Earlier we reported that a user Ashish (name changed) was a victim of an email scam. He received an email from an account firstname.lastname@example.org to transfer 6900 XRP tokens. Of which he transferred 4962 XRP tokens.
We determined that the scammer is an employee of Bitbns exchange and promptly informed the team. Bitbns clarified that scammer Arijit Dey who also goes by @dCryptoMania on Telegram was just an administrator of Telegram group and not an employee. Furthermore, Arijit had returned the funds and was no longer the admin on Bitbns.
Earlier today, the scam victim Ashish contacted us to tell us his Bitbns account was hacked and his returned funds were transferred. Ashish’s account was wiped clean of the 4962 XRP.
We have confirmations that the account which received these funds belongs to Arijit Dey, who is also accused of scamming the same user earlier. This is how it unfolded.
How it happened?
- At 6:36 AM, Ashish contacted Coin Crunch “Someone transferred (my XRP) from Bitbns”.
- Ashish could not connect with Bitbns founders Gaurav and Prashant.
- Ashish’s account was accessed at 3:42 AM, in the latest email at 3:52 AM, the OTP was sent on email for “enabling Google 2FA for your Bitbns Account”
- 4961.9 XRP were transferred from Ashish’s account.
- Coin Crunch investigated the Transaction Hash, determined that the account where the funds were transferred likely belongs to Arijit Dey, the alleged scammer.
- At 7:28 AM Coin Crunch reached out to Gaurav Dahake & Prashant Singh of Bitbns for comment. At the time of this writing there is no response from them
Ashish woke up to see an email from Bitbns with an OTP sent at 3:52 AM. The email was titled “OTP for enabling Google 2FA for your Bitbns Account”.
Ashish opened his Bitbns account to find all his XRP tokens he was returned yesterday were transferred to some other XRP wallet.
The transaction hash revealed the XRP wallet the funds were transferred to is rHdWtCebFZk5nqNRSn7ee9eMmY9nAbw6Jw
Coin Crunch Investigation
The thing about Blockchain is, all the transactions are visible. If you know how to, you can find out who the accounts belong to.
Yesterday we reported that the funds were transferred to Bitfinex account. Today the funds were transferred to an account that doesn’t belong to an exchange. We realise that when we reveal the methods, scammers will try and find new ways to scam people. However, it is our duty to bring forward the truth and we are doing just that.
The Account : rHdWtCebFZk5nqNRSn7ee9eMmY9nAbw6Jw
We started with exploring the account on Bithomp. Bithomp not only provides the details of transactions on an account but also gives the information about the account’s activation.
It shows here that the account was activated by Coindelta. It means that it was activated by a transaction of minimum 20 XRP sent from Coindelta.
The account was activated on January 7, 2018 with a transfer of 177.12 XRP from Coindelta’s wallet.
To know who sent the initial 177.12 XRP from Coindelta, we reached out to the exchange.
We explained the situation and requested them after clarifying the investigation. Coindelta confirmed that the transaction of 177.12 XRP was done by a user with email ID Arixxxxxx@xxxx.com (The domain is hidden).
Same email ID was used as the recovery address for the Koinex.email@example.com account used for scam.
2Fa we would be making mandatory starting today. All Withdrawals would be confirmed with Google 2FA and email confirmation.
The user Ashish mentioned in the coincrunch article was scammed. We would be resetting his account and help him recover all his losses.
Arijit Dey @dcryptoMania is the alleged scammer in this case. And we would be filing a police complaint on the same.He is not an admin and no longer associated with bitbns or buyhatke.
Nobody else’s funds have any issues and we urge you not reveal any personal details whatsoever to anyone.
We can assure you apart from Ashish mentioned in the story we have no reported case of funds being misappropriated by anyone.
We have found certain pieces missing in the puzzle and those should be addressed
- While many exchanges provide a login history with details like browser used, the IP address, Bitbns provides no such history to the user. This makes it difficult to determine suspicious activity on an account.
- Gmail cannot be hacked easily, we determined that yesterday. How did Arijit Dey get access to OTP sent on user’s phone/email? Is there a backdoor entry on Bitbns that he could access?
- Are there no background checks of Exchange admins? Arijit Dey has had a shady past that we are uncovering in our investigation. He is also accused of running a similar scam by sending people emails from Coinome.firstname.lastname@example.org.
The other side of the story:
After the Bitbns statement, it is confirmed that Ashish was indeed scammed and hence we have removed this section of the story.
What should users do to stay safe?
The scam and hack case makes one thing clear, you can lose your cryptocurrency if you are not careful or if the exchange has a weak security.
Time and again, we hear news of hacks from all around the world. We are not implying that exchanges are easy to hack, but people have been able to. Please take note of these mechanisms to keep your account safe:
- Change your passwords regularly.
- Use 2FA with Google Authenticator or Authy.
- Do not click on unsolicited links from emails, messages or any other sources. It could be a malware attack.
- If you are holding long term, move the funds to a private wallet or a hardware wallet.
- Open accounts in exchanges after due diligence of their security.
- Trust no one, if this episode has taught us anything, it is that exchange admins can pull of scams too. If support is needed, go through appropriate routes.
- Article was updated to include a section ‘Other Side of the story’
- Updated with Bitbns official statement
- Updated the update log section.
- Cover image updated.