ERC20 wallet wallet receives UK business registration
A development team producing a scam-as-a-service wallet leaker has taken the unusual step of registering as a business in the UK.
According to blockchain security firm CertiK, phishing software developer CryptoGrab markets the Nova Drainer app as a “drainer” or “phishing” product. The company is listed on the official website of Companies House, the UK government agency that oversees business registrations.
CryptoGrab argues that this commercial registration allows EVs to appear legitimate by helping them obtain SSL certificates (Extended Validation Certificates).
Wallet leaks are Web3 protocols that fraudsters use to steal cryptocurrencies, usually by tricking victims into visiting malicious websites and performing token authentication. More than $300 million will be lost to these programs by 2023, according to security platform Fraud Sniffer.
Through the official Telegram group, the developer of Nova Drainer advertises the software as “ERC20 tokens” and “steals ETH”. [Ether]He said.
The team markets this software through its official website, Cryptograb.io, which it claims is “your gateway to Crypto affiliate success.” A YouTube video on the site advertises “baiting” and “flushing” products.
The name on the official business registration is Crypto Grab Limited which matches the one on the website. Additionally, the software's documentation on read.cryptograb.org proudly displays the company's certification to show that the developer is legitimate.
Related: Angel Drainer Targets Users With Malicious Secure Contract: $403K Stolen
Cryptograb has since explained that this subscription will allow it to obtain EV SSL certificates, which “ensures our security and opens up access to major providers such as Binance, StormGain, Etoro and others.”
In the company's home registration, Crypto Grab lists its headquarters as 100-101 Museum Street, London, England, WC1A 1PB, and Bradley Robertson as a director, which CertiK says is “certain.” [a] A note on the Companies House website says the agency “does not guarantee the accuracy of the information provided” as it only carries out “basic checks” to ensure that documents are complete.
In a report by Cointelegraph, CertiK said it investigated phishing sites linked to Nova Drainer and found three contract addresses operating fraudulently. One of them is located at an address ending in 00000. After studying these addresses, Certike concluded that Nova Drainer “takes approximately 30% of the stolen money.” Phishing site. So far, more than 7,000 transactions have been made using these contracts, the report said.
According to Companies House, if a person believes a registration contains incorrect information, they can lodge a complaint by email. The agency said in its March 14 response to a Freedom of Information request that “when a complaint is received, every attempt is made to contact the company and its authorities to determine whether there is genuine wrongdoing or fraudulent activity.” However, “Companies House cannot investigate allegations of fraud as it lacks investigative powers.” The agency said it will forward the information to the police when it suspects fraud. Victims of fraud are also advised to report to the Action Fraud Hotline.
Related: UK act fraud may not be effective against crypto crime – victim of fraud