We Investigated Btcmal: Legit or Scam? The Facts

Recently, Btcmal.xyz service appeared, promoting itself as a place where you can securely keep cryptocurrency and other assets. I managed to gather reliable evidence that unmistakably confirms it is, actually, a deceptive service.

Despite the promises of the most user-friendly, reliable, and customer-centric service, Btcmal.xyz does not follow any of them. In fact, all this is just a golden wrap around a dirty scam, which takes your money and data and never returns them. Any tales about bonuses, backing from celebrities etc are non-existent as well.

Btcmal Scam Overview

Originally, Btcmal poses as a cryptocurrency trading & cryptowallet platform with remarkably low commission fees. Another bright marketing point for this service is backing from celebrities that have relation to the crypto world. Vitalii Buterin (Ethereum creator), Elon Musk, Jeff Bezos, Bill Gates, Warren Buffet – the site claims having significant support from them. To make these claims look real, frauds use deepfake videos where those celebrities advertise the scam as if it was the best thing in the world. For known reasons, Elon Musk is the most common among them. But, as I mentioned above, all this is just a vivid wrap around a transparent scam.

Btcmal Scam

To begin with, Btcmal repeats the layout of numerous equivalent online platforms. There are quite a few examples, like Sluwex, Bidmux or Zenlunex. They are entirely indistinguishable in terms of visual elements, with slight discrepancies in the webpage header. Other details, and at times even crypto wallet addresses, are identical. Most likely, all these deceptive online platforms are managed by the same team of swindrels.

Cryptocurrency Scam Summary

Website	Btcmal.xyz
Hosting	AS13335 Cloudflare, Inc. United States, San Francisco
IP Address	188.114.96.3
Threat Type	Scam/Fraud
Scam Type	Fraudulent offers of cryptocurrency services

How the Btcmal Scam Works?

Btcmal is a part of a significant cryptocurrency scam scheme that started circulating actively in 2023. Swindlers who stand behind it use various website designs, which still share the similar overall layout. Another common element are the ways the scams like NAME are promoted, and the manner all this ends up to the victim of the scam. To reach peak efficiency, frauds apply complex psychological tricks that make the user believe in the authenticity of the website. But let’s review them one by one.

Step 1: Promotion

To begin the scam, criminals establish and fill accounts on well-liked social media platforms. They generally target Facebook, Instagram, Twitter, and TikTok. Subsequently, the marketing campaign starts. Using bots and paid advertisements (when possible), scam actors intensify the visibility of their deceptive activities to possible victims. And as I said, scammers do not shy away using deepfake for creating videos with the mentioned celebrities that advertise their scam to the public. To boost the folks even more, frauds claim the bonus for every user who enrolls the service immediately.

Promotions of cryptoscams like Btcmal in TikTok. Most of these videos are AI-generated deepfakes

Users receive an incentive to sign up, enticed by the promise of obtaining crypto rewards valued at thousands of dollars, all free of charge. To increase the appeal of the offer, false claims of sponsorship by a celebrity are added. As you may guess, these claims are entirely baseless.

Step 2: Gaining Traffic

Upon following the ads, victims end up on a page filled with appealing offers. “Crypto starts with Btcmal”, “Your crypto savings are secured with Btcmal, “Start earning with Btcmal – they look rather reliable. To heat up users and make them proceed to step 3, crooks say that getting the pledged bonus requires registration. And as nothing questionable happens at this point, uninformed users happily keep on – especially as the reward appears to be right behind the corner.

At this point, it is possible to get away from the scam without any losses. Before you register using your personal information, frauds will not be able to earn even a nickel from your presence on the website.

Step 3: Data Gathering

This is where the main fraud action begins. As I just mentioned, frauds bait folks into signing up for bonuses. And all the personal information needed for it – email, username, crypto wallet address – is valuable for user identification. Only by gathering this data and selling it further into the Darknet, fraudsters can earn quite a penny. Still, their plans go much further.

As it turns out, the promised bonus is not available to use right away. To make it at least usable for cryptocurrency purchases, the user should top up the account with the equivalent sum. And this is what starts the final stage of the scam.

Step 4: Requesting funds

It is obvious that any crypto operations require having money on your account. In the case of Btcmal, users are also compelled to top up to claim the bonuses. And this is what creates most of the money flow to this scam website. By topping up the account, users hope to get the committed gift (usually $500-1000 in USDT), and may start engaging on this site hoping to use all the credited funds and withdraw them.

This is where the first obvious problems start to surface. When comparing the actual cryptocurrency wallet vs what the site says, you can observe that no transactions are done whatsoever. And then, when you’d try to pull out the capital from your account, the scam is finally uncovered to the user.

Step 5: Escaping from Funds Withdrawal

Needless to say that fraudsters have 0 intentions to return your money. But to make the fraud look more realistic, they’ve developed a whole pack of reasons to decline the wireout request. Usually, they repeat what Know Your Client guidelines say, but in this case they are here only to make the wireout impossible.

By asking for your personal data, scammers just stall hoping for you to accept the loss and stop contacting them. If you don’t – well, there are a dozen other checks you would desperately need to undergo before getting your funds back. And each of these checks will uncover more and more info of yours, which – you guessed it right – will be then sold on the Darknet. Never reveal your real info to strangers!

Signs of Scam

I gathered several facts that point at the scammy nature of the Btcmal.xyz. Actually, there are a lot of scams that fall under the same points, so they are pretty much universal.

False Celebrity Sponsorship. Btcmal often resorts to fake endorsements from celebrities such as Elon Musk, Jeff Bezos, Mr. Beast, and Mark Zuckerberg. This fraudulent tactic extends to claiming partnerships with reputable companies like Coinbase, Binance, or MetaMask, despite lacking any genuine affiliations.
Cryptocurrency-Only Payments. Btcmal.xyz exclusively accepts payments in cryptocurrencies, rejecting traditional bank transfers and other methods. This approach not only masks the company’s identity but also eliminates the possibility of seeking refunds.
Dubious Company Information. Btcmal raises suspicion by withholding essential ownership, location, and registration details. Furthermore, the absence of legitimate contact information and the recent establishment of domain and social media pages intensify skepticism.
Unsubstantiated Hype. Btcmal.xyz employs groundless hype tactics, fabricating events like securing contracts with Coinbase or receiving endorsements from Elon Musk. These manipulative techniques aim to instill false confidence and encourage further investments.
Potential Pyramid Scheme. The scam relies on a structure resembling a Ponzi scheme, leveraging a referral system spread through social media. However, only initial participants benefit, often at the expense of subsequent investors.
Implausible Claims. Promising returns of 50-100-200%, Btcmal preys on the desire for quick profits. Yet, the volatile nature of the cryptocurrency market makes such gains highly unlikely, definitively labeling Btcmal as a scam.

What Should I do as a Victim?

If you had to deal with Btcmal site and fell victim to that scam, there are still some steps to take. They will make further scam attempts harder, and also boost the knowledge about that scam among folks.

Immediate Reporting. Your initial step should involve promptly notifying local authorities specializing in financial fraud. Extend your reach by reaching out to wallet providers and engaging with social networks’ technical support teams. These actions serve to raise the bar for the scammers’ operations.
Share among Friends. Amplify your efforts by informing your close friends about the scam. Similar to informing authorities, this dissemination of information restricts the scammers’ potential victim pool.
Preserve Crucial Information. Compile a comprehensive evidence archive by capturing screenshots and archiving all relevant website-related data. Collect the website URL, screenshots of the main page, login interface, end-user license agreement (EULA), account top-up menu, and wallet addresses. These records could provide vital clues for authorities in their pursuit of the scammers.
Exploring Refund Options. While most banks’ refund policies may exclude cryptocurrency payments, it’s advisable to explore potential refund avenues under specific circumstances. Maintain hope until you obtain confirmation of the loss.
Transform Loss into Knowledge. Turn your financial setback into an opportunity for growth. View your loss as an investment in understanding the strategies employed by crypto scam sites. Familiarize yourself with their telltale characteristics, the methods they employ to entice individuals, and the extravagant promises they make. Equipped with this insight, you’ll be well-prepared to spot and evade future traps without suffering additional financial setbacks.

Scan your system for possible malware infections

Beware of cross scams! Scam actors can use your trust to make you download some stuff or interact with certain documents. It may be a trap that installs malware to your system. There are no moral barriers or limits for these scoundrels.

Throughout the duration of the fraud, its actors may reach out to you with particular documents. Alternatively, they may offer you to deploy “cryptocurrency wallet applications” or “browser extensions” to facilitate access to your cryptocurrency assets. As we already figured out, these scoundrels have no plan of giving back your money. So, what do these emails and browser add-ons represent? You guessed it right – this is another element of the fraudulent scheme designed to throw you into willingly running harmful applications onto your device.

Both add-ons and files attached to email messages can act as a shell for various malicious code. In this case, I foresee the presence of spyware and stealers among all types of malicious programs. While it is not mandatory for scammers to distribute malware, the likelihood is always significant. As noted, their conscience is of no concern, and their reputation is already neck deep in mud. They have no scruples to lose and intend to maximize revenues.

Frequently asked questions

Is there any real info on Btcmal site?

The vast majority of information posted on the Btcmal site is false. It is either fabricated, or a manipulation that misses the context of mentioned events. However, things like quotes or other interactive elements related to current prices may be trustworthy. But I would rather avoid using them as a primary source of information.

Are the Btcmal site promices real?

No, there is no legitimate information on the Btcmal site. The operators of this site use fabricated details and deceptive tactics to create an appearance of credibility, such as appealing visuals and claims of being a licensed company. However, these claims are false, and the site is part of a larger network of interconnected crypto scam sites designed to defraud victims.

Is there any way to recover my lost funds from Btcmal scam?

Unfortunately, recovering funds lost to a scam like Btcmal can be extremely challenging, if not impossible. Scammers often operate from obscure locations and use various tactics to cover their tracks, making it difficult to trace or retrieve the stolen funds. In many cases, these scams are designed to exploit victims and disappear once they have obtained the money.

How to spot crypto trading scams in the future?

Spotting crypto trading scams requires vigilance and a critical eye. Here are some tips to help you identify potential crypto trading scams in the future: Question Unrealistic Promises. Approach offers that promise unrealistically high returns or guaranteed profits with caution. If an investment opportunity sounds too good to be true, it probably is. Scrutinize Celebrity Endorsements.

What should I do as a victim of a Btcmal.xyz scam?

Contact your bank or card provider and ask about chargeback options.
Save screenshots, receipts, tracking numbers, and emails as evidence.
Change reused passwords and enable two-factor authentication on important accounts.
Watch for follow-up phishing emails pretending to offer refunds or delivery updates.