‘Money Mule’ Scams Adopting Bitcoin ATMs For Transferring Hacked Funds

Hackers who raid corporate bank accounts often launder stolen funds by depositing them in accounts owned by “money mules,” people recruited through work-at-home job scams. The mules are usually instructed to wire the stolen funds to the scammers. Increasingly, however, the mules are being directed to send the funds using bitcoin ATMs, according to KrebsOnSecurity.

The story of a Canadian reader who contacted KrebsOnSecurity demonstrates how such scams work.

One ‘Mule’s’ Experience

The reader was offered $870 per week and 5% commission for every transaction she handled for a company called Lunarbay(dot)biz. She became suspicious after receiving information on forwarding the funds.

She was told to withdraw the funds form her account and go to the bank. She then received a QR code to save on her smartphone and given the location of the closest bitcoin ATM. She was sent an instructional Youtube video on how to make payments using a Lamassu bitcoin ATM and told to process the payment within three hours.

Why Bitcoin ATMs?

Krebs suspected the scammers used the bitcoin ATM since traditional wire services might be doing a better job of detecting and blocking suspicious transactions. In addition, bitcoin transactions are faster.
The scammers use multiple QR codes linked to different bitcoin addresses. The reader in the above example provided Krebs with a link to a bitcoin account that received eight transactions in a three-day period totaling more than 6.3 BTC, $3,823 at current exchange rates.

The Lunarbay(dot)biz website noted the company has existed for several years. It referenced a legitimate business by the same name in the United Kingdom. The domain name, however, was only registered in late August 2016, and apparently used content from a legitimate marketing firm in Australia called Bonfire.

Welcome User ....

Not Spam
Not Porn