Overview of the Scam
Fraudsters are inundating Discord and various social media platforms with advertisements for a multitude of sophisticated online gaming and betting sites. These sites attract users with offers of free credits but ultimately steal any cryptocurrency deposits made by players. Below, we delve into the social engineering methods and notable characteristics of this extensive network comprising over 1,200 scam sites.
Deceptive Advertising
The scam initiates with misleading advertisements on social media, falsely claiming partnerships with well-known personalities like Mr. Beast, who has recently established a gaming venture called Beast Games. These ads promise players a $2,500 credit by using a specific “promo code” on the gaming sites.
Creating Accounts and Gameplay
To claim their $2,500 credit, users must first create a free account, allowing them to access a range of highly polished video games that encourage betting on various actions. For instance, the site gamblerbeast[.]com offers games like B-Ball Blitz, where players can bet on their shooting accuracy against a competitor.
Withdrawal Complications
The financial aspect of the scam unfolds when users attempt to cash out their so-called “winnings.” The site will refuse the withdrawal and require a “verification deposit,” typically around $100 in cryptocurrency, before any funds can be released. Victims who proceed to deposit will often be asked for further payments.
False Promises and Recovery Scams
The purported “winnings” displayed on these sites are entirely fictional. Victims who deposit funds will not recover their money. Furthermore, they will likely be targeted by “recovery experts” on social media, who falsely claim they can help retrieve lost funds.
Investigation Insights
KrebsOnSecurity was alerted to this network by a Discord user known as “Thereallo,” a 17-year-old developer who began investigating after seeing numerous spam messages promoting these sites. Thereallo noted that the scam is a scalable operation with uniform tactics, technical signatures, and a financial structure.
Technical and Operational Patterns
Upon examining the code of these gaming sites, Thereallo discovered they all used the same API key for an online chatbot, showing a coordinated effort across at least 1,270 active domains connected to gaming themes. The operators appear to generate unique Bitcoin wallets for each site, ensuring that victims can never withdraw funds once deposited. Additionally, Thereallo noted that attempts to register on multiple sites from the same IP address are blocked, indicating a centralized control over the network based on their tracking methods.
