Crypto Grab, a developer known for creating phishing software, has officially registered as a business in the United Kingdom. As reported by blockchain security firm CertiK, this registration comes amid allegations that the company’s software, Nova Drainer, is used for illicit activities, specifically targeting cryptocurrency assets through phishing attacks.
Crypto Grab, which now operates under the legal banner of Crypto Grab Limited, claims that its business registration lends it legitimacy, facilitating the acquisition of Extended Validation Certificates (EV SSL certificates). These certificates are crucial for online businesses, as they enhance website security and trustworthiness by verifying the legal entity controlling the site.
The impact of wallet drainers
Wallet drainers, like Nova Drainer, are a type of Web3 protocol that exploits the trust of cryptocurrency users, tricking them into visiting malicious websites where their digital assets can be stolen. Over the past year, these schemes have led to significant financial losses, with security platform Scam Sniffer estimating over $300 million worth of cryptocurrency stolen through such methods.
Crypto Grab’s marketing strategy is unabashedly transparent about the capabilities of its software, boasting features that enable the theft of ERC20 tokens and Ether (ETH) directly from victims’ wallets. The company’s website and official Telegram group are platforms for promoting these phishing products under the guise of offering tools for “Crypto Affiliate Success.” Despite the nefarious nature of its offerings, Crypto Grab presents its incorporation certificate as proof of its legitimacy, asserting that this status facilitates partnerships with major industry players.
Regulatory challenges and company scrutiny
The registration of Crypto Grab Limited with the UK’s Companies House has prompted a closer look into the firm’s operations and the authenticity of its director, Bradley Robertson, whom CertiK suggests is a pseudonym. Companies House, however, is limited in its capacity to verify the accuracy of the information submitted during the registration process, performing only basic checks to ensure completeness of the documents filed.
CertiK’s investigation into Nova Drainer has uncovered evidence of its involvement in phishing operations, identifying contract addresses associated with the scam. These findings reveal that the software diverts some of the stolen funds as a service fee, with thousands of transactions traced back to these activities.
In response to potential fraudulent registrations, Companies House has outlined procedures for the public to submit complaints, although it lacks the authority to conduct formal investigations into fraud. Instead, suspicious activity is forwarded to the police, and victims are advised to report to the Action Fraud hotline.