ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Wednesday Jan 17th 2018
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

Slack Attack - Phishing Scams Target Blockchain Companies [UPDATED]

By

Matthew

De Silva

WriterETHNews.com

Over the last week, a plethora of blockchain and cryptocurrency open community teams have fallen prey to phishing scams that utilize the messaging service Slack. As the communication software of choice among blockchain developers and founders, Slack might be the weakest link in corporate cybersecurity.

UPDATED | July 11, 2017: 

Slack’s PR team reached out to ETHNews to offer comment on the phishing attacks:

“We are aware that open community teams related to cryptocurrency were targeted with deceptive spam messages. Several of the affected teams have since disabled or deleted access to the offending user accounts. Online scams targeting open communities can be pervasive and we encourage team admins and members to be vigilant, and to review and enforce basic security measures.”


ORIGINAL | July 10, 2017:

Shortly after the Fourth of July, a number of blockchain teams were targeted by a phishing scam wherein a malicious actor or group sent reminders through the Slackbot imploring users to log in to MyEtherWallet (MEW). Users who clicked on the attached hyperlink were redirected to myether.com.co, a site impersonating MEW. It seems that the false front allowed the scammer(s) to collect wallet details from their victims.

Fortunately, most users quickly caught on to the scam, realizing that the hyperlink to MyEtherWallet was fake, as evidenced by the “.co” at the end.

In some iterations, the phishing scheme employed a “.su” domain. This was originally assigned as the top-level domain of the Soviet Union.

Sadly, at least one user was caught in the crosshairs of the scam. ragnar_the_king later posted in BAT Slack’s community channel, “I hate myself for falling [for] that dumb scam.” Ragnar lost 950 BAT, equivalent to approximately $85 as of July 10 according to CoinMarketCap.

On reddit, the BAT team warned users of the phishing scam. Luke Mulks, senior ad tech specialist at Brave Software, worked to delete the evil user, disabled slackbot messages, and reported the issue directly to Slack’s own security team.

On Twitter, @SlackHQ addressed concerns that the scam artist(s) abused the reminder command. Unfortunately, the Slack team did not provide an immediate solution.

The Status Slack was also a target of the phishing attack. On July 9, co-founder Carl Bennetts posted a warning to community members.

The open community Slack channels of some of the most prominent blockchain companies saw post after post of users calling for the ban of scam accounts. Many corporate leaders took proactive measures to alert users, as exemplified by this message posted by Jorge Izquierdo, technical lead at Aragon:

It’s heartening to see the crypto community policing itself, but ultimately, this latest incident reveals a weakness in the environment. On the Colony Community Slack, user slylandro posed the question on everyone’s minds. “Is Slack really the best choice for chat platform?”

At the time of publication, MyEtherWallet had not responded to requests for comment.


ETHNews has updated this article with the distinction that the phishing attempts impacted open community teams, not corporate teams.

Matthew De Silva

Matthew is a writer with a passion for emerging technology. Prior to joining ETHNews, he interned for the U.S. Securities and Exchange Commission as well as the OECD. He graduated cum laude from Georgetown University where he studied international economics. In his spare time, Matthew loves playing basketball and listening to podcasts. He currently lives in Los Angeles. Matthew is a full-time staff writer for ETHNews.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Slack, phishing or other Ethereum cryptocurrencies and tokens news.