Warning: BitmessageS.org Is Not Bitmessage… It Is A Bitcoin Phishing Attempt Targeted At Blockchain.info Users

Journalist:
July 3, 2014

Today, reports of spam transactions containing one Satoshi and zero fee have been sprouting like daisies. A pair of Bitcoin addresses have been used by would-be hackers to send over 1,000 spam transactions to many more thousands of receiving Bitcoin addresses. The spam transaction encourages users to visit the site BitMessageS.org (intentionally meant to be confused with BitMessage.org) where they are then prompted for their Blockchain.info wallet identifier. Within hours, the Bitcoin community has already taken steps to mitigate the potential damage by this interesting phishing attempt.

[divider]CCN[/divider]

Warnings Flood In

On the dedicated Bitmessage subreddit, users have posted warnings of the new scam. The picture below shows BitMessages, masquerading with the user-provided address tag “New BitMessage,” sending just one Satoshi to ASA09. Obviously, these transactions are being sent with zero fee attached, the same way that the United States Marshal Services sent around $18 million USD worth of Bitcoin to Tim Draper.

Spam Transactions From Bitmessages. Image from ASA09

Even more warnings are popping up on the dedicated Bitcoin subreddit, where it is likely the first victims will also announce themselves. This attack has only started today; hopefully, with all the warnings popping up, we can prevent a new Bitcoiner and his or her bitcoins from being parted.

Vivisecting The Attack

The spam transactions originate from 1DkRWKXpfQwm5b1pGL2QdpPdrUdKSdzbnG and 1EPtdN9TtZp93uNHYxCA4FEWBY1seRthS1. Upon receiving a mystery transaction, most Bitcoiners will immediately investigate the sending address. On Blockchain.info’s information page for the address, the hackers/spammers/phishers have posted a public note informing visitors that they have a new message via BitMessage and to check it at their website. Once on their intentionally eye-pleasing and supposedly legit-looking website, if visitors attempt to sign up for the service to read their message, they will be prompted for their Blockchain.info wallet identifier. Armed with this valuable information hackers are able to download a “copy of your wallet” and then brute force your password at their leisure. Yet another reason that 2-factor authentication is offered and recommended by the security-minded Blockchain.info.

The hackers used Blockchain.info’s address tagging system, which is usually used by people to tag their or their company’s own addresses, to tag their address as “New BitMessage.” Within hours of the first transactions leaving the spamming and scamming address, the community and Blockchain.info have changed the tags on the two offending addresses to “SPAM SEND.” Honestly, the community has been somewhat desensitized to this attack vector after the Enjoy Sochi Satoshi transaction spam from the recent Olympics, which was comparatively benign: All spam and no scam.

BitMessage Is Still Worth Checking Out

In this instance, the hackers are targeting Bitcoiners who might have heard about BitMessage, but have never used it. Alternatively, they are targeting those that might not know or care that much about password or online security and don’t recognize that relinquishing their wallet identifier is one of those end-all situations. Hopefully, this fiasco and this warning will serve to educate Bitcoiners: Be careful out there. They don’t call our chosen industry the “Wild Wild West” for nothing. My hope is that BitMessage, the real service that was unwittingly used as a prop in this pathetic attack, receives a new wave of deserved attention because of this publicity. Check out their actual site and forum!

Featured image from shutterstock

Last modified (UTC): July 3, 2014 20:24

Caleb Chen @bitxbitxbitcoin

Caleb is a graduate of the University of Virginia where he studied Economics, East Asian Studies, and Mathematics. He is currently pursuing his MSc in Digital Currency at the University of Nicosia.