Stéllar Scam Punycode - Keybase Hack Airdrop Fiasco !

[dkbit98]

BEWARE of SCAM fake Stéllar website using Puny codes to mask real address

Story is complex, and best way to start is from very beginning.

Stellar and Keybase organised Airdrop for 2 Billion Lumens,
for all keybase users and everyone who had Github or HackerNews accounts connected with Keybase.

What happened then?

Scammers and hackers attacked Keybase, Github and HackersNews to steal users data and profiles,
so they can get more than one airdrop.

Who got hacked?

Keybase got hacked., and all email and data stolen by hackers.
But keybase/stellar NEVER admitted that, they only said it was attacks on Github and HackerNews.

In reality hackers now have emails and data of every Keybase user.

Then Stellar halted Airdrop, and even did roll-back and removed verified users.
When I tried to talk with them on github and leave feedback they erased my comment and banned me.

More info:
https://keybase.io/a/i/r/d/r/o/p/spacedrop2019

Archived:
http://archive.is/COaI8
http://archive.is/81lRR
http://archive.is/9ryTW
https://archive.st/archive/2019/9/keybase.io/ri8d/keybase.io/a/i/r/d/r/o/p/spacedrop2019.html

EDIT: Update your keybase to check your status.

Today, on same email I used to registered with keybase, I received this email





I never trust emails and airdrops
I never click on email links directly
I never download stuff from email

I did copy/paste links and this is what I found:





stéllar and mediụm Website Links are masked with google code:

Code:

https://stéllar.org/account-viewer/#!/
https://mediụm.com/blog/stellar-community/third-lumen-distribution-program/
https://claimlumens.org/a64bff5080fb2bb636b2e2b7940f04ad

https://xn--stllar-cva.org/account-viewer/#!/
https://xn--medim-9d2b.com/blog/stellar-community/third-lumen-distribution-program/

archive:
https://archive.st/archive/2019/9/xn--medim-9d2b.com/l5uu/September192019810pm-a4c98tl0uzlarfv2zqaybeaeu5ukz6wu.jpg
https://archive.st/archive/2019/9/claimlumens.org/3iab/September192019804pm-ekvlx0s377o6j1j2r9k6t37qxfmwf2ru.jpg


CONCLUSION:

- Don't use Keybase software to avoid data leak and amateur devs

- NEVER trust any email/Airdrop

- Use Firefox Browser to avoid hidden puny

- ALWAYS double check the URL in your Browser

- Don't enter your main email for any Airdrops

- Don't enter Airdrops found on social media Twitter, Telegram, Discord

- Never use same email/password for everything

- Do your own research

- [LEARN] Phishing Quizzes - Beginners & Experts 👈


More info:

@wwzsocki
What is Punycode and how to protect yourself from Homograph Phishing attacks?

@hd49728
Host-file to deal with phising sites
What to do to avoid phising sites

[Saisher]

I've received a lot of airdrops offer from web-based and telegram channel, I don't know where are these coming from. I never remember subscribing to any airdrops sites or newsletter, I'm very much aware that these airdrops are just garbage and some of them are just trying to steal your funds to your wallet, like this method, I hope people are aware of this.

[jhenfelipe]

Addition to Conclusion:
- Regardless of the browser, ALWAYS double check the URL.

Phishing sites mostly use diactrics (puny codes as you mentioned) - like dot above or below the letter (ex. ȧ , ạ), or acute used in the scam email you received (ex. é , á) and many more. People should be attentive to those

I've received a lot of airdrops offer from web-based and telegram channel

You better edit your telegram settings (Privacy and Security) to avoid being added into telegram groups without your permission and stop receiving unwanted messages from anyone aside from your contacts.

[dkbit98]

Addition to Conclusion:
- Regardless of the browser, ALWAYS double check the URL.

Phishing sites mostly use diactrics (puny codes as you mentioned) - like dot above or below the letter (ex. ȧ , ạ), or acute used in the scam email you received (ex. é , á) and many more. People should be attentive to those

I've received a lot of airdrops offer from web-based and telegram channel

You better edit your telegram settings (Privacy and Security) to avoid being added into telegram groups without your permission and stop receiving unwanted messages from anyone aside from your contacts.

Added.

One thing to mention is that I NEVER enter any Airdrops from Telegram and Discord
as they are mostly scam.

So NEVER reply and NEVER trust any PM you receive in that apps.

For Telegram you can also hide you phone number in Privacy and Security

For Discord you can disable direct messages in Privacy&Safety

[guigui371]

Hi,
Disclaimer: I am not part of the Keybase team.

I just installed Keybase on another Device to double check.

1) you do not need to enter your phone number to have a Keybase account.
2) you do not need an email to set up a Keybase account.
3) if you set up your email inside Keybase and verify it. You can also opt-out from the searchable repertory.


Conclusion :
A) you didn’t have to put your email
B) maybe your email was pwned check : haveibeenpwned.com
C) if your email was pwned in the past and is set as searchable then it is your fault not a hack.
D) if your email has never been pwned and set as “not searchable” then Keybase Email data base may have been Compromised. 

[jorenpo]

just use the main stellar (XLM) webpage or webwallet to avoid phishing. avoid using simple password that easily bruted.

[dkbit98]

Hi,
Disclaimer: I am not part of the Keybase team.

I just installed Keybase on another Device to double check.

1) you do not need to enter your phone number to have a Keybase account.
2) you do not need an email to set up a Keybase account.
3) if you set up your email inside Keybase and verify it. You can also opt-out from the searchable repertory.

Conclusion :
A) you didn’t have to put your email
B) maybe your email was pwned check : haveibeenpwned.com
C) if your email was pwned in the past and is set as searchable then it is your fault not a hack.
D) if your email has never been pwned and set as “not searchable” then Keybase Email data base may have been Compromised.

1) I did NOT

2)

 
3) I did opt-out right after registration


Conclusion:
A) yes I did
B) Nope
C) Nope
D) It was set as “not searchable”
 

[libert19]

3) if you set up your email inside Keybase and verify it. You can also opt-out from the searchable repertory.

How do you opt-out from repertory? I lurked around in app but unable to find it.

[Chikito]

This not make a sense when keybase canceled all airdrop github connected account.
my Github account is fine, I am using authentication a mobile app and never warning hacker hacked my Github.
I am surprised stellar badge was gone on my profile

[hugeblack]

These Ancient Greek characters you mentioned are known as Punycode (It is a system for converting words from these characters into concept characters or what is known as ASCII characters) and are one of the legitimate ways of scam.

This is one way to protect yourself if you use Firefox.

To protect yourself from this kind of attack, in Firefox open a new tab, type about:config, accept the warning, search for "punycode", and change the value of network.IDN_show_punycode to true. This will change the URL in your browser from the examples I've given in this post to instead display as the examples Baofeng has given in his (so from mẹdium to xn--mdium-n51b, for example).

for more ----> What is Punycode and how to protect yourself from Homograph Phishing attacks?

It's not limited to Keybase but you should be careful when browsing sites or when a message comes to you.

Also, "SSL certificate is valid" Doesn't mean you are safe, check out ----> https://bitcointalk.org/index.php?topic=5184169.msg52506958#msg52506958

[dkbit98]

These Ancient Greek characters you mentioned are known as Punycode

I never said it is 'Ancient Greek character, and I do know what Punycode is,
and I also posted links with more information and wrote on top it is Puny code....
On the bottom you can see same link you posted







Thanks anyway

[dkbit98]

Archived:
https://archive.is/Cxaij

Stellar now finished their Airdrop fiasco.
What can I say about it?
They can do whatever they want, and nobody should trust them after this and after they burned a bunch of coins (but zero developer coins)

I would not trust them and I would not use Stellar coin or Keybase after all this fiasco