[Attention, BitcoinTalk Community!]

Attention, BitcoinTalk Community!

We need to address a pressing concern that involves a notorious Russian cybercriminal engaged in crypto crime. This individual has orchestrated a network of fraudulent Ethereum, Bitcoin, and other cryptocurrency mixer websites, deceitfully promising to launder or mix crypto money when, in reality, they are stealing it through a carefully devised scheme. Their actions have caused immense financial losses amongst unsuspecting victims. It is crucial that we bring this to light and take effective action against these criminals.

The fraudster employs blackhat techniques to achieve high search engine rankings in order to promote their fraudulent crypto mixer scam.

One of the most alarming aspects of this operation is the utilization of a malicious script embedded within fake crypto phishing websites. These fraudulent websites generate a unique crypto address on the final page, allowing the cybercriminal to siphon off the funds directly. In specific, the criminal transfers the stolen Ethereum from "0x1bac08001d761c303901d5e32273a24c07d3f3da" to their other Ethereum address, "0xe67FC443fa1D4927bD9611B8cF50745618b12a04", eventually cashing out on Binance, a popular cryptocurrency exchange. It is estimated that the criminal has already stolen millions of dollars in Bitcoin alone.

An excellent example illustrating the extent of their fraudulent activities can be found on the domain eth-mixing-eth.com. If you enter a random Ethereum address, you will see the end order Ethereum address, owned by the domain registrant, which currently stands at "0x9c5ADF966d3e6Ca8fE859D2a71083728de7cA10e" (as of 12/20/23). By following the links provided, you can observe the transfer history associated with this address.

To exacerbate concerns, several other Ethereum addresses are involved in this cybercriminal's operation: "0x5a7fa8a9be9b3b3ca2df29b0f378b4b7e93efe89", "0x1bac08001d761c303901d5e32273a24c07d3f3da", and "0xe67fc443fa1d4927bd9611b8cf50745618b12a04". The stolen Ethereum travels through a chain of these "mule" addresses before finally being sent to "0xe67fc443fa1d4927bd9611b8cf50745618b12a04" and subsequently laundered through Binance. Other suspicious Ethereum addresses worth mentioning is "0x2dC905b2b066B875De1F3030849435C01f27aFDB".

"0x9c5ADF966d3e6Ca8fE859D2a71083728de7cA10e", which can be observed on the end-order page of the phishing website "ethereum-mixers.com" (Possible Accounts: https://github.com/Armayxas , https://minecraft-statistic.net/ru/player/Armayxas.html), might be another individual or possibly the same individual who runs this crypto phishing network. Based on my research, this website may also belong to the individual reported in the case, who is running a crypto QR code phishing network, including mixers, as of 2024: https://bitcointalk.org/index.php?topic=5475430.0.

One of his Medium accounts is: https://anonymousmixers.medium.com/ (Backup: https://web.archive.org/web/20240206164226/https://anonymousmixers.medium.com/)
His other Medium account is: https://ethereum-mixer.medium.com/ (Backup: https://web.archive.org/web/20240206170331/https://ethereum-mixer.medium.com/)

The former phishing Ethereum mixer scam website named "Anonymousmixers" (anonymousmixers.com), which the fraudster has also promoted on Medium, as seen here: https://ethereum-mixer.medium.com/anonymous-mixer-cdb805f616cf (Backup: https://web.archive.org/web/20240206165204/https://ethereum-mixer.medium.com/anonymous-mixer-cdb805f616cf) was suspended for abusing its services. The fraudster behind it then created a new phishing domain called "anonymousmixer.eth.link" to continue their fraudulent activities. They also created a Medium account to advertise the new phishing website and to conduct social engineering and psyop attacks by fabricating a fake story about why their previous domain was suspended. This fabricated story can be read here: https://anonymousmixers.medium.com/anonymous-mixer-decentralized-domain-name-5a1767ca4227 (Backup: https://web.archive.org/web/20240206164337/https://anonymousmixers.medium.com/anonymous-mixer-decentralized-domain-name-5a1767ca4227).

In their Medium article, they falsely claimed, "Despite explaining that our mixing process is fully decentralized and we have a no log policy, our domain name was eventually shut down due to the registrar’s demand.". This is a lie. Their previous domain was actually suspended for fraud and abuse, making this attempt at social engineering and psyop tactics evident.

Please remain vigilant and take immediate action if you come across any of the following phishing websites associated with this fraudster:

- anonymix.cc
- anonymix.io
- anonymix.org
- anonymixx.com
- anonymousmixer.eth.link
- anonymousmixers.com
- anonymxfbfg5ml5sclnmy5wqowmjz6gshukdhqw5waosf7mswj2xerid.onion
- bitcoin-laundry.online
- bitcoin-laundry2.net
- bitcoinlaundry.net
- blender.cx
- blender.io
- blender.pw
- blender.so
- blenderbtc.com
- blenderbtc.io
- blenderbtc.pro
- blenderiopnzbuvtva6d2ddiedrbf6fbekh5axomzho6wrulowcludad.online
- blendepkapmkgnp2see447hjzhcwfdcvnpxvhlu7nxado2qddsby6dad.onion
- blenderio.com
- blenderiocpxfema.onl
- blenderio.to
- blenderbitcoin.com
- blenderbit.com
- blenderbit.org
- blendercoin-mixer.com
- blendar.io
- blennder.net
- bitcoinmixer1.com
- bitcoin-mix.org
- bitblender.in
- bitmix.online
- bitmixdit2cubbjiblvzvqfiaaiak3enugt523ohlc446oraia4mjtid.onion
- best[banned mixer]
- best-ethereum-mixer.com
- blog.tezro.com/best-tumbler-mixer-services
- btcmixer.cc
- chipbitmixer.com
- coinmixer.shop
- coinblender.org
- coinmixer.online
- crypto-mixer.cc
- cryptomixer.net
- cryptomixer0.com
- cryptomixer2.com
- cryptobank.co
- cryptomixer-io.net
- cryptomixers-reviews.com
- criptomixer.io
- kryptomixer.io
- laundry-bitcoin.com
- mixersinbad.io
- monero[banned mixer]
- silk-road.io
- sinbady.com
- sinbadmixer.com
- sinbadmixer.net
- sinbadiovpcdyohr3hg7i4hudbkxwnbdkewmsgsoiyjfrqhezdec7qad.onion
- smartbitmix.com
- smartcoinmix.com
- smartmix-blender.com
- smartmixer.me
- slnbad.io
- tornadocash.eth.link
- the-crypto-mixer.com
- thebestbitcoinmixers.com
- ethereum-mixer-eth-mixer.com
- ethereum-mixers.com
- eth-mixing-eth.com
- eth-mixers.com
- eth-mixer-obfuscator.com
- litecoin-mixer-ltc-mixer.com
- overtor.com
- veio.io

and many more...

By reporting any suspicious activity and websites associated with this cybercriminal, we can work together to protect ourselves and others from falling victim to such scams. The link provided (https://scam-alert.io/scam/1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk) offers more in-depth information about the extent of this criminal's activities.

In their recent fraudulent activities, the scammers behind the fake bitcoin mixer phishing websites have adopted a new method of generating a unique bitcoin address for each victim transaction, having previously relied on a single bitcoin address "1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk" to receive stolen funds. This updated approach has allowed them to continue their malicious operations, resulting in substantial financial losses amounting to millions of dollars, with other cryptocurrencies like Ethereum also being targeted.

Nowadays, the fraudster has updated their tactics and is utilizing a custom script. This script generates a unique bitcoin address every time someone attempts to "mix" on his phishing websites.
Previously, the fraudster relied on a single phishing bitcoin address, which was and still is "1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk". It is worth noting that the fraudster continues to evolve his crypto phishing methods even in the year 2024.

There are various threads on BitcoinTalk discussing fake crypto mixer phishing websites. However, the thread I have created focuses on a particular individual whom I have observed through online platforms. This individual displays similar digital behaviors and utilizes crypto addresses that I have tracked. It appears that this person dominates this specific scam scheme, as there is no significant competition in this area.

It is crucial for the BitcoinTalk community to stand united against such fraudulent activities. We must ensure that the relevant authorities and institutions are made aware of this situation to prevent further harm to innocent users and to hold these cybercriminals accountable for their actions. Let us take collective action to combat this criminal network and safeguard the integrity of the cryptocurrency community.

There are numerous complaints and warnings regarding this fraudster who has been operating a cryptocurrency mixer phishing network on the internet for years.

These complaints and warnings can be found here:
https://bitcointalk.org/index.php?topic=5413084.0
https://bitcointalk.org/index.php?topic=5309843.0
https://scam-alert.io/scam/1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk
https://cryptscam.com/es/detail/1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk
https://www.chainabuse.com/address/1HtV8k2Pj4y5bRR1NbjF2uEq8DZjJF2pJk?chain=BTC
https://rakeshkrish.medium.com/bitcoin-mixing-a-survey-short-guide-on-how-to-trace-malicious-transactions-84e29b4b6ca9
https://medium.com/@prazeina/scam-bitcoin-mixers-services-to-check-scam-wallet-addresses-700a1858121c

Thank you for your attention and immediate action in dealing with this pressing matter. Together, we can make a difference in identifying and eliminating these cybercriminals from our community.

Stay vigilant and stay safe!

[Attention, BitcoinTalk community:]

Attention, BitcoinTalk community:

Please be cautious and aware of the fraudulent activities carried out by an russian individual named "cryptofbi007" & "icryptofbi" (🇷🇺).
This evil person has created multiple fake crypto QR code generator websites, including "xmr-qr-code.com", "xmr-qr-code-generator.com", and "xmrqrcode.com".
These websites generate QR codes that only direct funds to the scammer's Monero (XMR) address:
84gHdF7rArqU6e9cbmfPi9iJR2QUU7CoX1XJEvAmQWXmSUkj3C3LVLW3ioHiqNc8iwGPcxCv5Fk13ZY k9fxQFLKuKEW54r6

Please note that a saved archive of the phishing website containing the fraudster's Monero address can be found here: https://web.archive.org/web/20231122120748/https://xmr-qr-code.com/8.php

This phishing scam involves tricking users into sending their cryptocurrency to the scammer's wallet through a QR code, resulting in significant financial losses. The scam operator, known by the pseudonym "cryptofbi007" on websites like GitHub, manipulates and social engineers hosting and domain teams to avoid suspension of these phishing websites. They consistently alter the websites' functionality upon receiving reports and even spam repositories to unblock their malicious domains in order to exploit innocent individuals.

To protect our community, it is crucial to exercise extreme caution and avoid engaging with any QR code generator websites associated with "cryptofbi007". If you come across any instances or suspicious activities related to these scams, please report them immediately.

The scam involving crypto QR code phishing works as follows: The victim enters the crypto address for which they need a QR code. Then, when they generate the QR code on one of the fraudulent crypto QR code websites, it always displays the same QR code on the final page, containing the fraudster's crypto address. Regardless of which crypto address the victim initially entered, the QR code will always belong to the fraudster, and the victim remains unaware. If someone sends cryptocurrency to the victim's "QR code", the funds will actually go to the fraudster, as the QR code belongs to them and displays their crypto address.

His email accounts: The operator is known to use the following email addresses: "cryptofbi007@gmail.com" and "uuyqq11qqaa@protonmail.com".
Due to this abuse, Proton Team has already banned the account "uuyqq11qqaa@protonmail.com", while the account "cryptofbi007@gmail.com" remains active.

His YouTube profile: The YouTube account "https://www.youtube.com/@gabrielenesto1", named Gabriel Enesto (as of 12/22/2023) with Channel-ID: "UCO5q0rVGQs4F4IKnNUbRERg" belongs to the notorious individual known as "cryptofbi007". The fraudster "cryptofbi007", previously known as "@gabrielenesto" on YouTube, recently changed his YouTube handle to "@gabrielenesto1" with the intention of misleading and socially engineering individuals involved in this case. While the old YouTube handle now leads to an error page, people might mistakenly believe the link is incorrect, false, or outdated, whereas the actual YouTube handle as of 12/22/2023 is "@gabrielenesto1" and can be accessed.

His Trustpilot profile: Additionally, the Trustpilot account "https://www.trustpilot.com/users/63c0b6a16503ee0012e7c049" also belongs to this despicable character.
He utilizes these platforms to defame legitimate companies due to the banning of some of his phishing domains and to sabotage his competitors, driven solely by his insatiable greed.
Also, "Cryptofbi007" and "iCryptofbi", who is named Gabriel Enesto on Trustpilot, changed his country to France in the settings, which is why it shows FR on his clearly fake reviews; however, he is originally from Russia, using this method to manipulate both people and law enforcement agencies.

His Reddit profile: The fraudster known as "cryptofbi007" went to the extent of creating a public and restricted Reddit group called "qr_code_" to bolster his deceptive crypto QR phishing scam websites in search engine rankings. This group can be seen at "https://www.reddit.com/r/qr_code_/".
To further his illicit activities, the fraudster operates under the Reddit username "Itchy-Attention8905". More information about his activities and profile can be found at "https://www.reddit.com/user/Itchy-Attention8905/".

His Medium Profile: The Medium profile "@cryptofbi007", which can be visited at "https://medium.com/@cryptofbi007" (banned), also belongs to the Russian cybercriminal who goes by "icryptofbi" on BitcoinTalk.

His GitHub profile: Additionally, they can be found on GitHub under the account: https://github.com/cryptofbi007 (banned), attempting to unblock their phishing domains from phishing warning systems.
Here are the relevant repositories and issues:
https://github.com/MetaMask/eth-phishing-detect/issues/13139
https://github.com/MetaMask/eth-phishing-detect/issues/13080
While "cryptofbi007" attempted to unblock his phishing domains, the request got declined. Additionally, he changed the titles of the requests on GitHub, making it difficult for potential victims to find the specific request related to unblocking his phishing websites.

I recently discovered that a malicious individual known as "@cryptofbi007" (banned) on GitHub has created a new account on Github with the username "@Ceytllle" (https://github.com/Ceytllle). This person, using the username "icryptofbi" on BitcoinTalk, is falsely accusing random individuals who report phishing websites of being me, just as he did on the GitHub platform under his new account named "@Ceytllle" (banned). This is how I came to understand that these are multiple accounts of the same individual. He have linked a BitcoinTalk topic on a GitHub comment where he claim I am somehow involved with websites that I have no association or connection to. It appears that this fraudulent individual is intentionally targeting anyone involved in the fight against crypto cybercrime, including myself.

I obtained some of his social media accounts by reporting the phishing websites to domain registrars and hosting providers. The Russian individual behind these fraudulent activities went by the names "icryptofbi" or "cryptofbi007". Consequently, I received delayed messages that contained pertinent information from this fraudster.

Furthermore, it is worth noting that the operator behind this phishing scam is believed to be Russian and has previously operated fake Bitcoin, Litecoin, and Ethereum QR code generator websites such as "Crypto-qr-code.com", "btc-qr-code.se", and "crypto-qr-code.su". These websites generate the scammer's Bitcoin address: 18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W

The phishing websites "usdt-qr.com" and "ltc-qr-code.su" are also owned by the same individual using the pseudonym "cryptofbi007", indicating a coordinated phishing scheme. Both websites generate the domain holder's (cryptofbi007) USDT address 0xBeE32483957f116c5830133188dca45B80b94Fe6 (https://etherscan.io/address/0xBeE32483957f116c5830133188dca45B80b94Fe6) and Litecoin address LNWTRts3HQeuWnbjjr3Ndg4NARuWQSTApZ (https://blockchair.com/litecoin/address/LNWTRts3HQeuWnbjjr3Ndg4NARuWQSTApZ), further solidifying their association and intention to defraud unsuspecting victims. It is of utmost importance to raise awareness about these fraudulent activities to protect potential targets from falling prey to these scams.

To aid in identification, please find below a list of all known phishing crypto addresses and domains associated with "cryptofbi007":

Phishing Crypto Addresses by "cryptofbi007":
1. Monero (XMR): 84gHdF7rArqU6e9cbmfPi9iJR2QUU7CoX1XJEvAmQWXmSUkj3C3LVLW3ioHiqNc8iwGPcxCv5Fk13ZY k9fxQFLKuKEW54r6
2. Bitcoin (BTC): 18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W
3. Bitcoin (BTC): 1QHz27RxXkLDJ5ZSaTDnNe5kKWPfLRnf8T
4. Bitcoin (BTC): 1ArrBsB86RA9JzEZKByZXXqHLwFuUQtwHJ
5. Litecoin (LTC): LUsDshGP5dyBoCfGbfMJgd6rFHnd1a2B45
6. Litecoin (LTC): LNWTRts3HQeuWnbjjr3Ndg4NARuWQSTApZ
7. Litecoin (LTC): LLRS6eiY2cvywst3Sr97HTUsu6ba2gqmgG
8. Ethereum (ETH): 0x2C46fB8Aa65Bbcb184fBfa1E485B9BCE0371D893
9. Ethereum (ETH): 0x5A29fF6f91beD5b959bfB2FE2D6312cBf599aA13
10. Tether (USDT): 0xBeE32483957f116c5830133188dca45B80b94Fe6
11. Dogecoin (DOGE): DMxiqzkmXyUUN13KstXBn1zfQ8jPtZ1TbL
12. Dogecoin (DOGE): DSVScF3HyMWZV5V9h38S9iDM3vKPpSU7Ey
13. Dogecoin (DOGE): DQjhCr7YPj15H8PLVz5CHFmNSgyrX8WUQk
14. Bitcoin Cash (BCH): qzyzw2m3vjvpku709vjt9jg4y03ylrs6kq9c0yhea3

USDT Tether ETH Stolen by "cryptofbi007" Transferred to FixedFloat:
The cybercriminal from Russia, known as "cryptofbi007", has been involved in transferring stolen USDT Tether / ETH from his phishing fake crypto QR code scam websites to FixedFloat cryptocurrency exchange.
(1) Initially, he receives the stolen funds from his phishing victims in his primary USDT Tether ETH address:
https://etherscan.io/address/0xbee32483957f116c5830133188dca45b80b94fe6
(2) These ill-gotten gains are then transferred to another address:
https://etherscan.io/address/0x2709fd4c61531473b77c5794a723ea49e48bdef4
(3) Lastly, the stolen funds are moved to FixedFloat, using this address:
https://etherscan.io/address/0x2bd1ecf9545410b32ddc4f7a873811fd94963e2b
You can find further details regarding the transactions in the following Transaction Hash, where the stolen funds (over $3.000!) were transferred to FixedFloat: https://etherscan.io/tx/0x19d8571add80245295b2ce870c4f26739447e6f00a836b4f309b9c8a3701a998 (Date: 10/28/2023)

FixedFloat can be contacted regarding this matter here:
info@fixedfloat.com
https://fixedfloat.com/en/support

FixedFloat: To process your request for server log and order data, we kindly ask that you provide an official request from your regional police or other representative, sent from their official email address, as per our policy. Once received, our technical specialists will be more than happy to assist you with the requested information.

When reporting them to the police, whether online through email or a form, or offline, please do not forget to mention their Tether address "0xBeE32483957f116c5830133188dca45B80b94Fe6" and to contact FixedFloat under their email "info@fixedfloat.com" or website. This will make it easier to track down the cybercriminal.

There are both older and newer reports available regarding the phishing scheme conducted by "cryptofbi007" at this address:
https://www.chainabuse.com/address/18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W?chain=BTC
https://cryptscam.com/en/detail/18gcvrjDju719nQNXhJxRAaw25Vj6M6i4W

Phishing Domains by "cryptofbi007":
1. xmr-qr-code.com (ACTIVE)
2. xmr-qr-code-generator.com (ACTIVE)
3. xmrqrcode.com (ACTIVE)
4. usdt-qr.com (ACTIVE)
5. usdt-qr-code.com (ACTIVE)
6. crypto-qr-code.com (SUSPENDED)
7. crypto-qr-code.ru (SUSPENDED)
8. cryptocurrency-qr-code.online (SUSPENDED)
9. coin-qr.to (ACTIVE)
10. btcqrcode.ru (ACTIVE)
11. btc-qr.to (ACTIVE)
12. btc-qr-code.su (SUSPENDED)
13. btc-qr-code.se (SUSPENDED)
14. qr-btc.com (SUSPENDED)
15. ltc-qr-code.com (SUSPENDED)
16. ltc-qr-code.su (SUSPENDED)
17. ltc-qr-code.ru (SUSPENDED)
18. eth-qr-code.su (SUSPENDED)
19. doge-qr-code.su (SUSPENDED)

In addition, please be aware that the following BitcoinTalk accounts are also associated with "cryptofbi007":
1. https://bitcointalk.org/index.php?action=profile;u=3535761 (Olgareva)
2. https://bitcointalk.org/index.php?action=profile;u=3531091 (icryptofbi)
3. https://bitcointalk.org/index.php?action=profile;u=3599054 (Bitadvisor412) - Read: https://bitcointalk.org/index.php?topic=5475430.msg63411893#msg63411893
4. https://bitcointalk.org/index.php?action=profile;u=3600058 (JackETH) - Read: https://bitcointalk.org/index.php?topic=5475430.msg63411893#msg63411893

I have noticed that the users "cryptofbi007", "Olgareva", and "icryptofbi" have been involved in QR phishing scams, where they copy complaints from other people and change the domains and sites belonging to their competitors. This behavior reveals their malicious intent.

The operator of this crypto QR code phishing network is also involved in fake cryptocurrency mixer phishing scam websites. The phishing website "eth-mixer.to" uses the same nameservers that I researched for his other crypto QR code phishing domains, "btc-qr.to" (Archive: https://archive.is/UYrpT) and "coin-qr.to" (Archive: https://archive.is/9zHzB), which are "grace.ns.cloudflare.com" and "hans.ns.cloudflare.com" as of 2/20/2024. The fake ETH mixer phishing website "eth-mixer.to" (Archive: https://archive.is/I9Bnq) shows the same nameserver names and another fraudster's Ethereum address as "0x1C0537db2BAcDB6B9f17aad6bb7356A6700e9FF1".
The same goes for "btc-mixer.to" (Archive: https://archive.is/TaqxC) where he uses his deposit Bitcoin address "1AHkDZ1Ls6vjuME6XToP4wRqd3kmrYeQcp" to receive stolen Bitcoin money, and "ltc-mixer.to" (Archive: https://archive.is/zszEY) where he uses his deposit Litecoin address "LTdsbCtVridM36DTR2KrPLAwRtnDansD2Y" to receive stolen Litecoin money.
He has also now created a full cryptocurrency mixer phishing network next to his QR code crypto phishing network.

Warning: Please be cautious of a fake crypto QR code generator scam conducted by users with pseudonyms "cryptofbi007", "icryptofbi", and "Olgareva".

As the operator of this scam scheme resides in Russia, I recommend reporting the scammer on the following platforms, providing detailed information from this BitcoinTalk topic:

Email: info@mvd.ru - Russian Police
Email: fsb@fsb.ru - Russian FBI
Email: incident@cert.gov.ru
Email: info@cert.ru

IMPORTANT: If you are not Russian or do not have a Russian email address, I recommend creating a ".ru" email address on websites such as "https://rambler.ru".
For example, you can send a detailed report, similar to my complaint, to them from a Russian email address.
This is necessary because other email providers, such as Google, may have blocked sending emails to ".ru" addresses due to the ongoing war.

IMPORTANT²: In the police complaint, please remember to include the individual "icryptofbi" or also referred to as "cryptofbi007".
This person utilized the Tether USDT address "0xbee32483957f116c5830133188dca45b80b94fe6" to receive the stolen funds and defraud numerous unsuspecting victims, resulting in the loss of several thousand dollars. He then transferred the stolen funds to his second address and then to FixedFloat.

Don't forget to mention the contact methods for your police complaint report, stating that one can contact FixedFloat through email at "info@fixedfloat.com" or visit their website at "https://fixedfloat.com/en/support".
They can provide server logs and IPs of the Russian cybercriminal who laundered the stolen cryptocurrency money there. This evidence can be presented to the police to ensure justice is served and victims are refunded.

Report Cybercrime in Russia online: http://services.government.ru/en/letters/form/
Report Cybercrime in Russia online²: https://cert.gov.ru/en/abuse.html
_

Other Russian government contacts are available for residents in Russia:

Russian Ministry of Internal Affairs:
Website: http://www.mvd.ru/
Phone: 8 (800) 350-75-28

Russian Ministry of Internal Affairs Cybercrime Division (Department "K"):
Website: http://www.mvd.ru/OVD/min/rukov_mvd/17/2012/258

The Ministry of Internal Affairs of the Russian Federation:
Phone: 02, 112

The Ministry of Internal Affairs Public Relations Office:
Phone: +7 (495) 667-72-64
Address: 11 Sadovaya-Sukharevskaya st., 120090, Moscow, Russia

Website: http://government.ru/en/department/86/events/

Economic Security and Anti-Corruption Department: +7 (495) 983-62-24
The Economic Security and Anti-Corruption Department of the Ministry of Internal Affairs of the Russian Federation deals with cybercrime and economic fraud.

Stay vigilant and spread awareness within the crypto community.
Let us work together to protect one another and create a safer environment for crypto enthusiasts worldwide.

Please avoid falling victim to these malicious schemes.

UPDATE as of 12/22/2023:

The Russian FSB is actively investigating this crypto cybercriminal case, aiming to locate and hold the fraudster accountable in real life for their malicious actions within their crypto QR code phishing network scheme that has caused significant harm to innocent victims; attached to this complaint is a screenshot of the paperwork from the Russian Federal Security Service (FSB) for your reference:

[Attention, BitcoinTalk community:]

Attention, BitcoinTalk community:

I am writing to bring your attention to the alarming fraudulent activities carried out by the fake crypto exchange website known as "mycoinchange.io". It is crucial to delve into the specifics of this SCAM accusation, as they expose the deceptive practices and lack of credibility exhibited by the website.

To begin with, mycoinchange.io operates without providing any company information, rendering it impossible to verify the legitimacy of their operations. The absence of transparent contact details raises serious concerns regarding the platform's authenticity.

Furthermore, the website lacks any visible feedback or user reviews, an unusual circumstance for reputable crypto exchanges. It is evident that mycoinchange.io attempts to mask its lack of credibility by concealing the absence of user testimonials or complaints.

What's more, "mycoinchange.io" illicitly employs the Trustpilot logo on its website, falsely presenting itself as a trusted and reputable platform. This manipulative act blatantly violates ethical practices and further erodes their credibility.

Most critically, mycoinchange.io's exchange tool neglects to verify the authenticity of cryptocurrency addresses provided by users (🚨). Regardless of the information entered, the website redirects users to the next step without confirming the submission of a genuine cryptocurrency address. This disregard for security protocols raises serious doubts about the legitimacy and integrity of their operations.

It is imperative to protect innocent users from falling victim to these deceptive practices and potential financial losses.

I discovered this fraudulent cryptocurrency exchange through a Medium post (https://medium.com/@michaelkortiz17/review-best-top-5-cryptocurrency-tumbler-reliable-bitcoin-mixer-2023-30076dfba74) created by a fake account (banned), which deceitfully mixed legitimate crypto services in the article to socially engineer and manipulate potential victims. The actions of the fraudsters maintaining MyCoinChange.io are highly malicious.

As of 12/21/2023, the domain "MyCoinChange.io" has been successfully suspended due to its phishing and scam activities. However, the fraudster has acquired a new domain named "mycoinchange.net" to continue their abusive practices. In the article "https://medium.com/@michaelkortiz17/how-to-convert-bitcoin-btc-to-monero-xmr-safely-in-2023-2530a2c6ec91" (banned), the clickable URL has been changed to "mycoinchange.net" following the suspension of "mycoinchange.io" for fraud and abuse.

As of 12/21/2023, the new phishing domain "mycoinchange.net" has been successfully banned by the PDR domain registry.

Update as of 12/21/2023:
In addition to the previously mentioned domains, it is crucial to highlight that the operator of MyCoinChange has recently acquired two new domains for their fraudulent activities: "mycoinchange.co" and "mycoinchange.ai". This indicates their persistence in executing the crypto fraud scheme.

The actual phishing websites used by the fraudster in this case are:
- mycoinchange.io (banned)
- mycoinchange.net (banned)
- mycoinchange.ai (active)
- mycoinchange.co (active)

What makes the situation even more concerning is that the operator intentionally selected domain registrars known for engaging in shady practices. By doing so, they have made it more challenging for authorities and legitimate organizations to take down these domains and impede their illicit operations.

It is of utmost importance to remain vigilant and raise awareness about these new domains. It is vital that potential victims are informed and avoid falling into the trap set by the fraudulent operator of MyCoinChange. By working together and reporting any suspicious activities, we can enhance the chances of shutting down these deceptive practices and safeguard innocent individuals from financial harm.

[Dear Bitcoin Talk community,]

Dear Bitcoin Talk community,

There is a fraudulent cryptocurrency exchange operating under the name of Boomchange or Boom Change, which can be found at "Boomchange.com", "Boomchange.io" and "Boomchange.net". This fraudulent platform, operated by an individual from Armenia (🇦🇲) in Asia, who may be using Ucom as an internet provider, claims to offer cryptocurrency swapping and withdrawal to fiat currencies, with methods such as PayPal. However, this exchange is fraudulent in nature and seeks to scam its users through cryptocurrency theft.

Numerous reports have been filed regarding the fraudulent activities of Boomchange around the internet.

Their fraudulent websites, boomchange.com and boomchange.io, are promoted through various means, including social media platforms like YouTube (https://www.youtube.com/@boomchange_com & https://www.youtube.com/@boomchangeespanol), as well as search engine optimization (SEO) tactics. They employ these strategies to attract unsuspecting victims, and lure them into their fraudulent schemes.

The website "Boomchange.com" is a static site built on a .php script. This script generates crypto addresses that belong to the domain holders of "Boomchange.com", who were previously associated with "Boomchange.io". The old domain owned by the fraudsters was suspended by the Namecheap registrar, but they have now brought "Boomchange.com" back online.

The fraudulent scheme operates in such a way that if users send cryptocurrency to "Boomchange.com", their funds will end up in the wallet of the fraudsters, and these funds will be lost forever. The scam is designed to deceive users into thinking that boomchange.com and boomchange.io are legitimate cryptocurrency exchange platforms, but in reality, they are fraudulent websites that should be avoided at all costs.

The Armenian company, Smartweb.am, is believed to have developed a fraudulent website for the Armenian Boomchange Operator. The suspicion arises from the fact that the operator of Boomchange specifically ordered their programming service to create their scam platform, "Boomchange". This assertion can be further verified by visiting the portfolio page on: https://smartweb.am/#portfolio , providing evidence that Smartweb.am could have been responsible for designing the fraudulent website.

Red Flags of Boomchange: Unlicensed, Unregistered, and Verified as a Scam
Boomchange lacks an official license from entities like FinCEN or MSB, proving it to be a fraudulent cryptocurrency exchange.
The absence of a physical office or headquarters, coupled with the lack of a company address, further confirms that Boomchange is a deceptive crypto scam phishing website.
Another concerning aspect is the complete absence of official business registration or any similar documentation, underscoring the illegitimate nature of Boomchange.
A significant cause for alarm is Boomchange's failure to comply with Anti-Money Laundering (AML) regulations, solidifying its reputation as a malicious scam crypto exchange.
In addition to these red flags, Boomchange's website features a fabricated Terms of Use page, incorporating AI-generated texts, while crucial sections such as the refund policy and privacy policies are intentionally missing.
You can view the page here: (https://web.archive.org/web/20240106020937/https://boomchange.com/terms-of-use).
The most damning evidence against Boomchange lies in its verification as a scam by reputable platforms like MetaMask and Scam-Alert, further reinforcing the prevailing concerns regarding its lack of trustworthiness.
You can view the pages here: https://metamask.github.io/phishing-warning/v3.0.0/#hostname=boomchange.com&href=https%3A%2F%2Fboomchange.com%2F , https://scam-alert.io/scam/bc1qgwx3z59thekwcmp92arrvf4s2yg4ystsr9k2tt
Below in this text, you can find additional evidence and indicators of the fraudulent and malicious activities associated with the fake crypto exchange scam phishing website known as "Boomchange".

The SCAM Domains are:
boomchange.com
boomchange.io

This page can be accessed through a direct URL and serves as proof that the scam operation is in place:
https://boomchange.com/order/5bdda7e1a9 (Backup from 10/30/2023: https://web.archive.org/web/20231030133554/https://boomchange.com/order/5bdda7e1a9)
https://boomchange.com/order/c7dda2e520 (Backup from 10/30/2023: https://web.archive.org/web/20231030133703/https://boomchange.com/order/c7dda2e520)
https://boomchange.io/order/5bdda7e1a9
https://boomchange.io/order/c7dda2e520

The scammers behind the fraudulent "Boomchange" operation utilize a static end-order page, which persistently presents the same cryptocurrency address to all visitors, irrespective of their affiliation with the fake exchange. Furthermore, the end order pages of the Boomchange scam do not impose any specific information or credential requirements, thereby allowing unauthorized users unhindered access.

In addition, the final order pages of the "Boomchange" fraudulent scheme consistently exhibit identical fraudulent cryptocurrency addresses to all visitors, each of which is controlled by the operator of the scam.

Visitors to the order page do not need to provide any information or login credentials, making it easily accessible to anyone. However, the displayed Ethereum address "0x4c2acc0580765d04d555a791bcb0b3661af67b8d" and Bitcoin addresses "bc1qmxkj49ujzednhnzkr3wqpkeh4kfslr9zqume72" and "bc1qgwx3z59thekwcmp92arrvf4s2yg4ystsr9k2tt" are actually being used to deceive users by pretending to be a legitimate cryptocurrency exchange.

Blockchain scan of "0x4c2acc0580765d04d555a791bcb0b3661af67b8d", "bc1qmxkj49ujzednhnzkr3wqpkeh4kfslr9zqume72" & "bc1qgwx3z59thekwcmp92arrvf4s2yg4ystsr9k2tt":
https://www.blockchain.com/en/explorer/addresses/btc/bc1qmxkj49ujzednhnzkr3wqpkeh4kfslr9zqume72 (Over $50.000 stolen as of 10/30/2023)
https://www.blockchain.com/en/explorer/addresses/btc/bc1qgwx3z59thekwcmp92arrvf4s2yg4ystsr9k2tt (Over $58.600 stolen as of 10/30/2023)
https://www.blockchain.com/explorer/addresses/eth/0x4c2acc0580765d04d555a791bcb0b3661af67b8d (Over $14.700 stolen as of 10/30/2023)

On these transactions stolen Bitcoin got transferred to Binance:
https://www.blockchain.com/explorer/transactions/btc/39b3941da4aff56ccf55d307065034a87bb7c7629d3cf7c03db0129f5bf76a0e (Date 12/30/2023) - (Send from their main BTC address "18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr" to Binance)
https://www.blockchain.com/explorer/transactions/btc/88cd37cc36aa16a3e0963c3a18b0cf0ded0ecd4074ed9813875ddd041df9ea37 (Date: 11/19/2023) - (Send from their main BTC address "18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr" to Binance)
https://www.blockchain.com/explorer/transactions/btc/23647cd8c00823a8357e909dc747fef811c2b6404105e9c5677ca27072604260 (Date: 04/13/2023)
https://www.blockchain.com/explorer/transactions/btc/1793e0ccd25137a5d0d182ea9970f2156d01353f17408a2aff036f65aeb93959 (Date: 04/13/2023)

On these transactions stolen Ethereum got transferred to Binance:
https://etherscan.io/tx/0x359d3c4b2aee4b2b191a294c84c471764b0261c2203dc84a35db9fc87ced5720 (Date: 12/27/2023)
https://etherscan.io/tx/0xd7843b410728ca37629c441dab98242086b5c959e8199d12dba5360ad4a8e695 (Date: 12/27/2023)
https://etherscan.io/tx/0x2782028af54d394d4b3d696e61d8c1ede9a492fcac89edc373bc930af8a42a28 (Date: 12/25/2023)
https://etherscan.io/tx/0x60474eca656a3181b65d02bfb81eaddd334671a9c27d1c4d0f47c49b9979eded (Date: 12/23/2023)
https://etherscan.io/tx/0x0642e03eba70ffb421a6158e90cb02168f95e6a137304e939ac9b3465c270512 (Date: 11/09/2023)
https://www.blockchain.com/explorer/transactions/eth/0xf2d55ededda318a19783b3fe27f5862c7421ef9d2c53a5f1f25871a9dc9a3687 (Date: 10/29/2023)
https://www.blockchain.com/explorer/transactions/eth/0x5301ae7030ff97f3f5d8d5f746ef70ff1d69da18ec10bde8105d56e2c359335e (Date 10/24/2023)
https://www.blockchain.com/explorer/transactions/eth/0xac3eda2a292978fb28cf5f5fb95362da38cc6ec894192d261264df722a858b73 (Date 10/18/2023)
https://etherscan.io/tx/0x89be54e7669f3da8b41f1b018761be9b598801d91244068178aad5a4349531e9 (Date: 04/14/2023)

Etherscan of "0x4c2acc0580765d04d555a791bcb0b3661af67b8d":
https://etherscan.io/address/0x4c2acc0580765d04d555a791bcb0b3661af67b8d

On these transactions the stolen Solana got transferred to Binance:
https://solana.fm/tx/3eQpCf5ZqHzXp73JFi8oipH2LKToAQwbrkcW3WBJdhjgsAapZre7Z8qHTaqGumUwCmb5pJvUtvATQb7p6xU7tSA9?cluster=mainnet-solanafmbeta (Date: 10/28/2022)
https://solana.fm/tx/4XwmxztUJVteBRPXxVtU8Pvns8bFrtbWuEZavXwbKAvqyL7vhat56da6sDx1SFb8xC5tW55Z7ehfX1gKeKUfYrvC?cluster=mainnet-solanafmbeta (Date: 09/09/2022)
https://solana.fm/tx/4oM4AXm5mkupj1FPnfbg1hjwrxDxr5TmcXnsuubNJNJZNeAevD8jtKjC63RrenS9CXFNW2rdaFJu6LZ2sUFhfvf9?cluster=mainnet-solanafmbeta (Date 07/19/2022)
https://solana.fm/tx/3Ehg7CiBYw3QdrkSRe4N6KEtUgFJ8TscgWpuujEGpdTiVHtxvnT9DTLHgeq5xnXhM6gf3YNRogyXidaBt4dTkwFm?cluster=mainnet-solanafmbeta (Date: 06/18/2022)

Solana transactions of "72jXsoiK9UZdwdGpA3TYyAGAnVBGggQ9YvEjFS2CW5UE":
https://solana.fm/address/72jXsoiK9UZdwdGpA3TYyAGAnVBGggQ9YvEjFS2CW5UE?cluster=mainnet-solanafmbeta

On these transactions stolen Litecoin got transferred to Binance:
https://blockchair.com/litecoin/transaction/58fac1b1e87b193de67217ac38aa82c986fe2004a7d04222fd1caa75b03ada57 (Date 11/24/2023)
https://blockchair.com/litecoin/transaction/fd31a44fc010bffba99194aaac34fd088447d1014436231095e790cf8dceb65c (Date: 11/09/2023)
https://blockchair.com/litecoin/transaction/60d346dbca52955b8dd3d69991076e8f64b8dacdddb625833ed3e34604f810a1 (Date: 10/30/2023)
https://blockchair.com/litecoin/transaction/d0e507c605a23230b1c6afacd6c6dff87880ffe64dedf2b3790307db4f34742f (Date: 10/28/2023)
https://blockchair.com/litecoin/transaction/e8d2a5029bba9775f46647d0cbfd668fe804e90d99b7d6399d67cb01f78ccd8b (Date: 10/26/2023)

Litecoin transactions of "LKLCaCVM2aZu4CiTCVv9GnbhCt3X7pQtWb":
https://blockchair.com/litecoin/address/LKLCaCVM2aZu4CiTCVv9GnbhCt3X7pQtWb

It seems like they transfer their stolen Bitcoin to their main wallet address: 18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr (https://www.blockchain.com/explorer/addresses/btc/18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr)
From there, they launder/withdraw the stolen Bitcoin on Binance which can be seen here:
https://www.blockchain.com/explorer/transactions/btc/ec650ca4af3bea979ded41826cb21050023e576d8b5de633a99b06211710eaf2 (Date: 10/29/2023)
https://www.blockchain.com/explorer/transactions/btc/8d957595451c9f71609739c93dc2f863610bd7b0880a941eed408d60dcb11f1c (Date: 10/29/2023)
https://www.blockchain.com/explorer/transactions/btc/772debb4680e452a5202ab3d83f26998efd24e896c8060265b571ff910a98f30 (Date: 10/24/2023)
https://www.blockchain.com/explorer/transactions/btc/3505be6daa3b71cb76c0bb01ca8b38cec6b5ae80aa6e699b7f6b2e17d63d8253 (Date: 10/23/2023)
https://www.blockchain.com/explorer/transactions/btc/c006ef5184f49afc519824cd1ab8fe1bb8ccbbbfb69ac9de3a6672eaeecb0ff3 (Date: 10/21/2023)
And the list goes on as it can be tracked on the Blockchain page of Boomchange operators bitcoin address "18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr" (https://www.blockchain.com/explorer/addresses/btc/18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr).
Blockchain scan of "18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr ":
https://www.blockchain.com/explorer/addresses/btc/18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr (Over $196.000 stolen as of 10/30/2023)
After adding this, they began to use a new bitcoin wallet address (bc1qr0avgajde8y37qadrtjd4vt6sdvl9dgq7j6ckj) to which they transferred the stolen bitcoin from the victims of Boomchange. Their new wallet address can be found here: https://www.blockchain.com/explorer/addresses/btc/bc1qr0avgajde8y37qadrtjd4vt6sdvl9dgq7j6ckj (Over $70,00 stolen as of 11/2/2023)

The new Bitcoin address of "Boomchange.com" is: 1Dgc3h8caaJKEBRyrLgovwQWudxmDXmKiK (https://www.blockchain.com/en/explorer/addresses/btc/1Dgc3h8caaJKEBRyrLgovwQWudxmDXmKiK) (Already over $590,00 in Bitcoin stolen as of 11/21/2023)

The Bitcoin address of "Boomchange.com" as of 1/03/2024 is: 18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr
As of 1/3/2024, the operator of the malicious scam platform "Boomchange.com" continues to utilize their deposit bitcoin address "18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr" to deceive unsuspecting victims into sending their hard-earned bitcoin, resulting in irreversible loss of funds.

The current Bitcoin address of "Boomchange.com" as of 2/09/2024 is: bc1qv4rnhlx4fr9zn2cdklawjx429wr9nqhf7yf9uv
As of 2/9/2024, the operator of the malicious scam platform "Boomchange.com" utilize his deposit bitcoin address "bc1qv4rnhlx4fr9zn2cdklawjx429wr9nqhf7yf9uv" to deceive unsuspecting victims into sending their hard-earned bitcoin, resulting in irreversible loss of funds.

The current Ethereum address of "Boomchange.com" as of 2/09/2024 is: 0x4d070f2380F60764E0f48725be03850afA3C0Ee2
As of 2/9/2024, the operator of the malicious scam platform "Boomchange.com" utilize his deposit ethereum address "0x4d070f2380F60764E0f48725be03850afA3C0Ee2" to deceive unsuspecting victims into sending their hard-earned ethereum, resulting in irreversible loss of funds.

Below are the cryptocurrency addresses associated with the "Boomchange" fraud:
1. Binance USD (BSC): 0x4c2acc0580765d04d555a791bcb0b3661af67b8d
2. BNB Beacon Chain (BEP2): bnb1ajdl4npzsuwtfvwy9a5lq6wd2ufm60cag69nde
3. BNB Smart Chain (BEP20): 0x4c2acc0580765d04d555a791bcb0b3661af67b8d
4. Bitcoin (BTC): bc1qgwx3z59thekwcmp92arrvf4s2yg4ystsr9k2tt
5. Bitcoin (BTC): bc1qmxkj49ujzednhnzkr3wqpkeh4kfslr9zqume72
6. Bitcoin (BTC): 18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr
7. Bitcoin (BTC): 1Dgc3h8caaJKEBRyrLgovwQWudxmDXmKiK
9. Bitcoin (BTC): bc1qv4rnhlx4fr9zn2cdklawjx429wr9nqhf7yf9uv
10. Cardano (ADA): DdzFFzCqrht8aXTncbxFkD9pkv73TNHfN2cYe59xUye6zh93cCMU6aYcheNpmwNrunJdxJ5vPLYGxmm 37i89ESnR9Bh3PZHUPmUTYhy6
11. Ethereum (ETH): 0x4c2acc0580765d04d555a791bcb0b3661af67b8d
12. Ethereum (ETH): 0x4d070f2380F60764E0f48725be03850afA3C0Ee2
13. Litecoin (LTC): LKLCaCVM2aZu4CiTCVv9GnbhCt3X7pQtWb
14. MANA Decentraland (ETH): 0x4c2acc0580765d04d555a791bcb0b3661af67b8d
15. Monero (XMR): 846qqAML6S5aLVAxbfb7bzZQEjznGoJDNEm3coutRZEuK6rXZxTaRPhZqcYHHYVqfEcZK1rksvr8xXe UY2pymuXmHAHu3uD
16. Perfect Money (USD): U37414135
17. Polkadot (DOT): 16kATcRPnQRDJXNZmUq21gk83edHnkaoPzmrwtmkp4qbsUo4
18. Ripple (XRP): rEb8TK3gBgk5auZkwc6sHnwrGVJH8DuaLh
19. Shiba Inu (ETH): 0x4c2acc0580765d04d555a791bcb0b3661af67b8d
20. Solana (SOL): 72jXsoiK9UZdwdGpA3TYyAGAnVBGggQ9YvEjFS2CW5UE
21. STEPN GMT (SOL): 72jXsoiK9UZdwdGpA3TYyAGAnVBGggQ9YvEjFS2CW5UE
22. Tether (ERC20): 0x4c2acc0580765d04d555a791bcb0b3661af67b8d
23. Tether (TRC20): TK72J7YwNqkeqEsbbhcSZTG6QXWTQgX7dA
24. Tron (TRX): TK72J7YwNqkeqEsbbhcSZTG6QXWTQgX7dA
25. Trust Wallet TWT (BEP20): 0x4c2acc0580765d04d555a791bcb0b3661af67b8d
26. USD Coin (SOL): 72jXsoiK9UZdwdGpA3TYyAGAnVBGggQ9YvEjFS2CW5UE
27. Polygon (MATIC): 0x4c2acc0580765d04d555a791bcb0b3661af67b8d

The above cryptocurrency addresses, associated with the "Boomchange" fraud, were discovered on their domains, "Boomchange.com" and "Boomchange.io".

The "Boomchange" fraudsters change the static crypto addresses on their end order pages whenever they detect reports or complaints about their phishing website. They use this tactic in an effort to trick victims and evade detection, thus allowing them to continue their scamming activities. In addition, there have been reports from victims across the globe who have fallen victim to the scam. These reports can be found on various online platforms which are linked below.

The operator suspected to be in charge of Boomchange (Boomchange.com & Boomchange.io) resides in Yerevan, Armenia (Asia).

Suspended History of the Domain "Boomchange.com":
The history of the "Boomchange.com" domain is marked by suspensions and changes of ownership. Initially registered with NameCheap, the domain was suspended by the registrar. After expiring, it became available again and was repurchased by the Armenian operator of "Boomchange" through another domain registrar called NICENIC. It is noteworthy that NICENIC is considered the most abused domain registrar according to Spamhaus.org (https://www.spamhaus.org/statistics/registrars/).

"Boomchange.com" was also suspended on NICENIC. Unfortunately, the domain is currently back online as the operators have employed psychological operations and social engineering techniques to persuade the NICENIC abuse support teams to unblock their abused domain. As of 1/19/2024, the domain is still accessible.

As of February 16, 2024, the operator of "Boomchange.com" changed the domain registrar from "Nicenic" to "Internet Domain Service BS Corp" to continue his fraud and abuse of their domain services (https://web.archive.org/web/20240306101848/https://www.whois.com/whois/boomchange.com).

Here is the evidence to support these claims:
https://web.archive.org/web/20230510133318/https://www.whois.com/whois/boomchange.com
https://web.archive.org/web/20240119200752/https://www.whois.com/whois/boomchange.com

Their previous domain, "Boomchange.com", was already suspended for fraudulent activities and an archived version of the site from 2022 at https://web.archive.org/web/20220701070044/https://boomchange.com/ before suspension.
Currently, the domain has expired on the old registrar, Namecheap where it was blocked, and the fraudsters have switched to the NICENIC chinese registrar and later to Internet Domain Service BS Corp registrar.
Despite the domain's checkered past, it is back online, and people continue to fall victim to its scams.

As of April 10, 2023, the operator of "Boomchange.com" is now using a new domain, "Boomchange.net" again on NICENIC chinese registrar, as the previous one was flagged as a phishing website by MetaMask and some other crypto cybersecurity companies.

These are the email addresses of the "Boomchange" operator:
boomchange222@gmail.com
boomchange6@gmail.com
register2022.2023@gmail.com
edgarhakobyan2012@gmail.com
info@boomchange.com
A newer email address that has been identified is: boomchangeplay@gmail.com

These might are the fraudsters IP addresses:
37.252.89.7 - Armenia, Yerevan - Internet Provider: Ucom.am (This might be his computer IP)
46.130.8.54 - Armenia, Yerevan - Internet Provider: Telecom AM (This might be his mobile phone IP)
Another IP address of the Armenian living in Yerevan cyber criminal: 37.252.93.99 - his iPhone IP address (Mozilla/5.0 (iPhone; CPU iPhone OS 16_0_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Mobile/15E148 Safari/604.1)

Update as of 11/2/2023:
46.162.253.8  - Armenia, City: Yerevan, State/Region: Erevan - Internet Provider: Ucom.am (New IP of "Boomchange" operator as of 11/2/2023)

Possible VPN or Proxy IP Addresses of the Armenian Operator of "Boomchange":
41.160.35.133 - South Africa, Gauteng/Johannesburg/Western Cape - Internet Provider: Liquid Telecommunications Operations Limited (New IP of "Boomchange" operator, might be a Proxy or VPN as of 11/2/2023)
217.182.175.162 - France, Hauts-de-France - Internet Provider: OVH SAS (New IP of "Boomchange" operator, might be a Proxy or VPN as of 11/2/2023)

The Hosting provider of the scam website "Boomchange.com" is: Amarutu Technology - Koddos.net
Boomchange can be reported to abuse@koddos.net or through a ticket on their site under "Abuse": https://koddos.net/clients/submitticket.php
The Domain provider of the scam website "Boomchange.com" is: NICENIC INTERNATIONAL GROUP CO., LIMITED - Nicenic.net
Boomchange can be reported to abuse@nicenic.net through email.

"Boomchange" has been scamming people for years, utilizing search engine optimization (SEO) and purchasing positive online reviews on platforms like Trustpilot and Sitejabber to promote their fraudulent services.
The "Boomchange" Operator systematically deletes negative reviews by flagging them as not genuine, abusing the report system of these platforms, and making it difficult for scammed victims to provide the necessary evidence to keep their reviews visible, resulting in only verified negative reviews remaining on Trustpilot and Sitejabber.

These are the social media accounts of the criminal operator of "Boomchange", which he uses to promote this fraud:
https://www.youtube.com/@boomchange_com
https://www.youtube.com/@boomchangeespanol
https://www.youtube.com/@boomchange_io
https://www.facebook.com/people/Boom-Change/100084132785601/
https://www.tiktok.com/@boomchange
https://www.reddit.com/user/boomchange
https://www.twitter.com/BoomChange1
https://www.instagram.com/boomchange_com

When the domain "Boomchange.com" was blocked by the former domain registrar Namecheap, the scammers switched to using "Boomchange.io" for their fraudulent activities. During that time, they also changed their YouTube handle to "@boomchange_io" to match their new domain name.

Now, after buying back the "Boomchange.com" domain name following its expiration on another domain registrar, the scammers have resumed using the domain name for their deceptive activities. As a result, they have reverted back to their old YouTube handle, "@boomchange_com".

The operator of "Boomchange" uses the Telegram and WhatsApp number (+18502800803) to engage in social engineering and manipulate victims into sending cryptocurrency to the fraudulent platform.

GitHub accounts of the operator of "Boomchange":
https://github.com/Boomchange
https://github.com/adminchanger
https://github.com/Uscompanylaw
https://github.com/Jerayer
https://github.com/Rodriguez3234
https://github.com/CarsWell87
https://github.com/Kurtel-liot0808 (banned)
https://github.com/User-Jack22 (banned)
https://github.com/Gagi77788 (banned)

The operator of the "Boomchange" scam has created multiple spam accounts on GitHub, including "adminchanger" and "Uscompanylaw". These accounts use words in their username such as "lawyer" and "admin" to suggest authenticity, but they are fake and part of a malicious manipulation tactic.

As of 1/3/2024, the operator of the malicious scam platform "Boomchange" was recently active on GitHub under the account username "@Jerayer" (https://github.com/Jerayer).

Possibly "Boomchange" operator accounts on BitcoinTalk:
https://bitcointalk.org/index.php?action=profile;u=3559734 (Username: Craigorders)
https://bitcointalk.org/index.php?action=profile;u=3551462 (Username: Jerayer)
https://bitcointalk.org/index.php?action=profile;u=3561707 (Username: James77887799)
https://bitcointalk.org/index.php?action=profile;u=828900 (Username: tobi4255)
It seems that the account with the username "tobi4255" on https://bitcointalk.org/index.php?action=profile;u=828900 may have been purchased on the black market, given its suspicious activity promoting the fraudulent website "Boomchange" found here: https://bitcointalk.org/index.php?topic=5457875.0
It is worth noting that during the same time period, many questionable accounts - some of which with a Trust rating of -1 - posted almost identical positive comments about the website, which appears suspicious.

The Connection Between "Boomchange.com" and "IPTVleopard.com": Uncovering the Association with Other Illegal Activities:
I researched and discovered that the website "iptvleopard.com" may be associated with the "Boomchange.com" Operator, who also owns the website. The website "iptvleopard.com" is being promoted on the same Medium account as "Boomchange.com" through fake articles.
You can view these articles at the following archived links:
1. https://web.archive.org/web/20240120180921/https://medium.com/@WBD-Vlad
2. https://web.archive.org/web/20240120181225/https://medium.com/@WBD-Vlad/best-canada-iptv-service-provider-for-tv-channels-iptvleopard-2b4e4a896e74
3. https://web.archive.org/web/20240120181609/https://medium.com/@WBD-Vlad/the-best-reliable-crypto-exchange-boomchange-a9220839b228

In one of their YouTube videos, where they advertise the "Boomchange" scam platform, I discovered that the operator also researched becoming an "IPTV Reseller".
You can see this in the following video: https://www.youtube.com/watch?v=h4KrPTeNCCA&ab_channel=BoomChange (archived: https://web.archive.org/web/20240120181903/https://www.youtube.com/watch?v=h4KrPTeNCCA).
At 0:08 minute mark, it is evident that they searched on Google to become an IPTV reseller, making it the second clear connection I found.

Additionally, they promote the "IPTV" stuff on a YouTube channel.
The videos on this channel are similar to the ones on the "Boomchange" YouTube channel, both in terms of creation and voiceovers.
This further suggests that the Armenian operator of "Boomchange" also operates the "IPTVleopard.com" website.
You can find their YouTube channel here: https://www.youtube.com/@ShortMovies2024 (Channel-ID: UC6IM2FP9we9E5A3IGGl1fgQ)

For their other platform, "iptvleopard.com", they use the WhatsApp number "+37433890790" and attempt to promote this website on Reddit, just like they do with "Boomchange".
You can see the attempted promotion here: https://www.reddit.com/r/Internet/comments/17vsev8/best_iptv_service_providers_in_2023_trusted/
However, the post has already been removed by Reddit fortunately.

It seems that "iptvleopard.com" belongs to the Armenian operator of the "boomchange.com" crypto scam phishing website. The utilization of illegal IPTV services directly violates copyright laws that are in place to protect the intellectual property of content creators and providers.

More information about the "Boomchange" scam can be found on Chainabuse and other Bitcoin abuse sites, such as:
-
https://www.chainabuse.com/domain/boomchange.com
https://www.chainabuse.com/domain/boomchange.io
https://www.chainabuse.com/report/2281bb1d-cc6a-4023-a57a-a09504d258a8?context=search-domain&d=
https://www.chainabuse.com/report/2d277c00-5a1d-4544-941c-66a784c47d39?context=search-address&a=bc1qr0avgajde8y37qadrtjd4vt6sdvl9dgq7j6ckj&chain=
https://www.chainabuse.com/report/dc9abf1d-264f-4420-ba2a-b475809e0411?context=search-address&a=1Dgc3h8caaJKEBRyrLgovwQWudxmDXmKiK&chain=
-
https://scam-alert.io/scam/bc1qgwx3z59thekwcmp92arrvf4s2yg4ystsr9k2tt - Confirmed Scam (boomchange.com) by Scam-Alert
https://scam-alert.io/scam/bc1q6a5gket0qhzks42k6v94uwshrse5t0njtpy3gr
https://scam-alert.io/scam/18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr
https://scam-alert.io/scam/bc1qr0avgajde8y37qadrtjd4vt6sdvl9dgq7j6ckj
https://scam-alert.io/scam/1Dgc3h8caaJKEBRyrLgovwQWudxmDXmKiK
-
https://cryptscam.com/en/detail/bc1qgwx3z59thekwcmp92arrvf4s2yg4ystsr9k2tt
https://cryptscam.com/en/detail/bc1q6a5gket0qhzks42k6v94uwshrse5t0njtpy3gr
https://cryptscam.com/en/detail/18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr
https://cryptscam.com/en/detail/bc1qr0avgajde8y37qadrtjd4vt6sdvl9dgq7j6ckj
https://cryptscam.com/en/detail/1Dgc3h8caaJKEBRyrLgovwQWudxmDXmKiK
-
https://www.bitcoinabuse.com/reports/18vpuWeMMFEZhm5tgxjuTs7aHtwotchPkr
-

Be cautious of the scam known as "Boomchange" which operates under the domains "Boomchange.com" and "Boomchange.io", and thank you for your attention.

Kind regards.

[!SCAM!]

Hello friends,
while browsing the Internet, I discovered a fake cryptomixer that pretends to mix several cryptocurrencies.
However, this one is fake and will steal money of every victim who uses Mymixer.io (SCAM) site.

The Scammer has bought reviews on Trustpilot and Sitejabber and uploads Youtube videos en masse on hacked/stolen Youtube channels like here:

https://www.youtube.com/watch?v=frCWNd6WdZI
https://www.youtube.com/watch?v=TmLvVoEVPoQ
https://www.youtube.com/watch?v=kIRX4MZwQ6I

The Videos can be reported, but Youtube is pretty slow doing something against this if they ever do anything at all.
These are just 3 of them, they got more and keep uploading more.

They also hack/steal Twitter accounts and abuse them to promote their fake bitcoin mixer and other fraudulent crypto services like here:
https://twitter.com/RaziaKhan_0/status/1651124935345987585
https://twitter.com/crypto_moneky/status/1616729821807271938

They can be reported too there but Twitter is a bit like Youtube on this Topic.

Fraudsters use in this case social engineering, they do upload between their scams some authentic videos to trick the support teams. That is how they can stay longer alive.

They got a full network of fake crypto mixers.

The phishing domain MyMixer.io is registered with Registrar.eu registrar, as of 31.05.2023 and can be reported to them here: https://abuse.registrar.eu/

Please beware of the !SCAM!phishing site MyMixer.io.