Massive Crypto Scam network Exploits Discord, Impersonates MrBeast Across 1,200+ Sites

A sprawling network of over 1,200 fraudulent online gaming and wagering websites is actively scamming users out of cryptocurrency, leveraging deceptive advertising on platforms like Discord and falsely associating with popular online personalities such as MrBeast. The operation, characterized by its scalability and sophisticated social engineering tactics, entices potential players with the offer of a $2,500 credit upon using a supplied “promo code” on the advertised website.

These gaming sites require users to create a free account to claim the advertised credit, wich can then be used to play a variety of polished video games that involve betting on in-game actions. For example,at gamblerbeast[.]com, users can wager on the outcome of basketball shots in a game called B-Ball Blitz.

the financial exploitation occurs when users attempt to withdraw any purported “winnings.” At this point, the sites reject the withdrawal request and demand a “verification deposit” of cryptocurrency – typically around $100 – before any funds can be released. Victims who deposit cryptocurrency are then often subjected to requests for additional payments.

However, any displayed winnings are entirely fabricated, and those who deposit cryptocurrency are unlikely to ever recover their funds. The situation is further complex by the emergence of “recovery experts” on social media, offering dubious services to retrieve lost funds for a fee.

The network of phony betting sites first came to the attention of security researchers through a discord user, known as “Thereallo,” a 17-year-old developer who operates multiple Discord servers.”We were being spammed relentlessly by these scam posts from compromised or purchased [Discord] accounts,” Thereallo explained. “I got frustrated with just banning and deleting, so I started to investigate the infrastructure behind the scam messages. This is not a one-off site, it’s a scalable criminal enterprise with a clear playbook, technical fingerprints, and financial infrastructure.”

Thereallo’s examination revealed that all the scam sites utilize the same API key for an online chatbot, suggesting a centralized operation. A scan conducted by the threat hunting platform Silent Push identified at least 1,270 recently registered and active domains with gaming or wagering themes linked to this API key.

The operators of this scam appear to generate a unique Bitcoin wallet for each domain they deploy, functioning as a “decoy wallet” where deposited funds are immediately inaccessible. Attempts to contact “Live Support” are handled by a combination of AI and human operators who ultimately block the user, and the chat system is self-hosted, hindering reporting to third-party providers.

Further analysis revealed a sophisticated tracking mechanism. If a user attempts to register on multiple sites within the network from the same internet address and device, the second registration is denied, indicating the operators are actively monitoring and blocking duplicate accounts. “They’re tracking my VPN IP across their entire network,” Thereallo stated.”My password manager also proved it. It tried to use my dummy email on a site I had never visited,and the site told me the account already existed.”

these “scambling” sites share similarities with “pig butchering” schemes, a more elaborate form of cryptocurrency fraud where victims are gradually lured into investing in fraudulent trading platforms. However, while pig butchering scams typically involve prolonged engagement and larger financial losses, these scambling sites appear to aim for smaller, quicker gains from a larger volume of victims.

According to Zach Edwards of Silent Push, the perpetrators are investing significantly in making these sites appear legitimate. “that’s a very odd type of pig butchering network and not like what we typically see, with much lower investments in the sites and lures,” Edwards noted.

the scale and sophistication of this network highlight the growing threat of cryptocurrency scams and the importance of vigilance when encountering online gaming and wagering opportunities. Victims should exercise extreme caution and avoid depositing funds into unverified platforms.

[A list of all domains identified by Silent Push as using the scambling network’s chat API will be published separately as a security resource.]