Compromised Facebook accounts used to spread crypto reward scam tied to suspected Chinese-linked network

• Photo from Pixabay

A growing online scam is spreading through Facebook Messenger after hackers take control of legitimate accounts and use them to send fraudulent links promising cryptocurrency rewards or free digital coins.

The scheme typically begins when attackers gain access to a Facebook account, often through phishing links or stolen passwords. Once inside the account, the attackers use Messenger to send messages to the victim’s entire friends list.

The messages usually contain a link claiming users can earn cryptocurrency, receive free tokens, or participate in an online rewards or gaming platform. Because the message appears to come from someone the recipient personally knows, many users are tempted to click the link.

However, the links often lead to suspicious websites designed to lure victims into providing personal information or sending money.

One example circulating in Messenger messages is the website fc8winc, which has been flagged by online reputation and security-checking platforms as a low-trust or suspicious website.

A review by the website reputation service Scam Detector rated the site with a low trust score, warning that it falls into the category of potentially unsafe websites.

Another online scanner, Gridinsoft, also classifies the site as a low-trust online gambling platform, a category that often carries significant risk for users because such sites operate outside normal regulatory oversight.

Technical checks also show that the domain uses the nameservers vip7.alidns.com and vip8.alidns.com, which belong to Alibaba Cloud’s AliDNS infrastructure. Alibaba Cloud is a major Chinese cloud services provider, indicating that the domain’s DNS services are being managed through that network.

The domain’s registration details are hidden behind privacy protection services, which means the actual owner or operator of the site cannot be publicly identified.

While this does not conclusively establish who runs the platform, the infrastructure and operational style resemble patterns seen in offshore gambling platforms that operate in Southeast Asia.

Such operations often follow a model similar to those previously associated with Philippine Offshore Gaming Operators (POGOs) and other Chinese-linked online gambling networks. These platforms typically host their infrastructure outside mainland China while targeting international users through messaging apps, social media, and referral links.

Many of these sites promote gaming or reward platforms while encouraging users to register accounts and deposit funds, often through digital payment systems or cryptocurrency.

Users who click the link are frequently asked to create an account, connect a digital wallet, or deposit money in order to activate bonuses or rewards. Victims often discover later that withdrawals are blocked or that the promised earnings never materialize.

Scams that spread through compromised social media accounts are particularly effective because they exploit the trust between friends.

Users who receive Messenger messages offering cryptocurrency rewards, free coins, or gambling bonuses are advised not to click the link and not to provide personal information.

If such a message is received from a friend, the safest approach is to verify with that person through another channel before responding.

Facebook users who suspect their accounts have been compromised should immediately change their password, enable two-factor authentication, and review active login sessions to remove unknown devices. They should also notify their contacts so others will not fall victim to the same scam.

Authorities and digital safety advocates like Scam Watch Pilipinas continue to warn that links promising easy profits, rewards, or digital currency are among the most common tactics used in online fraud today.