Investigating the Rabby Wallet Scam
In February, an estimated $1.6 million was stolen through a fraudulent cryptocurrency wallet that bypassed Apple’s App Store review. This scam, masquerading as DeBank’s Rabby Wallet, operated for four days before its removal. Victims were caught off guard, trusting the security of Apple’s platform. One user recounted how their funds vanished shortly after using the fake app.
Tracing the Scammer’s Identity
The fraudulent activity was first pinpointed by a user known as Bthemouth, whose funds were transferred to a wallet identified as the Rabby Drainer (RD). Further investigation linked this wallet to an entity named “Konpyl” on the OpenSea marketplace. Although the label was later altered, the initial connection remains verifiable through Arkham Intelligence, a platform tracking blockchain data.
A private investigator, collaborating with authorities, has connected “Konpyl” to over 20 similar scams, with Magazine independently confirming ties to at least seven cases. The investigator revealed that this individual has been targeting unsuspecting users for about seven years, focusing on those who invest substantial personal savings.
Unmasking the Konpyl Identity
Images of Know Your Customer (KYC) documentation shared with Magazine indicate links to “Konstantin Pylinskiy,” the CEO of Moonward Capital in Dubai. Despite these connections, there is no direct accusation against Pylinskiy. Attempts to reach him for comment were unsuccessful.
The Konpyl wallet, holding around $3 million in crypto assets, shows transactions associated with various scams. Notably, the latest transaction involved a wallet marked as “Fake_Phishing” on Etherscan, hinting at ongoing fraudulent activities.
Mechanisms of the Rabby Wallet Scam
Bthemouth described how the scammer employed a drain bot to automate fund transfers. The perpetrator uses numerous methods to obscure their activities, including fragmenting stolen funds across multiple wallets and utilizing decentralized finance (DeFi) services to cover tracks. Despite these efforts, links between the RD and Konpyl wallets persist.
The scammer often consolidates significant amounts into new wallets for deposits into centralized exchanges. Bthemouth’s funds were funneled through Rhino, a multichain bridge frequently used by the scammer. Tokens were deposited and withdrawn through various wallets, illustrating the complexity of the laundering process.
Victims and Financial Losses
Including the RD wallet, public reports suggest at least 10 addresses responsible for over $1 million in losses. The February incident was not isolated, as previous versions of the scam drained additional funds using other Konpyl-linked wallets. Magazine traced these activities to the same Rhino output address used in Bthemouth’s case.
Three other suspicious wallets, possibly connected to the Rabby wallet scam, extracted a further $278,872. Moreover, three separate wallets linked to Konpyl used phishing tactics to steal $93,261, culminating in an estimated $1.6 million linked to the fake wallet scheme.
Broader Implications and Ongoing Investigations
The 2024 Rabby wallet scam is not the only illicit activity tied to the Konpyl address. Historical blockchain records reveal similar patterns in past scams, such as the Ledger Scam in 2020, which involved comparable deposit strategies and fund movements.
A private investigator emphasized the need for tech companies like Apple to actively combat such scams on their platforms. Google previously set a precedent by suing scammers for similar fraudulent activities on its Google Play marketplace.
Despite the challenges in recovering lost funds, investigations by law enforcement and blockchain experts continue, with Konpyl remaining a central figure in the ongoing scrutiny.
