A modern-day angel took a stand to stop scammers who use #slack as a means to phish for information from cryptocurrency enthusiasts who are unaware that such crooked systems exist.

Before I talk further about this angel, let’s have an overview about this lingo called “phish” or “phishing”.

Phishing is the falsification of identity (internet fraud) in order to gain a person’s trust and acquire the person’s private identifiers or keys such as passwords or cryptocurrency wallet’s private keys.

This is being done in order to gain access to the target’s account and steal whatever’s inside that account – in this case, cryptocurrencies stored in the target’s wallet.

Just about a week ago, news came out about an individual or a group of individuals who started sending out private messages using #Slack and were able to “phish” about $600,000.00 worth of cryptocurrencies from various individuals who fell for their trap.

Make Sure MyEtherWallet URL is a DOTCOM (https://www.myetherwallet.com) and not any other extension (i.e. .com.de, .com.ua, .com.im, .im, etc)

How they did it is quite interesting.

First off, they created a replica website of MyEtherWallet.COM (MEW)and registered a domain name also quite similar to MEW’s official website.

The Trick

The domain name they registered is almost the same except as MEW’s with a very small difference that if one is not being careful, it can easily mislead and cause anyone to serve these crooks all of their saved up cryptocurrencies.

How their Domain Name Looks Like

Here’s a list of the domain names they have used so far that I’ve come across with.

  1. myetherwallet.com.de
  2. myetherwallet.com.ua
  3. myetherwalliet.com
  4. myetherwaillet.com
  5. myetherwallet.im
  6. myetherwallet.com.im
  7. myetherwallet.su
  8. myetherwaller.com.gl

If you come across any other URL being used, please report it here so I can forward it to others who are actively hunting down these crooks to stop these sorts of activities from flourishing.

How They Attract Unsuspecting Victims

I’ve collected a series of screenshots of the email messages I received where they claim one thing or another.. These claims are apparently attractive and if I were naive, I probably fell for one of these schemes already.

How To Stop These Crooks

This one took a stand and reported one of them to the domain registrar and made it his mission to report other similar scams. Check out the screenshot of what he did.


I posted messages I got through Golem and Status networks because I subscribed to these groups, but this might also exist in other token groups in Slack. So why do they love sending messages via Slack? Maybe Slack team could come up with a way to detect such scam messages and have it auto-banned before it does any real damage.

In short, if you don’t want to go into the hassle of checking the domain name registration infos and reporting to the domain registrar, it is best not to open such emails. Make sure to pass this info along to your friends and relatives because the more people know about such schemes, the more we are all protected.