Coinfirm documents interesting or high profile frauds and hacks that have recently happened and been reported into our networks to show how can help track and prevent it in the future. Today we conduct an investigation into Fake Sites.
Out of all the ways to risk having your crypto stolen, the one that is usually overlooked is using a fake site posing as your favorite crypto wallet/exchange. What’s even worse is that an attack of this kind isn’t that easy to detect.
The differences could be incredibly subtle. It mostly revolves around using similar using letters or adding one in the middle. What usually gives these sites away is using the unsafe HTTP protocol and having no SSL certificate. (as seen below, a site posing as index instead of having an L in the name, making it barely distinguishable).
But what if a person is sure that they have entered the right address and didn’t click on any phishing links? This is the problem many MyEtherWallet users faced when the site had its DNS servers hacked. MEW being an extremely popular online Ethereum wallet service is often a target of various attacks, although until this year, an attack this sophisticated hasn’t happened.
So how does it work?
A DNS server is a computer server that contains a database of IP addresses and their corresponding hostnames. Whenever you enter an address into a browser it has to resolve its actual IP address that is hidden under the website address. If an attacker is able to replace the site’s IP address with his own under the same name, the only way a victim is able to tell that the site is fake is to thoroughly check the SSL certificate, and truth be told, barely anyone does that. (as seen below, the fake site had an invalid certificate despite the URL being right)
Once the fake site obtains somebody’s login information or – even worse – their wallet keys, it’s a matter of minutes before the victim loses everything they had with no real way of recovering the stolen funds.
These stories are a great reminder that while enjoying the benefits of cryptocurrencies, one must remain vigilant and adhere to the basic rule: Verify.
At Coinfirm we believe in setting the highest standards for the industry. If anyone notices such an attack, they can report the attacker through the AML Platform. The submitted data is then analyzed and processed by our data science team for validation of submitted data. Once flagged entities using the Coinfirm AML Platform such as exchanges can see the source and potentially freeze the funds and prevent further risk spreading through the ecosystem. This helps the crypto economy become safer and more transparent while fighting malicious actors. Below you can see the risk score in the Coinfirm AML Risk Report created for the MyEtherWallet hacker’s address.
The Coinfirm Team