Scammers continue to evolve using different tricks to buy your domain name via a FAKE bitpolonie.com crypto exchange.

The adaptation of crypto currencies for payments are now being recognized around the world. It is an excellent innovation to send and receive money, but many bad actors are also exploiting this technology to fraud hardworking people. 

I will cover a few fake crypto exchanges out there, how they use it to scam new crypto users. I first encountered this fake crypto exchange last year around June/July 2021. The bad actors sent me a direct message via discord to “Claim my Rewards”, “Giveaways”, and other convincing subjects to get your attention.

I received three (3) similar invitations within 7 days that caught my attention to investigate their modus operandi. They will send you a private message, with an email that you qualified to receive $10,000 USD crypto equivalent. You may claim it using BTC, ETC, LTC or other crypto available to their website.

These are the steps to claim your FAKE $10,000 USD crypto currencies.

  • As a new user, create a new account. You will need to confirm it using your email address, thinking they are legit. Some websites are also configured to accept SMS for two-factor authentication, during my test it never worked. But it will allow you to login and navigate to the website.
  • Enter your “claim code” to receive the FAKE crypto currencies.
  • After entering my claim code, I have my FAKE $10,000 equivalent to my BTC wallet inside the website. I even tried to split it with ETH and LTC, the website works.
  • You CAN’T withdraw. The website will ask you to deposit BTC or ETH worth $500 USD to confirm your wallet. Right there, you should STOP. 

These are the domains they used when I received the invitations. Actually, these are the 3 websites I checked, after that other new websites pop-up using tricky domain names similar to a valid crypto exchange.

  1. bitoiber[.]com
  2. bitexor[.]com
  3. Usdxmex[.]com

The whois records listed below. Based on their registration, it will take them 1-3 weeks to go live using a FAKE crypto exchange template, maybe just a couple of hours. During my research, the information is similar except for domain name, color of the website and other basic information about the website. The website functions the same way, accepts new registration, claims rewards, buys and sells crypto, and you can even transfer crypto to other users. ALL WITHIN the website.

  • Domain Name: BITOIBER[.]COM
  • Registry Domain ID: 2610150430_DOMAIN_COM-VRSN
  • Registrar WHOIS Server: whois.namecheap.com
  • Registrar URL: http://www.namecheap.com
  • Updated Date: 2021-07-26T17:18:04Z
  • Creation Date: 2021-05-06T17:38:44Z
  • Registry Expiry Date: 2022-05-06T17:38:44Z
  • Registrar: NameCheap, Inc.
  • Registrar IANA ID: 1068
  • Registrar Abuse Contact Email: abuse@namecheap.com
  • Registrar Abuse Contact Phone: +1.6613102107
  • Domain Status: clientHold https://icann.org/epp#clientHold
  • Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  • Name Server: BRADLEY.NS.CLOUDFLARE.COM
  • Name Server: LINDA.NS.CLOUDFLARE.COM

Moscom.com provides Domain Name Registration and Managed WordPress 24×7 customer service.

  • Domain Name: BITEXOR[.]COM
  • Registry Domain ID: 2610332362_DOMAIN_COM-VRSN
  • Registrar WHOIS Server: whois.namecheap.com
  • Registrar URL: http://www.namecheap.com
  • Updated Date: 2021-07-27T00:47:18Z
  • Creation Date: 2021-05-07T08:02:43Z
  • Registry Expiry Date: 2022-05-07T08:02:43Z
  • Registrar: NameCheap, Inc.
  • Registrar IANA ID: 1068
  • Registrar Abuse Contact Email: abuse@namecheap.com
  • Registrar Abuse Contact Phone: +1.6613102107
  • Domain Status: clientHold https://icann.org/epp#clientHold
  • Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  • Name Server: BRADLEY.NS.CLOUDFLARE.COM
  • Name Server: LINDA.NS.CLOUDFLARE.COM

OutofCredit.com – Apply for your Credit Card, instant approval.

  • Domain Name: USDXMEX[.]COM
  • Registry Domain ID: 2625403360_DOMAIN_COM-VRSN
  • Registrar WHOIS Server: whois.namecheap.com
  • Registrar URL: http://www.namecheap.com
  • Updated Date: 2021-07-30T20:27:48Z
  • Creation Date: 2021-07-09T01:42:37Z
  • Registry Expiry Date: 2022-07-09T01:42:37Z
  • Registrar: NameCheap, Inc.
  • Registrar IANA ID: 1068
  • Registrar Abuse Contact Email: abuse@namecheap.com
  • Registrar Abuse Contact Phone: +1.6613102107
  • Domain Status: clientHold https://icann.org/epp#clientHold
  • Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  • Name Server: ADEL.NS.CLOUDFLARE.COM
  • Name Server: MERLIN.NS.CLOUDFLARE.COM

MAJ.com – Your Brand. Your Business. Upgrade your domain name today!

  • Domain Name: BITPOLONIE[.]COM
  • Registry Domain ID: 2669635320_DOMAIN_COM-VRSN
  • Registrar WHOIS Server: whois.namecheap.com
  • Registrar URL: http://www.namecheap.com
  • Updated Date: 2022-01-20T15:06:05Z
  • Creation Date: 2022-01-20T14:54:07Z
  • Registry Expiry Date: 2023-01-20T14:54:07Z
  • Registrar: NameCheap, Inc.
  • Registrar IANA ID: 1068
  • Registrar Abuse Contact Email: abuse@namecheap.com
  • Registrar Abuse Contact Phone: +1.6613102107
  • Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  • Name Server: ELSA.NS.CLOUDFLARE.COM
  • Name Server: ODIN.NS.CLOUDFLARE.COM

All these FAKE exchange crypto websites use a similar template. The first 3 websites are already offline, the bitpolonie[.]com still up and running. I’m sure they will be offline after a few months or weeks.

A sample “About Us” page.

Adam O’Brien is Co-Founder and CEO of Bitpolonie, and the only employee listed on the website.

And the “Contact Us” page to make it look like a real website.

I registered to create my test account, enter my email verification and navigate to the website pages.

After a few months,  these bad actors evolved in a different way of scamming people. Now using it as a way to pay for products using their FAKE crypto. In this example, buying a domain name.

Their modus operandi is to scan the domain marketplace e.g. flippa, sedo, etc., looking for a new victim. In this example, I was contacted using my old account at Flippa, a domain marketplace. I stopped using their service due to a bad experience, but that’s another story in it’s own article.

The bad actor will send a direct message with his telegram account, most likely a FAKE account, and start the negotiation.

Here are some examples of direct messages from these bad actors.

+++

Last Feb 8, 2022,

You’ve been sent a message from Lex Brandt regarding listing #7656151 (jayann.com).

Here’s the message:

Hi. I am interested in your domain, please write to me in telegram, my nickname is @alexbrandt88 , We will discuss the details of the deal there and hold it here

+++

Same day message. 

You’ve been sent a message from Adrian Tanos regarding listing #7656151 (jayann.com).

Here’s the message:

Hi. I am interested in your domain, please write to me in telegram, my nickname is @adritane , We will discuss the details of the deal there and hold it here

+++

Last March 8, 2022.

You’ve been sent a message from Adasi Richard regarding listing #7656151 (jayann.com).

Here’s the message:

Hi, my name is Richard. I have a questions and interested in buying your domain. Please write me in telegram @rdd88

+++

Then last March 9, 2022.

You’ve been sent a message from Richard Dad regarding listing #7656148 (westsummit.com).

Here’s the message:

Hi, my name is Richard. I have a questions and interested in buying your domain. Please write me in telegram @rdd88

+++

The last 2 messages, no effort at all for using a fake name from Adasi Richard to Richard Dad.

Here’s how it goes within telegram. 

I told him that we also accept crypto for payment. He said good and he sent his pre-deal questions. I provided the requested information as shown below.

When I asked him for payment. He gave four (4) websites for wallet options, three of them I recognized e.g., coinbase, blockchain[.] and local bitcoin. And the bitpolonie[.]com is freshly registered domain name 2022-01-20. I checked the website and looks familiar design, a fake crypto website theme.

I’ve told him to send payment using my ETH wallet.

He insisted that I need a wallet on bitpolonie[.]com. I said, you can send ETH to any wallet and figure out he’s fraudster. And told him “Nice try”.

I hope this article help.

Mitigation.

How do you prevent this from happening? I have a few tips that you can add to your existing security awareness.

  • NEVER use unknown crypto exchange. Use trusted centralized exchange like Crypto.com, Coinbase.com, Kraken.com, Bittrex.com to name a few. I recommend using Metamask for ETH wallet.
  • Check the domain name spelling.
  • Check if the security padlock is enabled.
  • There are so many bad actors in the internet. If you are not comfortable accepting their payment, use Escrow service, where a third party will hold your money while waiting to received the product.

Stay safe.

Update 2022 03 23. I received another inquiry from the same spammer.

+++

You’ve been sent a message from Adam Rich regarding listing #7656156 (4inv.com).

Here’s the message:

Hi, i wanna buy your domain, lets discuss all the details of deal in telegram, my nickname is @rdd88
Thank you for your reply

+++

Support @QUE.COM

Founder, QUE.COM Internet Media. | Founder, Yehey.com a Shout for Joy! | MAJ.COM Management of Assets and Joint Ventures. More at KING.NET Ideas to Life.

Leave a Reply