The ilovewww.com registrar and hosting company is the source behind the massive phishing attack on the cryptocurrency community, including STEEM. This is a multi-vector, prolonged attack. The attack on STEEM started in the Fall of 2017, died down, and resurfaced end of February 2018.
We estimate over a dozen STEEM accounts have been compromised and had their funds stolen at the time the attack was discovered.
Crypto communities are particularly attractive to hackers as wallet transactions are irreversible. Unlike with many traditional institutions, you won’t get your money back if someone gets into your wallet and transfers it out.
Phishing Attack on STEEM
Do not click on any links in any comments.
If your account has been compromised and your password changed, use this form to immediately initiate your recovery process (information at bottom of post).
- Wallet messages from @gtg.witnesses
- Comments telling you you’re trending
- Comments advising of abuse
- Long comments with graphics
Other Crypto Communities Attacked
Bitcointalk members got their own version of the same phishing scam.
Numerous other services also targeted and crypto stolen:
Online Services Attacked
Netflix users are reporting the same type of scam from ilovewww.com domains. An example can be seen here.
A simple search for “phishing ilovewww” reveals many other community-specific phishing sites and victims. Try it yourself. These douchebags have been around for a long time.
Every phishing domain is hosted by ilovewww.com. This would not indicate culpability in itself except that this has been going on for a long time now and ILoveWWW is not responding to email, form, or phone messages. In fact, the phone is non-functional. It is highly unlikely that this is a real business.
WHOIS of ilovewww.com
IP: 188.8.131.52 out of Malaysia
A large number of phishing domains is owned and hosted by these hackers. Click the link below for the full list. Fortunately, there are only two Steemit-style domains at this time.
We received a poorly-written email after days of waiting. It is clear by their response that their entire enterprise revolves around cybercrime and illicit services.
Every registrar and hosting company is responsible for tackling abuse stemming from their services.
Reported to ‘Public Domain Registry’ Registrar
In this step we assumed that the privacyprotect.org aka the ‘Public Domain Registry’ is a legitimate company.
They responded that they don’t give two shits and will do nothing. The Public Domain Registry responded that they did not find any abuse, protecting their custy.