Fairyproof’s Analysis of the Recent Fake Imtoken Scams
It is found that many investors were fell victim to different Imtoken scams. We’d like to help you raise the bar of security awareness…
It is found that many investors were fell victim to different Imtoken scams. We’d like to help you raise the bar of security awareness through this article.
Here is a list of recently emerging fake sites:
According to Fairyproof’s anti-fraud system, these fake sites sent messages to users and tricked them to download malicious applications. If users do so, the private keys of their genuine Imoken wallets will very likely be compromised and their crypto assets will be exploited.
Fairyproof’s anti-fraud system detected that the above four sites are run by two teams.
Team 1 runs the following two sites:
http://imtokenw.tech/, IP address: 23.224.75.131
http://imtokenv.tech/, IP address: 23.224.75.133
Their IP addresses show that they are hosted on the same cloud server in the US. Both of the IP addresses are managed by CloudRadium LLC.
More details and findings of CloudRadium LLC:
Based on the information from Scamalytics, there are potential security risks with the services that come from CloudRadium LLC although the risks are marked as a relatively low-severity. This service provider manages 51,576 IP addresses. All these IP addresses are used to run servers, provide VPN services or provide proxy services. This ISP provides services for web companies such as Yiyou Networks, 80 HOST, CRSD Tech Limited etc. Based on Scamalytics’ statistics the traffic coming from this ISP only accounts for a tiny share of the global traffic. Fairyproof ranked its security level as 3/100 which means 3% of the traffic from this ISP may be fraudulent or risky.
Team 2 runs the following two sites:
https://m.imtoken-ig.link/, ip 52.74.11.32
https://m.imtoken5757.xyz/ ip 54.169.255.19
Both of the addresses point to the same balance loader alb-fake2–1763929161.ap-southeast-1.elb.amazonaws.com. “ap-southeast-1” is AWS’ service provider located in Hong Kong. However, this team doesn’t use an anonymous ISP and acts less trickily than the first team.