Bitcoin Forum
November 12, 2024, 07:35:36 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [Beware] Fake Ian Coleman (iancoleman/bip39) tool  (Read 248 times)
Jating (OP)
Hero Member
*****
Offline Offline

Activity: 3108
Merit: 884


DGbet.fun - Crypto Sportsbook


View Profile
October 05, 2020, 05:19:31 AM
Merited by cryptomaniac_xxx (2), ABCbits (1), Yaunfitda (1), jackg (1), TravelMug (1), DdmrDdmr (1), tranthidung (1), Heisenberg_Hunter (1)
 #1

Beware guys, there is a fake Ian Coleman Mnemonic Code Converter.

Website:
Code:
https://bipcalculator.io/



Archived: https://archive.is/0rGCq



https://who.is/whois/bipcalculator.io

The real website is: https://iancoleman.io/bip39/

So watch out for this kind of attacks, it will appear again on Google Ads, so please verify first and just don't blindly trust any crypto related websites.

jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
October 05, 2020, 05:52:24 AM
 #2

Did you see what sorts of seeds it was generating?

Does it look like they were "random" or just one generated repeatedly? If the latter, we could report the addresses it produces also to the projects that mark tainted coins.

It's nice to see you included the source of the phishing attack too, search engines are always a pain with ads (especially Google for not moderating them).
Oshosondy
Legendary
*
Online Online

Activity: 1624
Merit: 1202


Gamble responsibly


View Profile
October 05, 2020, 05:58:20 AM
Merited by posi (2), cryptomaniac_xxx (2), BIT-BENDER (2), jackg (1), DdmrDdmr (1), Heisenberg_Hunter (1)
 #3

Whois info about bipcalculator.io
Registered On:2020-09-10
Expires On:2021-09-10
Updated On:2020-09-10

Did you see what sorts of seeds it was generating?
I checked the site some minutes ago, it can not be used to generate new seed phrase, you can only input your existing seed phrase on the site, which means it will only be used to hack private keys and seed phrase, it is definitely a site for hackers. Although, it is proving to work offline but I do not believe this, it will have a kind of malicious malware.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
October 05, 2020, 06:03:06 AM
 #4


Did you see what sorts of seeds it was generating?
I checked the site some minutes ago, it can not be used to generation new seed phrase, you can only input your existing seed phrase on the site, which means it will only be used to hack seed phrase, it is definitely a site for hackers. Although, it is proving to work offline but I do not believe this, it will have a kind of malicious malware.

Ahhh! In that case I'd also recommend bookmarking the real site and taking your computer offline before putting in any sensitive information anywhere (Cross site scripting and accidental back doors are always a problem even with legit sites).
tranthidung
Legendary
*
Offline Offline

Activity: 2450
Merit: 4275


Farewell o_e_l_e_o


View Profile WWW
October 05, 2020, 06:11:48 AM
 #5

Ahhh! In that case I'd also recommend bookmarking the real site and taking your computer offline before putting in any sensitive information anywhere (Cross site scripting and accidental back doors are always a problem even with legit sites).
The legit site has its guide on offline usages but I am sure many newbies don't care to read the part or they even don't care to scroll down computer mouse to read all information and guides on the site.

As an offline reminder for all:
Wallet creation (offline) - Wallet backup (offline) - Backup storage (offline) - Wallet recovery (offline).  Cheesy

Quote
Offline Usage

You can use this tool without having to be online.

In your browser, select file save-as, and save this page as a file.

Double-click that file to open it in a browser on any offline computer.

Alternatively, download the file from the repository - https://github.com/iancoleman/bip39

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Oshosondy
Legendary
*
Online Online

Activity: 1624
Merit: 1202


Gamble responsibly


View Profile
October 05, 2020, 06:47:38 AM
 #6

Ahhh! In that case I'd also recommend bookmarking the real site and taking your computer offline before putting in any sensitive information anywhere (Cross site scripting and accidental back doors are always a problem even with legit sites).
The legit site has its guide on offline usages but I am sure many newbies don't care to read the part or they even don't care to scroll down computer mouse to read all information and guides on the site.

As an offline reminder for all:
Wallet creation (offline) - Wallet backup (offline) - Backup storage (offline) - Wallet recovery (offline).  Cheesy

Quote
Offline Usage

You can use this tool without having to be online.

In your browser, select file save-as, and save this page as a file.

Double-click that file to open it in a browser on any offline computer.

Alternatively, download the file from the repository - https://github.com/iancoleman/bip39
The site can not be used to generate seed phrase, also why is it mimicking Iamcoleman with the same version (v0.4.3). I will advise people not to use the site.

From Iamcoleman site, seed phrase can be generated
                                                                                                         
                                                                                    From the other site, seed phrase can not be generated.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
Yaunfitda
Hero Member
*****
Offline Offline

Activity: 3024
Merit: 618



View Profile
October 05, 2020, 07:04:12 AM
 #7

Whois info about bipcalculator.io
Registered On:2020-09-10
Expires On:2021-09-10
Updated On:2020-09-10

Did you see what sorts of seeds it was generating?
I checked the site some minutes ago, it can not be used to generate new seed phrase, you can only input your existing seed phrase on the site, which means it will only be used to hack private keys and seed phrase, it is definitely a site for hackers. Although, it is proving to work offline but I do not believe this, it will have a kind of malicious malware.


Ok, so if you input your seed phrase then it can steal obviously steal your bitcoin. And this kind of websites has bots as well, if you input everything in matter of seconds then can get everything from you, and you don't know what really happen until it's too late.

R


▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀
LLBIT|
4,000+ GAMES
███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀
█████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀
||.
|
▄▄████▄▄
▀█▀
▄▀▀▄▀█▀
▄░░▄█░██░█▄░░▄
█░▄█░▀█▄▄█▀░█▄░█
▀▄░███▄▄▄▄███░▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
░░██████░░█
█░░░░▀▀░░░░█
▀▄▀▄▀▄▀▄▀▄
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
███████████░███████▀▄▀
███████████░██▀▄▄▄▄▀
███████████░▀▄▀
████████████▄▀
███████████
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI
TravelMug
Hero Member
*****
Offline Offline

Activity: 2814
Merit: 872



View Profile
October 06, 2020, 02:22:57 AM
 #8

It's nice to see you included the source of the phishing attack too, search engines are always a pain with ads (especially Google for not moderating them).

This one, we have seen so many fake and phishing websites in Google Ads, but they won't react until it is reported. It's good that this website is no longer showing, however, the website is still up and perhaps a report to: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en.

The OP included the original site you we can reference it when reporting it to Google's safe browsing.

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 11029


Crypto Swap Exchange


View Profile
October 06, 2020, 05:10:47 AM
 #9

Ok, so if you input your seed phrase then it can steal obviously steal your bitcoin. And this kind of websites has bots as well, if you input everything in matter of seconds then can get everything from you, and you don't know what really happen until it's too late.
people shouldn't be using their secrets (private keys, mnemonics,...) on an online computer let alone enter them in some website inside their browser. there are lots of ways they can easily lose them and one of them is the site being malicious. even if you visit the real website you still have no way of knowing what the backend is. not to mention you can have keyloggers in your system or some vulnerability in your browser,...

the only safe way is to use open source software (ie. downloading the source code) of only popular projects or those which you can verify yourself and running it on an airgapped computer.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
jerry0
Full Member
***
Offline Offline

Activity: 1792
Merit: 186


View Profile
October 06, 2020, 03:47:58 PM
 #10

Isnt this the program you have in the nano ledger wallet if you want to confirm your seed is correct?  Or is this something else?  What is confusing is someone said if you ever want to check if you seed in your nano ledger is correct, go to a program which i thought is this program and then type it in to see if it check mark or not?
DdmrDdmr
Legendary
*
Offline Offline

Activity: 2492
Merit: 11050


There are lies, damned lies and statistics. MTwain


View Profile WWW
October 06, 2020, 04:21:33 PM
 #11

<...>
The procedure described by Ledger, using an Coleman's non-fake BIP39 tool, is to gain access to a list of all your private keys (see https://support.ledger.com/hc/en-us/articles/115005297709-Export-your-accounts), which you can then import into certain alternative wallets (although you may be able to do so just using the 24 word mnemonic).

Ledger has a recovery app that allows you to verify that the 24 word mnemonic you have is correct, without having to go outside Ledger’s ecosystem: https://support.ledger.com/hc/en-us/articles/360007223753-Recovery-Check.
jerry0
Full Member
***
Offline Offline

Activity: 1792
Merit: 186


View Profile
October 06, 2020, 08:02:40 PM
 #12

So the ledger recovery app that allows you to verify if your seed is correct.... has nothing to do with the coleman bip program then?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!