Scammers are now targeting unsuspecting users via phishing webpages, forum posts, and email links enticing users to “help Ukraine” by donating cryptocurrency.
The development follows Ukraine’s successful effort of raising over $37 million in crypto donations from all around the world amid the country’s ongoing invasion by Russian troops.
‘Help Ukraine’ crypto donation scams on the rise
This week BleepingComputer has come across a series of cryptocurrency scams enticing users to “help Ukraine” by donating to counterfeit Bitcoin and Ethereum addresses that are not affiliated with the Ukrainian government.
To facilitate this phishing campaign, attackers are using a variety of means—from phishing emails that appear to originate from npr.org or the United Nations Office for the Coordination of Humanitarian (OCHA) domains, to posting forum posts claiming to be behind the “Help Ukraine” movement.
One such phishing email, among others reviewed by BleepingComputer, is shown below:
Additionally, BleepingComputer came across a forum post shared on one of the forum threads that we have since taken down.
“The attack on Ukraine brings a lot of trouble and death in our families! Fundraising to provide targeted assistance to those in need, regardless of their gender, age, citizenship,” reads the forum post.
“Many people need food and clothes, someone is sleeping on the street!! Remember, every penny and every minute can save a life!”
Ransomware intel provider MalwareHunterTeam also came across .org domains set up by scam artists looking to con prospective donors, as did others:
Cybersecurity researcher Jake also shared with BleepingComputer a dubious donation site “UkraineGlobalAid.com” that could fool some on a first glance but contains broken links all over:
What makes these scams particularly dangerous is their appeal to emotion that unwary recipients may not be able to resist, especially at a moment of need for Ukraine.
The fact that the government of Ukraine is actively seeking crypto donations in Bitcoin, Ethereum, and other forms of crypto from all over the world may inadvertently lend credibility to such scams.
Ukraine raises over $37 million in crypto donations
In what can be described as the first-ever large-scale crypto crowdfunding effort from a national government, Ukraine has thus far raised over $37 million in Bitcoin (BTC), Ether (ETH), Tether (USDT), and other altcoins. Additional donations worth $13 million are expected to arrive as the country battles an ongoing crisis.
Last week, after Russia’s unprovoked attack on Ukraine, the Ukrainian government made a crowdfunding appeal to the world seeking cryptocurrency donations.
In a tweet posted by the official Twitter account of Ukraine, government officials shared the authentic Bitcoin and Ethereum addresses where funds could be sent to:
Stand with the people of Ukraine. Now accepting cryptocurrency donations. Bitcoin, Ethereum and USDT.
BTC – 357a3So9CbsNfBBgFYACGvxxS6tMaDoa1P
ETH and USDT (ERC-20) – 0x165CD37b4C644C2921454429E7F9358d18A45e14
— Ukraine / Україна (@Ukraine) February 26, 2022
This may have raised eyebrows among netizens suspecting if Ukraine’s official Twitter account had been hacked—and for good reason.
In 2020, attackers had hijacked verified Twitter accounts of prominent public figures and companies including Elon Musk, Bill Gates, Kanye West, and Apple, to promote “double your cryptocurrency” scams:
In 2021, Bitcoin.org was hacked with attackers having successfully stolen $17,000 from unwary users in a similar scam.
It’s tempting to dismiss these scams thinking no one falls for them, but, similar crypto scams have been hugely successful and generated hundreds of thousands of dollars in the past.
For example, in 2018 crypto scammers had made $180K in a single day. In 2021, Twitter suffered a massive attack with threat actors walking away with $580K in a week. And, in February last year, we saw another incidence of crypto scammers making at least $145,000.
For those looking to donate to Ukraine, make sure to only use the official wallet addresses published by the Ukrainian government and refrain from engaging with any suspicious donation emails or social media posts.
Updates (times in ET):
March 1, 08:27 AM: Added more examples of fraudulent sites.
March 1, 08:46 AM: Added examples of previous successful crypto scams.