Security Announcement

In recent days we have received an increasing number of reports from people falling victim to phishing schemes that trick users into sending digital tokens. We see a pattern of phishing websites masquerading as legitimate wallet or exchange service that asks users to deposit property.

When the property is conveyed, it is stolen from the person sending it. Specifically, we have received several reports of individuals registering accounts with hxxp://eth-coin.org and hxxp://eth-coin.pro (the “Eth-Coin Domains”). At the urging of the operators of the Eth-Coin Domains, those individuals have apparently sent ETH to Bitfinex’s hot wallet address.

We believe persons behind the Eth-Coin Domains have set up Bitfinex accounts and generated an extensive list of deposit addresses. When users create a ‘wallet’ on any of the Eth-Coin Domains, the addresses they receive appear to be Bitfinex deposit addresses. Eth-Coin Domains users cannot withdraw their coins from their ‘wallets’ as they are under the control of the Eth-Coin Domains operators.

After being alerted to this scheme, we were able to stop further funds from being withdrawn from the Bitfinex accounts linked to the addresses that received funds. Unfortunately, some withdrawals had already been processed before we were alerted.

We are confident that the Eth-Coin Domains operators have used an identical strategy with other services and, accordingly, we expect to receive more reports of this nature in the coming days. We have alerted international law enforcement agents and asked them for their assistance.


Based upon our analysis, we urge all users and participants in the digital token community to take extreme care when considering the use and contents of the following domains:

  • hxxp://bitscash.info
  • hxxp://cryptolite.info
  • hxxp://dashcrypto.info
  • hxxp://eth-coin.org
  • hxxp://eth-coin.pro
  • hxxp://ethercoin.ltd
  • hxxp://ethwallet.info
  • hxxp://local-eth.org
  • hxxp://local-lite.org
  • hxxp://monero-wallet.org
  • hxxp://mybitshares.org
  • hxxp://mydashwallet.com
  • hxxp://namecoin-wallet.info
  • hxxp://novacoinwallet.biz
  • hxxp://peercoinwallet.org
  • hxxp://storage-eth.org
  • hxxp://storage-ethereum.com
  • hxxp://thecryptowallet.info
  • hxxp://wallet-ethereum.net
  • hxxp://walletsitecoin.net
  • hxxp://zcash-wallet.info

This is not an exhaustive list. This represents only the results from our analysis to date. Bitfinex cannot assume responsibility for keeping this list updated going forward.


Opening any website not familiar to you from your local machine could compromise your computer. If you are a victim of any scheme as described in this announcement, we urge you to file a report with local law enforcement agencies.

When dealing with financial services, it is imperative that you double-check everything and exercise extreme caution.

We would suggest the following safeguards when you are online, at a bare minimum:

  • Type in trusted domains yourself. Do not click directly on links.

  • Bookmark trusted sites and rely on those when navigating.

  • Never disclose private information, like passwords, to anyone (including to people claiming to represent Bitfinex). We will never ask you for your password.
  • Do not open links or attachments in the e-mails of untrusted sources.

This is not a complete list of precautions that you should take online.

Please assume the worst when it comes to information with which you are provided, and exercise caution when dealing with anyone. Some links that you will receive may be phishing attempts, so take care when visiting certain sites.

A look at the Bitfinex security features is available on our support page.

The Bitfinex Team

 


hxxp:// is generally used to avoid automatic recognition of URLs by computer programs.
This will help avoid automated web crawlers from following the links, and, thereby advancing the search engine rank of the target web site.

In addition this helps protecting users from accidentally click on a potentially harmful link.
Tags:
No Comments

Sorry, the comment form is closed at this time.