Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims

Researchers have discovered a campaign targeting East African and Asian countries with fraudulent cryptocurrency investment platforms.
The platforms, identical in design, offer unrealistically high returns, with users encouraged to recruit others via multi-level affiliate programs, a telltale sign of Ponzi schemes.
Threat actors primarily target internet users in East African and Asian countries.
The domains primarily use registrars with lenient policies in Singapore and fake registrant names to obscure their identities.
They also use domain fronting, free HTTPS certificates and hosting through a popular public cloud service to disguise their locations.
Most of these domains were created at the rate of around 15 per day since June 2024.
Palo Alto Networks has shared these findings with its fellow Cyber Threat Alliance (CTA) members to help them deploy protections for their customers and systematically disrupt the malicious cyber actors behind this fraud.

Fast Feed