SCAM! thecryptohopper.com was created to phish user details of cryptohopper.com

[JeromeTash]

What happened: thecryptohopper.com is a scam website which was created to phish details of users who user a popular bot service by https://www.cryptohopper.com

Scammers Profile Link: https://bitcointalk.org/index.php?action=profile;u=1232224 (It was discovered that the account had been Compromised to post the phishing links but it has been secured since then)

Reference Link: https://bitcointalk.org/index.php?topic=5219922
Archived: http://archive.is/IRLjc

Reference Link: https://bitcointalk.org/index.php?topic=5219920
Archived: http://archive.is/l3GRz

Reference Link: https://bitcointalk.org/index.php?topic=5219918
Archived: http://archive.is/7TDzQ

Scammer website: thecryptohopper.com
Archived: http://archive.is/BoSXC
Official website: https://www.cryptohopper.com


Domain Information:

The phishing domain was just created 1 day ago

Code:

Domain:thecryptohopper.com
Registrar:NameCheap, Inc.
Registered On:2020-01-22
Expires On:2021-01-22
Updated On:2020-01-22
Status:clientTransferProhibited
Name Servers:dns1.namecheaphosting.com
dns2.namecheaphosting.com

The Official domain is much older

Code:

Domain:cryptohopper.com
Registrar:Key-Systems GmbH
Registered On:2017-07-09
Expires On:2020-07-09
Updated On:2019-07-10
Status:ok
Name Servers:lana.ns.cloudflare.com
plato.ns.cloudflare.com

Confirmation from Cryptohopper's Telegram Admin:



Additional Notes:
If you sign in on that website, they will steal your login details and probably your funds from an exchange too

[1714719963]

1714719963

[bL4nkcode]

A 100% phishing website.

But the account seems hacked and compromised, but the thing is the account doesn't have any recent change of password or email.

Tagged the account.

[asu]

but the thing is the account doesn't have any recent change of password or email.

Probably the hacker think his smart not to change the password, so that it will not be so obvious not to think that the account has been hacked and compromised.

[morvillz7z]

I agree with what's said above, in fact, the people behind this were here just a month ago but with a different domain. More information:

https://bitcointalk.org/index.php?topic=5211643.0

There are a few sockpuppet accounts vouching for this phishing website that needs to be tagged as well. For example:

I just download and I'm going to test them out. So far I gotta say this is pretty cool. I'm thinking it's going to save me a lot of time.

I'm really liking it. It's been giving me about 3-4,5% daily on automatic trading, and good for noobs

According to Urlscan.io the website in question is flagged as Malicious (Google Safe Browsing)

https://urlscan.io/result/b65a6453-12fc-4efd-a163-78b506f81824

[cabalism13]

I somewhat know the owner of zenrol28 personally, As far as I know the owner is quite too busy on his day job (though I won't say what his job, but it really is a hard one and taking his time a lot) and doesn't even have the time to do an activoty here on the forum, I still have some contact to him and will message him later on. This is a hacked account just like what bl4nkcode has said, for the owner is also a hater of scam projects and phishing links.

My greatest condolonces for the account. Its truly such a waste to see this account getting involved on something like that.

[JeromeTash]

I somewhat know the owner of zenrol28 personally, As far as I know the owner is quite too busy on his day job (though I won't say what his job, but it really is a hard one and taking his time a lot) and doesn't even have the time to do an activoty here on the forum, I still have some contact to him and will message him later on. This is a hacked account just like what bl4nkcode has said, for the owner is also a hater of scam projects and phishing links.

My greatest condolonces for the account. Its truly such a waste to see this account getting involved on something like that.

Since the hacker hasn't changed login details yet, the account hasn't yet been put to a waste.
Message him as soon as possible so that he can secure his account quickly before the hacker decides to change the email and password which can make account recovery a little hectic.

[cabalism13]

I somewhat know the owner of zenrol28 personally, As far as I know the owner is quite too busy on his day job (though I won't say what his job, but it really is a hard one and taking his time a lot) and doesn't even have the time to do an activoty here on the forum, I still have some contact to him and will message him later on. This is a hacked account just like what bl4nkcode has said, for the owner is also a hater of scam projects and phishing links.

My greatest condolonces for the account. Its truly such a waste to see this account getting involved on something like that.

Since the hacker hasn't changed login details yet, the account hasn't yet been put to a waste.
Message him as soon as possible so that he can secure his account quickly before the hacker decides to change the email and password which can make account recovery a little hectic.

I already sent a message to him, he's reply was:

Di masyado. Hanggang browse lang ako.

Translate:

Not so much. I only get to browse.

Then I told him to check his account if he can still open it... I will update here later or I may simply ask him to make an update here. The last activity from him was on December, so it really is questionable to see an account posting such phishing links after they comeback.

Edit: Currently talking to the owner... he will post here soon together with a signed message. He isn't aware and this could be really troublesome for him.I just hope his wallets are safe for he is also a Hodler.

[bL4nkcode]

I see the account is active an made a signed message on the ann thread where the hacker posted with phishing link
https://bitcointalk.org/index.php?topic=5219922.msg53676969#msg53676969
Archive: http://archive.is/nIyAk

Screenshot of verified signed message with blockexplorer


Address was posted last 2018 https://bitcointalk.org/index.php?topic=996318.msg41957995#msg41957995

[zenrol28]

Code:

-----BEGIN BITCOIN SIGNED MESSAGE-----
11:47 PM 24/01/2020 GMT+ 8
Tonight, just got home from a 10 hours of food delivery service.
I am confirming that someone got into my account and created threads with a phishing site linked in it.
I have no idea how they got my account password.
Apologies for the trouble.
I changed my password right away when someone messaged me IRL.
Thanks a lot.
Also to those who tagged my account so everyone would be warned.
Thank you all.
Sincerely,
zenrol28
-----BEGIN SIGNATURE-----
1BitoyExzSfjgccUFMLzNSHkJBVV1tLdju
Gzcf3xfoJLDjCsJincI/91ix7sCZekPyGVj+O6fPgk4PY4sueBf6a4wPzpCfy6aBVErL0sH0X2oBFb4dcE/c8zU=
-----END BITCOIN SIGNED MESSAGE-----

[JeromeTash]

-snip-

Hi @zenrol28, since you have changed the password and gained full control of your account along with the proof through a signed message. You can message Baofeng, bL4nkcode and asu to remove the trust ratings they left. They may have not seen the new developments in the thread.

I am also going to leave a small note in the OP showing that your account was compromised at the time it posted phishing links.

[zenrol28]

-snip-

Hi @zenrol28, since you have changed the password and gained full control of your account along with the proof through a signed message. You can message Baofeng, bL4nkcode and asu to remove the trust ratings they left. They may have not seen the new developments in the thread.

I am also going to leave a small note in the OP showing that your account was compromised at the time it posted phishing links.

Yeah thanks. 
Sorry for my late reply, i just woke up and now preparing for work again.
That's my daily routine (no rest days).

Maybe they're still asleep.

I'll monitor my account daily so this incident will never happen again.

Good day. 

[cabalism13]

Its good to see that the account has been cleared. Now I've been thinking on what the hell is that cryptohopper, also about how did the prick got the account for himself. With marlboroza's link, it helped us to classify whether if it is hacked or sold.
Signed Messages really helps in the times like this. Too bad I don't have one except for my MEW.

[bL4nkcode]

I'll monitor my account daily so this incident will never happen again.

Ah, no need to do that, just set a strong and secured password with good combination and you're good to go.