$85 000 USD

JANUARY 2019

GLOBAL

CRYPTOCASHBACK

DESCRIPTION OF EVENTS

"The first Blockchain Cash Back service." "Probably, this is the most profitable program of loyalty in the world. Get some money back and spend it on purchases."

 

"Our mission is to take you on a wonderful journey of the exciting world of Blockchain and cryptocurrency through a trading experience full of never-ending benefits and rewards." "We return up to 5% from each transaction. Use the system and get a portion of the money spent back to your wallet."

 

"If you make a transaction on 0.02 Bitcoin, and you have a promotional code, our service will return you 5% — 0.001 Bitcoin cashback." "We support 3 most popular currencies. We plan to expand support to 10 currencies in the near future."

 

"FAST - Transact in seconds. Get confirmed in minutes. GREAT PAYOUTS - Get up to 15% Cashback. SAFE - We do not store any data about users of the system. SIMPLE - Easy to use. No hassles."

 

"Download and install our extension to Google Chrome. Login on your blockchain and make a transaction. Get Cashback for cryptowallet." "[A]ll you need to do is install a browser extension to get that 5% cashback." "Start Earning Cash Back Today"

 

"The project promised users money back on different transactions, even on centralized crypto exchanges, but turned out to be a scheme to steal a variety of login information and siphon off cryptocurrencies." "Since its Chrome store launch on December 3, 2018, the attackers have purportedly managed to steal a bit more than 23 bitcoin (roughly [$81,650] as of press time)." "[T]he hackers behind it managed to make off with 23.23550279 BTC."

 

"A user who first installed the browser extension was met with requests to open all tabs and cookies, along with permission for write access to domains like Github, Binance, Coinbase, and LocalBitcoins.The malicious extension was primed to steal different information based on what website a user was on. On Binance for example, it would swipe a person’s login information, 2FA codes, CSRF tokens, and then would try to steal cryptocurrency."

 

"The overall goal of the extension as to steal login information and then try to trick users into accepting crypto withdraws to the scammer’s accounts. According to the Medium post, initial speculation is that it is “highly likely this is a RU outfit doing this” due to the presence of “Russian code comments.”"

 

"At the time of discovery, their extension — Chrome extension ID liachincjagnalnmahhaioaogkngbmhf (CCB Cash)— had 181 users on it." "Google has since removed CCB Cash from its extension store." "An Etherscamdb page for ‘cryptocashback.org’ indicated it was a scam domain that was offline. Those behind the post said they notified targeted exchanges about the malicious extension so they could investigate."

CryptoCashBack appeared to offer a compelling loyalty program, where users could sign up to get up to 15% cash back on their purchases, reportedly even some cash back when using popular exchange platforms. In order to take advantage of this incredible offer, users only needed to download and install the CryptoCashBack extension for Google Chrome. Once the extension was installed, users would browse as normal, only noticing that occasionally they would be prompted to enter two-factor authentication or confirm the odd withdrawal from their exchange account. Data harvesting of their login credentials happened in the background. It was reported that 23.23550279 BTC was stolen through this method, which had a market value of roughly $85k at the time. There is no indication that any of the lost funds were recovered.

HOW COULD THIS HAVE BEEN PREVENTED?

It is recommended that funds be stored completely offline unless being actively used. When signing transactions, this should be performed on a device that has barebones software installed such as a hardware wallet. Every extension on the browser introduces vulnerabilities, and great care should be taken to ensure that extensions are carefully vetted. Trusting online reviews alone is often not sufficient. More advanced users may set up a multi-signature wallet.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.