Binance Helps Jail Bulgarian Cyber Scammer

Reading Time: 2 minutes

Binance has helped put a scammer who created and sold phishing scripts that helped criminals defraud victims out of some £41.6 million ($51.1 million) behind bars. Working with the Cyber Crime Unit of the UK’s Metropolitan Police, Binance helped jail Svetoslav Donchev, 37, whose scripts replicated authentic websites, for nine years after he pled guilty to five offences. Binance, who revealed their cooperation in a blog post yesterday, did not state in what capacity they assisted the police, but it has to be assumed that the scammers used to the tool to create a false Binance site with the aim of stealing users’ cryptocurrency, which Binance discovered.

Targets’ Info Sold on Dark Web

Donchev’s scripts, which police say affected some half a million people worldwide, were designed to look like the websites of legitimate companies, like Binance. However, they would be hosted on servers controlled by cybercriminals who would lure victims to the fake sites by sending phishing emails suggesting that accounts needed to be verified or that victims were due a refund. The victim would then complete the form, entering all sorts of personal information which would be logged by the cybercriminals who would then use them for fraud or sell them on the dark web. Donchev also provided thieves with software that prevented their phishing sites from being identified as ‘risky’ by web browser security software.

Donchev Rumbled by Fellow Hacker

Donchev was identified through a file on the computer of another convicted hacker, Grant West, who also used the dark web to buy and sell stolen information. Police weren’t aware of the full extent of Donchev’s activities until they looked through the files on his computer, which revealed he had created website scripts for 53 UK companies. Donchev was extradited to the UK to stand trial, where the overwhelming evidence led him to enter a guilty verdict. Binance itself was hacked in May this year, with phishing attacks on users without two-factor authentication being the likely method of entry into accounts by the hackers, while fake websites have been reported this year targeting Bakkt, Wasabi Wallet, and LocalBitcoins.

Share