Hacker Bags $17,000 Via Giveaway Scam | Bitcoin.org

Bitcoin.org, the main website detailing the Bitcoin cryptocurrency was compromised by hackers running a giveaway scam.

Bitcoin.org Exploited For Giveaway Scam

In an unfortunate security failure, Bitcoin.org was compromised for a giveaway scam, users reported Thursday morning. Visitors to the website were greeted with a popup, asking them to send crypto to a Bitcoin wallet via a QR code and receive double the amount in return.

The fake message told visitors that the Bitcoin Foundation was giving back to the community, and that the giveaway would be limited to the first 10,000 users in order to draw people into the scam. Users couldn’t click past the fake pop-up message, making the rest of the website inaccessible for the duration of the scam.

The Bitcoin address used in the scam received 0.40BTC worth $17,000. The hacker moved almost all of the funds out of the main wallet and into two other holding wallets.

Started in August 2008 by Bitcoin’s pseudonymous creator Satoshi Nakamoto, Bitcoin.org serves a knowledge hub for the top cryptocurrency. It hosts various resources such as the original whitepaper and developer documentation on Bitcoin.

According to the Bitcoin.org’s pseudonymous operator CobraBitcoin, the attackers may have exploited some flaw in the website’s domain name system (DNS), and gained unauthorized access. Hackers usually crawl websites to identify underlying vulnerabilities that can be used to orchestrate attacks.

After being taken down for a few hours to investigate the root cause of the security breach, the website has now been restored to its pre-hack status.

The Bitcoin.org exploit is not the first “double your money” scam to affect the crypto space. Cryptocurrency giveaway scams often leverage popular web platforms and fake or hacked celebrity social media accounts to trick users into thinking the scam is credible.

Last year, the Twitter accounts of Binance CEO ChangPeng Zhao, Bill Gates, Elon Musk, and other prominent figures in the crypto community were hacked in order to carry out a doubling scam, asking users to send Bitcoin to an undisclosed wallet, with the promise of receiving double the amount back. According to the US-based Federal Trade Commission, impersonators of Tesla CEO Elon Musk have stolen at least $2 million from investors using similar scams.

I think we ourselves need to be very careful with the way we process information. There are some offers that seem too simple to be true. When someone told you to send funds to this address and it will be doubled, that seems too sweet to be true. We need to guide hearts and always be cautious on which offer to subscribe to.
Don’t click on any link when you are not sure of the source.
Thank you.

1 Like

Yep, you’re right and you’re not.

I don’t know if you had the news back then. How will you see a giveaway on someone like Elon Musk or Changpheng zhao Twitter profile and you will think It was a scam too…

We should just pray not to be a victim.

Even if you’re on Bantupay group, you will see some that people still send that of Elon Musk as image or gif

I understood your point. It is always important to be cautious of how we go about transacting… this starts from following some basic rules.

Just as we have it for #bantu-pay, the system always reminds you of not transacting outside of their official exchanges like Timbuktu and Bittrex. Anyone involving him/herself in any unsolicited act will have him/her self to blame.

On another angle, may God protect us from scammers. as you rightly said I have been scammed before on bitcoin… My Gmail account was hacked and through that, the scammer have access to my blockchain account. The guy called me and presented himself as an official from Gmail. I used my own very mouth to say the code sent to my phone (talking about 5yrs ago when I activated my Gmail 2FA).

2 Likes

This part got me :grin::grin:

I read that there are testnet scams out there in which someone is tricked into buying crypto testnet coins which have no monetary value. If the wallet is created by the scammer, they simply set it to the testnet and transfer play money.

1 Like

Are you wondering how to keep your private/ Secret key(s) safe?
First things first: Never EVER put it online!
No screenshots.
No saving it in clouds.
No sending via email

2 Likes

In addition to this, be careful of the keyboards you’re using as it is the most very sensitive part of your device. Don’t choose keyboards because of features or popularity, if the keyboard that came with your device is not a verified keyboard download verified one on Playstore or appstore. Be #SAFU

1 Like

I recall the first time I came across the fake Twitter account of Elon Musk doing a giveaway. I was almost fooled by it even if I didn’t have any crypto coins to part with :grin: At the time, I didn’t even know who he was. I just heard his name because of his company. I decided to search for his real Twitter handle and compared what I saw on both pages. That’s when I realised it was a well-detailed scam to steal from unsuspecting people. Whoever did the copycat site did a good job of it.

People just need to be more careful, research and ask questions. We learn everyday.

2 Likes