Upcoming forks in Ethereum and Ethereum Classic have given opportunity to scammers. Two alleged “hard fork” versions are trying to steal money from users of both. Ethereum Nowa claims to be forking away from ETH. Ethereum Classic Vision claims to fork away from ETC. These forks are allegedly in response to regularly scheduled network upgrades in both blockchains.
Accordingly, the team at Guarda, which offers a web-based solution similar to Coinomi, wrote to CCN to report that both of these forks are scams. The official web wallets both Ethereum Nowa and Ethereum Classic Vision have provided are scams. They attempt to capture private keys. Unsuspecting users may have already lost money using this method.
Firefox and MetaMask have caught on to the scams. Ethnowallet was identified by Firefox as a “deceptive site.”
Thankfully, this reporter’s MetaMask extension caught Ethereum Classic Vision.
Capturing Private Keys
MyEtherWallet.com is a popular web-based crypto wallet solution. It only requires a web browser. The user does not have to be online. It does not share private key or transaction information with the MyEtherWallet.com servers. MyMonero.com and Coinb.in work similarly.
Guarda investigated the alleged prospective ETH forks. Users are promised that they will be able to fork their coins and get money on the alleged new chains. Importantly, Guarda discovered that both of these alleged crypto projects were capturing private keys and transferring the data back to their servers. This is a no-go for any wallet implementation that doesn’t expressly tell you that it’s storing your coins for you.
There are other ways to fork coins. Importantly, we don’t have any reason to believe these chains will exist. But given their track record already of trying to capture people’s ETH and ETC private keys, it’s unlikely that any legitimate forks will result.
As the report from Guarda states:
When accessing the Ethereum Nowa website, the users can click on the “Wallet” button – this will redirect you to the page of Ethereum Nowa wallet creation/importing your old wallet. This is exactly where the trap lies.Ethereum Classic Vision looked more solid at the first glace, but the analysis on the code performed by our team has shown that the piece of code provided actually sends your private key data on the Ethereum Classic Vision servers, masking it as an API token.
Read the full report, which contains technical details of the ECV attack, below.
Ethereum Scammers Trying to… by on Scribd
Featured image from Shutterstock.
No comments:
Post a Comment