Discord chat platform users fell victims to scammers stealing cryptocurrency and personal data under the guise of distributing BTC or ETH reports Kaspersky Lab.

Potential victims are offered to register on a new exchange and receive a cryptocurrency as a gift using a special code.

To complete the registration, the user is required to top up the account with 0.02 BTC, or the equivalent in Ethereum or dollars. If the user agrees to the conditions and makes the payment platform indeed shows a positive balance, however, it is impossible to withdraw cryptocurrency from the platform, as well as the deposit made before.

In case of refusal, the user is asked to go through a KYC procedure and provide his contact information, identification documents, a selfie with a passport, and a hand-written note with the exchange address, registration date, and signature.

“The scammers appear to be collecting a database to sell; many legitimate services, including financial ones, use such personal data sets to confirm users’ identities, so they fetch a nice price on the dark web. Also supporting our conjecture is the scammers’ insistence that photo IDs must not be marked in any way.” suggested at Kaspersky Lab.

The fake exchange constantly changes its names, one of them is withEREUM. The platform’s website looks quite convincing: it contains information about exchange rates, charts, an order book, trade history, technical support, and an interface in several languages. The ability to configure two-factor authentication is also misleading.

Kaspersky Lab experts advise not to trust messages about free distribution of cryptocurrency and not to share personal information with unknown resources. Configuring Discord’s privacy settings will also help avoid issues like this.