ShapeShift Clients Targeted by a Clone Scam Website

Wednesday, 27/04/2016 | 07:04 GMT by Avi Mizrahi
  • The clone looks identical to ShapeShift’s legacy design and is just one letter away from its exact address.
ShapeShift Clients Targeted by a Clone Scam Website
Bloomberg

Warning to ShapeShift clients: scammers are trying to dupe crypto investors into sending them funds using ShapeShift’s old design and a similar website domain. The exchange has been trying to raise the awareness of its clients to this threat since the beginning of the year already.

ShapeShift explained in the January warning that: "since our API is free and open source, it is possible for individuals to create a copy cat site that looks similar to our site and create a conduit for people to send Bitcoin to without actually sending the exchanged funds. In order for our service offerings to remain free and open to the public (as we intend it to always be), we do not have control over those sites who might utilize our service for negative usage. Thus, the most recent scam site, "ShapeShit.io" has scammed many of our users as they have made the site look exactly like our site."

The new world of Online Trading , fintech and marketing – register now for the Finance Magnates Tel Aviv Conference, June 29th 2016.

Clone scams have been a persistent and growing menace in the financial world, targeting online brokers, banks and even national regulators. The main apparent reason for their prevalence is the ease at which they can be set up – unlike hacking that requires having trained professionals with the needed skills or massive DDoS attacks that require a larger investment in a computer network, clones are fast to create and take minimal effort.

The clone scammers work by creating websites that mean to convince unsuspecting users that they are facing an established brand. This can be done by using a similar name, design, logo or other features of a legitimate company – corporate identity theft. In this case, the clone looks identical to ShapeShift’s legacy design and is just one letter away from its exact address (ShapeShit.io instead of ShapeShift.io) so it can even dupe clients that simply misspell the address.

Last week we reported that the website was offline for security upgrades due to suspected attacks by cyber criminals, possibly with an inside connection (a former ShapeShift team member). Erik Voorhees, the CEO of ShapeShift, has made public some of the details and findings from an investigation including that about $230,000 worth of cryptocurrencies were stolen from its hot wallets, but we are assured that none of it was clients’ funds.

Warning to ShapeShift clients: scammers are trying to dupe crypto investors into sending them funds using ShapeShift’s old design and a similar website domain. The exchange has been trying to raise the awareness of its clients to this threat since the beginning of the year already.

ShapeShift explained in the January warning that: "since our API is free and open source, it is possible for individuals to create a copy cat site that looks similar to our site and create a conduit for people to send Bitcoin to without actually sending the exchanged funds. In order for our service offerings to remain free and open to the public (as we intend it to always be), we do not have control over those sites who might utilize our service for negative usage. Thus, the most recent scam site, "ShapeShit.io" has scammed many of our users as they have made the site look exactly like our site."

The new world of Online Trading , fintech and marketing – register now for the Finance Magnates Tel Aviv Conference, June 29th 2016.

Clone scams have been a persistent and growing menace in the financial world, targeting online brokers, banks and even national regulators. The main apparent reason for their prevalence is the ease at which they can be set up – unlike hacking that requires having trained professionals with the needed skills or massive DDoS attacks that require a larger investment in a computer network, clones are fast to create and take minimal effort.

The clone scammers work by creating websites that mean to convince unsuspecting users that they are facing an established brand. This can be done by using a similar name, design, logo or other features of a legitimate company – corporate identity theft. In this case, the clone looks identical to ShapeShift’s legacy design and is just one letter away from its exact address (ShapeShit.io instead of ShapeShift.io) so it can even dupe clients that simply misspell the address.

Last week we reported that the website was offline for security upgrades due to suspected attacks by cyber criminals, possibly with an inside connection (a former ShapeShift team member). Erik Voorhees, the CEO of ShapeShift, has made public some of the details and findings from an investigation including that about $230,000 worth of cryptocurrencies were stolen from its hot wallets, but we are assured that none of it was clients’ funds.

About the Author: Avi Mizrahi
Avi Mizrahi
  • 2727 Articles
  • 10 Followers
About the Author: Avi Mizrahi
Azi Mizrahi, expert in fintech trends and global markets, enriches readers with deep insights.
  • 2727 Articles
  • 10 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}