date
25 November 2023 Saturday. 11:46:08 UTC
scammer/abuser
Cryptofbi007 - Olgareva - icryptofbi
description
Crypto users, please be cautious and aware of the fraudulent activities carried out by an individual named "cryptofbi007". This person has created multiple fake crypto QR code generator websites, including "xmr-qr-code.com", "xmr-qr-code-generator.com", and "xmrqrcode.com". These websites generate QR codes that only direct funds to the scammer's Monero (XMR) address: 84gHdF7rArqU6e9cbmfPi9iJR2QUU7CoX1XJEvAmQWXmSUkj3C3LVLW3ioHiqNc8iwGPcxCv5Fk13ZY k9fxQFLKuKEW54r6
Please note that a saved archive of the phishing website containing the fraudster's Monero address can be found here: https://web.archive.org/web/20231122120748/https://xmr-qr-code.com/8.php
This phishing scam involves tricking users into sending their cryptocurrency to the scammer's wallet through a QR code, resulting in significant financial losses. The scam operator, known by the pseudonym "cryptofbi007" on websites like GitHub, manipulates and social engineers hosting and domain teams to avoid suspension of these phishing websites. They consistently alter the websites' functionality upon receiving reports and even spam repositories to unblock their malicious domains in order to exploit innocent individuals.
To protect our community, it is crucial to exercise extreme caution and avoid engaging with any QR code generator websites associated with "cryptofbi007". If you come across any instances or suspicious activities related to these scams, please report them immediately.
The operator is known to use the following email addresses: "[email protected]" and "[email protected]".
Due to this abuse, Proton Team has already banned the account "[email protected]", while the account "[email protected]" remains active.
Additionally, they can be found on GitHub under the account: https://github.com/cryptofbi007 , attempting to unblock their phishing domains from phishing warning systems.
Here are the relevant repositories and issues:
https://github.com/MetaMask/eth-phishing-detect/issues/13139
https://github.com/MetaMask/eth-phishing-detect/issues/13080
While "cryptofbi007" attempted to unblock his phishing domains, the request got declined. Additionally, he changed the titles of the requests on GitHub, making it difficult for potential victims to find the specific request related to unblocking his phishing websites.
Furthermore, it is worth noting that the operator behind this phishing scam is believed to be Russian and has previously operated fake Bitcoin, Litecoin, and Ethereum QR code generator websites such as "Crypto-qr-code.com", "btc-qr-code.se", and "crypto-qr-code.su". These websites generate the scammer's Bitcoin address: 18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W.
The phishing websites "usdt-qr.com" and "ltc-qr-code.su" are also owned by the same individual using the pseudonym "cryptofbi007", indicating a coordinated phishing scheme. Both websites generate the domain holder's (cryptofbi007) USDT address 0xBeE32483957f116c5830133188dca45B80b94Fe6 (https://etherscan.io/address/0xBeE32483957f116c5830133188dca45B80b94Fe6) and Litecoin address LNWTRts3HQeuWnbjjr3Ndg4NARuWQSTApZ (https://blockchair.com/litecoin/address/LNWTRts3HQeuWnbjjr3Ndg4NARuWQSTApZ), further solidifying their association and intention to defraud unsuspecting victims. It is of utmost importance to raise awareness about these fraudulent activities to protect potential targets from falling prey to these scams.
To aid in identification, please find below a list of all known phishing crypto addresses and domains associated with "cryptofbi007":
Phishing Crypto Addresses by "cryptofbi007":
Monero (XMR): 84gHdF7rArqU6e9cbmfPi9iJR2QUU7CoX1XJEvAmQWXmSUkj3C3LVLW3ioHiqNc8iwGPcxCv5Fk13ZY k9fxQFLKuKEW54r6
Bitcoin (BTC): 18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W
Litecoin (LTC): LNWTRts3HQeuWnbjjr3Ndg4NARuWQSTApZ
Litecoin (LTC): LLRS6eiY2cvywst3Sr97HTUsu6ba2gqmgG
Ethereum (ETH): 0x2C46fB8Aa65Bbcb184fBfa1E485B9BCE0371D893
Tether (USDT): 0xBeE32483957f116c5830133188dca45B80b94Fe6
Dogecoin (DOGE): DSVScF3HyMWZV5V9h38S9iDM3vKPpSU7Ey
Bitcoin Cash (BCH): qzyzw2m3vjvpku709vjt9jg4y03ylrs6kq9c0yhea3
USDT ETH Stolen from "cryptofbi007" Transferred to FixedFloat:
The cybercriminal from Russia, known as "cryptofbi007", has been involved in transferring stolen USDT / ETH from his phishing fake crypto QR code scam websites to FixedFloat cryptocurrency exchange.
Initially, he receives the stolen funds from his phishing victims in his primary USDT ETH address: https://etherscan.io/address/0xbee32483957f116c5830133188dca45b80b94fe6
These ill-gotten gains are then transferred to another address:
https://etherscan.io/address/0x2709fd4c61531473b77c5794a723ea49e48bdef4
Lastly, the stolen funds are moved to FixedFloat, using this address:
https://etherscan.io/address/0x2bd1ecf9545410b32ddc4f7a873811fd94963e2b
You can find further details regarding the transactions in the following Transaction Hash, where the stolen funds were transferred to FixedFloat: https://etherscan.io/tx/0x19d8571add80245295b2ce870c4f26739447e6f00a836b4f309b9c8a3701a998
FixedFloat can be contacted regarding this matter here:
[email protected]
https://fixedfloat.com/en/support
There are both older and newer reports available regarding the phishing scheme conducted by "cryptofbi007" at this address:
https://www.chainabuse.com/address/18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W?chain=BTC
https://cryptscam.com/en/detail/18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W
Phishing Domains by "cryptofbi007":
xmr-qr-code.com
xmr-qr-code-generator.com
xmrqrcode.com
usdt-qr.com
usdt-qr-code.com
ltc-qr-code.su
crypto-qr-code.com
crypto-qr-code.ru
btcqrcode.ru
btc-qr-code.se
qr-btc.com
ltc-qr-code.com
In addition, please be aware that the following BitcoinTalk accounts are also associated with "cryptofbi007":
https://bitcointalk.org/index.php?action=profile;u=3535761 (Olgareva)
https://bitcointalk.org/index.php?action=profile;u=3531091 (icryptofbi)
I have noticed that the users "cryptofbi007", "Olgareva", and "icryptofbi" have been involved in QR phishing scams, where they copy complaints from other people and change the domains and sites belonging to their competitors. This behavior reveals their malicious intent.
Warning: Please be cautious of a fake crypto QR code generator scam conducted by users with pseudonyms "cryptofbi007", "icryptofbi", and "Olgareva".
As the operator of this scam scheme resides in Russia, I recommend reporting the scammer on the following platforms, providing detailed information from this BitcoinTalk topic:
Email: [email protected]
Email: [email protected]
Email: [email protected]
Email: [email protected]
Report Cybercrime in Russia: http://services.government.ru/en/letters/form/
Russian Ministry of Internal Affairs:
Email: [email protected]
Stay vigilant and spread awareness within the crypto community.
Let us work together to protect one another and create a safer environment for crypto enthusiasts worldwide.
Please avoid falling victim to these malicious schemes.
Site url
https://xmr-qr-code.com
