Warning to ShapeShift clients: scammers are trying to dupe crypto investors into sending them funds using ShapeShift’s old design and a similar website domain. The exchange has been trying to raise the awareness of its clients to this threat since the beginning of the year already.

ShapeShift explained in the January warning that: “since our API is free and open source, it is possible for individuals to create a copy cat site that looks similar to our site and create a conduit for people to send bitcoin to without actually sending the exchanged funds. In order for our service offerings to remain free and open to the public (as we intend it to always be), we do not have control over those sites who might utilize our service for negative usage. Thus, the most recent scam site, “ShapeShit.io” has scammed many of our users as they have made the site look exactly like our site.”

The new world of online trading, fintech and marketing – register now for the Finance Magnates Tel Aviv Conference, June 29th 2016.

Join the iFX EXPO Asia and discover your gateway to the Asian Markets

Clone scams have been a persistent and growing menace in the financial world, targeting online brokers, banks and even national regulators. The main apparent reason for their prevalence is the ease at which they can be set up – unlike hacking that requires having trained professionals with the needed skills or massive DDoS attacks that require a larger investment in a computer network, clones are fast to create and take minimal effort.

The clone scammers work by creating websites that mean to convince unsuspecting users that they are facing an established brand. This can be done by using a similar name, design, logo or other features of a legitimate company – corporate identity theft. In this case, the clone looks identical to ShapeShift’s legacy design and is just one letter away from its exact address (ShapeShit.io instead of ShapeShift.io) so it can even dupe clients that simply misspell the address.

Last week we reported that the website was offline for security upgrades due to suspected attacks by cyber criminals, possibly with an inside connection (a former ShapeShift team member). Erik Voorhees, the CEO of ShapeShift, has made public some of the details and findings from an investigation including that about $230,000 worth of cryptocurrencies were stolen from its hot wallets, but we are assured that none of it was clients’ funds.