CSCC Threat Report 7.0: USDT Liquidity Scam

The Security Command Center at CcHUB has recently discovered a USDT liquidity scam that is gradually gaining momentum in the Nigerian digital space. This is not a targeted campaign as victims are selected randomly without preference or prior knowledge of the recipient.

Actor L sends short mobile messages(SMS) and WhatsApp broadcast in the first week of June 2022. This contains a link to claim a $1,605,042.38USDT balance and login credentials to access the private account.

As of June 2022, the balance in the account was confirmed to be $1,603,210.04USDT as claimed, with several unverifiable transaction logs associated with the account. Further details are indicated in the screenshot below.

To claim the fund, the recipient needs to register and deposit a certain amount as indicated below to upgrade to VIP levels. As of the 6th July 2022; within a space of one(1) month of running this campaign,  the balance has increased by $668093 USDT. 

The domain was newly created; with registration dated 22nd of May 2022. Based on the online footprint crawled for this website, the domain started being active in the first week of June 2022. Moreso, according to one of the recipients, the message entered her chatbox on the 7th of June 2022. This website has no record of prior operation, hence it is obvious that the threat actor L registered this domain just to launch fraudulent campaigns.

Actor L deletes the Whatsapp accounts used for the USDT liquidity campaign about weeks later, to cover his/her trail. Further investigation into discussion forums also confirms the illegitimacy of the domain and the malicious motivation of Actor L.

Cryptocurrency scams have been a growing concern in the last two(2) quarters of this year. Based on the malicious indicators gathered so far from our analysis; it is safe to conclude that Usdtaipn.com  is a fraudulent cryptocurrency trading website. Domain Name Service(DNS) twisting, typosquatting, and brand impersonations are easily observable tactics used by these malicious players. 

Other related suspicious domains unveiled in our research are as follows: 

  • Usdtethon.com
  • Usdtysook.com
  • usdtjcoin.com
  • usdtmarks.com
  • Usdtcoincc.com
  • usdtuut.com
  • Usdtcoinvb.com
  • Usdthcoin.com
  • Usdtcoindc.com

Finally, this is an ongoing campaign: hence the public is advised to refrain from both emails or messages on social media that are associated with the reputation and tactics of Actor L, as reviewed in this report. In like manner, do not submit personal or financial information on any of the aforementioned suspicious domains. 

For digital security services and consultation, send inquiries to digitalsecurity@cchubnigeria.com