The BIT.AC Scam and a Cautionary Tale About Fraudulent Online Wallets

The BIT.AC Scam and a Cautionary Tale About Fraudulent Online Wallets

Earlier this year, someone starting out with cryptocurrency wallets experimented with a site called bit.ac, using a review on cryptojunction to influence his decision Other sites revealed that the site was launched in mid-2016 with much promise. The website had an address listed as well as a phone number and contact form, but there was no individual contact to email. Considering that most other online wallets operate the same way, this wasn’t an issue.

The site operated more or less smoothly (save for one Ethereum transaction getting stuck until a support ticket was addressed) until one day in April the server went completely down with a blank page reading “NGINX server.” There were no Facebook or Twitter notifications that maintenance was being done and no way to contact the site owner. This smelled like “scam” all the way.

Miracle of miracles, the site went back up the following day and the user was able to immediately withdraw his funds immediately, forgetting about it. A little after that, a barrage of 2,000+ emails saying “Password reset” was sent to that users’ inbox. What made things worse was that there was no way to cancel the account, with the email address being firmly tied into the platform.

Looking into the site recently revealed that it’s permanently down and has been since June-July. The last “Tweet” was on August 8th stating that a new website was to be launched soon. That never happened and many users lost their coins. Not only that, many users beforehand had their wallets wiped clean, being sent to the same wallet address. A quick scan of the site’s Facebook page in the comments reveals this to be case.

Doing further research, the company was formally dissolved in June 11, 2017, with the phone number going to a “virtual office” and the business not existing. In addition, a “Philipp Schnabel” is a German bloke (Correspondence address: 123 Friedrichstr, Berlin, Germany, 10117) that did business in London and apparently ran off with everyone’s money. It also appears that he got away with it since he controlled the private key(s) on the site. In addition, he evidently ran other scam crypto sites before such as OWY and Coinomi, both scams.

*** UPDATE 2017-12-17 ***

The domain apparently wasn’t reregistered and a Russian site is in place of it, leading one to believe that it was run by a Russian hacker.

*** END UPDATE ***

This alone is proof that, should you not have an offline/secure cryptocurrency wallet like Ledger or Trezor, or more ideally a paper wallet where only you control the private key, you will be burned. Cryptocurrencies are still very much the “wild west” and there is absolutely zero protection should your wallet/funds get compromised.

Facebook Comments
Rafi Hecht

Rafi Hecht is a web programmer and digital marketing specialist with over 12 years experience. He holds a Masters of Science degree from Stevens Institute of Technology and is both Adwords and Bing Ads certified. Rafi currently lives in Toronto.

Leave your message