Bitcoin Forum
November 21, 2019, 01:08:58 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Stéllar Scam Punycode - Keybase Hack Airdrop Fiasco !  (Read 242 times)
dkbit98
Sr. Member
****
Offline Offline

Activity: 602
Merit: 490


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
September 19, 2019, 10:37:49 PM
Last edit: September 20, 2019, 11:04:30 AM by dkbit98
Merited by bones261 (2), Daniel91 (1), marlboroza (1), ljudotina (1), tvplus006 (1), lovesmayfamilis (1), SuperTA (1)
 #1

BEWARE of SCAM fake Stéllar website using Puny codes to mask real address

Story is complex, and best way to start is from very beginning.

Stellar and Keybase organised Airdrop for 2 Billion Lumens,
for all keybase users and everyone who had Github or HackerNews accounts connected with Keybase.

What happened then?

Scammers and hackers attacked Keybase, Github and HackersNews to steal users data and profiles,
so they can get more than one airdrop.

Who got hacked?

Keybase got hacked., and all email and data stolen by hackers.
But keybase/stellar NEVER admitted that, they only said it was attacks on Github and HackerNews.

In reality hackers now have emails and data of every Keybase user.

Then Stellar halted Airdrop, and even did roll-back and removed verified users.
When I tried to talk with them on github and leave feedback they erased my comment and banned me.

More info:
https://keybase.io/a/i/r/d/r/o/p/spacedrop2019

Archived:
http://archive.is/COaI8
http://archive.is/81lRR
http://archive.is/9ryTW
https://archive.st/archive/2019/9/keybase.io/ri8d/keybase.io/a/i/r/d/r/o/p/spacedrop2019.html

EDIT: Update your keybase to check your status.


Today, on same email I used to registered with keybase, I received this email





I never trust emails and airdrops
I never click on email links directly
I never download stuff from email

I did copy/paste links and this is what I found:





stéllar and medim Website Links are masked with google code:

Code:
https://stéllar.org/account-viewer/#!/
https://mediụm.com/blog/stellar-community/third-lumen-distribution-program/
https://claimlumens.org/a64bff5080fb2bb636b2e2b7940f04ad

https://xn--stllar-cva.org/account-viewer/#!/
https://xn--medim-9d2b.com/blog/stellar-community/third-lumen-distribution-program/

archive:
https://archive.st/archive/2019/9/xn--medim-9d2b.com/l5uu/September192019810pm-a4c98tl0uzlarfv2zqaybeaeu5ukz6wu.jpg
https://archive.st/archive/2019/9/claimlumens.org/3iab/September192019804pm-ekvlx0s377o6j1j2r9k6t37qxfmwf2ru.jpg


CONCLUSION:

- Don't use Keybase software to avoid data leak and amateur devs

- NEVER trust any email/Airdrop

- Use Firefox Browser to avoid hidden puny

- ALWAYS double check the URL in your Browser

- Don't enter your main email for any Airdrops

- Don't enter Airdrops found on social media Twitter, Telegram, Discord

- Never use same email/password for everything

- Do your own research

- [LEARN] Phishing Quizzes - Beginners & Experts
👈


More info:
Quote

Quote


1574298538
Hero Member
*
Offline Offline

Posts: 1574298538

View Profile Personal Message (Offline)

Ignore
1574298538
Reply with quote  #2

1574298538
Report to moderator
1574298538
Hero Member
*
Offline Offline

Posts: 1574298538

View Profile Personal Message (Offline)

Ignore
1574298538
Reply with quote  #2

1574298538
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1574298538
Hero Member
*
Offline Offline

Posts: 1574298538

View Profile Personal Message (Offline)

Ignore
1574298538
Reply with quote  #2

1574298538
Report to moderator
1574298538
Hero Member
*
Offline Offline

Posts: 1574298538

View Profile Personal Message (Offline)

Ignore
1574298538
Reply with quote  #2

1574298538
Report to moderator
Saisher
Full Member
***
Offline Offline

Activity: 784
Merit: 109


View Profile
September 20, 2019, 01:09:26 AM
 #2

I've received a lot of airdrops offer from web-based and telegram channel, I don't know where are these coming from. I never remember subscribing to any airdrops sites or newsletter, I'm very much aware that these airdrops are just garbage and some of them are just trying to steal your funds to your wallet, like this method, I hope people are aware of this.
jhenfelipe
Hero Member
*****
Offline Offline

Activity: 1302
Merit: 607

CryptoTalk.Org - Get Paid for every Post!


View Profile
September 20, 2019, 09:40:20 AM
 #3

Addition to Conclusion:
- Regardless of the browser, ALWAYS double check the URL.

Phishing sites mostly use diactrics (puny codes as you mentioned) - like dot above or below the letter (ex. ȧ , ạ), or acute used in the scam email you received (ex. é , á) and many more. People should be attentive to those


I've received a lot of airdrops offer from web-based and telegram channel
You better edit your telegram settings (Privacy and Security) to avoid being added into telegram groups without your permission and stop receiving unwanted messages from anyone aside from your contacts.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
dkbit98
Sr. Member
****
Offline Offline

Activity: 602
Merit: 490


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
September 20, 2019, 10:22:28 AM
Last edit: September 20, 2019, 10:54:01 AM by dkbit98
 #4

Addition to Conclusion:
- Regardless of the browser, ALWAYS double check the URL.

Phishing sites mostly use diactrics (puny codes as you mentioned) - like dot above or below the letter (ex. ȧ , ạ), or acute used in the scam email you received (ex. é , á) and many more. People should be attentive to those


I've received a lot of airdrops offer from web-based and telegram channel
You better edit your telegram settings (Privacy and Security) to avoid being added into telegram groups without your permission and stop receiving unwanted messages from anyone aside from your contacts.

Added.

One thing to mention is that I NEVER enter any Airdrops from Telegram and Discord
as they are mostly scam.

So NEVER reply and NEVER trust any PM you receive in that apps.

For Telegram you can also hide you phone number in Privacy and Security

For Discord you can disable direct messages in Privacy&Safety

guigui371
Legendary
*
Online Online

Activity: 1410
Merit: 1057



View Profile
September 26, 2019, 03:46:13 AM
 #5

Hi,
Disclaimer: I am not part of the Keybase team.

I just installed Keybase on another Device to double check.

1) you do not need to enter your phone number to have a Keybase account.
2) you do not need an email to set up a Keybase account.
3) if you set up your email inside Keybase and verify it. You can also opt-out from the searchable repertory.


Conclusion :
A) you didn’t have to put your email
B) maybe your email was pwned check : haveibeenpwned.com
C) if your email was pwned in the past and is set as searchable then it is your fault not a hack.
D) if your email has never been pwned and set as “not searchable” then Keybase Email data base may have been Compromised. 

smartmixer.io▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
.Make your Cryptos untraceable!.
(( ███████ ((    TELEGRAM    )) ███████ ))
▄▄███████▄▄
▄███████▀███████▄
▄███▀▀▀ ▄▄▄ ▀▀▀███▄
▄███ ▄▀▀▀   ▀▀▀▄ ███▄
████ █  ▄   ▄█ █ ████
████▌▐▌ ▀█▄█▀ ▐▌▐████
▀████ ▀▄  ▀  ▄▀ ████▀
▀████▄ ▀▄▄▄▀ ▄████▀
▀█████▄▄ ▄▄█████▀
▀▀███████▀▀
.
NO LOGS
▄▄███████▄▄
▄██████▀▀▀██████▄
▄█████▀ ▄▄▄ ▀█████▄
▄██████ ▀   █ ██████▄
███████   █▀  ███████
████████▄ ▄ ▄████████
▀████▀         ▀████▀
▀███   ▄   ▄   ███▀
▀███████████████▀
▀▀███████▀▀
.
NO SIGN-UP
▄▄███████▄▄
▄███████████████▄
▄███████▀   ▀█████▄
▄████▀  ▀      █████▄
████     ▄▀▄  ▀ ▀████
███    ▄▀▄ ▄▀▄    ███
▀███▄▄  ▀█ █▀   ▄███▀
▀████████ ████████▀
▀███████████████▀
▀▀███████▀▀
.

70% COMSN
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
MIX NOW!
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
jorenpo
Sr. Member
****
Offline Offline

Activity: 602
Merit: 250



View Profile
September 26, 2019, 06:51:04 AM
 #6

just use the main stellar (XLM) webpage or webwallet to avoid phishing. avoid using simple password that easily bruted.

.
▄███▄       ▄▄██████▄▄     ▄▄██████▄▄     ▄▄██████▄▄
█████    ▄██████████████▄██████████████▄ █████████████▄
 ▀▀▀    ▄███████████████████████████████▄ █████████████▄
 ▄▄▄   ▄█████▀      ▀███████▀      ▀█████▄ ▀      ▀█████▄
█████  █████          █████          █████          █████
█████  █████          █████          █████          █████

█████  █████          █████          █████          █████

█████  █████          █████          █████        ▄█████▀

█████  █████          █████          ███████████████████

█████  █████          █████          █████████████████▀

 ▀▀██   ▀▀██            ▀██           ▀▀██████████▀▀
███████████████████████████████████████████████████████████████████████████████████████████
.

IMO Ecosystem
.
███████████████████████████████████████████████████████████████████████████████████████████
██   ██
 ██   ██
  ██   ██
   ██   ██
    ██   ██
     ██   ██
     ██   ██
    ██   ██
   ██   ██
  ██   ██
 ██   ██
██   ██
dkbit98
Sr. Member
****
Offline Offline

Activity: 602
Merit: 490


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
September 26, 2019, 09:01:29 PM
 #7

Hi,
Disclaimer: I am not part of the Keybase team.

I just installed Keybase on another Device to double check.

1) you do not need to enter your phone number to have a Keybase account.
2) you do not need an email to set up a Keybase account.
3) if you set up your email inside Keybase and verify it. You can also opt-out from the searchable repertory.

Conclusion :
A) you didn’t have to put your email
B) maybe your email was pwned check : haveibeenpwned.com
C) if your email was pwned in the past and is set as searchable then it is your fault not a hack.
D) if your email has never been pwned and set as “not searchable” then Keybase Email data base may have been Compromised.


1) I did NOT

2)

 
3) I did opt-out right after registration


Conclusion:
A) yes I did
B) Nope
C) Nope
D) It was set as “not searchable”
 

libert19
Full Member
***
Offline Offline

Activity: 868
Merit: 114


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
September 28, 2019, 03:47:48 AM
 #8


3) if you set up your email inside Keybase and verify it. You can also opt-out from the searchable repertory.

How do you opt-out from repertory? I lurked around in app but unable to find it.

DroomieChikito
Sr. Member
****
Offline Offline

Activity: 770
Merit: 398



View Profile WWW
September 28, 2019, 05:46:57 AM
 #9

This not make a sense when keybase canceled all airdrop github connected account.
my Github account is fine, I am using authentication a mobile app and never warning hacker hacked my Github.
I am surprised stellar badge was gone on my profile





smartmixer.io▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
Make your Cryptos untraceable!
(( ███████ ((    TELEGRAM    )) ███████ ))
▄▄███████▄▄
▄███████▀███████▄
▄███▀▀▀ ▄▄▄ ▀▀▀███▄
▄███ ▄▀▀▀   ▀▀▀▄ ███▄
████ █  ▄   ▄█ █ ████
████▌▐▌ ▀█▄█▀ ▐▌▐████
▀████ ▀▄  ▀  ▄▀ ████▀
▀████▄ ▀▄▄▄▀ ▄████▀
▀█████▄▄ ▄▄█████▀
▀▀███████▀▀
.

NO LOGS
▄▄███████▄▄
▄██████▀▀▀██████▄
▄█████▀ ▄▄▄ ▀█████▄
▄██████ ▀   █ ██████▄
███████   █▀  ███████
████████▄ ▄ ▄████████
▀████▀         ▀████▀
▀███   ▄   ▄   ███▀
▀███████████████▀
▀▀███████▀▀
.

NO SIGN-UP
▄▄███████▄▄
▄███████████████▄
▄███████▀   ▀█████▄
▄████▀  ▀      █████▄
████     ▄▀▄  ▀ ▀████
███    ▄▀▄ ▄▀▄    ███
▀███▄▄  ▀█ █▀   ▄███▀
▀████████ ████████▀
▀███████████████▀
▀▀███████▀▀
.

70% COMSN
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
MIX NOW!
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
hugeblack
Hero Member
*****
Offline Offline

Activity: 882
Merit: 854


Strange block 74638


View Profile
September 29, 2019, 08:38:01 PM
 #10

These Ancient Greek characters you mentioned are known as Punycode (It is a system for converting words from these characters into concept characters or what is known as ASCII characters) and are one of the legitimate ways of scam.

This is one way to protect yourself if you use Firefox.

To protect yourself from this kind of attack, in Firefox open a new tab, type about:config, accept the warning, search for "punycode", and change the value of network.IDN_show_punycode to true. This will change the URL in your browser from the examples I've given in this post to instead display as the examples Baofeng has given in his (so from mẹdium to xn--mdium-n51b, for example).

for more ----> What is Punycode and how to protect yourself from Homograph Phishing attacks?

It's not limited to Keybase but you should be careful when browsing sites or when a message comes to you.

Also, "SSL certificate is valid" Doesn't mean you are safe, check out ----> https://bitcointalk.org/index.php?topic=5184169.msg52506958#msg52506958

dkbit98
Sr. Member
****
Offline Offline

Activity: 602
Merit: 490


First 100% Liquid Stablecoin Backed by Gold


View Profile WWW
September 29, 2019, 08:55:54 PM
 #11

These Ancient Greek characters you mentioned are known as Punycode

I never said it is 'Ancient Greek character, and I do know what Punycode is,
and I also posted links with more information and wrote on top it is Puny code....
On the bottom you can see same link you posted Wink







Thanks anyway

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!