Collection of proven honeypot sites – BEWARE to protect your privacy

[PrivacyOui]

After considering what to do, how we can spot honeypot websites, a really difficult task, I believe a community collection of known honeypot websites is a good idea. When many people share knowledge because we might have seen a honeypot website already or know about it, we can share it here, make our knowledge available to protect more community members from getting victim of proven honeypot websites.
General privacy practices, like VPN for example, are also important but here, we will focus to collect proven honeypot websites.

To protect your privacy it's advisable to avoid any proven honeypot website. I've compiled a list of known honeypot websites, what I'm aware of so far, to make aware of it and I’ll expand my list from community feedback.


What's a honeypot website?

A honeypot website is a website which is set up and operated to collect certain confidential information on purpose. When people are visiting a honeypot site, various confidential information will be scraped and stored, like your IP address or your entered information but not limited to.

Such data is very valuable for any investigation of crime or business purposes like identifying which wallet belongs to an individual, a company or which interactions an Bitcoin address reveals.
For some cases it might be helpful to catch scammers and hackers but for our privacy, a honeypot website should be avoided.



Examples for honeypot websites can be:

• A block explorer website, where IP information is collected from visitors entering Bitcoin address(es), tying IP address and Bitcoin address. Your IP and Bitcoin address(es) will be collected, stored and possibly forwarded, where such data is getting tied and analyzed.
• A Bitcoin mixer, where logs are kept to de-anonymize transactions later again. Once your mix is finished and you are believing your incoming and outgoing transactions are separated, the honeypot operator will still be able to know which coins are yours by connect ingoing and outgoing transaction.
• A software or hardware wallets (closed source), where personal information like IP addresses and Bitcoin address(es) for example are collected, stored and possibly forwarded, where such data is getting tied and analyzed.
  In any case, a honeypot software or hardware wallet is always closed source because if it's open source, any experienced coder could find out about it by reviewing code.

Why are honeypot websites dangerous for our privacy?

Honeypots are posing a serious danger to our privacy. We might believe it's quite a normal website and our information is treated confidently, while in reality, any of our data will be stored.
In addition to our IP address etc., entered Bitcoin addresses will be scraped, stored and forwarded to any entity. Addresses will get reviewed and address connections will get revealed.

For privacy enhancing services, we might even pay a fee and not only get nothing in return but also have a privacy risk of believing our Bitcoins are mixed but in reality, logs are kept.

In case of a deliberate honeypot website, deem any privacy assurances as disposable.

To avoid getting victim of honeypot websites, we'll create a collection of such websites.



How to contribute to our collection of known honeypot websites?

To participate here, you need to give a sufficient proof about any honeypot website. Like an official statement, exposed code or verified insider information.
Any unproven speculations, especially from competing projects are not enough proof to list a website as "proven honeypot website". Such websites might get listed under "contested claims".
Only websites allowed, where visitors are misled and / or are facing an unexpected and deliberate danger of privacy risks compared to competitors.

My collection only covers honeypots related to Bitcoin.
Please note: any website can be a honeypot.

[1714765860]

1714765860

[1714765860]

1714765860

[1714765860]

1714765860

[PrivacyOui]

Proven honeypot websites – BEWARE!


Crystalblockchain.com Bitcoin block explorer  |  proof
Walletexplorer.com  |  proof
CipherTrace.com Bitcoin block explorer  |  proof



Contested claims

[PrivacyOui]

Crystalblockchain.com Bitcoin block explorer

Crystalblockchain.com is a Bitcoin block explorer. On its website, Crystalblockchain.com clearly states to be cooperating with financial institutions and government agencies like law enforcement and investigations.
Proof (own website): https://archive.fo/gOs3K#selection-929.0-929.16 / https://web.archive.org/web/20240110115451/https://crystalblockchain.com/ (https://crystalblockchain.com/)




Walletexplorer.com

Walletexplorer.com is a Bitcoin block explorer owned by Chainalysis, a Blockchain tracing company.
IP addresses of visitors are scraped, collected and forwarded.
Proof 1: Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops (CoiDesk article)
Proof 2 (own website): https://archive.fo/DaY5x / https://web.archive.org/web/20240102131350/https://www.walletexplorer.com/privacy (https://www.walletexplorer.com/privacy)




CipherTrace.com Bitcoin block explorer

CipherTrace.com.com is a Bitcoin block explorer owned by Mastercard, a credit card payment provider.
IP addresses of visitors are scraped, collected and forwarded.
Proof: https://www.coindesk.com/layer2/2022/01/28/mastercards-ciphertrace-used-honeypots-to-gather-crypto-wallet-intel/

This claim is partially contested:

CoinDesk asked CipherTrace: “Does your firm collect IP address data for the purposes of linking them to wallet addresses?”

A CipherTrace representative responded: “As a privacy-focused company, CipherTrace does not map IP data to private individuals.”

She did not answer CoinDesk’s question of whether CipherTrace maps IPs to wallets.
CoinDesk asked a second time if CipherTrace maps IP addresses to wallet addresses. CipherTrace did not respond.

[Pmalek]

Proof 2 (own website): https://archive.fo/DaY5x

I don't know if it's just me or if there is a general problem, but I can't access this achieve you posted. I am getting a 'site can't be reached error' every time. Perhaps it's an issue related to my VPN, perhaps not. Speaking of VPNs, they are the perfect honeypots that government agencies can use to catch bad actors thinking they are protected. Maybe you could focus your research on them and see what you come up with.

[PrivacyOui]

Proof 2 (own website): https://archive.fo/DaY5x

I don't know if it's just me or if there is a general problem, but I can't access this achieve you posted. I am getting a 'site can't be reached error' every time.

It's working for me, maybe try later again and see if it's still an issue? 
In case more people can't access it, I'll do a new archive.

Speaking of VPNs, they are the perfect honeypots that government agencies can use to catch bad actors thinking they are protected. Maybe you could focus your research on them and see what you come up with.

Good point, VPN can be a big honeypot because everyone will expect it provides a safe privacy. Similar to a centralized mixer operated as a honeypot site.
I don't know about any proven VPN honeypot but maybe someone else knows and can share his knowledge.

[BitMaxz]

It's working for me, maybe try later again and see if it's still an issue? 
In case more people can't access it, I'll do a new archive.

It seems that it's cached in your browser but it also doesn't work to me I already tried it on some checker and this is the result:

Code:

URL Checked: archive.fo
Response Time: no response 
more than a week Down 

Archive.fo is DOWN for everyone.
It is not just you. The server is not responding...

Tested with or without a VPN

Or I think this domain is only available in your country .FO domain extension is a country code of the Faroe Islands.
I suggest put all archives in archive.org instead.
It seems archive.fo, archive.is and archive.today all of them do not work and according to the check its a week down.

[PrivacyOui]

It's working for me, maybe try later again and see if it's still an issue?  
In case more people can't access it, I'll do a new archive.

It seems that it's cached in your browser but it also doesn't work to me I already tried it on some checker and this is the result:

Interesting, because I've just checked from a different device and it's working.
archive.fo / archive.is is still available for me as well.
And also VPN...

I suggest put all archives in archive.org instead.
It seems archive.fo, archive.is and archive.today all of them do not work and according to the check its a week down.

Good suggestion. I've added an archive.org version as well now.

[pinggoki]

I don't have a specific website to contribute but if the website isn't Amazon or any big retailers that you can trust with your data, don't ever type in your address, personal information and other stuff that you think should be personal. Avoid those websites at all costs, it's a great idea to have a P.O. box so you're not using your exact address or avoid using your full name altogether when filling up necessary forms. There's really no complete protection against honeypot sites because some government websites that do require you to fill out a form will inevitably make you have to give the needed information anyway.

[Pmalek]

It's working for me, maybe try later again and see if it's still an issue?

I opened it yesterday with my phone and without a VPN and it worked. But just now I tried it from my laptop and with a VPN on and it's not working. The .org domain works just fine, though.

I don't have a specific website to contribute but if the website isn't Amazon or any big retailers that you can trust with your data, don't ever type in your address, personal information and other stuff that you think should be personal.

There is nothing safe about Amazon, eBay, or any similar big tech and data harvesting companies. They have had security incidents in the past and will continue to experience leaks in the future as well.

Here are just two of the quickest to find articles on that subject:
https://cybernews.com/security/14-million-amazon-and-ebay-accounts-sold-online-in-new-leak/
https://firewalltimes.com/amazon-data-breach-timeline/

[pinggoki]

~

There is nothing safe about Amazon, eBay, or any similar big tech and data harvesting companies. They have had security incidents in the past and will continue to experience leaks in the future as well.

Here are just two of the quickest to find articles on that subject:
https://cybernews.com/security/14-million-amazon-and-ebay-accounts-sold-online-in-new-leak/
https://firewalltimes.com/amazon-data-breach-timeline/

I guess you just have to change your identity or probably make it legal for you to not use your real name and only your P.O. box to buy from them, or probably do what I do, ask for the help of other people that already has an Amazon account to order stuff. I'm a little curious about the account leaks though, how are they able to benefit from buying it or using those accounts? Just plain identity theft or there's more to the reason that they want this addresses?

[Pmalek]

I'm a little curious about the account leaks though, how are they able to benefit from buying it or using those accounts? Just plain identity theft or there's more to the reason that they want this addresses?

It depends on the type of data they hacked and obtained. Identity theft could be one reason. If the data contains credit/debit card numbers, they could make illegitimate purchases with the stolen cards. They could also use the information to send Amazon customers phishing emails to try and obtain additional information. They can pretend the victims won something as loyal customers or that a shipment to their address was lost and now they need to enter their payment information for verification or download an infected file to see where it went, etc. There are so many possibilities. 

[yhiaali3]

Really useful information about the most important phishing sites, and the way they collect information, especially those that no one would think collect information, such as the Bitcoin explorer. It would be a very good collection if it was constantly updated to avoid using such sites that violate privacy.

It is also suggested that a list of trusted sites that do not violate privacy be added to be used because these services are necessary and needed by users constantly, so it is good to have such a reliable list alongside the phishing list.

[aTriz]

Proven honeypot websites – BEWARE!


Crystalblockchain.com Bitcoin block explorer  |  proof
Walletexplorer.com  |  proof
CipherTrace.com Bitcoin block explorer  |  proof



Contested claims

Very useful information. I must appreciate your work. but these 3 websites are not only honeypot websites. there are so many more. it is a lot of work to collect all of them with proof so I hope you slowly update the thread.

I used to visit Walletexplorer a lot in old days. but thankfully not using them now. and after reading this post. I would never do that in future.. Privacy is important in Crypto world.