Welcome to week 15 of the Crypto Alert of the Week series by AMLT, a series dedicated to documenting interesting or high profile frauds/hacks etc that recently happened and have been reported into the AMLT Network and show how the AMLT Network can help track and prevent it in the future.
The differences could be incredibly subtle. It mostly revolves around using similar using letters or adding one in the middle. What usually gives these sites away is using the unsafe HTTP protocol and having no SSL certificate. (as seen below, a site posing as idex instead having an L in the name, making it barely distinguishable).
So how does it work?
A DNS server is the computer server that contains a database of IP addresses and their corresponding hostnames. Whenever you enter an address into a browser it has to resolve its actual IP address that is hidden under the website address. If an attacker is able to replace the site’s IP address with his own under the same name, the only way a victim is able to tell that the site is fake is to thoroughly check the SSL certificate, and truth be told, barely anyone does that. (as seen below, the fake site had an invalid certificate despite the url being right)
These stories are a great reminder that while enjoying the benefits of cryptocurrencies, one must remain vigilant and adhere to the basic rule: Verify.
At Coinfirm we believe in setting the highest standards for the industry. If anyone notices such an attack, they can report the attacker through the AMLT panel or widget. The submitted data is then analysed and processed by our data science team for validation of submitted data. Once flagged entities using the Coinfirm AML Platform such as exchanges can see the source and potentially freeze the funds and prevent further risk spreading through the ecosystem. This helps the crypto economy become safer and more transparent while fighting malicious actors.