Beware Crypto Donation Requests For Ukraine

Uploaded on 2022-04-19 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Check Point Research (CPR) is warning  the public to not donate to Ukraine via the Darknet, as cyber criminals are looking to quickly exploit the high-interest in the Russia-Ukraine conflict.  CPR has seen a trend where advertisements that request donations to Ukrainians are appearing on the Darknet. 

While some advertisements are legitimate, many are fraudulent and CPR provides examples of both. All the fake advertisements are requesting donation funds in the form of cryptocurrency. 

The Darknet is a part of the Internet that isn’t visible to search engines, requiring the use of anonymised browsers for access.

In one example, a woman alleging to be named “Marina” requests donations via a personal photo. CPR followed the trail to learn the image was taken from a German newspaper.  A short description states that ‘Marina’ and her children are trying to escape Ukraine due to the “very bad situation” and are asking money, to be donated in cryptocurrency, to do so.

The appeal also states, “Every coin helps”. Whilst the QR codes attached are addresses to crypto currency wallets. 

In another example, a Darknet advertisement points to a legitimate website that has already raised nearly $10 million in crypto in donation funds.This website is calling people to “Help the Ukrainian army and their wounded, as well as the families and children caught in the developing conflict”. It also refers to the “Defend Ukraine” Twitter account.

The website domain was registered on the 16th of February, a week before the war in Ukraine started. The site itself is simple and contains a list of different organisations and NGOs in Ukraine, as well as Crypto Currency, Bitcoin, Ethereum, and USDT.  All of the advertisements request donations in the form of crypto currency. No other information seems to be provided, raising questions about the overall authenticity and legitimacy of the page.

CPR urges potential donors seeking to help the Ukrainians to beware of the links they go to and the websites used to send funds using  fraudulent donation pages to aid Ukraine on the Darknet.

Oded Vanunu, Head of Product Vulnerabilities Research, at Check Point Software commented “CPR has always taken a close look at the Darknet. Last year, we found advertisements for fake coronavirus services. Now, we’re seeing donation scams appear on the Darknet, as the Russia-Ukraine conflict intensifies. These advertisements are using fake names and personal stories to lure people into donating... In one example, we saw someone alleging to be the name ‘Marina’, displaying a personal photo with her children in hand. It turns out that the image is actually taken from a German newspaper.

“At the same time, we’re seeing legitimate advertisements for donations to help Ukrainians, where we show one example that managed to raise nearly ten million dollars... Thus, legitimate and fraudulent advertisements are being mixed on the Darknet. The Darknet can be a dangerous place. I strongly urge anyone looking to donate to use trusted sources and mediums. CPR will continue to monitor the Darknet throughout the ongoing war and report any other wrongdoing.”

Check Point:      Deutsche Welle: 

You Might Also Read: 

Ukraine: Spam Website To Reach Millions Of Russians:

 

« Deep-Fake Information Warfare
Zelensky Deepfake Tells Ukrainians To ‘lay down arms’ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

International Security Management Association (ISMA)

International Security Management Association (ISMA)

ISMA is an international security association of senior security executives from major business organizations located worldwide.

Cipher Security

Cipher Security

Cipher Security provides unique robustness tests and penetration tests, as well as customizable development services for vendors and providers.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

Wizlynx Group

Wizlynx Group

Wizlynx services cover the entire risk management lifecycle from security assessments and compliance to the implementation of security solutions and provision of Managed Security Services.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

Nameshield Group

Nameshield Group

Nameshield is one of most experienced domain name registrars, trademark protection specialists and managers of online reputational risk in the world today.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute builds on the strength of its members in the area of network and communication security, artificial intelligence, big data and cyber physical systems.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

NTT Group

NTT Group

NTT offers agile, scalable technology services to bring it all together seamlessly, securely, and sustainably. We help you adopt a holistic security approach across your network, clouds, applications.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Salem Cyber

Salem Cyber

Salem Cyber builds Artificial Intelligence (AI) solutions that work collaboratively with people to address scalability challenges in cybersecurity operations.

Argenta Talent Acquisition

Argenta Talent Acquisition

Argenta Talent Acquisition is a recruitment partner specializing in Space and Defense, Intelligence Community, all things Technical, Cyber, and Logistics.