Robot Money – TOR Scam Report (197)
Onion Link : http://rmoneyk6ykahdlhupc2migborsldthiungvwvdlosak2oe5dypxnkyad.onion/
Scam Report Date : 2025-02-22
Client Scam Report Breakdown
Original Scam Report :
The client describes a fraudulent transaction involving an online marketplace. They state that after sending a payment for goods—expected to arrive within an hour—a mysterious second transaction appeared in their Electrum wallet history within 20 minutes. This unauthorized transaction completely emptied their wallet, suggesting their funds were stolen. The client emphasizes that they had never experienced issues with the wallet before, had not shared their private keys or details with anyone, and had not made payments in over three weeks, leading them to believe that the marketplace itself was responsible for the unauthorized withdrawal. Additionally, the client mentions that the site has a supposed escrow service (AllState Escrow) and customer support email, but they express doubt about receiving any assistance or recovering their funds.
Photos :
Terminology and Key Definitions
- “Electrum Wallet” – Electrum is a popular Bitcoin wallet known for its security and lightweight design. However, if a user’s private key is compromised, bad actors can initiate unauthorized transactions without the user’s consent. Given that the client had not used the wallet for weeks, it suggests that the site or seller may have deployed malware, a phishing attack, or exploited a vulnerability to gain access.
- “Unauthorized Transaction & Wallet Drain” – A second transaction appearing shortly after a legitimate payment is a classic sign of a compromised wallet. This can happen through wallet-draining malware, phishing, or if the site tricks users into signing a transaction that grants full wallet access rather than just sending a single payment. Once this happens, the scammer sweeps the funds into their own accounts, leaving the victim with a zero balance.
- “Fake Escrow Service” – The client mentions an escrow service (AllState Escrow) that is supposed to act as a guarantor for transactions. However, in scams like this, fraudulent escrow services exist solely to create a false sense of security while offering no real buyer protection. If the escrow service is run by the scammers themselves, it is simply a front used to lure victims into a false belief that their funds are secure.
Analysis and Scam Indicators
This report presents multiple indicators of a highly sophisticated scam. First, the timing of the unauthorized transaction—happening within minutes of the initial payment—suggests that the marketplace had access to the client’s wallet or seed phrase through malicious code, phishing, or hidden scripts. Second, the client’s prior security habits (not using the wallet for weeks, not sharing credentials) indicate that the compromise likely originated from the scam site itself. Third, the presence of a fake escrow service further solidifies the scam, as legitimate escrow services do not ignore fraud complaints. The fact that the client does not expect a response strongly suggests that AllState Escrow is either complicit in or directly operated by the scammers. This scam follows a well-documented pattern, where fraudulent marketplaces not only steal the payment for goods but also use malware or social engineering to drain the victim’s entire cryptocurrency balance. This case serves as a strong warning to never trust escrow services that are directly affiliated with the marketplace itself and to use cold storage wallets when dealing with unverified vendors.
