hydroBETA KYC linking to phishing MEW lookalike

[biggNY]

Hi guys, just wanted to make sure, that as many useras as possible know about this. Few days ago hydroBETA airdrop was listed here on BCT. They promised 222.222 to everybody. So I signed up. They also offered 22.222 per referral and extra drop for holding ETH and HYDRO. Everything good so far, probably too good.

Then on Saturday I received email for KYC. Looking at the site linked I was immediately suspicious. For KYC they only wanted to know my name, email address and ETH address. All of which they had already. And after entering your MEW address (I just typed random letters) link pops up to link your MEW to their site! That link goes through bit.ly(they say link looks suspicious btw) to this site myetherwallet.com.ip10.icu/signmsg.html. The site has large MEW logo on top, but when you click it it does nothing. It tries too much to look like MEW site, but it is not.

All of this just look way too suspicious and is not worth that trouble. Go ahead check it out for yourself.

[1713519115]

1713519115

[1713519115]

1713519115

[1713519115]

1713519115

[1713519115]

1713519115

[Avirunes]

[..]

Recently there were cases reported like same. Also please make the site link un-clickable.


I got into the JavaScript directory of the site : https:// [phising site: myetherwallet.com.ip10.icu] /js/ which hosts  cfg.js which contains:

Code:

var home = "/log.php";
var link = "local";
var bb_link = window.location.hostname;

I searched for this and found out someone actually explaining about this : http://archive.is/aWQvq#selection-6683.0-6683.192

[biggNY]

[..]

Recently there were cases reported like same. Also please make the site link un-clickable.


I got into the JavaScript directory of the site : https:// [phising site: myetherwallet.com.ip10.icu] /js/ which hosts  cfg.js which contains:

Code:

var home = "/log.php";
var link = "local";
var bb_link = window.location.hostname;

I searched for this and found out someone actually explaining about this : http://archive.is/aWQvq#selection-6683.0-6683.192

I removed the https part, link is now not clickable, hope it is ok like this. Or is there specific way of doing that? Sorry wasn’t aware that it cannot be clickable

So after checking that linked site it seems that my suspicion was right. The snippet of code you pasted is designed to harvest info, right? Hope this post prevents these *#!%?*! from getting access to lot of peoples wallets.

Spread the info ppl 🙏

[Alloiz]

Thanks!
Also such a message