I am feeling very bad that you have lost your fund, and thanks for this information which you have experienced.
I also don't think that, you will get your fund back.
So please don't loose your heart because mistake always gives us the opportunity to revive ourselves, so that we can do better in the future.
Topic: Warning of a Scam!!! (Read 503 times)
I am sorry to see you, hopefully this can be a learning for us all to be more careful. If you can or someone who knows the characteristics of web eth fake ethnicity please share here, In order for us more carefully forward.
This is very sad mate. And the thought that there is no one you can complain to makes it more unfortunate. We should all be aware of our accounts especially if you are going to give out your keys (like etherdelta, I was always worried because you are going to give your key) and double check before you put some important keys. A lesson very hard learned.
It is very sad that you lost huge amount but never open any link from email whose source is not known to you as many hackers try to get your details through phishing mails in the name of reputed companies.
I'm sorry to hear that, Next time you should be more careful when opening links. Just a suggestion from me maybe you can try to install etheraddresslookup I also use it, This Add prevents when you will open a website that contains phishing. Check Myetherwallet official tweet for that https://twitter.com/myetherwallet/status/883446432480546818
Good luck and be carefull!
nowadays more on ethereum has been victimized by hacker or scammers,last year its etherdeltas site,and then hibtc i dont know but it seem like this sites are prone to this issues..i hope we can do better security against this scumbags because this is a serious matters and many good people lost theyre assets just because of this.to think that its a hard earned funds Good luck and be carefull!
Its so sad too for me because I have already four scam ICO, and it give me better experience to choose good project or good bounty so the chance for success is higher. You can join bounty from the experienced manager and join it, and it will teach you to make good post or to join the proper bounty
Most of the time you have lost your assets, but you can try to contact kucoin's customer service.
If the customer service is willing to provide technical support for you, then you may be able to find out the fraud.
If the customer service is willing to provide technical support for you, then you may be able to find out the fraud.
I tried, sadly they said they can not help me. This was the message:
Quote
hello,
sorry to hear that, but we can't survey the account of Kucoin users. so we can't locate the owner of the address in kucoin.
thanks
sorry to hear that, but we can't survey the account of Kucoin users. so we can't locate the owner of the address in kucoin.
thanks
I don't quite get how he got access to your ETH address AND your kucoin account, but if you have any crypto assets left under your control, make completely new wallets on a safe system (other PC/Mac/Laptop), go to a friend, whatever.
But the most important thing is: DON'T USE ANY WALLETS/ACCOUNTS THAT (YOU THINK MIGHT) GOT COMPROMISED EVER AGAIN!
You can't trust anything that has the slightest chance of being compromised, even if no transactions took place or if there are no funds available to transfer.
Be thorough with your cleanup, you must be sure that your (new) addresses are safe, if not, you risk losing more at a later date. A security breach can't be undone.
He did not get my Kucoin account, but I could trace his ETH transactions back to kucoin, that's what this is about
Sorry for your loss but unfortunately there's not much you can do besides prevent yourself from things like this that might happen next time.
Like some mentioned before, always type the link yourself and never click on links. Bookmark those that you know are legit and safe and avoid anything else.
PS: Try getting a hardware wallet and store all your coins in it. It's the safest way to HODL and secure your coins. I advise getting a Ledger Nano S...
GL next time mate.
Like some mentioned before, always type the link yourself and never click on links. Bookmark those that you know are legit and safe and avoid anything else.
PS: Try getting a hardware wallet and store all your coins in it. It's the safest way to HODL and secure your coins. I advise getting a Ledger Nano S...
GL next time mate.
Most of the time you have lost your assets, but you can try to contact kucoin's customer service.
If the customer service is willing to provide technical support for you, then you may be able to find out the fraud.
If the customer service is willing to provide technical support for you, then you may be able to find out the fraud.
I tried, sadly they said they can not help me. This was the message:
Quote
hello,
sorry to hear that, but we can't survey the account of Kucoin users. so we can't locate the owner of the address in kucoin.
thanks
sorry to hear that, but we can't survey the account of Kucoin users. so we can't locate the owner of the address in kucoin.
thanks
I don't quite get how he got access to your ETH address AND your kucoin account, but if you have any crypto assets left under your control, make completely new wallets on a safe system (other PC/Mac/Laptop), go to a friend, whatever.
But the most important thing is: DON'T USE ANY WALLETS/ACCOUNTS THAT (YOU THINK MIGHT) GOT COMPROMISED EVER AGAIN!
You can't trust anything that has the slightest chance of being compromised, even if no transactions took place or if there are no funds available to transfer.
Be thorough with your cleanup, you must be sure that your (new) addresses are safe, if not, you risk losing more at a later date. A security breach can't be undone.
Most of the time you have lost your assets, but you can try to contact kucoin's customer service.
If the customer service is willing to provide technical support for you, then you may be able to find out the fraud.
If the customer service is willing to provide technical support for you, then you may be able to find out the fraud.
I tried, sadly they said they can not help me. This was the message:
Quote
hello,
sorry to hear that, but we can't survey the account of Kucoin users. so we can't locate the owner of the address in kucoin.
thanks
sorry to hear that, but we can't survey the account of Kucoin users. so we can't locate the owner of the address in kucoin.
thanks
Most of the time you have lost your assets, but you can try to contact kucoin's customer service.
If the customer service is willing to provide technical support for you, then you may be able to find out the fraud.
If the customer service is willing to provide technical support for you, then you may be able to find out the fraud.
This scam should warn us existing investors not to click any link especially the ones in our emails. Scammers are everywhere so we should take extra caution against them. I wish that there are programs which can bring back those stolen money.
I saw this link https://www.coỉndesĸ.com/EOS-halves-token-amount-for-block-one-leaves-tokens-to-be-claimed/ and thought it was a legit coindesk link, so I didn't check the following link and got phished.
Please, guys, anyone who is reading this: USE Cryptonite by MetaCert
https://chrome.google.com/webstore/detail/cryptonite-by-metacert/keghdcpemohlojlglbiegihkljkgnige
It's a google chrome extension that checks whether you're using the correct URL or not. You can't bookmark everything and especially if you're on new sites that you never visited before, Cryptonite is an additional layer of security.
I'm truly sorry for OP.
I'm working on a thread that warns from such kind of scams, I'll add what happened to you. We need to make people aware of things like that.
From the post [WIP]:
Quote
Part 1 - Scam Websites
Situation/Danger:
A fairly simple and unfortunately widely used form of scam is the cloning of a well-known website in order to fool the victim by giving it a false sense of security with the one goal: to get its data.
Normaly you can see whether a website is legit or not by checking the green "https" in front of the URL
So always be on the lookout for a green "Secure" and "https" in front of the URL address of a website. This is a sign that the website and the company have received the proper Secure Sockets Layer (SSL) certificates. Obtaining an SSL certificate indicates that the company behind the page can be trusted, normally (later more on that).
If you are attentive, you can easily see that it is not a legitimate site or legitimate entity because it doesn't have the proper certification to be trusted.
Coinsmarkets.com has neither a green "Secure" nor "https" infront of the URL. Instead, it has a gray "Not Secure" and a regular "http" in front of the URL.
As a rule, scam pages are quickly detected and removed. If you are now trying to visit coinsmarkets.com (please do not;)) you will receive an error message.
However, some scam sites have found a way to display the green "secure" and "https" in the website URL, and then make an incredibly subtle change to the URL.
At first glance, URL for the popular cryptocurrency exchange Binance seems quite legitimate. You can clearly see the green "https" in front of the website URL and also the name seems to be correct.
It usually is more or less impossible to know how a site obtained an SSL certificate that allows them to display the green "https" in front of the URL. This also applies to scammer pages. At the same time, getting an SSL certificate from a less trusted certificate issuer is pretty easy.
If you take a closer look at the second picture, you will see small dots under the letters "n" in the word "binance".
The two dots under the Binance URL show that this is not the real Binance page. Instead, it's a very well-made clone of the page, whose sole purpose is to tap user data that unsuspecting users enter there. Even an activated 2FA authentication does not protect you, as a scammer can enter this data immediately after you have entered it on the real Binance page, where it will still be valid. Thus, he gets access to the account from then on.
Especially wicked are those pages that show an error message after the first log in, saying: "The service is temporarily unreachable, please try again in 10 minutes." In this way, the user doesn't even suspect that he has just revealed his data and a scammer uses it to gain access to the user's account.
If the user then tries to log back in 10 minutes later, he gives the scammer a second 2FA code, which he may use to initiate a transaction or even disable 2FA.
Even if you are attentive, such a site can be difficult to spot because everything seems familiar at first glance.
The example shown here is called PunyCode, which is used to create certain special characters (here the dot under the letter "n").
In another example, Bittrex was linked and used the cedilla under the "r" (looks like a comma). Cedillas are widely used in languages such as French and Portuguese.
Example for PunyCode:
Tipps:
In principle, you can not say 100% whether a page is "real" or not. There are only a few things to keep in mind.
4 simple steps, 4 simple steps with which you can check most pages (if it is an established page):
1. Google the page and look at the results. It's best to use an add-blocker such as uBlock Origin so you do not accidentally click on an ad link (popular trap).
2. Check the URL for presence of https . Many fake sites use only the http protocol
3. See if the connection is identified as safe by the browser ( lock must be green ). In addition, you can still click on the lock to see the details.
4. Check the URL yourself. Look at whether special characters have been used or whether PunyCode can be found in the URL. The best way to copy the URL again directly into the Google search, it is corrected, it is a fake.
The best way to avoid a scam site is to enter the URL completely manually in the address bar of the browser or to use a bookmark.
There are also web browser extensions that you can download to prevent phishing/scams specifically designed for "crypto enthusiasts" like the Cryptonight Extension for Chrome.
So please be alert and check everything you do twice or three times. If you want to go one step further, you can also use a sandbox if you want to surf on new, unknown sites. This does not protect you in the mentioned PunyCode case, but there are many more potential risks that you may face on a daily basis.
Be safe.
Situation/Danger:
A fairly simple and unfortunately widely used form of scam is the cloning of a well-known website in order to fool the victim by giving it a false sense of security with the one goal: to get its data.
Normaly you can see whether a website is legit or not by checking the green "https" in front of the URL
So always be on the lookout for a green "Secure" and "https" in front of the URL address of a website. This is a sign that the website and the company have received the proper Secure Sockets Layer (SSL) certificates. Obtaining an SSL certificate indicates that the company behind the page can be trusted, normally (later more on that).
If you are attentive, you can easily see that it is not a legitimate site or legitimate entity because it doesn't have the proper certification to be trusted.
Coinsmarkets.com has neither a green "Secure" nor "https" infront of the URL. Instead, it has a gray "Not Secure" and a regular "http" in front of the URL.
As a rule, scam pages are quickly detected and removed. If you are now trying to visit coinsmarkets.com (please do not;)) you will receive an error message.
However, some scam sites have found a way to display the green "secure" and "https" in the website URL, and then make an incredibly subtle change to the URL.
At first glance, URL for the popular cryptocurrency exchange Binance seems quite legitimate. You can clearly see the green "https" in front of the website URL and also the name seems to be correct.
It usually is more or less impossible to know how a site obtained an SSL certificate that allows them to display the green "https" in front of the URL. This also applies to scammer pages. At the same time, getting an SSL certificate from a less trusted certificate issuer is pretty easy.
If you take a closer look at the second picture, you will see small dots under the letters "n" in the word "binance".
The two dots under the Binance URL show that this is not the real Binance page. Instead, it's a very well-made clone of the page, whose sole purpose is to tap user data that unsuspecting users enter there. Even an activated 2FA authentication does not protect you, as a scammer can enter this data immediately after you have entered it on the real Binance page, where it will still be valid. Thus, he gets access to the account from then on.
Especially wicked are those pages that show an error message after the first log in, saying: "The service is temporarily unreachable, please try again in 10 minutes." In this way, the user doesn't even suspect that he has just revealed his data and a scammer uses it to gain access to the user's account.
If the user then tries to log back in 10 minutes later, he gives the scammer a second 2FA code, which he may use to initiate a transaction or even disable 2FA.
Even if you are attentive, such a site can be difficult to spot because everything seems familiar at first glance.
The example shown here is called PunyCode, which is used to create certain special characters (here the dot under the letter "n").
In another example, Bittrex was linked and used the cedilla under the "r" (looks like a comma). Cedillas are widely used in languages such as French and Portuguese.
Code:
müller.de → xn--mller-kva
übung.de → xn--bung-zra.de
dömäin.com → xn--dmin-moa0i.com
äaaa.com → xn--aaa-pla.com
déjà.vu.com → xn--dj-kia8a.vu.com
ñandú.com → xn--and-6ma2c.com
Tipps:
In principle, you can not say 100% whether a page is "real" or not. There are only a few things to keep in mind.
4 simple steps, 4 simple steps with which you can check most pages (if it is an established page):
1. Google the page and look at the results. It's best to use an add-blocker such as uBlock Origin so you do not accidentally click on an ad link (popular trap).
2. Check the URL for presence of https . Many fake sites use only the http protocol
3. See if the connection is identified as safe by the browser ( lock must be green ). In addition, you can still click on the lock to see the details.
4. Check the URL yourself. Look at whether special characters have been used or whether PunyCode can be found in the URL. The best way to copy the URL again directly into the Google search, it is corrected, it is a fake.
The best way to avoid a scam site is to enter the URL completely manually in the address bar of the browser or to use a bookmark.
There are also web browser extensions that you can download to prevent phishing/scams specifically designed for "crypto enthusiasts" like the Cryptonight Extension for Chrome.
So please be alert and check everything you do twice or three times. If you want to go one step further, you can also use a sandbox if you want to surf on new, unknown sites. This does not protect you in the mentioned PunyCode case, but there are many more potential risks that you may face on a daily basis.
Be safe.
You should be using metamask extension and hardwallets to prevent these events,you will be save and safe from hackers mawares,viruses, and phishing sites if you these two,but you have learned your lessons so you know what to do in the upcoming days, protect your wallets like your love ones so that you wont regret in the future.
You could be prevented these hackes when you have installed metamask extension ,because it will prompt you from entering potential phishing sites,that is why we need metamask extension in our browsers,it will protect both our browsers and private keys when are transacting to any decentralized exchanges like fork and etherdelta.
it is unthinkable to know that everything over what you have worked so long can be stolen in a couple of seconds. I hope you're lucky to get your tokens back.
if I had such large sums on my wallet then I would definitely buy a hard wallet like Ledger or Tresor Nano S.
there's many fake links like those, and Google for example has Ads that looks like that.. for all the big exchanges and like myetherwallet etc
very bad but that's partly the price of going decentralized, there's noone there to refund when you screw up
edit: you should use 2 Factor Authentication for all exchanges
and possibly get a hardware wallet and keep all your funds there, it's impossible for someone to take your crypto without having physical access to the device(and knowing the PIN), or if you give out the 24 seed word recovery. if you keep anything above like $500, it's smart to invest $50-$100 in a hardware wallet.
2 factor authentication for all exchanges is a very good idea and exchanges could implement this technology, since users are not at all protected from fraudsters and dangerous links. I think with time the management of the exchanges will understand everything and come up with a technology that will protect the investment of people very bad but that's partly the price of going decentralized, there's noone there to refund when you screw up
edit: you should use 2 Factor Authentication for all exchanges
and possibly get a hardware wallet and keep all your funds there, it's impossible for someone to take your crypto without having physical access to the device(and knowing the PIN), or if you give out the 24 seed word recovery. if you keep anything above like $500, it's smart to invest $50-$100 in a hardware wallet.
Sorry to hear that man. I think you will not able to recover what the hacker stole on you. Maybe that's will be a lesson learn for you be more secured next time avoid website like that if you think there's a little suspicious avoid it immediately. Next be more wise and secured to avoid losing any fund of yours.
I use an extension for the browser that blocks suspicious sites, but if I myself accidentally go through a phishing link, then everything is lost
Jump to: