The channel representative offers to create a sub-account on Binance for his new client under the pretext that he won’t have direct access to account, but will only be able to properly invest funds. The goal is to increase the client's funds.
After that, the attacker provided the address TPtaQ... for replenishment, lying that this is the same Binance subaccount. The client funded this address with a large amount in USDT tokens. After that, the scammer disappeared and stopped responding to messages.
Having collected all the necessary information, our compliance officer started the investigation.
The first step was to check the address indicated by the scammer as a Binance subaccount - it was a regular user address that had nothing similar with the exchange.
After a small analysis of the funds flow through several addresses, a wallet was identified from which the attacker withdrew funds. The withdrawal of funds took place on a small exchanger. Moreover, this exchanger showed information on the transaction of interest to us up to the Qiwi wallet. Thus, we got to the phone number that was linked to the Qiwi wallet. Qiwi wallet, in turn, was under the control of the user, who also fell for the tricks of the same scammer. Having collected the information together, we found points of coincidence. Another part of the funds through several transit addresses was withdrawn to the OKX centralized exchange.
The revealed data was enough to draw up a report, on the basis of which law enforcement agencies initiated a criminal case. The fact of opening a criminal case was enough to apply OKX services. At the moment, the personal data of the attacker has been obtained and a pre-trial investigation is underway.
Chance to recover stolen funds