{WARNING} Another web pretending to be exchange to steal your private keys

Harlot

hero member

Activity: 1806

Merit: 672

Quote from: DdmrDdmr on August 14, 2019, 04:28:15 AM

This case is pretty obvious conceptually (use of an url shortener, asking for private keys, all in a haste, etc.). What one needs to be aware of too is that, although common sense should be enough to detect this case for what it is, quick first contrast tools such as VirusTotal and ScamAdviser show (currently) the site as clean (both the shortened version and the extended URL). The first firewall should still be the brain …

In our eyes it might be an obvious scam but for the rest without any internet smarts they can easily be fooled by this kinds of simple foolishness. I don't want to blame them but they should at least be aware of the certain dangers in the crypto industry where a lot of illicit activities are catching up since criminals are now eyeing the whole market because it's a perfect market for them to transfers funds fast. For any newbies out here you should at least know the basics on how you will protect you wallets or anything with financial information in you as the internet is plagues by phishing and malware wanting to get them all.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: DdmrDdmr on August 15, 2019, 11:43:13 AM

Quote from: harizen on August 14, 2019, 03:04:39 PM

<…> The way the page was constructed, it looks like a decent page. <…>

It looks pretty simple to me, and lacks tons of functionality that one would expect, which is not present as presumed. It’s just a quick layout that is focused on retrieving gullible user’s private keys, with a flash of scrolling trading values that are embedded from another site.

Note: We should take into account when playing around with sites of a kind (and any in general) that they tend to track your IP amongst other things. I just went over the code in developer mode (using vpn) and, as expected, it logs the IP. Anecdotally, there are a few embedded comments in the code written in Russian.

Same thing I found for fake Brave Browser page.
It is best to avoid visiting this websites or use Tor browser while doing so.
And people should always REPORT this websites when they can

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: harizen on August 14, 2019, 03:04:39 PM

<…> The way the page was constructed, it looks like a decent page. <…>

It looks pretty simple to me, and lacks tons of functionality that one would expect, which is not present as presumed. It’s just a quick layout that is focused on retrieving gullible user’s private keys, with a flash of scrolling trading values that are embedded from another site.

Note: We should take into account when playing around with sites of a kind (and any in general) that they tend to track your IP amongst other things. I just went over the code in developer mode (using vpn) and, as expected, it logs the IP. Anecdotally, there are a few embedded comments in the code written in Russian.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: harizen on August 14, 2019, 03:04:39 PM

The way the page was constructed, it looks like a decent page.

Not in my opinion. It honestly looks like a website design I would make way back in high school when I was in my first week of learning how to use HTML. Seriously, if that wasn't that big of a red flag enough for people, I don't know what will.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Branko on August 14, 2019, 02:47:51 PM

Indeed...my favourite ones are when I "won" 10 ETH, and I have to first send them 1 ETH to cover expenses...

This is so old trick, especially popular on Twitter. On some popular crypto related accounts when owner is post some interesting tweet, scammers just post such offers in comments, and with few more fake accounts they try to create the illusion that the thing really works. The idea of cryptocurrency is often misinterpreted, and many people think this is some kind of money that is being shared on the internet just like that. It is an opportunity for those who want to profit easily, and unfortunately I do not see this coming to an end as new victims emerge as mushrooms after rain.

Maybe someone could say, well, they deserve it if they can believe in something like that, but such things only create a very bad image about cryptocurrency as something that is mainly used by fraudsters, criminals, terrorists...

harizen

legendary

Activity: 3122

Merit: 1398

For support ➡️ help.bc.game

The image shown above might give confusion even to those experienced crypto users that don't have an idea about the sh*t in the crypto world.

The way the page was constructed, it looks like a decent page.

People must only access their ETH wallets with the used of their private keys to the so-called recognized obvious place where it should be put down.

Always check the URL.

dkbit98

legendary

Activity: 2212

Merit: 7064

This fake links are shared through Telegram like Plague.
I am not exactly sure why most people prefer to use Telegram for crypto chats...
Also full of fake crypto celebs offering super duper deals.

Discord on the other hand is full of fake spam bots Mee6 that gives people 'free' Bitcoins on fake exchanges.

We are attacked from all sides :/

Do NOT trust anyone in Telegram and Discord.
Do NOT click any links.
Use Metamask, as it will detect many of this scam websites.

Question:
Branko did you reported this website to Metamask and Google?

Branko

sr. member

Activity: 2632

Merit: 328

Quote from: Lucius on August 14, 2019, 05:28:43 AM

My advice is maybe a little radical, but we should use such social media only to communicate with friends, relatives or people we trust. Some strangers who came out of nowhere, and offer some great opportunities can be nothing more than fraud.

Indeed...my favourite ones are when I "won" 10 ETH, and I have to first send them 1 ETH to cover expenses...I just tell them to send me 9ETH and keep
1 ETH, and I never again hear from them. Sometimes I'm even so thrilled that I won that I generously tell the guy to use 1ETH for expenses, keep 1 ETH to
himself and send me just 8 ETH, but those just ignore me, too Grin

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Ignorance is the great enemy of every crypto user, and in today's world when everything is going fast most people first jump, and after that think what they do. In most cases, the damage has already been done and there is no repair, so unfortunately some learn from their costly mistakes.

Newbies should know that any social media they use is also platform for the various bad types of people who just aim to make money by fooling others, and to make some simple page as presented in OP you need just few minutes and a little imagination. It is not problem in using of social media, but in a way people use them, and they become like minefields in which many take the wrong step.

My advice is maybe a little radical, but we should use such social media only to communicate with friends, relatives or people we trust. Some strangers who came out of nowhere, and offer some great opportunities can be nothing more than fraud.

odolvlobo

legendary

Activity: 4466

Merit: 3391

"Enter your private key" is a big red flag.

Bttzed03

legendary

Activity: 2114

Merit: 1150

https://bitcoincleanup.com/

Reporting such links to the telegram moderators/admins immediately will also help a lot of unsuspecting newbies.

These scammers always finds other avenues to defraud. These are similar links they're spreading thru emails.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

This case is pretty obvious conceptually (use of an url shortener, asking for private keys, all in a haste, etc.). What one needs to be aware of too is that, although common sense should be enough to detect this case for what it is, quick first contrast tools such as VirusTotal and ScamAdviser show (currently) the site as clean (both the shortened version and the extended URL). The first firewall should still be the brain …

Coyster

legendary

Activity: 2184

Merit: 1302

"if it's not your private keys, it's not your coin/funds" we've become inundated with this phrase, and i think we would not stop saying it until it sinks into everyone's mind.
This scammers are more creative everyday, you need to always be patient and read thoroughly the process of registration on any exchange or cryptocurrency project.
Ask yourself if the information they are requesting is one that can give someone else an open door to get access to your coins, if it is, don't do it.

Never be in a hurry to register on an exchange, always read carefully what you're requested to do, then you'll easily spot fishy moves.

Branko

sr. member

Activity: 2632

Merit: 328

As a rule of thumb, you should never press redirecting links like this one in telegram chat groups:

But if you did (as I did for the sake of education), when you're presented with something like this:

just close it and never ever come back. No legal exchange will ever ask you for private keys.
You should never upload it anywhere, and even on your PC keep it in encrypted file, or even better,
in some offline storage

Topic: {WARNING} Another web pretending to be exchange to steal your private keys (Read 270 times)