Hackers stole $15 million in cryptocurrencies through a fake cryptocurrency exchange website
Hackers stole $15 million in cryptocurrencies through a fake website mimicking the resource of cryptocurrency exchange HitBTC
A blockchain analyst warned about a fake page for the HitBTC platform, where scammers are emptying users' cryptocurrency wallets using phishing links
Hackers have stolen more than $15 million in various cryptocurrencies through a fake website that mimics the HitBTC cryptocurrency exchange page. This was reported by a blockchain security analyst at SlowMist. According to the company, scammers are stealing various cryptocurrencies, including bitcoin, Ethereum, and USDT, through a fake website that looks similar to the exchange's original portal.
The analyst identified and published four cryptocurrency addresses of the attackers, and explained that he discovered three ways in which hackers gain access to users' wallets on the site.
The fake page may prompt users to verify the wallet's connection. After a user clicks the Confirm button, hackers gain access to USDT tokens.
The second option was to go to the page for depositing funds, which is identical to the real page on the exchange. But in the field for the deposit address entered data hackers. In this case, they rely on the fact that the information in the standard fields will not be double-checked by the account owner.
In the third case, the scammers take advantage of the fact that the sidebar for signing a transaction on the site pops up automatically, with the data already completely filled in, which is also usually not double-checked. When the user clicks on the transaction confirmation button, the hackers gain access to the assets.
In February this year, hackers spoofed the website of a major cryptocurrency conference, where they offered users to connect MetaMask wallets and make a transaction that deducted funds. To promote their site, the scammers even paid for advertising on Google and rose to second place in search for a while.