Bitcoin Forum

Guys found today a fake myetherwallet website steal address from phishing

Address of Hacker ethereum:

0xBDfaecb4eE0d1880e8d2Ae693b40EB00104D3077


Address of the fake website

https://xn--myethrwalle-jb9e19a.com/

it display DNS name as myetherwallet.com with dots on letter T to trick

Funny thing that it still got a Valid SSL certificate from Bitdefender
https://imgur.com/a/5LSuI
https://imgur.com/a/UqZQw

https://imgur.com/a/ofvUs


----------------------------------------------------------------------------------------------------------------------------------
Update:
---------

Sorry Guys but no one seemed to got my explanation of the Phishing Attack of MEW, Punycode Phishing Attacks  Undecided

this link explain it well, this exactly what happened and website still active today he got more 12000$ of more confiscated wallet  Angry

By default, many web browsers use ‘Punycode’ encoding to represent unicode characters in the URL to defend against Homograph phishing attacks. Punycode is a special encoding used by the web browser to convert unicode characters to the limited character set of ASCII (A-Z, 0-9), supported by International Domain Names (IDNs) system.

This loophole allowed the researcher to register a domain name xn--80ak6aa92e.com and bypass protection, which appears as “apple.com” by all vulnerable web browsers, including Chrome, Firefox, and Opera, though Internet Explorer, Microsoft Edge, Apple Safari, Brave, and Vivaldi are not vulnerable.
Here, xn-- prefix is known as an ‘ASCII compatible encoding’ prefix, which indicates web browser that the domain uses ‘punycode’ encoding to represent Unicode characters, and Because Zheng uses the Cyrillic "a" (U+0430) rather than the ASCII "a" (U+0041), the defence approach implemented by web browser fails.

Full Article  !!
https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

PLEASE BE CAREFUL !! MEW link will show correctly in Chrome & also with Valid SSL !!

I will be working on new project to track the Funds on Blockchain ! and Score Wallets and Tag the coins Dispersed ..

i mean why we want blockchain Huh We know the stealer ID, we know his links with Exchanges wallets... we tracked the money stolen and we know exactly where it is !!
if we cannot do something about it or crime report.. is better to be back to FIAT ! :/  


anyhow i tracked his wallet to bittrex transfer and other stuff

Anyway we can report this to Bittrex ? legal authority ? at least to lock the fund and not let him cash easily

Sorry for this bad experience and tanks for letting us know. It would be best if we ensure we bookmark the authentic site to avoid situations of this sort in future.
Sorry once again.

i updated the images links to better get a look, btw its very confusing the url is not what it shows on the site !!

The url itself is suspicious to click , the original url of myetherwallet is just myetherwallet.com and nothing words or letters is being added to that address. And when you go to the myetherwallet website their are cautions their that prompts that beware of phishing attempt. Those who have been hacked by that address is just a noob one.

Man its not a noob question,
it start with email not categorized as SPAM from EOS

then you enter EOS clone website looking like this

https://imgur.com/a/7aPcl

after this just to participate u got forwarded to myetherwallet.com which looks fishy why ?! so spend some time checking the website certificate and domain etc..

that looks like this https://imgur.com/a/7Aild

http://<blockquote class="imgur-embed-pub" lang="en" data-id="a/7Aild"><a href="//imgur.com/7Aild"></a></blockquote><script async src="//s.imgur.com/min/embed.js" charset="utf-8"></script>

from here if you notice URL looks ok with Trusted SSL but small dots on the letter which mistakenly thought dirt on the screen

in facts these are special characters displayed like that when fetched in URL,  if u copy and past it shows as the shitty address i posted in the first comment
https://xn--myethrwalle-jb9e19a.com/#send-transaction instead of my etherwallet

you got phissing man, thats fake MEW
Better using google extension for check MEW phising site or using hardware wallet

Not only with myetherwallet, but most of the wallet websites have got fake domains created by hackers. We need to be cautious to find the correct website, because it is a way through which the users entire fund can be transferred. People quite often reporting such incidents keep the user community aware about such fraudulent activities.

guys i know it was phishing, No Doubt About it ! No Recovery for Ethers also

but nothing can be done about such cases ?!  :o

i mean i got his ETH Address, he also have registered account in Bittrex as he transfered funds from there 100 days ago, so he's verified email+mobile

got his file from namecheap.com registrar and contacted them for abuse

can link also activity to another wallet with over a Million $ ( although the one use for phishing one was just 10 ether balance)

any website or agency to track such case or report ?

Lets be careful always, so that our account will be safe and far from phishing. The link of the real myetherwallet is just myetherwallet.com, so at first when you see the fake links and domain you will get curious easily and if you are really aware to the environment of myetherwallet.

Cryptocurrency Community should developing some method to anticipated preventively before anything like this happening day to day, it is disturbing me like scared me as many people felt as i do. after that community also should developing a method persuasively like cooperating with exchange or whatever cooperate can do a things persuasively to the community to anticipated such things, and community also can repressively do something like what should be accepted by the criminals.

Sorry Guys but no one seemed to got my explanation of the Phishing Attack of MEW, Punycode Phishing Attacks  :-\

this link explain it well, this exactly what happened and website still active today he got more 12000$ of more confiscated wallet  >:(

By default, many web browsers use ‘Punycode’ encoding to represent unicode characters in the URL to defend against Homograph phishing attacks. Punycode is a special encoding used by the web browser to convert unicode characters to the limited character set of ASCII (A-Z, 0-9), supported by International Domain Names (IDNs) system.

This loophole allowed the researcher to register a domain name xn--80ak6aa92e.com and bypass protection, which appears as “apple.com” by all vulnerable web browsers, including Chrome, Firefox, and Opera, though Internet Explorer, Microsoft Edge, Apple Safari, Brave, and Vivaldi are not vulnerable.
Here, xn-- prefix is known as an ‘ASCII compatible encoding’ prefix, which indicates web browser that the domain uses ‘punycode’ encoding to represent Unicode characters, and Because Zheng uses the Cyrillic "a" (U+0430) rather than the ASCII "a" (U+0041), the defence approach implemented by web browser fails.

Full Article  !!
https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

PLEASE BE CAREFUL !! MEW link will show correctly in Chrome & also with Valid SSL !!

I will be working on new project to track the Funds on Blockchain ! and Score Wallets and Tag the coins Dispersed ..

i mean why we want blockchain ??? We know the stealer ID, we know his links with Exchanges wallets... we tracked the money stolen and we know exactly where it is !!
if we cannot do something about it or crime report.. is better to be back to FIAT ! :/  

Manage to Track the wallet of the Owner of that phishing Site and Seems to Have multiple Sites in different Domains ...

The Root Fake Website  Wallet is  0xBDfaecb4eE0d1880e8d2Ae693b40EB00104D3077

Today he managed to Deposit to TIDEX exchange

Contacted their Support and waiting for Feedback