Web3Gaming Scam Alert: Crypteriumplay Mimic’s Cradles
Thanks to Grok for the tip about this scam. Give him a shout out on X/Twitter: https://twitter.com/Grokplays
I am going to quickly run through how to spot scams and what a real project will look like.
Scammers:
They have a limited window for their trick to play out before others find out about it. But today’s Web3Gaming scammers are running a play book and I would call this one an average attempt compared to others I have covered in the past. This time window is helpful for us, as the longer the time passes the less effort they put into the scam. This helps us to spot them quicker.
Overview:
We will interact with their social media accounts, search for them, checkout their website and interact with these resources.
Tools Used:
Etherscan: Shows you the contract address that can be used to validate if the token in question is legitimate or not.
https://etherscan.io
Dextools: Reviews token prices, but also has all the social media, website and other helpful links.
https://www.dextools.io
De.Fi: Allows you to learn if the token contract is risky.
https://de.fi/scanner/
DNSChecker: Another tool used to find details about the website and who stood it up.
https://dnschecker.org/
ICANN: Used to see when the website was registered and with whom
https://lookup.icann.org/en/lookup
Social Media
Twitter:
This is the first thing I usually check, as it's hard to spoof or trick your timeline, who you follow and who follows you. So let’s check out their account as of 22 Nov 23.
The only thing that stands out as funny is the Joined date, March 2013. So let’s look at who they are following.
I do not see a founder account, team members or high vis Web3Gaming people in here. Let’s be real, a founder is absolutely proud of what they are doing and will make sure their game account follows their personal brand so that others know who is behind it. So not looking good, RED FLAG on who they are following. Next let’s quickly look at who is actually following them.
Once again, a glaring RED FLAG arises in my mind as I do not notice any web3 or gaming enthusiasts who are currently following this account.
Overall, their Twitter account is sus at best. Let's thoroughly examine their social media accounts to determine if our current assessment dismissing this as fake still holds true.
Youtube:
Their account is extremely thin, and they were all released on 3 months ago or maybe even on the same day. I didn’t fully check that, but once I see a short list of videos I become suspicious quickly.
Next step is to then do a search for Crypterium on YouTube:
There is not much content to be found here. I clicked in the 2nd to last video as you can see, and I watched it. This influencer goes through the website, even shows the token very quickly. However, I noticed this: their X/Twitter account had 7,455 followers and they were following 18. This is different from what I am seeing above. So this is another RED FLAG, follower count dropping by this large amount indicates botting.
Medium:
When you visit their site, you can check their follower count and then look at their articles. Their follower count looks decent, nothing stands out there. However, when you look at the articles you can quickly notice something. They were all posted on 29 Sep 23, this is not something a project would do. Normally you would want to release an article once a week and keep a good rhythm with releases. Even if you have a lot to say, when you see this it is a RED FLAG.
Crypterium’s Website
So let’s review their website and see if anything jumps out at us.
So let’s see what all these links lead too. The registration link takes you to establish an account.
Download Game
Play now, asks you to download a launcher of some sort. I scanned that file, it returned some suspicious functions, but it contained no obvious malware.
However, when looked at in a top Cybersecurity framework called MITRE ATT&CK these functions give pause.
White Paper
So the next item is the review the white paper.
While not a super technical indicator, I always try to see if I can search the pdf file for specific words. In this instance, it seems the pdf does not allow for that.
So lets click on the token link, as we will skip connecting a wallet to reduce the likelihood of accidentally approving a transaction that could give them access to even a new wallet.
Note: Tokens and NFT assets are stolen when users accept by signing a transaction that allows the contract that they are engaging with approval to take any functions or actions that the user has approved. Criminals use the opaqueness of Crypto transactions to trick users into accidentally signing a transaction that gives them full control of the user's wallet, thus allowing them to move any assets out of the user's wallet at anytime.
Token?
The token link takes you to Etherscan to a real token called CPRT, or Crypterium. This is an attempt to try to make it look like this project has been around a long time.
You can then validate really quickly however, if this brings you back to the same website you were just on. You can select the down arrow for Crypterium.com, which we instantly know is not the same as the website we just came from which is crypterium.io.
Verifying Legitamacy of Token:
Next I copy the contract by selecting the copy feature on the page. I then head over to Dextools.io to paste it into their tool to look at a couple of more indicators.
Here, I am validating that this token is real, how many holders, its liquidity, market cap, etc… A real token will have activity and a chart that shows people are actually trading this token. Holder counts can be spoofed with micro airdrops, those are used to increase wallet numbers to give the impression that more people hold it than actually do.
Also, another good feature about dextools.io is that it also has all the links to the website, social media etc…for you to double-check everything. So validating the websites don’t match is a HUGE RED FLAG.
Website Technical Info
To validate the website we can look at a few other technical items.
I used DNSChecker to review the website statistics. I am looking for when it was registered, I could not find that directly so I used ICANN as the authoritative resource to verify.
When you get an error like this, it's the method used to hide the fact that the domain was registered recently.
I then looked up the hosting provider and I found this waiting for me when trying to see who there were:
Can we say RED FLAG?
Summary of Crypterium:
I think we captured enough RED FLAGS, from social media analysis to its website and technical information to validate it is not a legit project. But this begs the question, who is the real project if you hadn’t seen this article’s title you wouldn’t know.
This is where you need to ask your network of friends or other accounts on social media if anyone has heard of or seen this game before. Sometimes the scammers leave a trail to the original game, other times they don’t
Bottom Line: Crypterium is a Scam, Avoid!
Cradles:
Well let’s see what the real game looks like so you have a baseline to review and understand better what you should be seeing when you find a legit game.
Twitter:
Here is their real X/Twitter handle, you can see a few things that are different right away. First is that they joined only back in May 2021, which seems much more reasonable than 2013. They are using link3.to, because they have a lot of links, and they are highlighting the game is on Steam and they are getting a Bybit IEO Launch.
YouTube:
So let’s see what their channel looks like. They have a lot more content and it goes back further as well.
What does it look like we search for Cradles?
Some content is a couple of months old, but here is also a newer video as well indicating recent activity.
Medium:
Here is what a proper medium page should look like. New and older content spread out, not all release on the same day.
Cradles Website:
It looks similar to the scammers copy, however they are indicating a Mint of some sort on the bottom.
Mint Pass
So if we click on that we are given this page:
Game Download
The Download button actually takes you to steam and not a file to download and install.
Page Registration
The register page also looks a little more real.
White Paper
There white paper is searchable, a bonus and it looks very sharp.
Cradles a Legit Project.
And yes, they are aware of this scam.
Hopefully this was helpful in walking through what a scam project looks like, how to spot issues and what a real project looks like. If you have run across others like this please let us know.
Again, thank you to Grok for pointing this out.
Up Your Knowledge, Skills, and Abilities:
First, you need a good summary of how to build your defenses. I have you covered here. I have spent over a year getting my annual report finished on Blockchain Security Landscape of 2023, covering all the in’s and out’s of 2022. It has an entire section dedicated to just this very topic.
https://cyberstrategyinstitute.com/crypto/
If you want an even better understanding of Cybersecurity you can head over and grab my annual report there as well.
Cybersecurity Landscape Of 2022 and Insights into 2023 and beyond
Discover the latest Cybersecurity Landscape trends and threats. Stay ahead of the game with expert insights and…
The next step is to have the right tools. In my report I cover a lot of them. Including some of the tools and capabilities I have assembled for folks operating in the Crypto World.
I am launching a new capability designed to protect users. No more malware, viruses or ransomware impacting your systems. Warden will be a that service. I am excited to announce my partnership with Xcitium. They will be providing their superior AV tool for my fully Managed Security Service Provider (MSSP) offering called Warden.
You remember from above it was one of the tools that stopped this from happening to my system. That is because it automatically blocks all “unknown or known malicious files” from ever impacting your system. I couldn’t ask for a better tool or better partnership than with them. I have been doing Cybersecurity for over 2-decades and detection doesn’t work 100% of the time. I don’t want anyone to be patient zero ever again.
Secure My Digital Life Today with Warden!
See all our options using the below link. However, you are not going to see this great offer there. Together, we can stop scammers and criminals from ever impacting your life.
Again, DO NOT download their software and stay away from this scammers project, period!
Further Resources about Cyber Strategy Institute:
If interested in other analysis, checkout my other Medium articles and for more of a daily understanding of the Cryptoverse follow my Twitter account.
Cyber Strategy Institute
Medium: https://cyberstrategy1.medium.com/
Twitter: https://twitter.com/CyberStrategy1
Website: https://cyberstrategyinstitute.com
About Cradles
Cradles stands out as an AAA MMORPG blockchain game, boasting features such as PvP, PvE, ecological strategies, and the discovery of extinct species. Gamers can traverse cities, hunt for treasures, and solve puzzles in bustling taverns and casinos. Cradles has secured $6 million from notable investors such as Animoca Brands, Huobi Ventures, Foresight Ventures, and more.
