Scammed by the slackbot!

If you have been on an ICO Slack channel in the last day or two you will find that scammers have upped their game.

Not two weeks ago, the state of the art was bogus ICO websites and etherum addresses posted on instant messages in Slack in a pretty random manner.

Suddenly the whole world has gone crazy and automated.

MyEtherWallet tweeted about growing number of these scams.

The secret to these scams success is the fact that everybody trusts myEtherWallet — as so you should. It is an amazing product written and manned by Kevin and Taylor, who I have not met so far, but sincerely hope to meet and thank them at Devcon this year.

They started with people sending personal messages like the one above and reply on the fact that because is highlighted it MUST be genuine right? Try it 😛
The link above just goes to a video of Puddles Pity Party but in the scams the problem is that the destination sites DID look like myetherwallet and even had similar domain names like as myEtherWallet pointed out on their slack channel.

Where you end up if you click…

And there you are. On a site that looks like your trusted MyEtherWallet site but with a nasty twist — it’s waiting for you to enter your private keys or upload your keystore and enter a password… all of which gets sent to the back end so it can steal your tokens (and ether of course).

That was just the beginning

The next day people were getting messages from the slackbot. The Slackbot is part of the infrastructure of Slack.

The Slackbot helps you automate many things in a team environment — things like sending reminders to the team to do their backups. But the crypto world found Slack useful for talking to hundreds of users and took to it like a duck to water. Which means that in ANY slack chat, ANYBODY can set reminders that look as if they come from the system.

See? Even though the link looks like it actually comes from — a site NOT belonging to Kevin and Taylor.

The situation got so bad that TenX released their tokens early so that their holders could get in early and transfer their tokens before they could be grabbed by the automated contracts that were set up to steal the tokens on the release date.

What can you do?

Taylor first instruction type the URL and bookmark it :

Or type the full URL (the same applies to ICO websites too)

DDF forwarded this (can’t find the original)

The URL is :

From the author :

And, finally, seriously consider getting a hardware wallet like a 
Ledger Nano S or Trezor. These amazing devices sign the transaction inside the device so you can never lose the keys.