Indian investors were defrauded out of over Rs1,000 crore by a fraudulent cryptocurrency exchange fraud, according to a new report from Cloudsek, a cyber-security firm. Fake crypto exchanges duped Indian investors out of over $128 million (nearly Rs 1,000 crore) while the global cryptocurrency market was tanking.

Investors in India lost up to Rs 1,000 crore to such frauds, which were propagated via social media portals, according to a report from India’s Cyber Security Firm, Cloudsek. Cyber security firm, Cloudsek estimates threat actors have duped victims out of as much as $128 million (about Rs1,000 crore) in such cryptocurrency frauds, said Rahul Sasi, founder and managing director, Cloudsek. Cyber-security firm Cloudsek said they had detected a running operation involving several phishing domains and bogus Android-based cryptocurrency apps.

Investigations conducted by researchers at Cloudsek revealed a scam of a fraudulent cryptocurrency exchange was being undertaken in several phases by threat actors. Cloudsek said they were approached by one of the victims, who had reportedly lost Rs50 lakh ($64,000) in the fraudulent cryptocurrency exchange scam, along with other costs like deposit amounts, taxes, and so on.

According to the report, the investors had invested in fake cryptocurrency exchanges via social media portals. According to the report, these frauds involved creating fake crypto exchanges resembling legitimate trading platforms. Crypto fraudsters employ various techniques to entice users into investing via the bogus crypto exchange, including identity fraud and phishing goes.

According to Rahul Sasi, CEO at Indian Cyber Security Firm, the fraudulent platforms of all trade and withdrawal facilities are later shut down once users have added their funds. The fraudulent cryptocurrency exchange worked similarly, as Indian cyber security firms detailed in its latest report: it first gained users’ trust for months, then blocked all withdrawal facilities after victims added their funds. To attract, the fake profile female shared $100 in credits, like gifts, with the specific cryptocurrency exchange, in this case, the duplication of the legitimate cryptocurrency exchange.

When victims go on different platforms to complain about losing access to their accounts, the threat actors themselves, or a new one, pretending to be researchers, will approach them. Once a potential victim has added his money to a platform, threat actors lock his accounts, ensure that the victim cannot withdraw his investments, and then vanish with the victim’s money. Once the potential victim adds their money to the phoney cryptocurrency exchange, the account is frozen, and the money disappears. After signing up and depositing funds to Coinegg, the threat actors lock up the amount on the Coinegg VIP wallet and prevent users from withdrawing the funds. Users are enticed with a $100 gift card that would be used to deposit specific cryptocurrency investments.