Pierluigi Paganini February 04, 2018

Participants to the Bee Token ICO were robbed for 100s of ETH, scammers sent out a phishing email stating that the ICO was now open, followed by an Ethereum address they controlled.

Another day, another incident involving cryptocurrencies, hundreds of users fell victims to email scams in the last days.

The victims were tricked by scammers into sending more than $1 million worth of Ethereum to them as part of Bee Token ICO (Initial Coin Offering). Bee Token is a blockchain-based home sharing service, it launched the ICO on January 31 and ended on February 2, when the Bee team obtained the $5 million necessary to start their project.

During the period of the ICO, the crooks sent phishing emails posing as the Bee Token ICO.

The scammers, impersonating the Bee team, sent out emails with a character of urgency to the potential investors inviting them to buy Bee Tokens by transferring Ethereum coins to their wallets.

The scammers attempted to convince users to participate to the ICO by sending Ethereum spreading the news that the company started a partnership with Microsoft and would be giving participants a 100% bonus for all contributions in the next 6 hours.

Cybercriminals also guaranteed that the value of Bee Token would double within 2 months, or participants would receive their RTH back.

“Today, investors who were eagerly waiting for their opportunity to join the Bee Token ICO were robbed for 100s of ETH. Scammers managed to get their hands on the Bee Token mailing list and sent out a phishing email stating that the ICO was now open, followed by an Ethereum address to send their contributions to.” states the blog post published TheRippleCryptocurrency.

After the Bee team became aware of fraudulent activity it issued three security alerts to warn of the ongoing scam:

• https://medium.com/@thebeetoken/security-notice-6edb5741039b
• https://medium.com/@thebeetoken/security-update-38d5bbfaa50e
• https://medium.com/@thebeetoken/bee-token-security-announcement-2-7397f32f5bf6

“The Bee Token team has been made aware of phishing sites that have copied the Bee Token website in an attempt to deceive users into sending them their money. Please DO NOT trust any website other than https://www.beetoken.com/ . REPEAT: DO NOT trust any website other than https://www.beetoken.com/” reads one of the Bee Token Security Notice.

The Bee Token team also created a Google scam reporting form to allow users to report scams.

The RippleCryptocurrency.com had access to two different versions of the email that reported the following Ethereum addresses used by crooks:

• 0xe336327426b8f95A5F5eB1f74144fD9065069C28
• 0x2A6D8021861f27aB992572D8689017b7A83C989D

a third one was reported on Reddit by users:

• 0xdf1ec2E44a8B1774B068eCfc5EF1c937A86bAf3E

The overall amount of money contained in the three wallets at the end of the ICO was over $1 million.

Unfortunately such kind of incident is not uncommon, for this reason, Facebook banned ads for ICOs and cryptocurrencies on its social network.

Pierluigi Paganini

(Security Affairs – Bee Tokens, scam)

[adrotate banner=”5″]

[adrotate banner=”13″]