Warning: ZKasino - Possible wallet phishing scam - page 2.

worldofcoins

sr. member

Activity: 1820

Merit: 418

Telegram: @worldofcoinss

Quote from: BenCodie on February 22, 2023, 11:34:31 AM

Warning about ZK:NO KYC Instant withdraws up to $500K/24h.Today only: 0% edge and ZKAS airdrop

Every element of the website (including the social media viewing) requires you to connect your wallet. Additionally, the topic is locked for discussion though the creator (newbie) is posting to bump the thread. This is extremely suspicious.

This thread can be removed after a moderator reviews the report. This is a warning not to connect your wallet to this website until there is more information as to why the discussion is locked and why the website forces walletconnect for even things like viewing social media/joining discord.

Hi, welcome to the forum. Thank you for sharing this piece of valuable information with us.
Your concerns are significant, as they can be a possible scam threat.
I would suggest everyone stay vigilant until more details about why the discussion is locked and why wallet connects are required for every aspect of the website.

TheGreatPython

sr. member

Activity: 2660

Merit: 339

Quote from: klidex on February 25, 2023, 08:58:39 AM

By connecting the casino with the wallet that we have, we are giving the opportunity for us to lose everything we already have in the wallet because connecting the wallet has a very big risk.
I am not too sure that this casino site can guarantee the security of the funds that we keep in our wallets and in fact I have the same suspicions as you.
I suggest to every gambler to be extra careful when it comes to connecting their wallet to a casino just to be able to bet there.

Well, that is not entirely true. By just connecting your wallet with a website, you don't specifically give them access to your wallet or the funds stored in it, unless you give them the access. Your wallet should ask you to approve if a website/service tries to make a transaction using your wallet balance.

As long as you read every detail provided by your wallet when approving or accepting a connection to your wallet, you should be good, although it is still not the best practice to connect your wallet everywhere except for the places that you actually trust.

Daltonik

legendary

Activity: 2604

Merit: 1504

Quote from: klidex on February 25, 2023, 08:58:39 AM

Quote from: Daltonik on February 25, 2023, 03:13:45 AM

Quote from: BenCodie on February 23, 2023, 05:23:19 PM

Using a browser extension wallet that is useless as the user suggested should be a perfectly fine way to test websites that require wallet connection. Usually the full extent that a malicious wallet connect website can go, is accessing all of your addresses and doing as much damage as that permission can damage. As far as I am aware, there is no such malware that can be injected into your browser or desktop via wallet connection.

Yes, of course it is, but here we are talking about the fact that the original sai online casino ZKasino does not have such a feature as a pop-up window with an offer to connect a wallet, and it was not possible to remove it unless you close the site window. And therefore the OP provided a link to a modified online casino site where I suspect you would simply lose your funds just by betting.

By connecting the casino with the wallet that we have, we are giving the opportunity for us to lose everything we already have in the wallet because connecting the wallet has a very big risk.
I am not too sure that this casino site can guarantee the security of the funds that we keep in our wallets and in fact I have the same suspicions as you.
I suggest to every gambler to be extra careful when it comes to connecting their wallet to a casino just to be able to bet there.

Well, here you always need to pay attention to exactly how the website interacts with your wallet, usually these are two things that the wallet does after connecting:
1. allows the website to know that you have a crypto wallet
2.provides the website with the public address of your wallet.
But "Approval" approves an address to spend X amount of your tokens and this requires a real transaction, but in this case you must explicitly agree to its execution. However, in any case, it is better not to connect your wallet to suspicious sites.

klidex

hero member

Activity: 1498

Merit: 504

Quote from: Daltonik on February 25, 2023, 03:13:45 AM

Quote from: BenCodie on February 23, 2023, 05:23:19 PM

Using a browser extension wallet that is useless as the user suggested should be a perfectly fine way to test websites that require wallet connection. Usually the full extent that a malicious wallet connect website can go, is accessing all of your addresses and doing as much damage as that permission can damage. As far as I am aware, there is no such malware that can be injected into your browser or desktop via wallet connection.

Yes, of course it is, but here we are talking about the fact that the original sai online casino ZKasino does not have such a feature as a pop-up window with an offer to connect a wallet, and it was not possible to remove it unless you close the site window. And therefore the OP provided a link to a modified online casino site where I suspect you would simply lose your funds just by betting.

By connecting the casino with the wallet that we have, we are giving the opportunity for us to lose everything we already have in the wallet because connecting the wallet has a very big risk.
I am not too sure that this casino site can guarantee the security of the funds that we keep in our wallets and in fact I have the same suspicions as you.
I suggest to every gambler to be extra careful when it comes to connecting their wallet to a casino just to be able to bet there.

BenCodie

legendary

Activity: 1666

Merit: 1037

Quote from: Daltonik on February 25, 2023, 03:13:45 AM

Quote from: BenCodie on February 23, 2023, 05:23:19 PM

Using a browser extension wallet that is useless as the user suggested should be a perfectly fine way to test websites that require wallet connection. Usually the full extent that a malicious wallet connect website can go, is accessing all of your addresses and doing as much damage as that permission can damage. As far as I am aware, there is no such malware that can be injected into your browser or desktop via wallet connection.

Yes, of course it is, but here we are talking about the fact that the original sai online casino ZKasino does not have such a feature as a pop-up window with an offer to connect a wallet, and it was not possible to remove it unless you close the site window. And therefore the OP provided a link to a modified online casino site where I suspect you would simply lose your funds just by betting.

I doubt that you would even be able to bet to begin with. I am assuming after you connect, your wallet would be cleaned.

Quote from: Pmalek on February 24, 2023, 02:59:07 PM

Quote from: BenCodie on February 23, 2023, 05:23:19 PM

As far as I am aware, there is no such malware that can be injected into your browser or desktop via wallet connection.

Maybe, maybe not. I don't want to be the lab rat to test it.

I don't think it is a matter of "maybe, maybe not", it is either possible or impossible. Wallet connection asks to grant permissions to communicate between your wallet. Your wallet is not capable of downloading software to your device. Neither is a smart contract. Therefore, it is impossible to spread malware by connecting your wallet (whether it is malicious connection or legitimate).

Daltonik

legendary

Activity: 2604

Merit: 1504

Quote from: BenCodie on February 23, 2023, 05:23:19 PM

Using a browser extension wallet that is useless as the user suggested should be a perfectly fine way to test websites that require wallet connection. Usually the full extent that a malicious wallet connect website can go, is accessing all of your addresses and doing as much damage as that permission can damage. As far as I am aware, there is no such malware that can be injected into your browser or desktop via wallet connection.

Yes, of course it is, but here we are talking about the fact that the original sai online casino ZKasino does not have such a feature as a pop-up window with an offer to connect a wallet, and it was not possible to remove it unless you close the site window. And therefore the OP provided a link to a modified online casino site where I suspect you would simply lose your funds just by betting.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: BenCodie on February 23, 2023, 05:23:19 PM

Usually the full extent that a malicious wallet connect website can go, is accessing all of your addresses and doing as much damage as that permission can damage.

We all know that too many people don't like to read. Even when the wallet clearly states what permissions you give certain services, people just want to get rid of the pop-up so they click yes or approve. That's the problem. You can give a site permission to access your wallet and perform certain transactions in your name.

Quote from: BenCodie on February 23, 2023, 05:23:19 PM

As far as I am aware, there is no such malware that can be injected into your browser or desktop via wallet connection.

Maybe, maybe not. I don't want to be the lab rat to test it.

Quote from: bitbollo on February 24, 2023, 05:10:55 AM

@Cyrus @hilariousandco
since this user is clearly faking another forum user just to commit some scam... [Zkasino is the original forum user...] why not ban this fake/impersonator?

I don't see why one scammer should be banned when thousands have been allowed to do as they please because the forum follows a "scams are not moderated policy". Personally, I would ban them all. But since that is not happening, then we shouldn't ban only a handful of those we don't like.

Daltonik

legendary

Activity: 2604

Merit: 1504

Quote from: BobK71 on February 22, 2023, 11:36:58 PM

The attractive offer of this site naturally increases its susceptibility to skepticism. No KYC is required to withdraw up to 500k. The main objective of such a big opportunity is to ‍attract the big investors. Those who have little knowledge about gambling sites can avoid it. Those who connect the wallet without knowing about any site will naturally affect by the scam. It has no promotion so everyone is highly suspicious of it.

But if you go to the online casino website zkasino.io , and not the mod that the OP promoted here, then you won't see a mention of the withdrawal amount anywhere there, besides, it's not in their doc, so I don't think there's a corresponding bankroll there (the last bank roll was on their twitter $2m) to ensure the withdrawal of $500k per player.

https://twitter.com/ZKasino_io/status/1621907358120042498

SirLancelot

hero member

Activity: 2646

Merit: 582

Leading Crypto Sports Betting & Casino Platform

Quote from: QueenVera on February 23, 2023, 06:36:53 AM

The site is already a very suspicious one and there is no single reason why one will be asked to connect or link a wallet address at every step they take just because they want to try out a casino. I'm sure that this singular act alone has already done so much harm than good to their reputation and it will take them so much time to dispute this claims.
Thank you so much OP for raising this awareness to us and I hope more persons get to see this thread so as not to fall victim of any malicious or criminal acts.

I find it more annoying than suspicious because what I know is that any decentralized/web3 platforms do also works like that where they will also ask us to connect our wallet with them but the only difference maybe is that a legit platform does not force us of doing it. For our safety it will be better to use a separate wallet when connecting to any decentralized and web3 platforms.

This is the only downside of this technology because our whole wallet is exposed once we made a connection with them. If this casino here is truly a scam then it's normal that they won't care about their reputation so don't worry about them. They deserved it anyway.

bitbollo

legendary

Activity: 3276

Merit: 3537

Nec Recisa Recedit

our "hero" Z-Kasino
is coming back with a new wallet phishing scam.
https://bitcointalksearch.org/topic/--5441072
here full details (also added a new red trust).

if some one want create a flag I am ready to support it...

@Cyrus @hilariousandco
since this user is clearly faking another forum user just to commit some scam... [Zkasino is the original forum user...] why not ban this fake/impersonator?

slapper

legendary

Activity: 1946

Merit: 1100

Leading Crypto Sports Betting & Casino Platform

Quote from: batang_bitcoin on February 23, 2023, 03:57:48 PM

Thanks for ups!
Whenever I see websites that wants me to connect my wallet onto them, I'm completely closing my window there and never visits again.
These scammers would do everything what it takes to scam and rob people's money, so don't oblige on their technique of stealing everyone that would be gullible to their schemes.
I wouldn't even waste my time on trying it out with a wallet of mine that contains nothing, they're worth it just to be ignored by us since they've been caught as a potential phishing site.

I've seen several crooks try to scam honest folks out of their hard-earned money. Exasperatingly many people fall for such scams. Linking one's wallet to an unfamiliar website is like giving a stranger one's credit card and PIN in hopes they won't steal.

Such situations need prioritizing safety and well-being. Before giving a website your wallet or connecting it, be cautious and do your research. If one has any doubts, they should consult a cybersecurity professional or any crypto professional immediately. Always be cautious rather than complacent.

libert19

hero member

Activity: 2520

Merit: 952

Quote from: robelneo on February 24, 2023, 01:54:54 AM

Quote from: Pmalek on February 23, 2023, 02:30:05 PM

Quote from: libert19 on February 22, 2023, 11:34:43 PM

You could use two wallets on metamask itself, with 'useless' one for sites like mentioned in op.

Yes, but that doesn't change the fact that your hot wallet (the software itself) shouldn't be put in a situation where someone could potentially abuse it. It might just be a phishing and social engineering attack, but if there is also malware involved then nothing is safe.

I would not even use my spare wallet just to try, they want you to think it's safe until they are not anymore, so you link your wallet play there and withdraw, then you think it's safe to use your main wallet to save transaction fees from your main wallet to your spare wallet, it is when you are comfortable that they going to do hacking.

I prefer to wait for reviews and audits of their smart contract or until they have proven that they are safe to trust their platform to link your wallet.

I meant it for investigation purposes. Connecting wallet does not do anything unless you give dapp approval permission.

When you connect, at least in case metamask it would show — 'See address, account balance, activity and suggest transactions to approve'.

Your wallet is at mercy of last one, once you do this to any shady dapp, your wallet is done.

Regarding audits, they may give some level of legitimacy but don't mean much, plenty cases where audited platforms got drained.

robelneo

legendary

Activity: 3416

Merit: 1225

Quote from: Pmalek on February 23, 2023, 02:30:05 PM

Quote from: libert19 on February 22, 2023, 11:34:43 PM

You could use two wallets on metamask itself, with 'useless' one for sites like mentioned in op.

Yes, but that doesn't change the fact that your hot wallet (the software itself) shouldn't be put in a situation where someone could potentially abuse it. It might just be a phishing and social engineering attack, but if there is also malware involved then nothing is safe.

I would not even use my spare wallet just to try, they want you to think it's safe until they are not anymore, so you link your wallet play there and withdraw, then you think it's safe to use your main wallet to save transaction fees from your main wallet to your spare wallet, it is when you are comfortable that they going to do hacking.

I prefer to wait for reviews and audits of their smart contract or until they have proven that they are safe to trust their platform to link your wallet.

BenCodie

legendary

Activity: 1666

Merit: 1037

Quote from: bitcampaign on February 23, 2023, 05:37:31 PM

the thread has been deleted and can't be accessed, so far I've used zkasino never had any problems or maybe someone plagiarized their original site for scams and I don't know if this discussion leads to the original site or the plagiarist, but as far as I know everything is safe until now and thanks for this information

Yes, it seems that the user ripped the landing page and just replaced everything with malicious wallet connect requests. Thankfully the situation has been handled and for now, the thread was deleted and this one has become more of a point of reference to this unique attempt now. If you want to see how the user conducted the attempt, see the second post by bitbollo.

Quote from: bitbollo on February 22, 2023, 11:48:01 AM

scam sites or in general scams are not moderated here on bitcointalk so moderators will not doing anything.

I have tried to connect my wallet in order to collect some coins airdropped but Roll Eyes

Quote

Your wallet balance is too low to claim anything, Please deposit funds or try again with another wallet.

it seems this site is just a clone of https://play.zkasino.io/ (I don't know if it's a scam even this but for sure here you can access to social media/player addresses etc...)
and yes you can't see anything but just connect your wallet.
any items you try to click is just a reminder to homepage or connect wallet Roll Eyes

https://who.is/whois/zkasino.win
according who.is this site has been registered on 21 February 2023 ... and has already
- 29241 users and - 35117472 bets... in less than 20 hours!
(note this amount has not changed since I am connected there... including live bets)

ok it's a scam Wink

meanwhile Z-Kasino has deleted his topic Sad

https://ninjastic.space/search?author=Z-Kasino&board=56 but here you can find all details Wink

Red trust added!

bitcampaign

sr. member

Activity: 1918

Merit: 268

20BET - Premium Casino & Sportsbook

the thread has been deleted and can't be accessed, so far I've used zkasino never had any problems or maybe someone plagiarized their original site for scams and I don't know if this discussion leads to the original site or the plagiarist, but as far as I know everything is safe until now and thanks for this information

BenCodie

legendary

Activity: 1666

Merit: 1037

Quote from: Pmalek on February 23, 2023, 02:30:05 PM

Quote from: libert19 on February 22, 2023, 11:34:43 PM

You could use two wallets on metamask itself, with 'useless' one for sites like mentioned in op.

Yes, but that doesn't change the fact that your hot wallet (the software itself) shouldn't be put in a situation where someone could potentially abuse it. It might just be a phishing and social engineering attack, but if there is also malware involved then nothing is safe.

Using a browser extension wallet that is useless as the user suggested should be a perfectly fine way to test websites that require wallet connection. Usually the full extent that a malicious wallet connect website can go, is accessing all of your addresses and doing as much damage as that permission can damage. As far as I am aware, there is no such malware that can be injected into your browser or desktop via wallet connection.

batang_bitcoin

hero member

Activity: 3080

Merit: 603

Thanks for ups!
Whenever I see websites that wants me to connect my wallet onto them, I'm completely closing my window there and never visits again.
These scammers would do everything what it takes to scam and rob people's money, so don't oblige on their technique of stealing everyone that would be gullible to their schemes.
I wouldn't even waste my time on trying it out with a wallet of mine that contains nothing, they're worth it just to be ignored by us since they've been caught as a potential phishing site.

Fivestar4everMVP

legendary

Activity: 2422

Merit: 1083

Leading Crypto Sports Betting & Casino Platform

Quote from: libert19 on February 23, 2023, 05:25:54 AM

Quote from: Broadanbig on February 23, 2023, 05:16:22 AM

It is really a shame just as you have said but we cannot do anything here rather than account ban but we know this is a decentralized platform void of kyc so any one here is free to make posts, comment and take part in work or jobs available.

Neither do i know proper meaning of decentralization, but pretty sure this forum ain't it.

The forum is not decentralized, from what I know and understand decentralization to be or mean, but then, what we can conclude on is that the forum grants freedom of posts/speech to everyone, as long as you as it does not go against the forum rules, or put others in a state or situation where they are likely to lose their funds to scam mostly.
Though the forum does not monitor or regulate scam, but through reports from users, the moderators still try their best to delete/ trash out posts created with a motive to scam unsuspecting victims, which is really good, and again, the system also warn users against dealing with users with high negative trust rating, which is another good feature again.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: libert19 on February 22, 2023, 11:34:43 PM

You could use two wallets on metamask itself, with 'useless' one for sites like mentioned in op.

Yes, but that doesn't change the fact that your hot wallet (the software itself) shouldn't be put in a situation where someone could potentially abuse it. It might just be a phishing and social engineering attack, but if there is also malware involved then nothing is safe.

Eternad

hero member

Activity: 1400

Merit: 623

Quote from: coin-investor on February 23, 2023, 10:29:22 AM

I'm not one who will try that, there are many DeFi casinos now but until now I haven't connected any of my wallets until they are reported safe by those who have tried their platform, it's not that I don't trust these platforms it's just that they are not fully accepted by the gambling community and there are safety parameters that need to be employed to make it safe for the gambling community.

Creating a new wallet is not that hard though just to try any service. I usually have this kind of dummy wallet so that I can explore any DeFi website without any worries since some DeFi website only shows full feature once you connect your wallet.

On this casino case. This is a clone copy of an existing project and used to phish users account. This is an obvious scam so I agree to you that people should not try this site or proven scam site.

Topic: Warning: ZKasino - Possible wallet phishing scam - page 2. (Read 659 times)