{Warning}: Bitaddress.org Phishing websites

[Baofeng]

I was reading this post in the Bitcoin Technical Support, Did I compromise my paper wallet? Help and opinions appreciated and it reminded me of

Code:

https://www.bitaddress.org/

So I try to investigate and see if scammers are targeting this website. And as I dig deeper, I stumbled upon this reddit post:

https://www.reddit.com/r/Bitcoin/comments/czriz8/biladdressorg_phishing_scam_website/

I also found many domains that look like bitaddress.org with spelling mistakes (duplicated letters, missing letters, reordered letters, letters that are replaced with close keyboard keys),

So far I have crossed reference his find with my investigations:

Code:

http://www.b8itaddress.org
http://www.b8taddress.org
http://www.b9itaddress.org
http://www.b9taddress.org
http://www.bbitaddress.org
http://www.bi5address.org
http://www.bi5taddress.org
http://www.bi6address.org
http://www.bi6taddress.org
http://www.bi8taddress.org
http://www.bi9taddress.org
http://www.biaddress.org
http://www.biatddress.org
http://www.bifaddress.org
http://www.biftaddress.org
http://www.bigtaddress.org
http://www.biitaddress.org
http://www.bijtaddress.org
http://www.biktaddress.org
http://www.biotaddress.org
http://www.biraddress.org
http://www.birtaddress.org
http://www.bit2address.org
http://www.bit5address.org
http://www.bit6address.org
http://www.bita2ddress.org
http://www.bitaaddress.org
http://www.bitacddress.org
http://www.bitacdress.org
http://www.bitadcdress.org
http://www.bitadcress.org
http://www.bitadd4ess.org
http://www.bitadd4ress.org
http://www.bitadd5ess.org
http://www.bitadd5ress.org
http://www.bitaddcress.org
http://www.bitadddess.org
http://www.bitadddress.org
http://www.bitaddeess.org
http://www.bitadderess.org
http://www.bitaddess.org
http://www.bitaddfess.org
http://www.bitaddfress.org
http://www.bitaddiress.org
http://www.bitaddlress.org
http://www.bitaddr3ess.org
http://www.bitaddr3ss.org
http://www.bitaddr4ess.org
http://www.bitaddr4ss.org
http://www.bitaddr5ess.org
http://www.bitaddrdess.org
http://www.bitaddrdss.org
http://www.bitaddre3ss.org
http://www.bitaddre4ss.org
http://www.bitaddreas.org
http://www.bitaddreass.org
http://www.bitaddreds.org
http://www.bitaddrees.org
http://www.bitaddreess.org
http://www.bitaddreqss.org
http://www.bitaddrerss.org
http://www.bitaddresa.org
http://www.bitaddresd.org
http://www.bitaddresds.org
http://www.bitaddrese.org
http://www.bitaddresqs.org
http://www.bitaddresss.org
http://www.bitaddresws.org
http://www.bitaddresx.org
http://www.bitaddresxs.org
http://www.bitaddresys.org
http://www.bitaddreszs.org
http://www.bitaddrewss.org
http://www.bitaddrexs.org
http://www.bitaddrexss.org
http://www.bitaddreyss.org
http://www.bitaddrezs.org
http://www.bitaddrezss.org
http://www.bitaddrrss.org
http://www.bitaddrses.org
http://www.bitaddrsess.org
http://www.bitaddrss.org
http://www.bitaddrsss.org
http://www.bitaddrtess.org
http://www.bitaddrwess.org
http://www.bitaddrwss.org
http://www.bitaddsress.org
http://www.bitaddtess.org
http://www.bitaddtress.org
http://www.bitaddxress.org
http://www.bitadedress.org
http://www.bitadfdress.org
http://www.bitadidress.org
http://www.bitadldress.org
http://www.bitadrdess.org
http://www.bitadrdress.org
http://www.bitadrress.org
http://www.bitadsdress.org
http://www.bitadsress.org
http://www.bitadxdress.org
http://www.bitadxress.org
http://www.bitaeddress.org
http://www.bitafddress.org
http://www.bitaqddress.org
http://www.bitarddress.org
http://www.bitardress.org
http://www.bitasddress.org
http://www.bitasdress.org
http://www.bitawddress.org
http://www.bitaxddress.org
http://www.bitaxdress.org
http://www.bitayddress.org
http://www.bitazddress.org
http://www.bitdadress.org
http://www.bitddress.org
http://www.bitfaddress.org
http://www.bitgaddress.org
http://www.bitqaddress.org
http://www.bitraddress.org
http://www.bitsddress.org
http://www.bitwaddress.org
http://www.bitwddress.org
http://www.bityaddress.org
http://www.bitzaddress.org
http://www.bitzddress.org
http://www.biutaddress.org
http://www.biyaddress.org
http://www.biytaddress.org
http://www.biztaddress.org
http://www.bjitaddress.org
http://www.bjtaddress.org
http://www.bkitaddress.org
http://www.boitaddress.org
http://www.botaddress.org
http://www.btaddress.org
http://www.btiaddress.org
http://www.buitaddress.org
http://www.butaddress.org
http://www.gitaddress.org
http://www.hitaddress.org
http://www.ibitaddress.org
http://www.ibtaddress.org
http://www.itaddress.org
http://www.lbitaddress.org
http://www.nitaddress.org
http://www.vitaddress.org

Almost all of them are still alive at this point, so we need to help each other again to take down those websites, report them so that we won't see any more victims in the future.

[1714935444]

1714935444

[1714935444]

1714935444

[coupable]

This list is horrible !  A single one simple mistake can be destructive .
I would share the info in my local board.
Does there any way to shut down those domains ? Where to report about them out of forums ? I thought host providers for those website should be also responsible about what they are hosting . Is it possible to hide those links from saerche results ?

[UserU]

This list is horrible !  A single one simple mistake can be destructive .
I would share the info in my local board.
Does there any way to shut down those domains ? Where to report about them out of forums ? I thought host providers for those website should be also responsible about what they are hosting . Is it possible to hide those links from saerche results ?

Yup, by contacting the host(s) and reporting them to Google. Thankfully one of the hosts identified is NameSilo and a random domain picked seems to be from Netherlands.

Since the WHOIS protection is active, we obviously can't determine who the perpetrator(s) are.

EDIT: Report them here @ https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

[khaled0111]

The best thing to do is to contact the hosting providers and ask them to shut those phishing websites down.

Reporting to Google and getting them blacklisted is a good idea too but won't effect these scammers as they don't rely on appearing on search results. They target their victims directly by spreading links on forums and Telegram groups.

[Krislaw]

They target their victims directly by spreading links on forums and Telegram groups.

And this makes it more hard to shut them down because they have multiple telegram accounts. And some host might decide not to respond to such report because they are being paid for their service.
Best is to keep spreading awareness to members here. Those scammers always target new members in telegram groups.

[hugeblack]

It is best to learn how to verify the signature of this site, it is open source and you can check whether the site or page (sha1sum bitaddress.zip) you downloaded through the developer or not.
check this for more info ---> How can I verify the PGP signature of bitaddress.org?
Remember even if you download from Bitaddress.org, it doesn't mean you are completely safe, check the signature first.

[khaled0111]

It is best to learn how to verify the signature of this site

The problem is when downloading the zipped file from a phishing website, verifying its signature won't do you any good as each phishing website has its own pgp file that matches the downloaded file and will show it as genuine.
Here is an example:


When you click the PGP link it will redirect you to their own PGP key hosted on their server.

[TryNinja]

The problem is when downloading the zipped file from a phishing website, verifying its signature won't do you any good as each phishing website has its own pgp file that matches the downloaded file and will show it as genuine.

When you click the PGP link it will redirect you to their own PGP key hosted on their server.

Which is way you need to get these keys previously. Once I have the Electrum's dev key, I don't need to download it every time. The same can be applied here.

Do some extra work to see if the website you are is legit, and then do some extra work to find out if the PGP key is legit. Afterwards, you can be less paranoid (while still cautious).

[LTU_btc]

Holly shit, it's huge number of phishing websites! Your post reminded me one personal experience with Bitaddress.org:
Once I wanted to generate Bitcoin wallet on this website. But I typed Bitadress.org instead of Bitaddress.org. Thanks god I saw this thing when I entered into it and it wasn't actual phishing website:

Same with Bitaddres.org and Bitadres.org.