Hundreds of users fell victims to email scams over the past week, sending over $1 million worth of Ethereum to a scammer who sent fake emails posing as the Bee Token ICO (Initial Coin Offering).
The Bee Token ICO started on January 31 and ended on February 2, when the Bee team shut down the ICO after raising the $5 million they wanted to build their product, a blockchain-based house rental application, a-la Airbnb.
During the time the Bee Token ICO was going on, a scammer was sending emails posing as the Bee team and urging users who wanted to buy Bee Tokens to send Ethereum to wallets under his control.
The Bee team became aware of this issue pretty soon into its ICO, and sent out three security alerts [1, 2, 3], informed people that the ICO was taking place via its website alone, and even created a Google Form to allow users to report scams.
Despite the constant alerts from the Bee team, people kept falling for the fake emails, which were sent from addresses like: "firstname.lastname@example.org."
A copy of one such email was shared online earlier in the week:
The scammer used multiple wallet addresses to receive funds from tricked users. Bleeping Computer was able to track down three of such wallets — 1, 2, 3— but there were multiple others shared online, but the full addresses were edited.
The three wallets contained over $1 million when the Bee Token ICO ended on Friday, but it is believed the hacker made off with even more money.
Last week, another (or maybe the same) scammer tricked users participating in the Experty ICO into sending funds worth over $150,000.
Because of all these shady ICOs and cryptocurrency scams, Facebook decided to ban ads for ICOs and cryptocurrencies on its platform earlier this week.