Investigations | June 7, 2024

Crypto fraudsters double down on Elon Musk. Again.

by Nick Smart

Director of Blockchain Intelligence

The stage is set: Elon Musk’s voice implores an audience to scan a QR code, his presence flanked by a large banner reading “Scan the QR and change your life,” all before a backdrop of poised rockets.  

His speech, replete with pauses and intonation, explains that it’s a special event. Scanning the code will take you to a website where your Bitcoin, Ethereum, Dogecoin or USDT will be doubled and returned to you in five minutes. 

The voice is convincing, though to South Africans, his accent appears wrong. It is distorted and too American. The ‘ums’ and ‘ahs’ seem contrived, and the deadened vowels are absent. Moreover, it is unlikely that a South African who entered the US via Canada at his then age could so successfully shed the accent of his birth and upbringing. 

This is perhaps the most sophisticated fraud we’ve seen in the evolving category of faking the likeness of Mr. Musk.  

As the world’s wealthiest man, with a huge reach on X and other media outlets, fraud groups frequently use him as a totem to give credibility to their operations and entice victims.  

The website, “musk[.]events” promoted in the video is primitive, but the setup is all too convincing. At time of writing, it has already received almost 7000 USD in Bitcoin. 

This is not even a single event; during the hotly anticipated test flight of Starship, the world’s most powerful rocket, on June 6, 2024 over 35 similar fakes were identified streaming on YouTube. It is a growing trend; deepfakes are increasingly being used to promote fraud websites. 

Warning: Crystal has identified this to be a fake video. The alarmingly accurate likeness of Elon Musk is a deepfake made and circulated by fraudsters to cheat people out of their money 

Mr Musk’s likeness is frequently faked

It is not the first time that Mr. Musk’s likeness has been used to promote fraud, and is unlikely to be the last.  In March 2021, a BBC news article titled “Bitcoin: Elon Musk giveaway scam ‘cost man £400,000’ told the story of a German victim who lost a large amount of bitcoin to a so-called ‘bitcoin doubler’.  

These sites promise incredible returns on investment but require users to send money first for it to be returned at twice (or more) the amount provided to them. In the article, though not indicated to be the site that the victim lost money on, a photo was provided bearing the URL elonpromo[.]site in an X thread.  

Though the site has long been able to recover the original crypto addresses used, less sophisticated scam websites often display the deposit addresses publicly, though recently, they have often been behind rudimentary login pages to appear more reputable. 

From a single address on the ‘elonpromo’ website, we could see that the site received 0.774 Bitcoin whilst it was active, between 23 and 24 Feb 2021. We can see a pattern of relatively small deposits over February 23 – 14 in total – followed by a withdrawal of the balance on February 24, 2021.  

How fraudsters operate: what you should know

  • Fraud groups rarely operate a single site; instead, they operate multiple sites – trying to reduce the chances of disruption through domain takedown.  
  • They also tend to use unique deposit addresses for each site, and even refresh them on occasion in case they have been discovered by blockchain analytics firms.  

In the prevention end, there is a constant race between fraud groups and those trying to counter them.   

What our investigation uncovered 

During our analysis, we conducted what is referred to as a ‘backtracing’, in which rather than look at the debit transactions of the particular address, we consider the other sources of credit.  

We identified other sites with similar names using Mr Musk’s likenesses and companies, Tesla and SpaceX on-chain by looking for collection addresses – places where funds are pooled by the fraud site operators so they can be managed more easily. We also had quite a few blank addresses without attribution; such is the scale of these operations, there are so many sites it is almost impossible to collect them all.  

For many victims of fraud, this is usually the end of the story; funds are stolen, and then withdrawn by the criminal.  

Tracing the funds to a destination where they can be recovered, such as a centralized cryptocurrency exchange, is costly and requires skilled experts. Even then, it may often be too late – the funds are exchanged and removed by the criminal, perhaps never to be seen again. 

Our advice will always be to think twice before investing in a scheme that looks and sounds too good to be true. 

To learn how we can help you solve crypto investigations, please book in a demo here. 

Be the first to get news from Crystal