A development team that produces a scam-as-a-service wallet drainer has taken the unusual step of registering as a business in the UK.
According to blockchain security firm CertiK, the phishing software developer, Crypto Grab, produces the “Nova Drainer” application as a “drainer” or “phishing” product. The company has become listed on the official website of Companies House, the UK Government agency that oversees business registrations.
CryptoGrab has argued that this business registration will allow it to be seen as legitimate, helping it to obtain EV SSL certificates (Extended Validation Certificates).
Wallet drainers are Web3 protocols that scammers use to steal cryptocurrency, usually by tricking victims into visiting malicious websites and making token approvals. Over $300 million was lost to these programs over the course of 2023, according to security platform Scam Sniffer.
Through its official Telegram group, the developer of Nova Drainer advertises its software as “steals ERC20 tokens” and “steals ETH [Ether].”
The team also markets this software through its official website, Cryptograb.io, where it claims to be “Your Gateway to Crypto Affiliate Success.” An embedded YouTube video on the site advertises “phishing” and “drainer” products.
The name on the official business registration is Crypto Grab Limited, roughly matching the one found on the website. In addition, the software’s documents at read.cryptograb.org proudly display the company’s Certificate of Incorporation as evidence that the developer is seen as legitimate.
Related: Angel Drainer targets users with malicious Safe contract: $403K stolen
CryptoGrab has since stated that this registration allows it to obtain EV SSL certificates, which “confirms our reliability and opens access to major suppliers such as Binance, StormGain, Etoro, and others.”
In its Company House registration, Crypto Grab lists 100-101 Museum Street, London, England, WC1A 1PB as the address for its headquarters and Bradley Robertson as its director, which CertiK claimed was “almost certainly [a] fake identity.” A note on the Companies House website states that the agency “does not verify the accuracy of the information filed” as it can only perform “basic checks” to ensure that documents are fully completed.
In the report seen by Cointelegraph, CertiK claimed that it investigated phishing sites linked to Nova Drainer and discovered three contract addresses used in the scam operation. One of them is located at an address ending in 00000. After studying these addresses, CertiK concluded that Nova Drainer “takes approximately 30% of the stolen funds” as a fee for itself, leaving the rest of the loot to the client who creates the phishing site. So far, over 7,000 transactions have been made using these contracts, the report stated.
According to Companies House, if a person believes that a registration contains false information, they can submit a complaint through email. In a March 14 response to a Freedom of Information request, the agency stated that “when a complaint is received every attempt is made to contact the company and its officers to clarify if a genuine mistake has occurred or if indeed there is fraudulent activity.” However, “Companies House has no Investigatory Powers and is therefore unable to investigate allegations of fraud.” The agency claimed that when it suspects fraud has occurred, it forwards the information to police. It also suggested that victims of fraud should make a report to the Action Fraud hotline.
Related: UK's Action Fraud may be ineffective against crypto crime — Fraud victim