Antminer Scam Advertising on Facebook: What to Watch out For

Everyone is trying to get their hands on the latest Antminer S9 ASIC from Bitmain. This is something that has also not escaped the attention of various online scammers.

One that is making the rounds on Facebook appears to offer the AntminerS9 with a limited batch release later in the afternoon. This was a sponsored Facebook ad from a page that on the face of it, seemed "legit".

To the untrained eye, the domain of the site itself also appeared legitimate (shop.bitmain.com). The domain was also serving the pages through SSL which further added a belief among some that is was the actual site.

However, upon closer inspection, one would discover that there was a small dot underneath the "n" in the domain. Indeed, it was small enough for one to mistake as a spec on your screen. This did not escape one user who tweeted it to Bitmain.

To which Bitmain was quick to reply and point out the minor imperfection below the domain.

Unfortunate Victims

As pointed out by Bitmain, there were quite a few users who fell victim to the scam. Given that each of the miners goes for $2,300, it is quite a bit of money that they were likely to have lost.

If one were to add to this the likely demand that there currently is for this mining rig, some may have bought batches. They will have had the hope of flipping the rigs as a reseller.

Given that the site will have used Bitcoin cash as a payment method, these users will also likely struggle to ever recover their payments. Thankfully, Facebook was able to move really quickly on this and close the ads down.

Sophisticated Phishing

What is clear from this phishing attempt was how sophisticated it appeared to be. Not only did the scammer get an SSL certificate for the site but he also used an advanced domain phishing technique.

Usually, scammers will only change around the letters to make the domain appear legitimate. These are sometimes slightly easier to spot at the user level and the domains are usually already purchased by the company in question (to prevent this).

In this case, the attacker used a sophisticated homograph attack. More particularly, they registered the following domain xn--bitmai-1eb.com. The browser interpreted the "-1eb" as a character from another language alphabet.

Hence, the "n" with the mark below it is most likely from the Cyrillic alphabet and the user's browsers were unable to detect the homograph attack.

Caution if Key

If this demonstrates anything, it shows the lengths that scammers are willing to go to in order to phish your cryptocurrency. From elaborate DNS hacks to fake mobile applications, scammers are relying on complacent crypto users.

Hence, it is up to as a user to take extra caution whenever visiting popular sites, online wallets or exchanges. Always double check the domain that you are visiting and be extra cautious when asked for any private key information.

Phishing is still a social engineering attack and as such, you remain the weakest link.