A team of developers behind a scam wallet-draining service has taken an unconventional approach by registering as a business in the UK. According to blockchain security firm CertiK, the company known as Crypto Grab has created the “Nova Drainer” application as a phishing product. The company’s registration can be found on the official website of Companies House, the UK government agency responsible for overseeing business registrations.
Crypto Grab argues that this registration will help establish its legitimacy and enable it to obtain Extended Validation Certificates (EV SSL certificates). Wallet drainers are Web3 protocols used by scammers to steal cryptocurrency by tricking victims into visiting malicious websites and approving token transfers. In 2023 alone, these programs resulted in losses of over $300 million, according to security platform Scam Sniffer.
The developer of Nova Drainer promotes its software through its official Telegram group, advertising it as capable of stealing ERC20 tokens and Ether (ETH). The team also markets the software on its official website, Cryptograb.io, which claims to be a gateway to crypto affiliate success. A YouTube video embedded on the site further promotes the phishing and drainer products.
The official business registration is under the name Crypto Grab Limited, which closely matches the name found on the website. The developer proudly displays its Certificate of Incorporation on the software’s documents at read.cryptograb.org as proof of its legitimacy.
CertiK’s investigation into phishing sites linked to Nova Drainer revealed three contract addresses used in the scam operation. One of these addresses ends in 00000. CertiK found that Nova Drainer takes approximately 30% of the stolen funds as a fee, leaving the rest to the client who creates the phishing site. The report states that over 7,000 transactions have been made using these contracts.
CertiK also claimed that the director listed for Crypto Grab, Bradley Robertson, is likely a fake identity. Companies House acknowledges that it can only perform basic checks to ensure documents are completed and does not verify the accuracy of the information filed.
Companies House advises individuals who suspect false information in a registration to file a complaint via email. The agency states that it attempts to contact the company and its officers to clarify any mistakes or fraudulent activity. However, Companies House lacks investigatory powers and refers suspected fraud cases to the police. Victims of fraud are encouraged to report to the Action Fraud hotline.
It is worth noting that the effectiveness of Action Fraud against crypto-related crimes has been called into question by fraud victims in the UK.