Kucoin is a crypto exchange website and now has a lot of phishing websites of Kucoin. Search KuCoin on your search engine (in most cases google) and you’ll see one of these. If one visits the link and then check their browser history they won’t be able to see anything regarding this website. But If they check their google activities they can see the links they have visited over there.
We searched on Google and saw so many websites to Kucoin as seen in the above image. Then we visited one of them and checked our browser history. You can see in the below image that we couldn’t find the phishing website in our browser history.
After that, we decided to connect to the same link again. Once we got connected to the link we added account details and connected our account. After connecting our account to Kucoin it automatically started trading and it changed crypto to USDT, then BTC and then withdrew the funds in seconds.
We used desk time, it is a tracking app. When we checked the visited websites we found kucoiv. Weirdly it didn’t appear anywhere else and it was only present in the tracking app. We checked and we were sent to a hosting company in Belize(phishing site). The company was DANCOM LTD. It is headed by a certain Evgeniy Marchenko. We found that this company helped the social media “Parler” (famous D.T supporters social network). To come back online after it was dropped by Amazon hosting. They also host far-right websites like Qanon/8chan/8kun and so on.
So we didn’t find any phishing URL in browser history but we found a suspicious URL in Google Activity. The suspicious activity was in this https://kuroir-sign-on.com/. We finally got a certificate which you can see in the image below. The certificate said that the certificate is not trusted.
We logged in to this URL and right after it, we receive a login email alert with the particularity to have been sent from another server with this IP: 188.8.131.52. This IP comes from a heficed server, a company specialized in IP addresses. Then, we received a verification code email telling us that we created an API.
Someone could have transferred all the money without any verification via an API. We didn’t validate with the code. To conclude the article people should be careful about phishing but mistakes happen from everybody. There is a serious lack of security from kucoin.
We could find out not only Kucoin there are many other crypto exchanges that have phishing websites. There are a lot of scammers in today’s time so everyone should be careful about scams. One should always check and study the URL before clicking it. One should not have to be an expert to recognise a suspect URL. Just keep an eye out for some red flags on the link. Fake links generally imitate established websites, frequently by adding extraneous words and domains in them.