[Scam]: Fake Theta Wallet

[Baofeng]

What happened: Fake and Clone Theta wallet. Do not used this website. The original one is https://wallet.thetatoken.org/unlock/keystore-file. And with the DeFi hype today, threat actors are catching up and using wallets to get someone fall for their trick.

Website:

Code:

http://thetatoke.org/

Archive: http://archive.is/TSphF

Whois Record for ThetaToke.org
 Domain Profile
Registrant Country   cn
Registrar   GoDaddy.com, LLC
IANA ID: 146
URL: http://www.whois.godaddy.com
Whois Server: whois.godaddy.com

(p)
Registrar Status   clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Dates   62 days old
Created on 2020-05-10
Expires on 2021-05-10
Updated on 2020-07-09    
Name Servers   NS55.DOMAINCONTROL.COM (has 54,213,256 domains)
NS56.DOMAINCONTROL.COM (has 54,213,256 domains)
 
Tech Contact   —
IP Address   104.203.20.6 - 22 other sites hosted on this server

https://whois.domaintools.com/thetatoke.org

[1714244863]

1714244863

[1714244863]

1714244863

[1714244863]

1714244863

[1714244863]

1714244863

[TimeTeller]

If they created it few months ago, I wonder how many people were already deceived by this site?
If you are a crypto user and wants to use online wallets, you need to make sure that you are in the legit sites.
Scammers will always find a way how to lure the users using similar domain names.

[Baofeng]

If they created it few months ago, I wonder how many people were already deceived by this site?
If you are a crypto user and wants to use online wallets, you need to make sure that you are in the legit sites.
Scammers will always find a way how to lure the users using similar domain names.

We can't really tell if there are users who already fall for this trap, but what worry us all is that the website is still up and has the potential to trick new users.

And there are still more scam sites out there:

Code:

http://thetatokn.org/
http://thetatoen.org/
http://thetatken.org/
http://thetaoken.org/

And obviously, same actors behind. And I will assume that they have the this scam kits on their hand that's why it is very easy for them to create this sites.

[TalkStar]

And there are still more scam sites out there:

Code:

http://thetatokn.org/
http://thetatoen.org/
http://thetatken.org/
http://thetaoken.org/

And obviously, same actors behind. And I will assume that they have the this scam kits on their hand that's why it is very easy for them to create this sites.

Actually their target is specific and that's the reason why they are using almost same looking domains.

No doubt that all these sites are running by the same group of scammers and after revealing the truth of their one project they move to another one. Its interesting to see that this guys have good experience of choosing domain names for phishing sites. All these domain have been taken just by dropping one letter everytime.

[sharos]

Now a Days, It’s difficult to found a safe place for cryptocurrency. I think, We don't need to wait much more to see a native using of Cryptocurrency. Already some school, collage accept fee by bitcoin. If all country accept cryptocurrency like native currency then government will take step against this type scammer.

I am waiting for that day.   

[409H]

By pivoting the infra, we have found many more of these: https://twitter.com/search?q=theta%20from%3Acryptophishing&src=typed_query&f=live

[CucakRowo]

By pivoting the infra, we have found many more of these: https://twitter.com/search?q=theta%20from%3Acryptophishing&src=typed_query&f=live

Hey, thanks for sharing this information. Wonder from where he can found all those scam sites. That twitter account activities reminds me of ICOEthics.

[409H]

By pivoting the infra, we have found many more of these: https://twitter.com/search?q=theta%20from%3Acryptophishing&src=typed_query&f=live

Hey, thanks for sharing this information. Wonder from where he can found all those scam sites. That twitter account activities reminds me of ICOEthics.

This is my bot, which is fed the data from CryptoScamDB (another project that I maintain with MyCrypto). We find them by user reports and pivoting infrastructure via tools like passivedns