Zach Allen, an expert at cybersecurity firm Zerofox, said: “I was amazed at the price this person paid. A high fee paid for a web address, sometimes called a domain, suggests that someone believes they are making a large profit. Domains ending in dotcom cost around $10 a year, and scammers often rely on even cheaper domains. Nick Nikiforakis, a computer science professor at Stony Brook University who studies phishing scams used to steal passwords using the same website.”If someone steals your credentials, they can immediately start sending money from your account.”
These websites are set up to trick internet users trying to access Blockchain.com, a website that allows users to buy and sell cryptocurrencies. And a lot of money for small typos. From November last year to February, the Brazilian man allegedly hacked his web address and other typos, according to sales documents leaked after he was hacked by Epik, a far-right-backed internet service company. For the web address he paid over $200,000 in bitcoin. He also bought conibase.com for his $16,000+ to mimic his Coinbase, another cryptocurrency exchange.
But last month, Coinbase announced that 6,000 customers had their crypto stolen in a phishing attack that used a fake login page to steal passwords. The attack exploited a “flaw” in Coinbase’s two-factor authentication security system, the company said. Coinbase said it had refunded customers, but did not disclose the amount lost. There is no known connection between this attack on Coinbase customers and conibase.com.
Nikiforakis said users would have no recourse if they did, especially since they lost cryptocurrencies instead of regular money. A type of digital money that has recently increased in price, cryptocurrencies rely on cryptography to ensure that only the owner of a “wallet” can spend the money it contains. But if that wallet is stolen, its security protects the thief. That means it’s almost impossible to get it back, even with a court order.It’s unclear if the cryptocurrency owner lost money on her website for the typo.
A security certificate and other accounts of the name of Coinbase associated with servers shared with conibase.com. I said I don’t own many variants. “We take the security of millions of users around the world very seriously, removing hundreds of phishing campaigns every month, providing regular updates to our users, and providing 24/7 We are monitoring it,” Blockchain.com communications director Brooks Wallace told The Post.
The man, who has a Brazilian address and purchased the domain between November and February, did not respond to Washington Post inquiries sent via email and WhatsApp in English and Portuguese. It is not clear if he still controls the domain name or if he has sold it to someone else. Coinbase and Blockchain.com have each confirmed that neither company owns his URL. Similarly, Coinbase has discovered via data from ZeroFox and DomainTools, another cybersecurity firm.