Cryptocurrencies have seen a massive rise in popularity in recent years. Bitcoin is credited to be the first cryptocurrency in the modern age, and it is the most widely recognized cryptocurrency in the world right now. The monetary value in fiat currency for a single Bitcoin at the time of writing is at a staggering $5,717.29 US dollars. This phenomenal increase has also been beneficial for other cryptocurrencies. They are also raking in on the good fortunes of Bitcoin and rising in popularity because of their tweaked utilities beyond the basic model that Bitcoin has provided. Ethereum is one of them, which is trading at $296 US dollars per single Ether at the time of writing.
Unfortunately, whenever something gains a bit of success and popularity, there are always those among the masses who seek to exploit the rest and spoil the fun for everybody by scamming people for their own profit.
Security researcher Wesley Neelan stumbled upon exactly just that. A phishing scam in Ethereum happened to land into his inbox. Wesley says that he received a phishing email from what was actually pretending to be a legitimate online Ethereum wallet site going by the domain Myetherwallet.com.
It was a pretty well disguised scam, we have to give the criminals that. The site looks like the real deal. The scam states that Myetherwallet has implemented what is an update for some upcoming hard fork. It requires people to click on the link enclosed and then unlock their account. They should confirm their balance after that.
If someone was unfortunate enough to click on the enclosed link, they would be directed towards a website that looks completely identical to the legitimate Myetherwallet.com website. The more observant visitors on the website will have noticed something oddly strange about the website’s address: A small comma under the t in the ‘wallet’ part.
The phishers did this by using a Unicode trick which allows them to register domains which contain Unicode characters which look very similar to the Latin characters. This enabled them to create a convincing duplicate of the original website. Anyone using their password on this website would allow the phishers to log into their wallet account and transfer all their Ether into their own wallets.
When they sent Neelan the email, they didn’t know he’s a pentester. Neelan does ethical hacking and computer penetration for a living. He investigated the site after receiving the email and looked for any sort of logs that are accessible or source code.
Neelan and his colleague Rik van Duijin managed to find the list of all wallets that the scammers had stolen from thus far in their search for the source code. When they were examining the log, they discovered that some of the wallets had a considerable amount of Ether in them. One of them contained 42.5 Ethers, doesn’t sound like much but that’s $12,500 US dollars worth of Ether at the time of the attack. The log showed that the scammers had stolen a total of 52.56 Ethers in a space of two hours, which was worth $15,875.65 US dollars and then transferred them out into three other wallets, presumably the ones they own themselves. Talk about a productive two hours, these scammers made away with a considerable amount.