Bitcoin Forum
September 24, 2018, 04:53:39 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: hydroBETA KYC linking to phishing MEW lookalike  (Read 42 times)
biggNY
Jr. Member
*
Online Online

Activity: 112
Merit: 2


View Profile
August 13, 2018, 03:35:27 PM
 #1

Hi guys, just wanted to make sure, that as many useras as possible know about this. Few days ago hydroBETA airdrop was listed here on BCT. They promised 222.222 to everybody. So I signed up. They also offered 22.222 per referral and extra drop for holding ETH and HYDRO. Everything good so far, probably too good.

Then on Saturday I received email for KYC. Looking at the site linked I was immediately suspicious. For KYC they only wanted to know my name, email address and ETH address. All of which they had already. And after entering your MEW address (I just typed random letters) link pops up to link your MEW to their site! That link goes through bit.ly(they say link looks suspicious btw) to this site myetherwallet.com.ip10.icu/signmsg.html. The site has large MEW logo on top, but when you click it it does nothing. It tries too much to look like MEW site, but it is not.

All of this just look way too suspicious and is not worth that trouble. Go ahead check it out for yourself.

★ PRiVCY ➢ Own Your Privacy! ➢ Best privacy crypto-market! ★
✈✈✈[PoW/PoS]✅[Tor]✅[Airdrop]✈✈✈ (https://privcy.io/)
1537764819
Hero Member
*
Offline Offline

Posts: 1537764819

View Profile Personal Message (Offline)

Ignore
1537764819
Reply with quote  #2

1537764819
Report to moderator
1537764819
Hero Member
*
Offline Offline

Posts: 1537764819

View Profile Personal Message (Offline)

Ignore
1537764819
Reply with quote  #2

1537764819
Report to moderator
1537764819
Hero Member
*
Offline Offline

Posts: 1537764819

View Profile Personal Message (Offline)

Ignore
1537764819
Reply with quote  #2

1537764819
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537764819
Hero Member
*
Offline Offline

Posts: 1537764819

View Profile Personal Message (Offline)

Ignore
1537764819
Reply with quote  #2

1537764819
Report to moderator
1537764819
Hero Member
*
Offline Offline

Posts: 1537764819

View Profile Personal Message (Offline)

Ignore
1537764819
Reply with quote  #2

1537764819
Report to moderator
1537764819
Hero Member
*
Offline Offline

Posts: 1537764819

View Profile Personal Message (Offline)

Ignore
1537764819
Reply with quote  #2

1537764819
Report to moderator
Avirunes
Copper Member
Legendary
*
Offline Offline

Activity: 1204
Merit: 1092


View Profile
August 13, 2018, 04:36:36 PM
 #2

[..]

Recently there were cases reported like same. Also please make the site link un-clickable.



I got into the JavaScript directory of the site : https:// [phising site: myetherwallet.com.ip10.icu] /js/ which hosts  cfg.js which contains:

Code:
var home = "/log.php";
var link = "local";
var bb_link = window.location.hostname;

I searched for this and found out someone actually explaining about this : http://archive.is/aWQvq#selection-6683.0-6683.192

biggNY
Jr. Member
*
Online Online

Activity: 112
Merit: 2


View Profile
August 13, 2018, 05:48:30 PM
 #3

[..]

Recently there were cases reported like same. Also please make the site link un-clickable.



I got into the JavaScript directory of the site : https:// [phising site: myetherwallet.com.ip10.icu] /js/ which hosts  cfg.js which contains:

Code:
var home = "/log.php";
var link = "local";
var bb_link = window.location.hostname;

I searched for this and found out someone actually explaining about this : http://archive.is/aWQvq#selection-6683.0-6683.192

I removed the https part, link is now not clickable, hope it is ok like this. Or is there specific way of doing that? Sorry wasn’t aware that it cannot be clickable

So after checking that linked site it seems that my suspicion was right. The snippet of code you pasted is designed to harvest info, right? Hope this post prevents these *#!%?*! from getting access to lot of peoples wallets.

Spread the info ppl 🙏

★ PRiVCY ➢ Own Your Privacy! ➢ Best privacy crypto-market! ★
✈✈✈[PoW/PoS]✅[Tor]✅[Airdrop]✈✈✈ (https://privcy.io/)
Alloiz
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
August 27, 2018, 08:31:11 AM
 #4

Thanks!
Also such a message
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!