain registrars and hosting providers. The Russian individual behind these fraudulent activities went by the names "icryptofbi" or "cryptofbi007". Consequently, I received delayed messages that contained pertinent information from this fraudster.

Furthermore, it is worth noting that the operator behind this phishing scam is believed to be Russian and has previously operated fake Bitcoin, Litecoin, and Ethereum QR code generator websites such as "Crypto-qr-code.com", "btc-qr-code.se", and "crypto-qr-code.su". These websites generate the scammer's Bitcoin address: 18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W

The phishing websites "usdt-qr.com" and "ltc-qr-code.su" are also owned by the same individual using the pseudonym "cryptofbi007", indicating a coordinated phishing scheme. Both websites generate the domain holder's (cryptofbi007) USDT address 0xBeE32483957f116c5830133188dca45B80b94Fe6 (https://etherscan.io/address/0xBeE32483957f116c5830133188dca45B80b94Fe6) and Litecoin address LNWTRts3HQeuWnbjjr3Ndg4NARuWQSTApZ (https://blockchair.com/litecoin/address/LNWTRts3HQeuWnbjjr3Ndg4NARuWQSTApZ), further solidifying their association and intention to defraud unsuspecting victims. It is of utmost importance to raise awareness about these fraudulent activities to protect potential targets from falling prey to these scams.

To aid in identification, please find below a list of all known phishing crypto addresses and domains associated with "cryptofbi007":

Phishing Crypto Addresses by "cryptofbi007":
1. Monero (XMR): 84gHdF7rArqU6e9cbmfPi9iJR2QUU7CoX1XJEvAmQWXmSUkj3C3LVLW3ioHiqNc8iwGPcxCv5Fk13ZY k9fxQFLKuKEW54r6
2. Bitcoin (BTC): 18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W
3. Bitcoin (BTC): 1QHz27RxXkLDJ5ZSaTDnNe5kKWPfLRnf8T
4. Bitcoin (BTC): 1ArrBsB86RA9JzEZKByZXXqHLwFuUQtwHJ
5. Litecoin (LTC): LUsDshGP5dyBoCfGbfMJgd6rFHnd1a2B45
6. Litecoin (LTC): LNWTRts3HQeuWnbjjr3Ndg4NARuWQSTApZ
7. Litecoin (LTC): LLRS6eiY2cvywst3Sr97HTUsu6ba2gqmgG
8. Ethereum (ETH): 0x2C46fB8Aa65Bbcb184fBfa1E485B9BCE0371D893
9. Ethereum (ETH): 0x5A29fF6f91beD5b959bfB2FE2D6312cBf599aA13
10. Tether (USDT): 0xBeE32483957f116c5830133188dca45B80b94Fe6
11. Dogecoin (DOGE): DMxiqzkmXyUUN13KstXBn1zfQ8jPtZ1TbL
12. Dogecoin (DOGE): DSVScF3HyMWZV5V9h38S9iDM3vKPpSU7Ey
13. Dogecoin (DOGE): DQjhCr7YPj15H8PLVz5CHFmNSgyrX8WUQk
14. Bitcoin Cash (BCH): qzyzw2m3vjvpku709vjt9jg4y03ylrs6kq9c0yhea3

USDT Tether ETH Stolen by "cryptofbi007" Transferred to FixedFloat:
The cybercriminal from Russia, known as "cryptofbi007", has been involved in transferring stolen USDT Tether / ETH from his phishing fake crypto QR code scam websites to FixedFloat cryptocurrency exchange.
(1) Initially, he receives the stolen funds from his phishing victims in his primary USDT Tether ETH address:
https://etherscan.io/address/0xbee32483957f116c5830133188dca45b80b94fe6
(2) These ill-gotten gains are then transferred to another address:
https://etherscan.io/address/0x2709fd4c61531473b77c5794a723ea49e48bdef4
(3) Lastly, the stolen funds are moved to FixedFloat, using this address:
https://etherscan.io/address/0x2bd1ecf9545410b32ddc4f7a873811fd94963e2b
You can find further details regarding the transactions in the following Transaction Hash, where the stolen funds (over $3.000!) were transferred to FixedFloat: https://etherscan.io/tx/0x19d8571add80245295b2ce870c4f26739447e6f00a836b4f309b9c8a3701a998 (Date: 10/28/2023)

FixedFloat can be contacted regarding this matter here:
[email protected]
https://fixedfloat.com/en/support

FixedFloat: To process your request for server log and order data, we kindly ask that you provide an official request from your regional police or other representative, sent from their official email address, as per our policy. Once received, our technical specialists will be more than happy to assist you with the requested information.

When reporting them to the police, whether online through email or a form, or offline, please do not forget to mention their Tether address "0xBeE32483957f116c5830133188dca45B80b94Fe6" and to contact FixedFloat under their email "[email protected]" or website. This will make it easier to track down the cybercriminal.

There are both older and newer reports available regarding the phishing scheme conducted by "cryptofbi007" at this address:
https://www.chainabuse.com/address/18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W?chain=BTC
https://cryptscam.com/en/detail/18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W

Phishing Domains by "cryptofbi007":
1. xmr-qr-code.com (ACTIVE)
2. xmr-qr-code-generator.com (ACTIVE)
3. xmrqrcode.com (ACTIVE)
4. usdt-qr.com (ACTIVE)
5. usdt-qr-code.com (ACTIVE)
6. crypto-qr-code.com (SUSPENDED)
7. crypto-qr-code.ru (SUSPENDED)
8. cryptocurrency-qr-code.online (SUSPENDED)
9. coin-qr.to (ACTIVE)
10. btcqrcode.ru (ACTIVE)
11. btc-qr.to (ACTIVE)
12. btc-qr-code.su (SUSPENDED)
13. btc-qr-code.se (SUSPENDED)
14. qr-btc.com (SUSPENDED)
15. ltc-qr-code.com (SUSPENDED)
16. ltc-qr-code.su (SUSPENDED)
17. ltc-qr-code.ru (SUSPENDED)
18. eth-qr-code.su (SUSPENDED)
19. doge-qr-code.su (SUSPENDED)

In addition, please be aware that the following BitcoinTalk accounts are also associated with "cryptofbi007":
1. https://bitcointalksearch.org/user/olgareva-3535761 (Olgareva)
2. https://bitcointalksearch.org/user/icryptofbi-3531091 (icryptofbi)
3. https://bitcointalksearch.org/user/bitadvisor412-3599054 (Bitadvisor412) - Read: https://bitcointalksearch.org/topic/m.63411893
4. https://bitcointalksearch.org/user/jacketh-3600058 (JackETH) - Read: https://bitcointalksearch.org/topic/m.63411893

I have noticed that the users "cryptofbi007", "Olgareva", and "icryptofbi" have been involved in QR phishing scams, where they copy complaints from other people and change the domains and sites belonging to their competitors. This behavior reveals their malicious intent.

The operator of this crypto QR code phishing network is also involved in fake cryptocurrency mixer phishing scam websites. The phishing website "eth-mixer.to" uses the same nameservers that I researched for his other crypto QR code phishing domains, "btc-qr.to" (Archive: https://archive.is/UYrpT) and "coin-qr.to" (Archive: https://archive.is/9zHzB), which are "grace.ns.cloudflare.com" and "hans.ns.cloudflare.com" as of 2/20/2024. The fake ETH mixer phishing website "eth-mixer.to" (Archive: https://archive.is/I9Bnq) shows the same nameserver names and another fraudster's Ethereum address as "0x1C0537db2BAcDB6B9f17aad6bb7356A6700e9FF1". As of April 27, 2024, he uses a new domain, which is "eth-mixers.to", as the old domain "eth-mixer.to", which has now been redirected to the new domain "eth-mixers.to", has been flagged by anti-phishing security companies. (Archive: https://archive.is/mnhLM). The new phishing ETH address is: 0x9Bd4c820AE1eDeF28840dAaF704B7CE20C55b095.
The same goes for "btc-mixer.to" (Archive: https://archive.is/TaqxC) where he uses his deposit Bitcoin address "1AHkDZ1Ls6vjuME6XToP4wRqd3kmrYeQcp" to receive stolen Bitcoin money, and "ltc-mixer.to" (Archive: https://archive.is/zszEY) where he uses his deposit Litecoin address "LTdsbCtVridM36DTR2KrPLAwRtnDansD2Y" to receive stolen Litecoin money. As of May 1, 2024, he uses a new domain, which is "btc-mixers.to", as the old domain "btc-mixer.to", which has now been redirected to the new domain "btc-mixers.to", has been flagged by anti-phishing security companies. The new phishing BTC address is: 14opz93THYBrYBa7NmnfW1HXwsBQKdbdpF. (Archive: https://archive.is/mnhLM). The same goes for "ltc-mixer.to" which redirects now to the new phishing domain "ltc-mixers.to". (Archive: https://archive.is/gd119). The new phishing LTC address is: LLs8KTkjYP8hTHCeQBbqP8geV4KcGs3Y2E.
He has also now created a full cryptocurrency mixer phishing network next to his QR code crypto phishing network.

Warning: Please be cautious of a fake crypto QR code generator scam conducted by users with pseudonyms "cryptofbi007", "icryptofbi", and "Olgareva".

As the operator of this scam scheme resides in Russia, I recommend reporting the scammer on the following platforms, providing detailed information from this BitcoinTalk topic:

Email: [email protected] - Russian Police
Email: [email protected] - Russian FBI
Email: [email protected]
Email: [email protected]

IMPORTANT: If you are not Russian or do not have a Russian email address, I recommend creating a ".ru" email address on websites such as "https://rambler.ru".
For example, you can send a detailed report, similar to my complaint, to them from a Russian email address.
This is necessary because other email providers, such as Google, may have blocked sending emails to ".ru" addresses due to the ongoing war.

IMPORTANT²: In the police complaint, please remember to include the individual "icryptofbi" or also referred to as "cryptofbi007".
This person utilized the Tether USDT address "0xbee32483957f116c5830133188dca45b80b94fe6" to receive the stolen funds and defraud numerous unsuspecting victims, resulting in the loss of several thousand dollars. He then transferred the stolen funds to his second address and then to FixedFloat.

Don't forget to mention the contact methods for your police complaint report, stating that one can contact FixedFloat through email at "[email protected]" or visit their website at "https://fixedfloat.com/en/support".
They can provide server logs and IPs of the Russian cybercriminal who laundered the stolen cryptocurrency money there. This evidence can be presented to the police to ensure justice is served and victims are refunded.

Report Cybercrime in Russia online: http://services.government.ru/en/letters/form/
Report Cybercrime in Russia online²: https://cert.gov.ru/en/abuse.html
_

Other Russian government contacts are available for residents in Russia:
Quote
Russian Ministry of Internal Affairs:
Website: http://www.mvd.ru/
Phone: 8 (800) 350-75-28

Russian Ministry of Internal Affairs Cybercrime Division (Department "K"):
Website: http://www.mvd.ru/OVD/min/rukov_mvd/17/2012/258

The Ministry of Internal Affairs of the Russian Federation:
Phone: 02, 112

The Ministry of Internal Affairs Public Relations Office:
Phone: +7 (495) 667-72-64
Address: 11 Sadovaya-Sukharevskaya st., 120090, Moscow, Russia

Website: http://government.ru/en/department/86/events/

Economic Security and Anti-Corruption Department: +7 (495) 983-62-24
The Economic Security and Anti-Corruption Department of the Ministry of Internal Affairs of the Russian Federation deals with cybercrime and economic fraud.

Stay vigilant and spread awareness within the crypto community.
Let us work together to protect one another and create a safer environment for crypto enthusiasts worldwide.

Please avoid falling victim to these malicious schemes.

UPDATE as of 12/22/2023:

The Russian FSB is actively investigating this crypto cybercriminal case, aiming to locate and hold the fraudster accountable in real life for their malicious actions within their crypto QR code phishing network scheme that has caused significant harm to innocent victims; attached to this complaint is a screenshot of the paperwork from the Russian Federal Security Service (FSB) for your reference:

Quote
Jump to: