With the rise in the purchase of cryptocurrencies, many are willing to invest, to increase their
returns. However, scammers are becoming quite clever in stealing from unsuspecting victims. It
is up to the owners of cryptocurrency to stay safe online and protect their cryptocurrency
Due diligence and research are an absolute must before investing with any company. Do not
always rely on review sites or client testimonials. Thorough investigation is an absolute must to
avoid scams and losing money.
As long as cryptocurrencies such as Bitcoin, Ethereum and DOGE have existed, owners of
cryptocurrency have either lost access to their wallets or fallen victim to a scam. While security
has improved over the years, so too has the sophistication of attempts to steal from
unsuspecting victims. With each new security patch or advisory on how to stay safe online, scammers will have taken strides in concocting new ways of gaining access to a victim’s wallet, or simply stealing from a
Owners of cryptocurrency need to be aware that convincing scams exist, and how to spot them.
While the banking and finance industries are highly regulated and secure, the same cannot be
said for some cryptocurrency investment and exchange markets. So those who hold
cryptocurrencies need to be reminded often, that they need to remain safe online and do their
research to avoid losses. As the adage goes, and to paraphrase, “If it’s too good to be true, it
CEOs talk on crypto-fraud and how he recovers stolen funds from scammers and hackers.
How Might a Cryptocurrency Scam Work?
There are plenty of scams out there, in all corners of the internet and even on the shadier darkweb. In short, one method of stealing cryptocurrency from a victim, is taking their funds upfront for a service or product a scammer has no intention of delivering to their victim. This scheme is quite common on the dark web, where a user might try to purchase an illicit service or product with the added benefit of anonymity. However, what a victim orders may never arrive, and they have no way of retrieving their funds.
More sophisticated scams also exist and are quite common. Far more common than one might
think. Imagine you seek out an investment opportunity for your money or cryptocurrency. What
you stumble upon appears to promise significant returns on your investment relatively quickly.
So, you decide to take the plunge. An investment site might offer investment tiers, in increments of $5,000 to $10,000 with returns of potentially up to 15 – 20% several weeks or months after the initial investment has been made. This is where the problems for the investor begin to mount up.
As an example, when you decide to withdraw your investment and returns, you’re met with one.
The Rise of Cryptocurrency and Investment Scams.
Brick wall after another brick wall. The excuses begin to pile up quickly. Some investment scammers might ask you to increase your investment to their next tier before they release your
funds and any returns.
In other cases, they might bounce you between support agents “trying” to assist in returning your investment and any gains made. Scammers will then concoct several excuses or reasons why they just can’t repay you right now, and to hold tight. The aim is to delay and cause frustration, hoping you’ll simply give up any hope of seeing your money again.
In summary, an investment scam or service provider might bait you with the promise of returns on your investment or products you simply cannot purchase on the surface/normal internet.
Once the bait has been taken, in most cases that’s it, they’ve laundered your funds and you’ll never see your money or the scammers again.
What is a Real‐World Example of an Investment Scam?
Planguard Invest is a prime example of an investment and cryptocurrency scam in action. Those behind the scam have put time and effort in to creating a somewhat professional website that seems legitimate, to bait potential investors. However, you will need to do a little digging through the website. At first glance, and after a little light reading, you’ll notice some obvious spelling mistakes. No professional or accredited investment company would allow for such blatant spelling errors, even if English wasn’t their first language. Besides the obvious spelling mistakes, grammar is not their strong suit either, even though they attempt to use language in a way that aims to lure in potential victims, such as huge returns on investment regularly and no deposit fees. Another issue that strikes me as a big red flag, is the enormous amount of unnecessary and eye‐ catching graphics on the front page alone. It all operates as a method of capturing a potential victim’s attention, one who might consider spending a considerable amount of their money on an investment opportunity.
Now here’s the catch. Once Planguard Invest has lured their victims to invest in a specific plan, the problems begin. When the victim/investor decides it’s time to withdraw their funds and cash out, the support team is less than helpful. The tactic employed by these scammers is to delay and frustrate their victim/investor to the point of giving up. The victim will be provided with new offers to invest before their investment can be released.
Hiding Their Tracks.
Planguard Invest used a variety of techniques to elude investors. One implementation they used is a certificate of incorporation, one which has been forged to give legitimacy to the website. The real company Planguard LTD, is registered and based in the UK, and has no ties to online investments. Planguard Invest, the scam company also falsifies contact information or omits actual contact information, meaning it’s difficult to contact a real person to assist with withdrawals. Another tactic that has been identified, and used to cover their tracks, is the use of cryptocurrency markets, such as Bitni. Bitni itself is a legitimate cryptocurrency exchange platform, but collects no user data related to transactions, which provides complete anonymity to both parties involved. Additionally, Planguard Invest uses a technique called tumbling. This means, once they have received funds into their initial cryptocurrency wallet, they move the funds through numerous anonymous wallets, before one or many individuals receives a pay out of non‐digital currency. This is done to increase the difficulty in unveiling the identities of those involved in the scam.
Planguard Invest, In Summary and Further Investigations.
In summary, Planguard has developed a convincing website, with offers that might lure a victim to invest with them. If a victim takes that bait, when it comes time to withdraw their funds, Planguard uses delay tactics to frustrate victims, to the point of giving up. The overall website, while it might look professional, screams red flags with spelling and grammar mistakes. Graphics and snippets of enticing information are used to grab a victim’s attention, offering them false promises of high returns. After further investigations, it has been found that when victims transfer funds to these scammers, the cryptocurrency is immediately laundered or tumbled to other wallets, to ensure the money is difficult to track, including the identity of those involved in the scam. The name Planguard Invest is derived from Planguard LTD; a UK company registered with the HMRC. The equivalent to the HMRC might be the IRS in the US or Revenue in Ireland. This is a case of stolen identity by the scammers, to give legitimacy to their operation. Since the investigations are still ongoing, the owners of the Planguard LTD will be notified to ensure they are aware of the scam being conducted in their company’s name in due course.
.Data Gathering: The Technical Process.
When contact was made with our client, I needed to obtain some information regarding the scam. For example, what conversations did they have with the scammers? How much did they send to the scammers? What platform did the client use to transfer their cryptocurrency? What was the scammers cryptocurrency wallet address? The conversations between the client and scammers did not provide any leads, but the client provided us with the wallet address they transferred funds to. This allowed me to view transactions for the scammer’s wallet, from cryptocurrency in, to cryptocurrency out. I went one step further, by using Orbit, a tool written in Python, which provides a visual relationship between the wallet being examined, and other wallets it has transacted with in the past. From my investigation, I found that the scammers had received a considerable amount in funds, which was almost immediately transferred out to other wallets. Again, this is called tumbling, which is used to hide funds and conceal the wallet owners’ identities. It works very much in the same way money laundering would in the real world.
While writing this article, the scammers wallet is still active, receiving and sending funds between other wallets, so our investigation to reveal their identities is still ongoing. I’ve mentioned that another method the scammers used to conceal their identities, was asking the client to transfer cryptocurrency to them via Bitni. Bitni is an exchange which allows for the anonymous transfer of funds between wallets, meaning, it doesn’t collect information on the owner of either wallet. This is because Bitni does not implement KYC or Know Your Customer. Know Your Customer is an implementation used online and by financial institutions to prevent financial fraud. So, by using Bitni, this allowed the scammers conceal their identities, to commit fraud.
Identifying the Scammers.
It was discovered that Planguard Invest and Lenox Growth were both linked. While both sites were different, both contain some similarities in how they operate. Both sites contain the following HTML comment: The HTML comment links to a Telegram channel, which is currently inactive, but will warrant further investigation to identify subscribers. Other indicators show that the sites are indeed run by scammers. Planguard Invest for example, provides a business address and support email as the only methods of contact. No phone number is visible on either site. Both sites also include a Certificate of Incorporation, for the UK on Planguard Invest and Singapore on Lenox Growth. I was able to use the UK Certificate of Incorporation to investigate the company and realized that the scammers had stolen a company name and produced the Certificate to give a false sense of legitimacy to both companies. With a wide variety of tools at my disposal, investigations are still ongoing, to reveal the identity of the scammers and have the victims’ funds returned to them in full. If required, the results of the investigation may be turned over to the relevant authorities, to prosecute the scammers.
Staying Safe Online.
Considering the scam I described in depth, people need to be vigilant. The scam company Planguard Invest, did not provide real contact information or an account manager to discuss their investments and offer support. Due diligence is key when researching an investment company. It’s not enough to simple read reviews on Trust Pilot, as scammers can purchase 5-star reviews to hype up their company. If you feel the need to invest your money or cryptocurrency, then it’s best to discuss with real, local investment companies, even your local bank or broker if they offer such services. Planguard Invest, when victims transferred their funds, required the use of Bitni. Why Bitni? Bitni does not implement KYC or know your customer, which allows the scammers to remain anonymous and hide their identities. Scammers do these so victims have a hard time tracking them down, to get their money back. So as a rule of thumb, investors are urged to use Coinbase, or a reputable broker, that can provide identity verification, and a guarantee that a client’s funds will be returned if the worst happens.
In conclusion, we were approached by a client, who had lost 1000’s of US $ in cryptocurrency. After an investigation, we found that scammers had put together a rather professional looking website and stole the identity of a business in the UK and Singapore, to give legitimacy to their scam. These scammers have taken the money they received from victims and laundered those funds through numerous cryptocurrency wallets, to hide the money they stole and their identities.