Yup, an obvious accident in the human genepool somehow slipped past Darwin's checks.
Joel_Jantsen has the right idea, but maybe I can add a little zing to it.
- Get a cheap .com domain, say "exm0.com" (purely an example, make it something the fool won't recognize to soon) and set up a site that looks like Exmo.com.
- Make sure that he can use the fake info to log in on it.
- Also make sure you have a script that logs his IP and other info for you (browser/user agent, system language, all the good stuff).
If it's a really good script, it can even check if he's on a proxy/vpn or not (though they won't always show, but a lot of them still do show).
Take all that info to law enforcement (unless you got your doge/other coins by more nefarious means, in which case, try to find out yourself where this idiot bumbag is really operating from).
And whatever you do, don't go the route of using the fake site to put any nasty stuff on his computer.
For starters, you don't know his actual system (android? Windows? Mac? Linux? Atari 2600?) so you can't be sure any worm/trojan/other digital herpes would work.
Secondly, you can't be certain if he uses his own computer or if he tricked someone into letting them use theirs.
Not worth the effort for a lame phishing attempt like this, not to mention that two wrongs don't make it right.
Creating a phishing domain can backfire real quick.Better ask exmo support (real one) and maybe they would want to create a fake account to trap the fool.First off, I did include some warnings of what could go wrong by creating a fake site to trap this fool; I've made that part bold and italic in what was quoted from me.
Second, it wouldn't be a phishing domain; well, unless you want to reason that the intent of finding out an IP this way is phishing, in which case a bunch of legit tech giant companies such as Google, Microsoft, Facebook and their ilk would probably very much like a word with you.
You're not stealing any random person's credentials used for logging in through this domain; you're merely confirming that indeed this specific person has bamboozled
your credentials and has the intent of using them in illegitimate ways, for illegitimate purposes.
Third, uhm yeah, exmo creating that fake account, totally not technically in the same category as doing it yourself on your domain... but actually, I'd very much like it if they DID go to such lengths to help bust some crackerjack skidmark; they won't because likely they don't very much enjoy the possibility of
it backfiring on them, as you say, but I'd actually applaud them for taking such a stand and helping bust the thieving idiot.
