Slack Attack - Phishing Scams Target Blockchain Companies [UPDATED]
UPDATED | July 11, 2017:
Slack’s PR team reached out to ETHNews to offer comment on the phishing attacks:
“We are aware that open community teams related to cryptocurrency were targeted with deceptive spam messages. Several of the affected teams have since disabled or deleted access to the offending user accounts. Online scams targeting open communities can be pervasive and we encourage team admins and members to be vigilant, and to review and enforce basic security measures.”
ORIGINAL | July 10, 2017:
Shortly after the Fourth of July, a number of blockchain teams were targeted by a phishing scam wherein a malicious actor or group sent reminders through the Slackbot imploring users to log in to MyEtherWallet (MEW). Users who clicked on the attached hyperlink were redirected to myether.com.co, a site impersonating MEW. It seems that the false front allowed the scammer(s) to collect wallet details from their victims.
Fortunately, most users quickly caught on to the scam, realizing that the hyperlink to MyEtherWallet was fake, as evidenced by the “.co” at the end.
In some iterations, the phishing scheme employed a “.su” domain. This was originally assigned as the top-level domain of the Soviet Union.
Sadly, at least one user was caught in the crosshairs of the scam. ragnar_the_king later posted in BAT Slack’s community channel, “I hate myself for falling [for] that dumb scam.” Ragnar lost 950 BAT, equivalent to approximately $85 as of July 10 according to CoinMarketCap.
On reddit, the BAT team warned users of the phishing scam. Luke Mulks, senior ad tech specialist at Brave Software, worked to delete the evil user, disabled slackbot messages, and reported the issue directly to Slack’s own security team.
On Twitter, @SlackHQ addressed concerns that the scam artist(s) abused the reminder command. Unfortunately, the Slack team did not provide an immediate solution.
The Status Slack was also a target of the phishing attack. On July 9, co-founder Carl Bennetts posted a warning to community members.
The open community Slack channels of some of the most prominent blockchain companies saw post after post of users calling for the ban of scam accounts. Many corporate leaders took proactive measures to alert users, as exemplified by this message posted by Jorge Izquierdo, technical lead at Aragon:
It’s heartening to see the crypto community policing itself, but ultimately, this latest incident reveals a weakness in the environment. On the Colony Community Slack, user slylandro posed the question on everyone’s minds. “Is Slack really the best choice for chat platform?”
At the time of publication, MyEtherWallet had not responded to requests for comment.
ETHNews has updated this article with the distinction that the phishing attempts impacted open community teams, not corporate teams.