Be careful. Ethereum’s Constantinople hardfork is popular among scammers.
These two websites work together and aim at stealing your money. It turns out to be websites which are setup with one goal: take over your Ethereum wallet. We’ll show you how they work.
The website focusses on the first moment of contact, disguised as the popular CoinMarketCap (CMC). CMC has been carefully duplicated, and the double N in the domain name (coinnarketcap.com) has to put people on the wrong track:
Everything on the website is trying to give you a sense of urgency. You would lose your coins, and you have to secure them NOW. If you don’t do it before the hardfork takes place, you will lose them. The counting clock completes the picture.
Nonsense, of course! The Constantinople hard fork is carried out without you having to do anything. But not everyone is aware of that. It turns out to be subtle. This page appears to be just a frontdoor to the next website.
After a click on the Take a snapshot now button, the user ends up on a website that is very similar to ethereum.org. Again, the layout has been reconstructed, and a domain name has been chosen (elhereum.org) that is very similar to the original. The page where we ended up now leads us to the climax of the scammers:
They try to let you take a snapshot of your Ethereum wallet. You can do this by … entering your private key. From that moment on, the attackers have the loot inside: full control over your wallet, and the possibility to lock the money in it.
You can imagine that there are people who fall for it. They see identifiable elements, may read the domain name in a hurry, and trust that they are doing the right thing: securing their money.
If you participate in the crypto space, you should therefore pay attention to your own safety. Especially with (relatively) large events such as an Ethereum hard fork. Scammers use the name and attention for their own gain, comparable to pickpockets who come to large groups of people who are crammed together.
Make sure you:
- Never share your private key with a third party.
- Never share an API key (e.g. from an exchange) with which you can withdraw money.
- Never share private data to strangers, e.g. on a platform like Telegram.
- Always check whether the website or application you use is the original one.
Forewarned is forearmed!