Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Cyber criminals on Darknet use crypto funds raised for Ukraine for fraud

According to the founder of Kiev-based crypto exchange Kina, over $26 million in crypto has been raised by the Ukrainian government since the beginning of the war, however, researchers at Check Point Research (CPR), who frequently scan the Darknet, have raised concern that once again there are cyber criminals behind several ads and sites leveraging the current crisis for fraudulent activities.

user icon
Mon, 21 Mar 2022
Cyber criminals on Darknet use crypto funds raised for Ukraine for fraud
expand image

CPR’s investigation shows that while some of these sites are part of the official Ukrainian government fundraising campaign, others appear to be questionable, aimed at raising money for the Ukrainian people but mostly on a cryptocurrency basis, which raise concerns that cyber criminals are at work behind them.

According to Oded Vanunu, head of product vulnerabilities research at Check Point Software, the CPR team has always taken a close look at the Darknet.

“Last year, we found advertisements for fake coronavirus services.

============
============

“Now, we’re seeing donation scams appear on the Darknet, as the Russia-Ukraine conflict intensifies.”

Vanunu further explains that the advertisements on the Darknet are using fake names and personal stories to lure people into donating.

In one example, we saw someone alleging to be the name ‘Marina’, displaying a personal photo with her children in hand.

It turns out that the image is actually taken from a German newspaper, Vanunu said.

Marina is requesting assistance, on the Darknet

CPR came across a Darknet web page (onion) that is requesting donations for Marina.

A short description states that Marina and her children are trying to escape Ukraine due to the “very bad situation” and are asking money, to be donated in cryptocurrency. The appeal also states, “Every coin helps”.

While the QR codes attached are addresses to cryptocurrency wallets, a quick check shows that the main image on the site seems to be taken from a newspaper article from the German international news broadcaster called Deutsche Welle (DW). No other information seems to be provided, raising questions about the overall authenticity and legitimacy of the page.

Cryptocurrency now being legitimate central coin for fund raising

A quick scan of more websites on the Darknet shows more mini sites containing requests for donations.

Some redirect to the official legitimate sites of the government and call out for fundraising, but some link to either void links or empty pages. CPR has also found some sites are linking back to what appeared to be fraudulent websites.

At the same time, CPR has also reported seeing legitimate advertisements for donations to help Ukrainians, according to Vanunu.

One example managed to raise nearly $10 million.

Legitimate and fraudulent advertisements are being mixed on the Darknet.

‘Defend Ukraine’ with crypto donations

CPR has also found the sites referenced on the Darknet are actually pointing to reliable websites.

The website: https://www.defendukraine.org/donate – a website calling for people to help the Ukrainian army and their wounded, as well as the families and children caught in the developing conflict stood out.

It also refers to the Defend Ukraine Twitter account. The domain was registered on 16 February, a week before the war in Ukraine started. The site itself is simple and contains a list of different organisations and NGOs in Ukraine, as well as cryptocurrency – bitcoin, Ethereum and USDT.

The bitcoin addresses are listed as: https://www.blockchain.com/btc/address/357a3So9CbsNfBBgFYACGvxxS6tMaDoa1P.

This site has currently received (from 24 February 2022 12:58, first transaction) 261.16141073 BTC valued at $9,880,525.93.

Cryptocurrency donations to the Ukrainian government in the Darknet

In times of crisis and extreme circumstances, there is always a proliferation of cyber criminals trying to leverage the situation and an increase in fraudulent activities.

In a recent report, CPR released data on the increase in cyber attacks that analysts have observed since Russia first attacked Ukraine, which revealed that cyber attacks on Ukraine’s government and military sector surged by a staggering 196 per cent in the first three days of combat.

Unsurprisingly, malicious cyber actors are now finding their way to the Darknet in search of further offensive activities.

Beware of where you send your money

CPR urges potential donors, who seek to help the Ukrainians to be wary of the links they visit, and the websites calling for donations as the Darknet is usually not the safest platform for fundraising.

The CPR teams are constantly monitoring the developing situation in search of additional potential threats that might surface and will update accordingly.

Vanunu strongly urges anyone looking to donate to use trusted sources and mediums as the Darknet can be a dangerous place.

CPR will continue to monitor the Darknet throughout the ongoing war and report any other wrongdoing, Vanunu concluded.

[Related: CISA, FBI issue advisory against Russian state-sponsored cyber actors]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.