The Coinpanda-eth.com Story: How a Deceptive Website Stole from Users

The Coinpanda-eth.com Story: How a Deceptive Website Stole from Users

This report examines the recent incident involving a fraudulent website, Coinpanda-eth.com , which has been impersonating the legitimate crypto tax solution platform, Coinpanda.?

Started as the preferred cryptocurrency portfolio tracker and tax solution in Scandinavia in 2019, Coinpanda has quickly grown to be recognized as one of the most robust, advanced, and easy-to-use software solutions for crypto and Web3 tax reporting and tax compliance worldwide today. Coinpanda enables consumers and businesses to seamlessly track their cryptocurrency portfolio, investment performance, taxes, and more across 800+ exchanges, blockchains, and services.

Unfortunately, the reputation of Coinpanda has been exploited by scammers who created a fraudulent website, Coinpanda-eth.com, to deceive unsuspecting users. This website is a malicious clone designed to mimic the real Coinpanda website, luring users into believing they are engaging with a legitimate service. This fraudulent site was used to collect sensitive information and steal funds from victims.

We will delve into the background of Coinpanda, the details of the event, the investigation process, and the current status of the fraudulent activity. By understanding the mechanics and impact of this scam, we aim to shed light on the importance of vigilance and the resources available to those affected.

Investigation

The domain was registered on 13th November 2023, as per the standard DNS checker.?

Figure 1: DNS check for the fake website


Checking the transfer information involving the address 0x7ea9b0445f7faa9e4a894d4d9ec3f9357b4b11f3 , it is observed that there is only one sender who fell victim to the fraud, however, the amount stolen was still quite large

(around 20 ETH).

?This indicates that the victim might be a business house rather than an individual investor, which adds up as Coinpanda is a firm that helps with taxation on cryptos and NFTs, and their primary consumers are business houses.?

To further consolidate the identity of the victim, the inflow and outflow records of the victim's address can be checked from the Bitquery Explorer. Also, it is notable to know that the user was already using the real Coinpanda, even before the incident.

Figure 3: Transactions with currency inflow


Figure 4: Transactions with currency outflow


Financial Impact

Around 20.61 ETH which is around 48333.31 USD worth of funds have been stolen in the fraud. Also, it could be seen that after falling victim to the trap no transaction has been made from the victim to date, meaning the business that fell for the fraud might now be shut.

Figure 5: Money outflow from the suspicious account

.?

The number of transactions in the scam involving the suspicious address is very less, however, each of the transactions involves a great sum of money. The inflow amount is a huge sum of 20.61 ETH received from the victim, then the amount is transferred to two addresses, a smart contract and an EOA (Externally Owned Account).?

Figure 6: Money Flow representation from the suspicious account


Out of the total amount received from the scam the suspicious address transferred 20 ETH to a smart contract address (0xd90e2f925da726b50c4ed8d0fb90ad053324f31b), about which further details would be shared in the Money Trail section. The remaining amount was transferred to another EOA, the activity of which during that period could be checked via Bitquery Explorer.?

Figure 7: Money flow from the mentioned EOA


Figure 8: Money outflow indicating purchase of ERC20 tokens


It was noted that the account mentioned above was used to purchase different kinds of ERC20 tokens from various DEX, such as Uniswap, as seen here.?

Figure 9: Transactions of the smart contract shown in money outflow in Figure 6


Current Status

As of now the clone website has been taken down and both Bitquery Explorer and query don’t show any transaction record that involved the suspicious address. The last transaction involving the account in question was on the following timestamp ( 2024-01-13 13:10:47 ).

Figure 9: Transactions of the smart contract shown in money outflow in Figure 6


However, the market is still full of many such unethical users, who are trying to target other users in the crypto space, thus, scams like these have become a common occurrence. Although the Coinpanda clone fraud website has been taken down, it is essential to know that thousands of such frauds are still active and a user must be aware and manage their funds responsibly.?

And, if someone finds any suspicious website or activity in the future or if someone still wants to dig further into the details of the Coinpanda fraud and trace it, then they can use the Bitquery crypto investigation service.??

Money Trail

In this section, we will discover where the stolen funds have gone from the scammer’s wallet. As discussed earlier a small chunk of the stolen funds was transferred to another wallet address, but a major portion (20 ETH or $73321.30 by current market rate) has been transferred to a smart contract address (0xd90e2f925da726b50c4ed8d0fb90ad053324f31b).?

The smart contract could possibly be a router for the Tornado Cash Exchange based on the contract’s outflow, where each and every transaction from the contract is sent to the Tornado.cash. Upon further research, it came into the light that the address in discussion is an OFAC sanctioned address, i.e, the account is probably a mixer account.

Figure 11: Transaction record of the smart contract mentioned(Tornado Cash router)


Also, double-checking the details of the transaction mentioned in the outflow of the scammer’s wallet further ensures that the money went from the address to some other address via Tornado Cash Exchange.?

Figure 12: Details of the outflow transaction from the suspicious wallet address to the Tornado Cash router?


Mentions of Tornado Cash in Cyvers Alerts tweet also solidify the involvement of Tornado Cash as an effort to obscure the money trail, as Tornado Cash is infamous for providing a mask to the crypto transactions and making them completely anonymous and untraceable. Thus, we can conclude that the proprietor of the fraud was most likely using Tornado cash or a mixer to hide the origin of the funds.

The Coinpanda-eth.com scam is a stark reminder of the dangers lurking in the cryptocurrency space. As the number of victims and the financial impact continues to grow, users must remain vigilant and verify the authenticity of websites and services they engage with.





The information provided in this material is published solely for educational and informational purposes. It does not constitute a legal, financial audit, accounting, or investment advice. The article's content is based on the author's own research and, understanding and reasoning. The mention of specific companies, tokens, currencies, groups, or individuals does not imply any endorsement, affiliation, or association with them and is not intended to accuse any person of any crime, violation, or misdemeanor. The reader is strongly advised to conduct their own research and consult with qualified professionals before making any investment decisions. Bitquery shall not be liable for any losses or damages arising from the use of this material.?(edited)?

要查看或添加评论,请登录

Bitquery的更多文章

社区洞察

其他会员也浏览了