April 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. Here’s a closer look at hundreds of phony crypto investment schemes that are all connected through a hosting provider which caters to people running crypto scams.

A security researcher recently shared with KrebsOnSecurity an email he received from someone who said they foolishly invested an entire bitcoin (currently worth ~USD $43,000) at a website called ark-x2[.]org, which promised to double any cryptocurrency investment made with the site.

The ark-x2[.]org site pretended to be a crypto giveaway website run by Cathie Wood, the founder and CEO of ARKinvest, an established Florida company that manages several exchange-traded investment funds. This is hardly the first time scammers have impersonated Wood or ARKinvest; a tweet from Wood in 2020 warned that the company would never use YouTube, Twitter, Instagram or any social media to solicit money.

At the crux of these scams are well-orchestrated video productions published on YouTube and Facebook that claim to be a “live event” featuring famous billionaires. In reality, these videos just rehash older footage while peppering viewers with prompts to sign up at a scam investment site — one they claim has been endorsed by the celebrities.

“I was watching a live video at YouTube where Elon Musk, Cathy Wood, and Jack Dorsey were talking about Crypto,” the victim told my security researcher friend. “An overlay on the video pointed to subscribing to the event at their website. I’ve been following Cathy Wood in her analysis on financial markets, so I was in a comfortable and trusted environment. The three of them are bitcoin maximalists in a sense, so it made perfect sense they were organizing a giveaway.”

“Without any doubt (other than whether the transfer would go through), I sent them 1 BTC (~$42,800), and they were supposed to return 2 BTC back,” the victim continued. “In hindsight, this was an obvious scam. But the live video and the ARK Invest website is what produced the trusted environment to me. I realized a few minutes later, when the live video looped. It wasn’t actually live, but a replay of a video from 6 months ago.”

Ark-x2[.]org is no longer online. But a look at the Internet address historically tied to this domain (186.2.171.79) shows the same address is used to host or park hundreds of other newly-minted crypto scam domains, including coinbase-x2[.]net (pictured below).

The crypto scam site coinbase-x2[.]net, which snares unwary investors with promises of free money.

Typical of crypto scam sites, Coinbase-x2 promises a chance to win 50,000 ETH (Ethereum virtual currency), plus a “welcome bonus” wherein they promise to double any crypto investment made with the platform. But everyone who falls for this greed trap soon discovers they won’t be getting anything in return, and that their “investment” is gone forever.

There isn’t a lot of information about who bought these crypto scam domains, as most of them were registered in the past month at registrars that automatically redact the site’s WHOIS ownership records.

However, several dozen of the domains are in the .us domain space, which is technically supposed to be reserved for entities physically based in the United States. Those Dot-us domains all contain the registrant name Sergei Orlovets from Moscow, the email address ulaninkirill52@gmail.com, and the phone number +7.9914500893. Unfortunately, each of these clues lead to a dead end, meaning they were likely picked and used solely for these scam sites.

A dig into the Domain Name Server (DNS) records for Coinbase-x2[.]net shows it is hosted at a service called Cryptohost[.]to. Cryptohost also controls several other address ranges, including 194.31.98.X, which is currently home to even more crypto scam websites, many targeting lesser-known cryptocurrencies like Polkadot.

An ad posted to the Russian-language hacking forum BHF last month touted Cryptohost as a “bulletproof hosting provider for all your projects,” i.e., it can be relied upon to ignore abuse complaints about its customers.

“Why choose us? We don’t keep your logs!,” someone claiming to represent Cryptohost wrote to denizens of BHF.

Cryptohost says its service is backstopped by DDoS-Guard, a Russian company that has featured here recently for providing services to the sanctioned terrorist group Hamas and to the conspiracy theory groups QAnon/8chan.

A scam site at Cryptohost targeting Polkadot cryptocurrency holders.

Cryptohost did not respond to requests for comment.

Signing up as a customer at Cryptohost presents a control panel that includes the IP address 188.127.235.21, which belongs to a hosting provider in Moscow called SmartApe. SmartApe says its main advantage is unlimited disk space, “which allows you to host an unlimited number of sites for little money.”

According to FinTelegram, a blog that bills itself as a crowdsourced financial intelligence service that covers investment scams, SmartApe is a “Russian-Israeli hosting company for cybercriminals.”

SmartApe CEO Mark Tepterev declined to comment on the allegations from FinTelegram, but said the company has thousands of clients, some of whom have their own clients.

Cryptohost’s customer panel, which points to an IP address at Russian hosting provider SmartApe.

“Also we host other hostings that have their own thousands of customers,” Tepterev said. “Of course, there are clients who use our services in their dubious interests. We immediately block such clients upon receipt of justified complaints.”

Much of the text used in these scam sites has been invoked verbatim in similar schemes dating back at least two years, and it’s likely that scam website templates are re-used so long as they continue to reel in new investors. Searching online for the phrase “During this unique event we will give you a chance to win” reveals many current and former sites tied to this scam.

While it may seem incredible that people will fall for stuff like this, such scams reliably generate decent profits. When Twitter got hacked in July 2020 and some of the most-followed celebrity accounts on Twitter started tweeting double-your-crypto offers, 383 people sent more than $100,000 in a few hours.

In Sept. 2021, the Bitcoin Foundation (bitcoin.org) was hacked, with the intruders placing a pop-up message on the site asking visitors to send money. The message said any sent funds would be doubled and returned, claiming that the Bitcoin Foundation had set up the program as a way of “giving back to the community.” The brief scam netted more than $17,000.

According to the U.S. Federal Trade Commission, nearly 7,000 people lost more than $80 million in crypto scams from October 2020 through March 2021 based on consumer fraud reports. That’s a significant jump from the year prior, when the FTC tracked just 570 cryptocurrency investment scam complaints totaling $7.5 million.

A recent report from blockchain analysis firm Chainalysis found that scammers stole approximately $14 billion worth of cryptocurrency in 2021 — nearly twice the $7.8 billion stolen by scammers in 2020, the report found.

In March, Australia’s competition watchdog filed a lawsuit against Facebook owner Meta Platforms, alleging the social media giant failed to prevent scammers using its platform to promote fake ads featuring well-known people. The complaint alleges the advertisements, which endorsed investment in cryptocurrency or money-making schemes, could have misled Facebook users into believing they were promoted by famous Australians.

In many ways, the crypto giveaway scam is a natural extension of perhaps the oldest cyber fraud in the book: Advanced-fee fraud. Most commonly associated with Nigerian Letter or “419” fraud and lottery/sweepstakes schemes, advanced fee scams promise a financial windfall if only the intended recipient will step up and claim what is rightfully theirs — and oh by the way just pay this small administrative fee and we’ll send the money.

What makes these double-your-crypto sites successful is not just ignorance and avarice, but the idea held by many novice investors that cryptocurrencies are somehow magical money-minting machines, or perhaps virtual slot machines that will eventually pay off if one simply deposits enough coinage.


57 thoughts on “Double-Your-Crypto Scams Share Crypto Scam Host

  1. Garrett DuPont

    I was scammed. Is there any way to get my ETH back. I cannot believe I fell for this.

    1. BrianKrebs Post author

      Where were you scammed? Do you recall the URL or domain name involved? How much did you lose?

      1. SW.KIM

        I also suffered under same situation. I sent 330,975 zilliqa coin to fraud’s wallet..
        I reported this to local police and also tried to track him by myself.
        i tracked coin movement, it ended at binance wallet which is managed by coin broker company called Bequant

        Then i captured every youtube information about fraud and asked google to keep fraud’s information.
        also tracked domain and IP to track him down.

        what should i do more to get my zil back…

        1. Galen

          Maintain ultra low expectation of ever seeing your crypto again, but technically you should submit an IC3 cyber crime complaint with the FBI.

      2. David Benson

        Invest-luxurypropertyshares. I invested 300.000 , a romance scammer lured me into this site and unfortunately after 6 months I couldn’t get a dime out. They have you paying taxes, upgrade fees, certificates etc.

        1. michaelwrubell01@gmail.com

          Been reading these comments and all i’d say is that the main cause of these experiences is greed and a get rich quick mentality, hence the reason why information is key as You should research each stock/Cryptocurrency you purchase, which includes a deep dive into the bones of the company and its financials. The key to trading success is emotional discipline. If intelligence were the key, there would be a lot more people making money trading… I know this will sound like a cliche, but the single most important reason that people lose money in the financial markets is that they don’t cut their losses early. For more information, shoot me a DM.

      3. Christina

        bc1qq82nj5nqm29ezdtrw4gq26qhv8tzx3w0aar8m4

        That was the url it was only $100 but it’s like all I had this week

      4. Rob A

        I was scammed just the other day. Same youtube interview vid w/ Musk/Dorsey/woods. URL was https://2022-tesla.org/.
        Lost 4.63 ETH. ~12.6k. Was all our savings 🙁 Submitted a complaint to IC3 and emailed FBI. Don’t expect anything to come of it. Little fish. Not home now but I’ll post the transaction hash for anyone who cares. The ETH is still in the scammer’s wallet (23ish right now) so recovery is possible but I really doubt it.

    2. Anonymous

      Sorry to have to say this but nope. Your money is gone. No way to get it back.

      Just use this as an expensive learning lesson and never do it again.

    3. Galen

      I also was scammed by one of these crypto doubling schemes. A fraudulent YouTube live stream of Michael Saylor and MircroStrategy hosting a limited BTC giveaway directed me to eventms.io/btc which detailed the giveaway and provided the BTC address for a one-time transfer, doubling, and return. I immediately filed an IC3 cyber crime criminal complaint, and I have never heard back. I have seen the exact scam repeated several times since, but apparently Google/YouTube and law enforcement have more important things to worry about.

      1. Santana Myers

        I lost 43k in btc about a year ago but got it all back all thanks to Crystal Recovery. I met them online and they carried me along through all their processes till they recovered everything. You can reach out to them at mzzbrandz.j at outlook dotcom

          1. James Watkins

            I know a recovery expert that charge 10 to 15%. Depends on how tough the recovery is

    4. michaelwrubell01@gmail.com

      How did you get skimmed of your funds? How many ETH did you lose?

  2. Anastasia

    I am sad to see the degrading integrity and core values of so many people with technology skill.

  3. Joe Barry

    I was “added by Elon Musk” on Twitter to a giveaway. Went to the site, was told I need to upload .01 bitcoin to get one back.

    No thanks.

  4. Free $ wants to be FREE!

    You mean they LIED? On the WEB? It’s NOT a unique opportunity? ZOMG!
    Are you sure if I send more money there’s no chance of doubling it though?
    The prince of Nigeria will be so pissed when he reads about this on Yelp.

  5. PT Barnum

    A fool and their money are soon parted. It is really difficult to feel sorry for anyone who sends in nearly $50k to an unknown website because of something they saw on FB or Youtube. Wow, just wow.

    1. Ring leader

      It is amazing that in this day with so many people using gadgets and technology that were beyond far fetched and thought to be impossible to ever come into existence not too many decades ago, that so many dummies fall for these scams. Sad commentary on societies worldwide (especially the U.S.), people seem to be getting dumber and dumber. Tempted to join the scammers and make my fortune, so many suckers, so much money to steal. Anyone want to send me your money? I can triple it every 5 minutes, trust me, would I lie?

    2. ReadandShare

      Happens… when wishing (too much) for something to be true!

  6. Mike Wyman

    Supposedly the people most likely to be scammed are those who have been scammed before. Such a group is conveniently identified by those who have purchased cryptocurrency.

  7. n10cities

    From the “A fool and his money are soon parted” department………..SMH.

  8. Ron G

    Cryptocurrencies are the very essence of capitalism, distilled down to the bare essentials, i.e. the transfer of wealth, over time, from stupid people to smarter people, and without any of those pesky annoyances to get in the way, like national boundaries, courts of law, etc.

    Note that ALL of the Bad Actors featured in this story are Russians.

    Russia isn’t merely a terrorist state, it is a first generation crypto-terrorist state.

    1. Wannabe techguy

      So you’re blaming capitalism? Really?

      1. Ron G

        No. I’m not “blaming capitalism”. I was merely pointing out that real honest-to-goodness raw capitalism is Darwinian by its’ very nature, or as it is sometimes said, a system of “The devil takes the hindmost.”

        In most places where it is currently practiced, this kind of “raw” capitalism is at least tempered by courts of law where suckers can have at least a chance of getting their money back when and if they have been defrauded. But only, of course, if they have been defrauded out of what the crypto fanatics like to call “fiat currency”. (But the people who fell for the 2x crypto fraud described in this Krebs article will only ever see their money again when hell freezes over.)

    2. Patrick Dale Harrington

      Incorrect North Korea, Africa, India just to mention a few other countries, but look no further than our own self regulating security markets. SEC has fined bank of America and wells fargo numerous times for fraud. Easy to blame victims because they don’t think about stealing.

  9. Stéphane Moureau

    https://www.google.com/search?q=%22Lenin+str.%2C+12%2C+ap.+34%22

    Street search shows

    Reverse Whois andryedvard@gmail.com

    bank-bitco.com 2020-11-20 REG.RU
    forexheros.com 2020-11-16 REG.RU
    forexherostop.com 2020-11-16 REG.RU
    gazprom-eu.com 2021-01-11 REG.RU
    greatnovation.com 2020-11-18 REG.RU
    guardian-arabic.com 2021-01-09 REG.RU
    heroforexbest.com 2020-11-11 REG.RU
    loophole-evo.com 2021-01-05 REG.RU
    loophole-evolution.com 2020-12-14 REG.RU
    naebalte.com 2020-12-08 REG.RU
    new-siemens.com 2020-12-30 REG.RU
    nowasof.com 2020-12-08 REG.RU
    redinkstate.com 2020-12-08 REG.RU
    settinnova.com 2020-11-17 REG.RU
    snnovation.com 2020-11-20 REG.RU
    thebtcgenius.com 2021-01-05 REG.RU
    zyskpoland.com 2020-11-18 REG.RU

    Event-musk.com suchkov98@gmail.com

    Reverse Whois suchkov98@gmail.com

    Domain Name Creation Date Registrar
    adacolorado.com 2021-09-04 REG.RU
    adajackpot.com 2021-09-04 REG.RU
    giveadabtc.com 2021-09-15 REG.RU
    lolzteam.com 2014-08-16 ENOM, INC.

  10. JM

    The more things change, the more they stay the same. Bogus contracts and currency doubling have been mainstay scams in Eve Online ever since its inception. I wonder what other horrible financial plays can be lifted from that game and put onto the blockchain.

  11. Gerry Myers

    As usual your reporting on this scam is outstanding. You have helped a lot of people avoid these nefarious schemes, and at the same time helped to educate up and coming cybersecurity professionals. Really grateful for all the work you do. Thank you.

  12. G. Lanskoy

    I was scammed too. I went on the website mammoth2022.guru (offline now) and it said x2 BTC for everyone. I am such a fool.

    1. Bradley Gregus

      That’s ridiculous. I was once a victim but I got introduced to a recovery company through my friend which helped me recover everything back and I’m talking close to 100k. You can reach out to them at mzzbrandz.j at outlook dotcom

  13. pete

    The video mentioned in the article was pushed at me by the YouTube algorithm. It was the only video on an account called “Space X”, it was obviously not Space X-related content, and the profile said it was based in Turkey…. so, yeah – not Space X.

    1. pete

      oh and there were about 18,000 people watching the stream…. great job, YouTube.

  14. Jessica Man

    In 2021, crypto criminals directly stole a record US$3.2 billion worth of cryptocurrency, according to Chainalysis. That’s a fivefold increase from 2020. DeFi hacks are projected to be even higher in 2022 so Coinbase developed an initiative to partner with Donald Gallagher Consultants (Donaldgallagherconsultants com) to help curb this problem of cryptocurency theft around the world. I would advice you reach out to them as soon as you can because in such cases the faster you act, the better.

  15. Terry Bowden

    CC Brian Krebs

    PDR
    Dear Registrar

    This is a compliance request for you to suspend the illegal domains used for a publicly exposed cryptocurrency fraud

    ada-x2.us
    ada2.us
    ark-invest2022.us
    ark-pump.us
    arkinv.us
    ceoshib.us
    ether2.us
    ethgift.us
    geminishare.us
    joingemini.us
    livexrp.us
    microceo.us
    msgift.us (already suspended, thanks)
    ripple-x2.us
    ripple2.us
    shiba2.us
    shibaevent.us
    xrpgift.us

    They are used for obviously illegal purposes.

    CRIMINAL EVIDENCE FROM BRIAN KREBS
    https://krebsonsecurity.com/2022/04/double-your-crypto-scams-share-crypto-scam-host/

    Your company is the registrar sponsoring the domain names

    ACTION
    Set the status to Client Hold

    Thank you for your efforts to reduce crime and to keep criminals from abusing your terms of service

  16. Terry Bowden

    CC Brian Krebs

    PDR
    Dear Registrar

    This is a compliance request for you to suspend the illegal domains used for a publicly exposed cryptocurrency fraud

    ada-x2.us
    ada2.us
    ark-invest2022.us
    ark-pump.us
    arkinv.us
    ceoshib.us
    ether2.us
    ethgift.us
    geminishare.us
    joingemini.us
    livexrp.us
    microceo.us
    msgift.us (already suspended, thanks)
    ripple-x2.us
    ripple2.us
    shiba2.us
    shibaevent.us
    xrpgift.us

    They are used for obviously illegal purposes.

    CRIMINAL EVIDENCE FROM BRIAN KREBS
    https://krebsonsecurity.com/2022/04/double-your-crypto-scams-share-crypto-scam-host/

    Your company is the registrar sponsoring the domain names

    ACTION
    Set the status to Client Hold

    Thank you for your efforts to reduce crime and to keep criminals from abusing your terms of service.

  17. War Geek

    Even aside from the obvious portable cash aspect that attracts scammers, a factor that dials the numbers of these up to 11 is that crypto investors are a self identified pool of great targets. It’s akin to the demographic segment that the data broker Exactdata has for senior citizens with Alzheimer’s disease (whatever it’s euphemistic name du jour).

    Nothing attracts scum faster than money in the hands of the vulnerable…

  18. Chan Lee

    DO YOU KNOW that you can RECOVER YOUR LOST CRYPTO?
    Yes you can. I was utterly depressed because i was scammed of my Bitcoin and Ethereum that is worth 214,029, i contacted law enforcemenet but no positive answer, so i thought i have lost it all until i saw a comment about RAPID RECOVERY, so i sent a mail and got a reply. Guess what guys, 100% of my crypto was refunded back. I’m not the type that write comments, but i promised him that i will tell the world about his good work. If you ever lost your BTC, Eth etc, contact RAPID CRYPTO RECOVERY@gmail. com

    1. Wallace Knust

      Thanks for the recommendation. i read your comment sometime ago and contacted them. my crypto has been recovered and the scammer has been tracked too.

  19. Rachel Hall

    IF SOMETHING SOUNDS TOO GOOD TO BE TRUE…
    IT USUALLY IS‼️

    IMHO – I do believe “greed” can and does play an underlying factor for why some people end up geting duped into scams, but it’s not always the case. Some people are naive in their thinking, “Seeing is believing”??!! While others can not fathom the idea of getting scammed because THEY-themselves would never scam someone??!! These criminal scammers play on our emotions and good heart!

    1. JamminJ

      Greed and/or desperation.

      Even now, right here on this forum, there are scammers saying recovery is possible. RECOVERY IS NOT POSSIBLE.
      Playing on the desperation of those already scammed. Previous victims are often easier targets to scam again.

  20. insanes

    Well, the website is back under a new domain “cryptoweb.to”, the owner of this site also owns “cryptostream.to” which helps them in running the livestreams.

  21. koadadog

    Great reporting. I was also scammed for 2 BTC In a invest in a new coin out of Kucoin and get 50% more of your initial investment. It was promoted in A live YouTube with singers and performers etc. I never saw my money again I reported the site and all but of course nothing ever happened. Thanks for taking the time to report.

  22. JamminJ

    Greed and/or desperation.

    Even now, right here on this forum, there are scammers saying recovery is possible. RECOVERY IS NOT POSSIBLE.
    Playing on the desperation of those already scammed. Previous victims are often easier targets to scam again.

    Anyone claiming that recovery is possible, and then posts a link or an email… is an obvious scammer.

  23. Wesley

    Most recovery companies will take your money again. I personally think they are the same set of people that run all of them, seems like an unending cycle and its too sad. The most crazy thing about the whole internet thing is how you can clone a website to make it look like the real one, I discovered so many people fell into this kind of scams. The only recovery company I know that works is assetsrepo dot com, I have been to their physical address to meet them before and the good thing about them is that they will let you know if they can handle your case or not. So they will not just take your money when they already know they wont help you out.


  24. Amy

    It is a common misconception that stolen Bitcoins can not be recovered. This is totally false as I have personally just recovered my bitcoins with the help of Mattdunham928 at g male .com

  25. JamminJ

    Greed and/or desperation.

    Even now, right here on this forum, there are scammers saying recovery is possible. RECOVERY IS NOT POSSIBLE.
    Playing on the desperation of those already scammed. Previous victims are often easier targets to scam again.

    Anyone claiming that recovery is possible, and then posts a link or an email… is an obvious scammer.

  26. Thinder

    At first, I thought the headline used “scams” as a verb and “host” as in podcast, or that they scam the host. But I think I got it now.

  27. Lora Taylor

    Well, i lost money to binary scammer and crypto.

  28. Daniel Way

    We should stop blaming victims and accusing them of being greedy; I wasn’t greedy and I’m pretty smart, but I still fell victim and was only saved by reversalpro com. I was fortunate, but there are many other victims out there who have been completely destroyed and are helpless.

  29. HelpWithPenny

    It’s terrible that there are so many scams lately. And especially with cryptocurrencies, as it happens in a decentralized world, there’s basically nothing that can be done about it.
    Stay safe everyone!

Comments are closed.