Beware: Popular Encrypted Messaging Service Cloned To Steal Bitcoin

A recent report warns of a scam that clones a legitimate service offering private, encrypted, and self-destructive messages, to alter BTC addresses and ultimately steal funds from unsuspecting victims.

Stealing BTC By Altering Addresses

According to the report by KrebsonSecurity, a fraudulent website called Privnotes has been impersonating Privnote.com for about a year. Users are typically utilizing the legitimate service Privnote.com (without the “s”) because it offers encrypted messages that self-destruct automatically when the other party reads them.

The cybersecurity blog has examined how the impersonating website operates to find its goal and how it deceives people. It concluded that “any messages containing Bitcoin addresses will be automatically altered to include a different Bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same.”

It added that the “the phishing site uses some kind of automated script that scours messages for Bitcoin addresses, and replaces any Bitcoin addresses found with its own.”

This means that if one user sends funds to another one, they will ultimately arrive at the Bitcoin addresses owned by the perpetrators, not the originally intended one.

What makes this scam especially worrisome is the fact that once a user initiates a “privnotes” Google search, which sounds almost identical to the original website, the results place the fraudulent site on top because of a misleading paid ad.

The operators of the legitimate website – privnote.com – claim that the fraudulent one is not even implementing full encryption, and the messages can be read or modified.

“It is very simple to check that the note in privnoteS is sent unencrypted in plain text. Moreover, it doesn’t enforce any kind of decryption when opening a note and the key after # in the URL can be replaced by arbitrary characters, and the note will still open.”

A Smart Scam

Chief Research Officer Allison Nixon assisted with the investigation of the scam and called it a “pretty smart” one.

“And because of the design of the site, the sender won’t be able to view the message because it self-destructs after one open, and the type of people using privnote aren’t the type of people who are going to send that Bitcoin wallet any other way for verification purposes.” – explained Nixon.

Although this investigation hasn’t disclosed if or how many bitcoins were indeed stolen, a recent report informed that crypto thefts, hacks, and frauds totaled $1.4 billion in the first five months of this year. However, it’s worth noting that despite the large amount, the cryptocurrency field is maturing with more robust security systems.