Chinese Police Arrest Criminal Gang for Manufacturing and Distributing Fake Crypto Wallets

Bitrace, a blockchain security company, recently announced that it had assisted Chinese police in dismantling a criminal gang that had been manufacturing and distributing fake cryptocurrency wallets. The gang had been distributing fraudulent APK installation packages via Telegram and WeChat groups, and had also been buying advertising services to mimic official websites of popular wallets like TokenPocket. Victims who downloaded these fake wallets had their cryptocurrency assets stolen by the gang. The case is currently under investigation and trial.

This is not the first time that Chinese police have taken down a criminal group that used such tactics. Previously, authorities in Zhejiang and Jiangsu had taken action against gangs that had used similar methods to impersonate globally renowned wallets like imToken, TokenPocket, MetaMask, TrustWallet, and others.

The rise of fake crypto wallets has become an industry in its own right, with criminals constantly upgrading their techniques. Recently, there have been numerous reports of victims falling prey to new forms of theft, such as the use of multiple signatures. The scale of losses incurred by victims continues to grow.

In light of this, Bitrace has advised users to only download wallets from reputable app stores or official websites, and to avoid installing wallets from Telegram or WeChat groups, or from search engines. Bitrace’s team has been monitoring the trend of fake wallet scams for a long time, and has been working to raise awareness of the risks involved.

One victim who fell prey to a recent multiple signature scam contacted Bitrace for assistance. Bitrace’s team has been studying this new type of scam and will offer some insights into it.

Multiple signatures, or multi-sig, is a widely used security mechanism in blockchain technology. To complete a transaction, a certain number of users who have private key permissions must sign the transaction.

Multi-sig helps prevent malicious attacks and fraudulent activities, and improves the security and availability of cryptocurrency assets. It also solves the potential trust issues that arise when multiple parties collaborate on asset management. As a result, multi-sig has been widely adopted. Using multi-sig also means that if a user’s private key is stolen by a hacker, the hacker cannot transfer the assets because they do not have the private keys of the other users who have multi-sig permissions.

However, once the highest level of multi-sig authority is stolen, the hacker can act with impunity. They can disguise themselves as a partner and lurk in the shadows, waiting for funds to accumulate before taking all the assets at once. In traditional fake wallet scams, hackers obtain the address private key through the fake wallet backend, and both the hacker and the victim have access to the address operation authority, so both can transfer all the funds out of the address. The hacker can either immediately steal the assets or wait for the victim to accumulate more.

In the second scenario, the hacker is said to be “fishing,” which is the term used within the fake wallet industry. In multi-sig scams, since users lose their account permissions, the address will always be in the “only in, not out” state during this period. In theory, as long as the user does not initiate a transfer, they will never know they are on the verge of being robbed.

For hackers, they don’t have to worry about the duck in their mouth flying away, so they won’t startle the snake. They just need to wait for users to continue to deposit money into their wallets. Clearly, multi-sig scams are an upgraded version of fake wallet scams, and they are more insidious and have a higher success rate.

Bitrace advises users to stay vigilant, and to always ensure that they only download wallets from reputable sources. They also urge users to take measures to protect their private keys and avoid disclosing them to the public.

Bitrace’s warning highlights the need for users to exercise caution when downloading cryptocurrency wallets. Users should always download wallets from official sources such as the app stores or official websites, and not from unsolicited messages on social media or search engines. Additionally, it is essential to remain vigilant against new forms of scams and be cautious when sharing personal information or accessing suspicious links.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

Follow us on Reddit

You might also like