Author

Topic: {Warning}: Indodax (Indonesian Crypto Exchange) Fake site (Read 139 times)

legendary
Activity: 2576
Merit: 1655
@Husna QA - no problem, I was just surprised to see this domain still up after many years. And I'm guessing that maybe some of the Indonesian crypto enthusiast could have been fallen for it.

@masulum - thank you as well for reporting it, and we need to take it down ASAP. And it's obviously, not affiliate of any kind to the legit site, the fake site is without SSL, a warning sign that it is just there to phished and steal credentials.

@hd49728 - it's because our local exchanges using .ph a top level domain (TLD), so it's hard to copy it and the only way for this scammers to imitate that site is thru homograph attack, fortunately, all have been taken down already.
hero member
Activity: 1722
Merit: 801
In the past, there was also a site that was almost similar to http://lndodax.com, but now it has been blocked.
l instead of I, 0 instead of o, 4 instead of A, etc. Scammers try to make fake sites with by doing replacements with one or two characters from real sites with almost similar characters, figures for their fake sites.

People need to keep their eyes open up and carefully check domain names before they fill up log in details.
legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
@Baofeng, thank you for sharing this information, and @masulum, thank you for confirming it to Indodax. I just found out that there is such a site, and it turns out that the registration date is quite long and can still be opened.
In the past, there was also a site that was almost similar to http://lndodax.com, but now it has been blocked.

-snip-

-snip-
hero member
Activity: 2282
Merit: 589
It turns out that the indodax.id phishing site has been operating for a long time and has also been indexed on Google, I really regret that if members access this fake site, it is very important to apply Auth or confirmation of phone numbers for account security. So far there have been no reports of victims of losing assets as a result of the case, hopefully they never will
legendary
Activity: 2324
Merit: 1604
hmph..
Thank you for this thread, since I'm from Indonesia, i never know about Indodax.id before. So, to make sure Indodax.com not affiliate with this site, i try to contact them. and yes, they doesn't have any domain except indodax.com

Here my chat with Indodax CS, Sorry in Indonesian language




AFAIK, to have .id domain we need to register with national identity, so I will try to report this domain to Pandi.id so they can take down domain. I will share this thread in Local. thank you
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
It closely resembles the original, https://indodax.com/en/

Code:
http://indodax.id/
When companies want to expand their English version websites to locals, domain would be indodax.com/id for Indonesia or indodax.com/ph for Phillipines.

I'm also doing the same hunt on our local exchanges as well: Food for thought: Coins.ph and Pdax.ph phishing attempts
I checked your lists and they are Punnycode fake sites.

https://winaero.com/enable-idn-punycode-firefox-address-bar/
Punycode and how to protect yourself from Homograph Phishing attacks?
legendary
Activity: 2576
Merit: 1655
I'm not sure if this has been posted on the local Indonesian board, but in any case I will just put in here for reference specially to those newbie crypto enthusiast from Indonesia. Indodax is one if not the top exchanges in Indonesia, so obviously there will be attempts to fake it by cyber criminals.

It closely resembles the original, https://indodax.com/en/

Code:
http://indodax.id/



And that fake site has been existing for years now.



I'm also doing the same hunt on our local exchanges as well: Food for thought: Coins.ph and Pdax.ph phishing attempts
Jump to: