Author

Topic: Another scam/phishing attempt - blockchain users beware (Read 2298 times)

full member
Activity: 124
Merit: 100
Looks like more of the same... these started appearing a few mins ago.



http://m.imgur.com/Bmuxtcc
sr. member
Activity: 429
Merit: 250
I saw the tweet as well, seems real fishy

Also what was the file that was downloaded?
newbie
Activity: 39
Merit: 0
I was about to post something about this here. I will be adding your part about possible phishing when telling others about this.
full member
Activity: 124
Merit: 100
well your only linking imgur and twitter, and not the site. so its not like you can phish information from the images, but thanks for the warning..

Yeah - i was going to put the site link in but thought better of it, anyone keen can get it from the images - hence caution warning.

legendary
Activity: 4410
Merit: 4766
well your only linking imgur and twitter, and not the site. so its not like you can phish information from the images, but thanks for the warning..

people need to stop being so sheepish about websites and start to use proper bitcoin wallets.

only ever put disposable income/pocket-money amounts in online services
full member
Activity: 124
Merit: 100
OK...

These tweets: https://twitter.com/search?f=realtime&q=follow%20%40shodandice%20for%20latest%20news&src=typd

Suggest a bitcoin exchange has been hacked.

They lead to this pastebin dump: http://pastebin.com/zxj24E6p

Which in turn provides a link to the front page of the "exchange" [link not posted - proceed with caution].

http://imgur.com/QIyHlGJ

A rather shoddy site, and strange, it isn't in the press, but I'm far too curious, surprise surprise, all of the compromised accounts contain funds, and not only that but the option to withdraw them is practically jumping out of the same page at me!

http://imgur.com/oNZ2OOk,pkvY0Q4#0

Clearly my luck is in, hackers have gained access to all user accounts and have benevolently opted to leave the money contained in them to anyone who wants it.

Immediately attempting to withdraw my new found wealth leads to a quick confirmation message "Transaction processed, please check wallet" (or something like that), followed by auto-redirect to a "blockchain" page.

http://imgur.com/oNZ2OOk,pkvY0Q4#1

The blockchain page is not a blockchain page (see URL), and so I assume the plan is to target blockchain users (only?), I am asked to enter my account id and password - and presumably my account gets emptied as soon as details are entered.

They also threw in a malicious file auto-download somewhere along the way (quarantined immediately) - so treat with extreme caution if investigating (I used a local client with NO wallet data anywhere near it, and with restricted permissions).

http://imgur.com/iJaJDcQ

PS - to pre-empt the inevitable accusations that I was attempting to steal these, it just isn't worth the argument, for everyone's sake please humor me with the assumption that I am honest.

Jump to: