EtherDelta New Website!
There was a lot of confusion today about EtherDelta as it was down a couple hours, so I have investigated this phenomena, because it coincided with some phishing websites appearing in Google Searches, so it looked like a serious issue that needs to be investigated. Which website is legit and which one is the fake phishing scam?
The New Official Website is: Etherdelta.com
Etherdelta.com with .com is official, legit, and run by the real Etherdelta team. There is overwhelming evidence to support this:
1) SubReddit Moderator Confirms
- https://www.reddit.com/r/EtherDelta/comments/6ytu8z/etherdelta_new_website_considered_phishing/dmq9xs7/
- Public Key: https://keybase.io/mjdillon
- GPG Fingerprint:
2D2F 637B 2FE6 B8C6 F7B9 42D5 73F5 5D07 8ECA 4753
2) Official Twitter confirms (both etherboost the umbrella organization and etherdelta twitter)
- https://twitter.com/etherboost/status/906024432728031232
- https://twitter.com/etherdelta/status/906145896492085249
3) Zack (the main developer) posts picture proof:
4) I have emailed them as I was confused too, and got confirmation from official email:
5) Zacks explains the situation
So this pretty much proves beyond shadow of a doubt that the new .com domain is owned by the real guys. However beware because at the same time many phishing scam websites have been setup by unknown scammers, who will steal your ETH private key if you log into their scam websites.
PHISHING SCAMS
Tons of phishing scam websites have appeared on the web, mostly in Google searches. So make sure you don't search for the website but bookmark it, and triple or quadruple check the link before bookmarking it. Characters like 1,i,l,I may look similar so beware of those.
- One scam site as already been detected it's: ETHERDELTA.GIT
NUB.IO
Don't use that website. The real website ends with github.io. That lousy scammer made it gitnub.io. This is a proven scam site and unfortunately a guy on Bitcointalk was already a victim of this.
So beware of websites like that that look familiar, these are scam sites that are out there to steal your private keys.
And notice it's a HTTPS website. This lousy scammer got a hold of a HTTPS certificate to make his scam site more legit looking. So the green lock icon near the address bar in Firefox is worth nothing, scammers are getting clever now and they will obtain HTTPS certificates, so be very careful on the links you visit.
Now that John McAfee is back in the states, I really suggest everyone watch everything that is a video of him.
Such as:
Pandora's Box Has Been Opened
Because we are living in a world that has no security.
Further, it appears that Boogle is even an anti-security agent.
Their algorithms could easily track phishing websites. I mean its easy! Which web site came first? Which has organic links? Which has known URLs, and which has a misspelled URL.
Boogle should even point out that below this line are suspected phishing sites. But no, Boogle is spending their time and resources burying alt-media sites.
I am really looking forward to a much more secure internet. And I don't mean locked down, I mean that you can get a connection to a site and have continued connection that is protected from 3rd party manipulations.
Pieces in the browser that authenticates that this is the site we visited last time, and that site knows its us again. Without the bogus every site having its own password and login (which is just asking for trouble)
That only comes from decentralization, and GPG authentication schemes. I think each website should sign a GPG token every time you visit it, so that you can know that it's genuine.
So for example Firefox can implement a GPG based protocol, so when you first visit a website, the root domain, then you save the pubkey of the website, and when you visit again it will send you signed tokens whenever the root domain is visited, like youtube.com, not the youtube.com/sdfsd pages, so only at base connection.
This will ensure that all websites are who they are with crypto verification, not just cheap namespelling which is ridiculous, since there are all sorts of unicode characters that look like english letters.
Furthermore looks like scammers are now buying HTTPS certificates, so that little lock icon that suggests genuine website, is not worth anything anymore.
I feel this would be a huge step forward, but there are pieces at both ends that need to be securitized also.
I also feel that... don't know the words for this... iCAN will not be with us much longer. Finding sites by a means that authenticates the site, with or without iCAN or IPaddress is going to be essential.
And, if this is solved, we can solve the email / instant message problem. That we could stop using intermediate servers. I've seen some good work done with blockchain but its still in its infancy.
Namecoin might help us.
ICANN and their globalist UN agenda (North Korea is UN member too) is really laughable.
Disclaimer: I am just a bot trying to be helpful.
phishing sites really suck. I know people who have lost 1000's to steam phishing sites.
Indeed fortunately I have never fallen victim to phishing, but people really need to be careful.
The hackers are running around rampant. I just lost nearly half a btc off of cryptopia last week and now these etherdelta phishers are at it. They are becoming relentless. Found your article on btctalk, I am qiwoman2 there.
Sorry to hear that, yes it is a big problem, I am just about to write an article how to enhance browsing security on Firefox.
Interesting news, thanks for sharing and investigating.
Phishing attemps are a plague and we will surely not see the end of it in the near future.
I think the browser developers (FF & Chrome) really need to address this issue.
I have seen that FF has link typo fix enabled by default so does Chrome through the google search.
So if you mistype say www.google.com for www.googl.com, it will redirect you to what it thinks is right based on english typo correction.
This is a huge flaw since if the phishing site takes advantage of this, this feature could redirect you to the phishing site.
There is a way to disable typo correction in FF in the about:config tab, but I don't remember how. I don't know about chrome.