Ethereum Users can Spam Fake MyEtherWallet Sites With Random Private Keys
Scam and phishing websites are slowly becoming more common for Bitcoin and cryptocurrency. In most cases, criminals will create an exact copy of an existing exchange or wallet service in the hope of obtaining login credentials. MyEtherWallet has been affected by such phishing attempts in recent weeks, adding up to significant financial losses. A new solution has been created to spam these fake sites with random private keys.
MYETHERWALLET WHITEHAT
There is nothing more annoying than having to deal with a phishing site trying to steal your precious cryptocurrency. Unfortunately, we see more and more of such sites, most of which are rather successful as well. Some of the more notorious examples in recent include the various iterations of the Blockchain.info wallet, which aims to trick users into giving up their login credentials. It appears this threat is expanding to other cryptocurrencies as well.
Cryptocurrency ICO investors are well aware of how both Slack and Telegram channels are flooded with scammers telling users to visit a fake MyEtherWallet website. Even though there is very little to be done about these attacks, it still appears a lot of people will readily click these links and log in to a phishing site. No one should click hyperlinks in emails, especially if they come from complete strangers.
MyEtherWallet users have been scammed for tens of thousands of dollars. Recovering said money is virtually impossible. It is up to individual users to spot these phishing attempts and ignore them. That has proven to be rather difficult and complicated since cryptocurrency ICOs also attract people who have little experience with digital assets. Many of them do not know that if their funds are lost, they cannot be recovered.
One community member has taken it upon himself to try and do something about this situation. A new tool has been developed called MyEtherWalletWhitehat. The project is pretty simple, as it allows people to spam MyEtherWallet phishing sites with random private keys. This will hopefully make it more difficult for these scammers to find the real ones.
This new tool should not be seen as a way to DDoS fake MyEtherWallet websites. It is recommended to use a VPN or proxy connection and use this tool at your own risk. Users can determine the interval in between private key requests to whatever value they like. Rest assured someone will try to use this tool to DDoS phishing sites since it can be set to as low as 1 millisecond if needed. The default configuration should keep requests to 1 per second at best.
It appears the GitHub repo will continually scan for new “targets” to harass with this tool. It is good to see someone pay close attention to these phishing sites and try to do something about them. Whether or not a tool such as this one is the answer to many people’s prayers, remains to be determined. Spamming scammers with fake information will not make them go away. This energy should be used to further educate people about these phishing sites and how to keep private keys safe.
