1300 WEX users hacked, $400k stolen

"I'm tired of gossip and manipulation and all kinds of nonsense -
I feel it is easier to go to the other side and fuck the morons"

@anticoininfo Dmitrii v. via telegram

Thanks to insider information and the well-coordinated work of the BTCe Club channel administration, contacts and personal information of the creators of the WEX fraudulent clones - wex.ac, wex.sc, wex.mn. are been identified.

The Ukrainian advertising agency GoldMedia has posted articles and promotional materials(1) of the previously mentioned fraudulent resources in various popular media on the Internet through the use of the Miralinks system(2).

At the same time, the well-known Dmitry Vasiliev, formerly CEO of WEX(3), initially confirmed the veracity of the article on the popular resource ForkLog (https://forklog.com/), but later denied it, saying his previous veracity statements were just a joke(!). In addition, in a private conversation, he expressed(4) complete indifference to what is happening, not only speaking out against the benefit of ordinary users, but confirming the fact that the loss of finances is not some kind of outstanding situation. Moreover, he considers this to be normal, which leads to certain thoughts about his possible complicity in what happened.

From the Intermediary (responsible for posting articles) information about the customer, in particular, his e-mail Адрес электронной почты защищен от спам-ботов. Для просмотра адреса в вашем браузере должен быть включен Javascript. and Telegram account @AlexSvir were received. The first request in the search engine gave a lot of interesting information, on the basis of which it is assumed that this person is a direct accomplice of everything that happens and most likely was directly involved in the development of the idea and the creation of fakes as well as the unknown Sergey from Tambov (Sergey_P on btc-e / wex). In addition, there is an evidence that the abovementioned first person was directly involved in the development of the exchange API(5) for WEX.nz, respectively he knew all of its advantages and what more important disadvantages which he could hide from the administration of the platform.

To anon their servers, the fraudsters used the service of dynamic domain names, which allowed them to vary their data over a wide range, while remaining anonymous. But at the same time, they did not take into account that this service is under the close attention of Google bots and all data placed on their subdomains(6) were indexed into the search engine database. This is what allowed us to gather information and discover some part of the victims whose data were compromised by fake sites. After processing the data, more than 400(7) affected users became known who entered their credentials in the .mn / .ac(8) / .sc(9) domains, while the total amount of compromised data according to the analysis was about 1300 accounts. Vasiliev's “jokes” turned for users as a direct loss — at least 400,000 USD was on compromised accounts. There is currently no data on the amounts transferred to fraudsters by entering WEX codes.
All of the above proves once again that using the difficult situation and the information vacuum (being officially silent) created by the WEX administration, the fraudsters easily rised panic among users and implemented complex and cheeky scam schemes, so that ordinary users, despite the warnings and provided information about fakes, succumbed to the machinations and lost their money.

At the moment we kindly request you: take all possible measures to protect your funds by carrying out simple actions:

- enable 2FA (two-factor authentication) on your account;

- remove all API keys that you do not use, especially those that you did not create;

- if you do not perform trading operations, in the security section, you may block your account for as long as possible for all actions, including trading.

Hacking cases of poorly protected accounts are increasing!

ATTENTION, the domain of the WEX exchange platform is ONLY wex.nz! Other domains, differ from https://wex.nz, were created by fraudsters to get your funds!



<viber chat>
Mike Golikov online
btceclub.ru : some normal portals have already removed: <old link>
btceclub.ru : these are all you've done, 100%. now it is time to know the customer of this

Mike Golikov: yes) <newslink, photo on preview>
btceclub.ru : no offense - but here my personal interests are affected. Mine, like thousands of other people, whose money stuck on wex.nz
All these wex.sc ads - it's a deceit people on money. And there are people I know who lost the full amount of the deposit due to those scammers


<photos - Evidence that the customer ( Адрес электронной почты защищен от спам-ботов. Для просмотра адреса в вашем браузере должен быть включен Javascript. ) negotiated the cost of placing fraudulent information in various news media>

(3) at the moment, his real role in relation to the Exchange has not been established, and he still does not disclose information, but claims that the domain wеx.nz belongs to him and is used against the consent of the owner


<telegram chat>
btceclub (team member): Do you remember that fake you advertised "by joke"? Well, your joke costs to much - 1300 users affected, among others there are 30-50-70K depo amounts stolen. Those fraudsters morons' loot was indexed
DV : 1. I didn't advertise, but showed Forklog's idiocy
2. There is a tiny profit there, 10...15% main profit of Exchange which is not clear why it allows to withdraw and does not allow to trade
3. I fight for the domain, I really hope to get it back, then stop this bullshit (pizdec nahoi bliyat)

btceclub: 1. even at this case you consider yourself innocent, but alas, it is not so..
2. you consider it as someone's profit, and we - as someone's loss, and these losses for users are equivalent to 100%. We are now writing a parser, gathering statistics, a picture will be visible - the result of showing your "Forklog's idiocy"
3. raid of wex.nz? will give only 404. Is this your last hope to ruin this business?

DV : If you are so smart and you see me badly, do not write here anymore. Well, let's count the losses and problems of people, when the whole exchange is in the ass. Once again, the fact that Forklog published that is their problem and lack of brain, I immediately denied. Moreover, on their request to comment on the question, I told them that there was nothing to comment on.


Добавить комментарий

Защитный код