Motherload: Bitcoin giveaway scam network steals $6M in 6 months

A deep web of Bitcoin giveaway scams featuring the likeness of Social Capital billionaire Chamath Palihapitiya has earned nearly $6 million in six months.

Protos yesterday reported a two-day-old iteration of the familiar fraud, which typically features mega-rich celebrities like Elon Musk handing out free Bitcoin to anyone who sends them some first.

We can now confirm that the Chamath-themed scam is part of a much larger campaign defrauding potentially thousands of cryptocurrency holders.

The link that gave it away

A Bitcoin address listed in the fake Chamath giveaway sent 2.3 BTC ($87,000) to a second “Motherload” address last night.
The Motherload holds 153 BTC ($5.8 million) acquired across 264 transactions — all of them incoming.
The address first became active on August 13, 2020 and is now rapidly increasing in efficiency.

Given the timing, the campaign’s masterminds were likely inspired by last year’s monumental Twitter hack, which unfolded just three weeks before the Motherload was activated.

Giveaway scam Motherload

Protos found the campaign’s Motherload storing crypto for a huge scam network leveraging personalities like Ivan on Tech and Gemini’s Tyler and Cameron Winklevoss — as well as crypto exchange Coinbase.

60 addresses suspected of phishing Bitcoin for the campaign have interacted with the Motherload address more than once.

Every address potentially represents a slightly different giveaway scam, and we estimate each one could boast hundreds of victims.

A 10.8 BTC ($360,000) deposit made on February 1 is the Motherload’s single biggest contribution so far.

The address that sent it is linked to a Chamath-themed giveaway scam that’s netted over 10 BTC ($380,000).

Second-biggest is a 7.15 BTC ($272,000) transaction on January 10. The depositor is flagged as Winklevoss-type scam which appears to have netted 9.6 BTC ($366,000).

She’s getting bigger

The Motherload’s Bitcoin balance is growing fast, which means this particular campaign is becoming more effective over time.

In fact, deposits equalling 1 BTC or more were rare before the start of the year — just five in 2020.

But Protos counted 35 such transactions since January 1, with over half of the Motherload’s Bitcoin deposited this year.

Altogether, this particular phishing campaign has netted up to $4.3 million in the past six weeks alone.

The campaign proliferates via an extensive Twitter botnet which shares links in replies to its targets.

There’s also a mountain of reports showing the scams advertised on YouTube.

The trail ends with HitBTC

It’s difficult to track the origins of the campaign further than August 2020, when the fraudsters first used the Motherload address.

However, deposits worth 8 BTC ($305,000) made in the first four hours of the Motherload’s lifespan stand out.

Both deposits came directly from an address commonly linked to the mysteriously-located HitBTC.

A steady stream of Bitcoin from HitBTC flowed into the Motherload for the first week before apparent organic transactions began.

This HitBTC-linked address was one of the first ever to interact with the Motherload wallet.

So, until the Motherload moves its $6 million worth of stolen Bitcoin, the trail unfortunately goes cold with HitBTC.

Considering the sheer amount of Bitcoin stolen since August, it is imperative you share this information as widely and with as many media outlets as possible.

No more money Bitcoin needs to be sent to these fraudsters.

Ivan on Tech fans are falling victim, too.

Update Feb 13 2021, 15:18 UTC: We’ve released an updated analysis on the campaign after the Motherload netted $1 million worth of Bitcoin in less than a week.