Next I scanned their miner software with VirusTotal. The report first looked like it was okay, but I went to the detailed report and it reported five possibly malicious parts of the installer:

Suspicious_GEN.F47V0819 Hacktool.Win32.BitCoinMiner.bAM Artemis!830C7AE47D8D a variant of Win32/BitCoinMiner.AM

The full report can be found here: https://www.virustotal.com/en/file/f7650cbae465847c493c6ee85479d8e1ea159124021d288755eca8827e97bc00/analysis/1409061088/

So, warning sign three: check.

Next I decided I’d check their Twitter-account to see if anything was fishy with it. Well, they have 2600 followers, pretty decent. But, hey — wait — their account was created the 11th of July and their first tweet was posted the 11th of July as well. That’s suspicious considering most cryptocurrency/Bitcoin-startups have problems reaching that many followers in that short amount of time. The exchange I work, has existed for over a year and still has not crossed 1000 followers. In fact, we have been stuck below 800 for a while now. It makes absolutely no sense that a startup in the cryptocurrency/Bitcoin-sphere has gained 2600 followers in less than two months when others struggle to reach 800. Also, the fact that their Twitter-account has only tweeted 61 times and has 2600 followers is suspicious.

So, warning sign four: check.

@CointellectHelp’s Twitter stats. 61 tweets, 2500+ followers in less than two months for a small cryptocurrency startup. Certainly smells fishy.

Delving deeper into their Twitter-account reveals that surpringly many of their followers have never sent out a single tweet and follows 500+ Twitter-accounts. Here are five such accounts:

If you’d like to take a look for yourself, head over to the Followers-section of @CointellectHelp: https://twitter.com/CoIntellectHelp/followers

So, warning sign five: check.

After I’d had enough of looking through the Twitter-profile and the fake followers, I decided I’d do a Google-search for “Cointellect”. Turns out that this new and small mining startup has tons of references on the web. And, I am not just talking a few references and posts on the web, I am talking hundreds. Google turned up ten whole pages with forum-posts in foregin languages, obscure websites and some cryptocurrency blogs and newssites. Most of the results were plain forum postings advertising the service and people asking for others to sign up through their referral.

Below are links to five examples:

For the Daily Doge, I contacted the adminstrator and told him about what I’d found. He responded with this:

Thanks for your comment. I didn’t approve it because it isn’t accurate. Cryptocurrency wallets and mining software have always tested as false positives on websites like VirusTotal. It doesn’t necessarily mean the application is actually a virus. Please see: https://bitcointalk.org/index.php?topic=314046.0

https://cryptocointalk.com/topic/3780-btcs-masthead-v12-whirlwind/?p=60782 Even open source mining software like GUIMiner is often detected as a “virus” https://github.com/Kiv/poclbm

https://www.virustotal.com/en/file/6e96a70f816f9dd25858b5fe9b83ead86bbdef53a58b15e1b6da2ae6ff4611f5/analysis/ As you can see, this problem isn’t exclusive to CoIntellect’s software. Scan any popular mining software or cryptocurrency wallet and you will most likely encounter similar results. With that said, I will keep an eye on CoIntellect although I am doubtful it is their software causing issues for the customers of the Bitcoin exchange you work for.

Additionally, there were other reviews of Cointellect on the web as well. They were all very similar, with the exact same screenshots. To me, they seemed like a copy-paste-job paid by Cointellect. See for yourself and judge if you think they are a copy-paste job or not

So, warning signs six, seven and eight: check, check, and check.

To conclude, the evidence towards Cointellect points quite clearly towards it being a scam. Do not deal with these guys and do not trust them.

UPDATE 1: Cointellect is incorporated under a company called “Sonera Corporative OU”. Searching the web for this turned up lots of hits on the Swedish/Finnish telecom company Sonera, but obviously this is not what I am looking for.

One of the hits when searching “Sonera Corporative OU” with DuckDuckGo were interesting though. The third link turned up leads to www.larssen.ee, a website that today leads to a “404 not found”-error. The specific page found on the web search is headlined with “Companies on sale”, so it seems that it is an Estonian individual/company that incorporates companies and puts them up for sale on the web.

Looking up Larsen.ee on the WayBackMachine it can be found that several companies have been for the sale every time a snapshot of the webpage has been saved.

Larssen.ee the 8th of February, 2012

Larssen.ee the 2nd of March 2009. 10 500 EEK is about 670 EUR (885 USD)

Larssen.ee the 17th of September, 2008

So it seems that Sonera Corporative OU is bought from a online “ready made companies” seller. If this does not smell fishy, then what does?

UPDATE 2 (10/09/2014): Cointelegraph.com ran a piece on Cointellect as well, uncovering more on the case. It includes comments from someone who, Tom, applied for a job position as a PR manager. Tom says the following:

“The company, which seems legitimate on the surface, and their agreement seems fairly forthcoming and nothing is out of the ordinary on it, except that they lacked a letterhead and all communications from their HR people lacked any name.”

Several of the same aspects of CoIntellect is pushed forward as I have written about in this article.

I also did a quick WHOIS-lookup of CoIntellect.com and it turns out that the owners of the domain areanonymous behind WHOISGUARD INC. Skeptical? You definitely should be.

UPDATE 3 (10/09/2014): Just found some more interesting things. CoIntellect’s Twitter followers have suddenly dropped to 400 and the account has deleted litearlly all previous tweets. The tweet count is now on 18 and the follower count on exactly 400. I wonder how they got rid of all those followers. Messaged them to unfollow @CoIntellectFAQ? Hardly effective. Messaged the bot operators to get off their heels? Very effective, I’d assume. I think the latter is most likely to have happened.