The phishing campaign was uncovered by Wesley Neelen, a Dutch IT infrastructures security researcher, who has worked as an ethical hacker in several organizations for 6 years. He received an email from the criminals to his unique email address, known only by a limited mailing list, and decided to investigate this further. The malicious link in the email led to a fake version of the Myetherwallet.com website. Little did cybercriminals know that they targeted a hacking expert.
— Wesley (@wez3forsec) 24 октября 2017 г.
Those who clicked the link were given the information about the upcoming Ethereum hard fork and asked to enter their private keys to unlock their accounts. The private keys and passwords were later used by hackers to steal all the coins from victims’ wallets.
Wesley Neelen stated that although the fake website was designed to look exactly like the original site, he noticed that the address of a fake website contained a small comma beneath the “t”, and the cybercriminals used a Unicode trick to register such domains.
Neelen found out that a certain people have already fallen victim to the scam as he found a file that contained a list of all the wallets stolen by the hackers.
The total amount stolen was determined by security experts as $15,875.65 in Ethereum which hackers were able to withdraw from the accounts in only two hours.