23

Lately I have been receiving messages from accounts on Discord telling me that I have won 1 BTC in a giveaway. This is obviously not true, but I have a hard time seeing how these accounts will get anything useful out of me falling for this.

The instructions in the message for getting the 1 BTC goes like this (with a lot of emojis springled in):

You WON: 1 BTC!

How to receive your BTC?

Register account in: maticbit.com

Go to the "Codes" section and activate your code

Withdraw BTC to your address.

Done!

I could guess that by registering an account I would have to enter some personal information which they could use, but I am not going to visit the site of course. You can't withdraw BTC from a wallet just by knowing it's address, so it's not like they are after bitcoins, it seems like it's something else they are after.

Community
  • 1
Daniel
  • 333
  • 2
  • 5
  • 1
    They could be gathering email/password pairs for credential stuffing, so if anyone wants to try registering be sure to use a unique password. – Gordon Davisson Mar 15 '20 at 16:37

4 Answers4

50

I dug into this, cause I also got the Discord message. Felt too good to be true, right? Well, yes, it is too good to be true.

I set up a new Browser, with no history in it, made a temporary email and signed up. I entered their "You have won" code, and sure thing, they did deposit 0.48 BTC on the account I just made on their site. Cool.

(They probably just edited a value in a database somewhere though, so I doubt there is any real BTC under that value)

Alright, so lets withdraw that to a newly made wallet, right? Nope!

enter image description here

So this is how the scam works: Make you sign up -> give you "free BTC" -> request a really small deposit (to prove you are not a bot) -> take that small deposit and laugh all the way to the bank. (Just like @Demento predicted)

Until I have significant proof from multiple credible sources, I would not trust this.

Gikkman
  • 616
  • 4
  • 5
  • 32
    Note "really small" = $200 – user253751 Mar 16 '20 at 11:02
  • 1
    I actually never stopped to calculate how much they asked me to deposit. I just saw the deposit prompt and left straight away. But you're right, they ask for quite a lot. – Gikkman Mar 16 '20 at 12:58
  • 3
    It's the classic [Nigerian letter](https://en.wikipedia.org/wiki/Advance-fee_scam), 2020 edition. – axiac Mar 25 '20 at 12:29
  • Why would making a small deposit prove that you are not a bot? Cannot bots make small deposits automatically? Or is this just something they want people to believe, so that they have a "good reason" to make that small deposit? – reed Mar 26 '20 at 16:41
  • 1
    Also note that a legitimate site will put (usually 2) deposits worth a few pennies into *your* account to confirm, not withdraw! – Dan Slone Mar 26 '20 at 17:52
  • @reed On the scale where botnets are normally operating on even a tiny cost would be prohibitively expensive. All the spam email problems of the world could have been solved if sending any email came at the cost of 0.01$... – fgysin Apr 01 '20 at 13:12
8

Based on the provided information it is hard to tell exactly, what's behind the scam. The site is really new (domain was registered 4 days ago), which makes it even less credible.

I visited the site and it is actually really well made design wise. It presents itself as a normal crypto trading platform. From my perspective there are two most likely vectors behind the scam:

  1. You have to transfer some funds for eligibility. They want to trick you into believing, that you will get paid after making a small investment yourself, but never pay you in return.
  2. Someone is misusing their referral program. I doubt that this site offers a legitimate service, but if that's actually the case, someone might be after the referral program. They want to trick you into registering an account with their referral code, and if you should decide to stay and actually trade (although your win was a hoax), they earn through the referral program. In this case, the scammer is a third party.

To investigate further, you would actually have to register an account and play along, but I consider the scenarios above the most likely.

Demento
  • 7,249
  • 5
  • 36
  • 45
5

I've got a similar message but for an amount of 0.32BTC. Made an account over there without entering personal info and got 0.32BTC credited to the wallet on the exchange after entering the code. Did nothing else at this moment so it's still on the exchange wallet.

I tried to withdraw to my cold wallet, but I can't until I deposit 0.05 BTC. So, there is the scam.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Anon
  • 51
  • 1
2

If the original invitation had been via email, by using the supplied code you would have also confirmed your email address is valid even if using a fake one to register - this kind of scam is used for “washing” purchased or stolen email addresses. It also qualifies the email address as belonging to someone more likely to bite at Nigerian style scams. I don’t know if there is any value in doing that for Discord accounts - I don’t use it.

Dave
  • 129
  • 1
  • this is not an answer about this scam, but about a completely different approach – schroeder Mar 26 '20 at 16:23
  • It is about this type of scam - i simply don’t know if confirming that a Discord account is still in use is as valuable as an email address. It still confirms the recipients gullibility which will mark the account for further scam attention as described. The approach is exactly the same it just uses an alternate messagung medium. – Dave Mar 29 '20 at 15:30