BitFinex customers have reported phishing emails appearing to be from bitfinex.com; Emails contain 2 attachments which have been suggested to be viruses
These email's contain the real name of the customer and is sent to their Bitfinex registered email address which also suggests that the attacker has also compromised the customer database and she is either using this information directly to attempt a second level attack on the customers of Bitfinex or she has sold the information on to another party who is attempting to cash in.
In my opinion the latter seems like a more likely scenario; Which means these targeted customers could be in for a lot more attempted attacks; given they attacker knows these people are likely to have local wallet containing value or passwords to other accounts that hold value i am expecting further reports of more advanced attacks against these individuals based off the recent data breach.
The Email
- The email is reported to be sent from @ibitfinex.com (which has a leading 'i')
- The Email contains 2 attachments which are reported to be viruses
Phishing Email Contents
Dear Mr Steempower,
We apologize to you for our inconveniences appeared in result of security incident. We intensively work with the law enforcement agencies to find out guilty people to make answer. In near future our website will be restarted. We will strive to keep you as informed as we can
Unfortunately, our losses have a big scale. So, we cannot return you a total sum of lost money.
But we propose a solution.
We are planning to set electronic bonds which will let you claim for dividend payment from the common benefit of our company. You will receive the percentage of dividends, equal to the sum of lost funds.
If you accept our offer, please, check your personal information carefully, fill in the Application for refund and send it back to us.
Thank you for understanding and support.
The Bitfinex Team
Attachments - Viruses
The email contains two ZIP file attachments which are purported to be registration forms that you will need to complete to claim damages by way of a dividend plan (anyone remember BTC_B from BTER??? - still waiting...)
These files look to contain office documents which contains viruses targeting MS Office;
iFinex_Agreement.zip: contains a virus that is quite old (released in 2012) and targets and ActiveX component commonly found in MS Office the attack is known as "MSCOMCTL.OCX RCE Vulnerability" or CVE-2012-0158; this vulnerability allows for Remote Code Execution via a webpage, document file or rtf file.
Application_for_refund.zip: contains what looks to be W2KM_FAREIT.AMR (this may not be the exact Trojan as it was detected by a heuristic scan). This is a much more recent macro based TrojanDropper that is contained within a .DOC file, if executed will access the internet and download further software and 'drop' them onto the users temp folder before executing the newly dropped files.
If you have opened these files you should preform a full virus scan on your PC and check the virus notes linked above for common locations of the infected files.
This can lead to repeated attacks!
This should be a lesson to all who STILL haven't learned their lesson from MTGOX....DO NOT GIVE YOUR PRIVATE KEYS AWAY!!! I don't know how people sleep with their private keys in someone elses hands.
But how would you trade??.... Ahhh on a decentralized exchange like Bitshares where you not only have the power to trade against multiple asset at lightning speeds but also retain ownership of your funds and private keys at all times :)
Good point. If you dont own the keys, you dont own the __________.
there are a lot of good platforms for trading. But in general you are right.
Well I am day-trading alt and bitcoin, so I do not really have too much of a choice do I ? Well especially since I use automated trading and don't really wanna swap over to another marketplace so far; bittrex is doing a good job.
Then again I'd advise people to withdraw a part of daily earnings to a private wallet. I am also more afraid of people stealing my private data rather than the BTC I use for day-trading. Then again some people might stash way too many BTC in a marketplace
Use a decentralized exchange to go in and out of fiat.
Employ good security on your computing environment.
Look at #bitshares if you do not want to go out of the crypto-currency ecosystem, but want price-stable currency (besides SteemUSD).
Consider keeping some of your earnings in SteemUSD, but remember that sometimes the USD/SBD peg does not do what you expect it to do.
You could even get price exposure for GOLD and SILVER using #bitshares.
There are so many options, and they keep growing.
Use a centralized exchange as a last resort, not as the first choice -- they are bad for your privacy and potentially bad for your funds!!
Good way to describe the situation in an informative way
We put too much faith in these exchanges to protect our coins. I'm just as guilty as the next guy, I've just been lucky so far. I transferred all my Bitcoin out of Mt. Gox just before the Goxxing. When Cryptsy collapsed I transferred everything to a coin that you could still withdrawal and huge loss. And I still haven't learned my lesson because it's the risk you have to accept if you want to trade.
Thanks for this post man. Appreciate it
👍nice sharing @steempower
Thank you for the news. I wasn't on Bitfinex but I really hope that the people will get their money somehow back. No one deserves that
Hopefully their customer database, including emails, has not been stolen as well during the hack as if it was most likely it will show for sale on some black markets and there could be more phishing emails trying to steal crypto coins from users.
It is also possible that somebody is using the user database that leaked from the MtGox hack a while ago and/or from other exchange breaches to send phishing emails hoping that the same users also had accounts on Bitfinex.
Thank you for information. Ill keep it.
✉ Good information. Owning "coins" & "keys" is in important aspect for sure! ✉
Thanks to sharing @steempower