Fake HitBTC Phishing Site Raked In $15 Million In Crypto


  • This phishing scammer has stolen funds in Bitcoin, Ether, Shib, and USDST since at least June last year.
  • SlowMist analysis of on-chain data shows that at least $15 million in cryptocurrencies has been drained from HitBTC users.
  • The scammer mirrors webpages of decentralized apps and web3 tools like HitBTC, Coinone, and LedgerX before draining connected wallets of their value.

A crypto phishing scammer has stolen over $15 million from victims’ wallets by mirroring UI built by crypto exchanges like HitBTC and digital asset service providers, per crypto tracking and compliance company SlowMist.

The scammer operates four wallets that have been identified so far. SlowMist also estimates that the phishing scammer has used these wallets since around June last year, stealing users’ funds in Bitcoin (BTC), Ether (ETH), Shina Inu (SHIB), and stablecoin USDT.

Phishing Technique Clones HitBTC Exchange

The phishing process clones a decentralized app’s user interface – HitBTC in this case – and lures victims into connecting their wallets by clicking “Approve”. Approving here gives the phishing contract “unlimited authorization for your $USDT“.

Next, victims are directed to deposit assets like they would on an actual exchange. The crypto phishing scammer designed their cloned platform to only support deposits via the Bitcoin, Ethereum, and Tron networks.

Finally, the victim confirms the transaction thinking they’re trading on HitBTC’s actual platform. In the background, the phishers drain users’ wallets of their ETH and other crypto balances. This phisher’s scamming portfolio features several fake websites as well.

Millions Lost To Crypto Phishers

Phishers have raided unsuspecting victims since the internet evolved into a mainstream network used by millions. These illicit actors also target crypto users thanks to the liquidity coursing through decentralized finance and blockchain ecosystems.

The intersection between web2 marketing tools and web3 platforms also creates an opportunity for phishers to attack crypto users. Google ads were used to steal over $4 million from thousands of users. The data showed a surge in shady Google ads promoting fake websites.