Topic: SCAM - Fake Cryptocurrency Mixer Phishing Network (Read 137 times)

It is highly probable that the fraudster has obtained either a pre-verified or stolen verified Binance account, likely purchased from a darknet market or underground forum. With the acquired account, they are able to convert stolen Ethereum and other cryptocurrencies into different cryptocurrencies, effectively laundering the funds.

It is worth noting that currently, Binance requires a verified account to report scams. Therefore, individuals who possess verified Binance accounts are encouraged to report this case to Binance. Their cooperation in reporting this fraudulent activity will greatly assist in investigating and addressing the issue appropriately.

If all crypto transfers in the end lead to Binance, this means that it is easy to report this scammer, and his entire phishing network is based on searching for similar domains, trying to design a UI similar to mixers, while modifying the address to a wallet address that he can access.

In general, before depositing to any mixer, you must make sure that the address belongs to them by verifying the signature of the letter of guarantee. Therefore, downloading a copy of the public key for the mixer will be useful.

Thank you, Cantsay, for bringing attention to this issue.
This thread aims to highlight the actions of a single fraudulent individual who is the owner and operator of the reported websites involved in a phishing cryptocurrency mixer network. By creating a single thread dedicated to this case, we can better investigate and address this network effectively.

Nice catch Op,,, this reminds me of what happened several weeks ago with [banned mixer] that was being cloned by a group of scammers who went ahead to created several clones of site along with telegram bots and channels with the aim of stealing from people. We successfully took down all of the sites that were noticed (@paid2 did most of the job with the reporting)… Same thing can be done for this, if users that frequent the scam accusation board decides to help with the report.

You should also consider reporting them in this thread^[1] by LeGaulois, because due to the latest update that will take effect from January 1st only that list will be allowed to stand and most likely that’s the only place we’ll be allowed to report a scam mixer.

[1] https://bitcointalksearch.org/topic/scams-bitcoin-mixers-list-and-services-closed-5381839

Attention, BitcoinTalk Community!

We need to address a pressing concern that involves a notorious Russian cybercriminal engaged in crypto crime. This individual has orchestrated a network of fraudulent Ethereum, Bitcoin, and other cryptocurrency mixer websites, deceitfully promising to launder or mix crypto money when, in reality, they are stealing it through a carefully devised scheme. Their actions have caused immense financial losses amongst unsuspecting victims. It is crucial that we bring this to light and take effective action against these criminals.

The fraudster employs blackhat techniques to achieve high search engine rankings in order to promote their fraudulent crypto mixer scam.

One of the most alarming aspects of this operation is the utilization of a malicious script embedded within fake crypto phishing websites. These fraudulent websites generate a unique crypto address on the final page, allowing the cybercriminal to siphon off the funds directly. In specific, the criminal transfers the stolen Ethereum from "0x1bac08001d761c303901d5e32273a24c07d3f3da" to their other Ethereum address, "0xe67FC443fa1D4927bD9611B8cF50745618b12a04", eventually cashing out on Binance, a popular cryptocurrency exchange. It is estimated that the criminal has already stolen millions of dollars in Bitcoin alone.

An excellent example illustrating the extent of their fraudulent activities can be found on the domain eth-mixing-eth.com. If you enter a random Ethereum address, you will see the end order Ethereum address, owned by the domain registrant, which currently stands at "0x9c5ADF966d3e6Ca8fE859D2a71083728de7cA10e" (as of 12/20/23). By following the links provided, you can observe the transfer history associated with this address.

To exacerbate concerns, several other Ethereum addresses are involved in this cybercriminal's operation: "0x5a7fa8a9be9b3b3ca2df29b0f378b4b7e93efe89", "0x1bac08001d761c303901d5e32273a24c07d3f3da", and "0xe67fc443fa1d4927bd9611b8cf50745618b12a04". The stolen Ethereum travels through a chain of these "mule" addresses before finally being sent to "0xe67fc443fa1d4927bd9611b8cf50745618b12a04" and subsequently laundered through Binance. Other suspicious Ethereum addresses worth mentioning is "0x2dC905b2b066B875De1F3030849435C01f27aFDB".

"0x9c5ADF966d3e6Ca8fE859D2a71083728de7cA10e", which can be observed on the end-order page of the phishing website "ethereum-mixers.com" (Possible Accounts: https://github.com/Armayxas , https://minecraft-statistic.net/ru/player/Armayxas.html), might be another individual or possibly the same individual who runs this crypto phishing network. Based on my research, this website may also belong to the individual reported in the case, who is running a crypto QR code phishing network, including mixers, as of 2024: https://bitcointalksearch.org/topic/scam-fake-crypto-qr-code-generator-phishing-beware-5475430.

One of his Medium accounts is: https://anonymousmixers.medium.com/ (Backup: https://web.archive.org/web/20240206164226/https://anonymousmixers.medium.com/)
His other Medium account is: https://ethereum-mixer.medium.com/ (Backup: https://web.archive.org/web/20240206170331/https://ethereum-mixer.medium.com/)

The former phishing Ethereum mixer scam website named "Anonymousmixers" (anonymousmixers.com), which the fraudster has also promoted on Medium, as seen here: https://ethereum-mixer.medium.com/anonymous-mixer-cdb805f616cf (Backup: https://web.archive.org/web/20240206165204/https://ethereum-mixer.medium.com/anonymous-mixer-cdb805f616cf) was suspended for abusing its services. The fraudster behind it then created a new phishing domain called "anonymousmixer.eth.link" to continue their fraudulent activities. They also created a Medium account to advertise the new phishing website and to conduct social engineering and psyop attacks by fabricating a fake story about why their previous domain was suspended. This fabricated story can be read here: https://anonymousmixers.medium.com/anonymous-mixer-decentralized-domain-name-5a1767ca4227 (Backup: https://web.archive.org/web/20240206164337/https://anonymousmixers.medium.com/anonymous-mixer-decentralized-domain-name-5a1767ca4227).

In their Medium article, they falsely claimed, "Despite explaining that our mixing process is fully decentralized and we have a no log policy, our domain name was eventually shut down due to the registrar’s demand.". This is a lie. Their previous domain was actually suspended for fraud and abuse, making this attempt at social engineering and psyop tactics evident.

Please remain vigilant and take immediate action if you come across any of the following phishing websites associated with this fraudster:
and many more...

By reporting any suspicious activity and websites associated with this cybercriminal, we can work together to protect ourselves and others from falling victim to such scams. The link provided (https://scam-alert.io/scam/1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk) offers more in-depth information about the extent of this criminal's activities.

In their recent fraudulent activities, the scammers behind the fake bitcoin mixer phishing websites have adopted a new method of generating a unique bitcoin address for each victim transaction, having previously relied on a single bitcoin address "1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk" to receive stolen funds. This updated approach has allowed them to continue their malicious operations, resulting in substantial financial losses amounting to millions of dollars, with other cryptocurrencies like Ethereum also being targeted.

Nowadays, the fraudster has updated their tactics and is utilizing a custom script. This script generates a unique bitcoin address every time someone attempts to "mix" on his phishing websites.
Previously, the fraudster relied on a single phishing bitcoin address, which was and still is "1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk". It is worth noting that the fraudster continues to evolve his crypto phishing methods even in the year 2024.

There are various threads on BitcoinTalk discussing fake crypto mixer phishing websites. However, the thread I have created focuses on a particular individual whom I have observed through online platforms. This individual displays similar digital behaviors and utilizes crypto addresses that I have tracked. It appears that this person dominates this specific scam scheme, as there is no significant competition in this area.

It is crucial for the BitcoinTalk community to stand united against such fraudulent activities. We must ensure that the relevant authorities and institutions are made aware of this situation to prevent further harm to innocent users and to hold these cybercriminals accountable for their actions. Let us take collective action to combat this criminal network and safeguard the integrity of the cryptocurrency community.

There are numerous complaints and warnings regarding this fraudster who has been operating a cryptocurrency mixer phishing network on the internet for years.

These complaints and warnings can be found here:
https://bitcointalksearch.org/topic/scam-bitcoin-mixers-revenues-exposed-5413084
https://bitcointalksearch.org/topic/--5309843
https://scam-alert.io/scam/1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk
https://cryptscam.com/es/detail/1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk
https://www.chainabuse.com/address/1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk?chain=BTC
https://rakeshkrish.medium.com/bitcoin-mixing-a-survey-short-guide-on-how-to-trace-malicious-transactions-84e29b4b6ca9
https://medium.com/@prazeina/scam-bitcoin-mixers-services-to-check-scam-wallet-addresses-700a1858121c

Thank you for your attention and immediate action in dealing with this pressing matter. Together, we can make a difference in identifying and eliminating these cybercriminals from our community.

Stay vigilant and stay safe!