Monday, February 26, 2018

How Scammers Are Stealing Millions in Crypto By Phishing

This exploit is nothing new, sadly, it keeps happening over and over and over again.

With the entrance of many new crypto enthusiasts, scammers took notice and re-vamped some of their old plays. A slew of non-tech consumers entered the crypto market and opened a door into even more profitable phishing scams.

Email providers, advertiser platforms, search engines and retail sites such as Paypal, Google and Yahoo have spent years wiping out the “fake ads” distributed through their networks. Those ads used to target consumers and direct those consumers to fake sites that may have looked identical to the real deal. The scam is called “phishing” and it relies on fooling internet users into supplying their real credentials which were later used to log into their accounts and drain them dry.

The phishing sites attempt to duplicate the real thing in every way. They copy the site design, logos, log in screens even contact pages all to fool consumers into entering their credentials. While the old ploys they used with traditional banking sites were caught quickly, the new game in crypto seems to be more lucrative thanks to the anonymity of blockchain and the fact that transactions are non-reversible and instant. Phishing schemes in traditional banking and retail involved money movements that took days to complete and were easily tracked. Crypto is the opposite. Once someone initiates a fund transfer, nothing will stop it and it is not always easy to track.

Scammers have been running these scams for years but their success in crypto is unprecedented due to the newcomers which often times lack the tech expertise to know the difference.

These scams have popped up everywhere on the crypto scene. The scammers intentionally create links to what should be safe apps, except, they are fakes. MyEtherwallet has been a huge target. The scammers have registered every typo variation of the name in hopes that someone will in fact mistype the url and end up on their site which looks identical. The decentralized exchange Etherdelta had their DNS records changed which redirected users that actually typed the url correctly to the fake site and pretty much every other web wallet has been affected as well.

The scam is easy. Wait for the people to upload or type in their private keys, save them, and then use their keys to move all their money to their own accounts. This week, the major Bitcoin wallet Blockchain was targeted by way of paid advertising. Scammers bough ads for the search words blockchain wallet which caused their ads to appear in results above the real site. Mimicking the site’s home page, they stole over 50 million in Bitcoin before being shut down.


The money being moved is real and since this is crypto, there are no refunds. Some months back, the Myetherwallet scams stole 100’s of millions and are still going to this day. The exploit works because many people simply are not paying attention. The url’s people are landing on are close, yet not identical. According to a report from Cisco

The malicious ads, fooled [people] into believing they had come to the right place, victims then entered private information that allowed the hackers to gain access to their actual wallets and take their digital money. “The attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,” also according to Cisco vbia Fortune, Blockchain, is working with Google “on a daily basis” to take down phishing ads, and secured the removal of almost 10,000 such malicious websites last year, along with another 3,000 it flagged in January alone.

The scam was attributed to Ukrainian hackers that call themselves Coinhoarder.  The Cisco article goes on to explain the “very simple” yet treacherous technique: Buying Google ads on popular search keywords related to cryptocurrency “to poison user search results” and snatch the contents of crypto wallets. This meant people Googling terms like “blockchain” or “bitcoin wallet,” saw links to malicious websites masquerading as legitimate domains for wallets.

The problem is huge and as long as there are victims the practice will continue no matter how hard the networks fight the onslaught.

The situation must remind all of us to never let up our guard. Following a few simple rules may keep al of us from being victimized.

  • NEVER click on a link to a wallet on social media.
  • Never trust a link you follow to begin with.
  • Bookmark every site you have accounts on and use the bookmarks access the site.
  • Never upload private keys unless you are 100% positive you are on the real site.
  • Never upload or reveal private keys to receive anything free such as airdrops (Those are scams as well)
  • Always double check the url for where you are at
  • If you do not trust yourself to not screw it up, invest in a hardware wallet.