Phishing Warning: NO Critical Wallet Update, NO Airdrop, NO Giveaway (The reward from this post will go to @keys-defender for helping to detect this threat)

in #phishing3 years ago (edited)


Currently, there is a phishing attack making its rounds on Hive and other similar DPOS chains. Its target is your wallet and funds.

Do not click on any links provided to you through Discord, in comments, or in any sort of message.

There will never be any "Hive Official News" in existence or circulating through Discord direct messages of any kind. There are no mandatory updates and never will be for any end-user. The phishing message looks like this:
The website it pointed to has been taken down at the host-level but we are still dealing with the registrar.

Do not download any files or install any software advised to you in comments or messages.

This is the latest phishing message sent out in the comments. The user has a compromised account and hasn't been able to secure it. There will never be a legitimate airdrop advertised on Hive in the comments. However, many different projects have fallen victim to phishing and many phishing "airdrops" have been done in their name.

The real Zerion has been messaged to warn them and we are in process of getting the malicious domains/sites taken down.

It's confirmed that this attack is by the same group of hackers that orchestrated the mass-scale attacks on Steem since 2017. They have over 1000 accounts compromised.

How can you help?

  1. If you have spotted a shortened '' phishing link, please report it here:
  2. Reply to the comment warning others that it's phishing. Use the word "phishing" as this is not a mere scam.
  3. Warn your friends.

We leave you with the message of:

Think before you click! Remain vigilant!

Please share this post and spread the word. If you dislike Hivewatchers, consider writing your own post to warn others about phishing.

Advertencia de PHISHING: NO hay actualización crítica de monedero, NO Airdrop, NO Sorteo!

Actualmente, hay un ataque de phishing que está circulando en Hive y otras cadenas DPOS similares. Su objetivo es su mondero y fondos.

No haga clic en ningún enlace que se le proporcione a través de Discord, en comentarios o en cualquier tipo de mensaje.

Nunca habrá "Noticias Oficiales de Hive" ("Hive Official News") en existencia o circulando a través de mensajes directos de Discord de ningún tipo. No hay actualizaciones obligatorias y nunca lo serán para ningún usuario final. El mensaje de phishing tiene este aspecto:

El sitio web al que apuntaba se ha eliminado a nivel de host, pero todavía estamos tratando con el registrador.

No descargue ningún archivo ni instale ningún software que se le indique en comentarios o mensajes.

Este es el último mensaje de phishing enviado en los comentarios. El usuario tiene una cuenta comprometida y no ha podido protegerla. Nunca habrá un lanzamiento "airdrop" legítimo anunciado en Hive en los comentarios. Sin embargo, muchos proyectos diferentes han sido víctimas de phishing y se han realizado muchos "airdrops" de phishing en su nombre.

Se ha enviado un mensaje al Zerion real para advertirles y estamos en proceso de eliminar los dominios / sitios maliciosos.

Se confirma que este ataque es del mismo grupo de piratas informáticos que orquestó los ataques a gran escala en Steem desde 2017. Tienen más de 1000 cuentas comprometidas.

¿Como puedes ayudar?

  1. Si ha detectado un enlace de phishing '' abreviado, infórmelo aquí:
  2. Responda al comentario advirtiendo a otros que es phishing. Utilice la palabra "phishing", ya que esto no es una simple estafa.
  3. Advierta a sus amigos.

  • Te dejamos con el mensaje de: *

¡Piense antes de hacer clic! ¡No bajar la guardia!

  • Por favor comparta esta publicación y corra la voz. Si no te gustan los Hivewatchers, considera escribir tu propia publicación para advertir a los demás sobre el phishing. *

Thank you for this.


Appreciate the heads up, thanks


Glad to help.

It looks like they used again the PHISHING site so I'm running again the script to fill it with thousands of fake credentials:


I'm also running another script to reply to all the phishing comments and put users on guard in case a new similar phishing wave hits.

UPDATE: enemy down, cease fire.

UPDATE: NEW WAVE being contrasted.

  • Today I added to my shortened links checks so it captured immediately this new wave
  • New db in use filled again with fake credentials


I hope nobody was taken in by this, but some will not be so tech savvy. I have seen some of the phishing comments and reported the links. This sort of thing is inevitable as Hive grows.


one of my friend just clicked on that link, but she has changed her password ASAP after the message from @keys-defender thanks to them, I think she is not in problem, is she?

If she managed to change her pwd in time she's safe. Take care.

thanks for the confirmation sir , have a great day ahead 🙏

I am very worried about that

It's nothing to be worried about.

"Think before you click! Remain vigilant!"

Thank you for the information, it really helped me get the message on discord with my DM.

Thank you for the alert.

Saw a comment on my post this morning!! Thought as much!

Thanks for this post I think everyone should make a post like this to make sure that everyone who is active will be aware of this 👍🏾

It's not just on discord, it's also being posted as Hive comments, eg. on this post i made


I got push notifications on my laptop (my location is Austria) that opens a fake Kronenzeitung (one of our leading newspapers) featuring Didi Mateschitz, the owner of Red Bull, supposedly giving an interview about how great this is.

Phishing - Krone.JPG
the image above links to the scam news page. If you click on any of this the scam site comes up. On the bottom of it you get supposed Facebook user endorsements, but if you try to check them, same happens, the scammers page pops up.

My Norton Security (Symantec) flagged any link as suspicious, meaning that security companies such as Norton are well aware of this:

Norton Scam Insight.JPG

Scam Insight: Personal Information Risk

This is not the first time either, and not the first time Didi Mateschitz has been the target for such fakes.

I rolled it into a post of my own, referencing this post, bilingual English and German:

Thanks for the heads up champs. ✅

@hugojimenez has just started becoming a spam zombie as well, would be nice if someone could do something.

Thank you for letting us know.

It's something very weird.
Thank you for the update

Hive is getting popular 😀 - but at the same time people need to be cautious. Thank you for the alert.

Thanks, and if everyone could consider re-blogging this post it would be very helpful

Well I clicked on the link, but it just leads to a scammy site I did not enter any information, so I should be fine right?

Yes, it should be fine.

I swear we need to find a way to rob these clowns and give all the coins to hive blockchain!!! Go ahead and shut this bull shit down somehow it could be done

I woke up to realize I had lost my account after four years. I did not lose much money, but some. I did lose my reputation, and four years of writing though. Please follow me, and read the story of what happened so it does not happen to you!

Thank you for the heads up

Thank you for the information

Thanks for the heads up!

Thank you for notifying this. We started referring your blacklist with !wine project.


Congratulations, @theguruasia You Successfully Shared 0.300 WINE With @hivewatchers.
You Earned 0.300 WINE As Curation Reward.
You Utilized 3/3 Successful Calls.

Total Purchase : 20448.377 WINE & Last Price : 0.290 HIVE

WINE Current Market Price : 1.200 HIVE

Guys why not do a Spanish version aswell we have someone in the terminal that can translate

I just seen one of those Zerion Airdropping 400 Hive on this post in the comments:

I did click on the red link to see what it was, is clicking on the link a bad thing?....that's all I did was click it, those things are usually to complicated for me to understand so I leave them alone.

It should be fine if you have not put any information there.

No, I am not one to be quick to jump on the bandwagon, even at that I'd have to see a few high profile accounts writing about it first....that's basically when you know things are legit, everyone's writing about it to make a few bucks of a new topic. lol. Then as a back up there's one person in particular I'd wait to see what they have to say about it or I'd go to them directly first.

Thanks, that is why I am out of Things have not changed. No "crypto" is safe! Sorry, unsavory triggered people are not ready to be there own bank. When I meant -out of here, all of cryptocurrency baby. No way are the masses ready for the on slot of shady nerdy geeks that need to get there kicks because they can not in real life. Come on, I remember back when I signed up. No one is going to take a set of numbers, and put the aside, to then use them to access a front page that really looks like AOL when it first started out. The nice thing about the Steem dollar is that it is a nice hedge to the dollar. Otherwise, just like a lot of these projects you have the founders and first investors that get the initial reward stack. OK, done.

Gracias por el aviso

Thanks for the heads up. Its really much needed & helpful, especially us newbies that are new to Hive . 🙏🏽👌🏽

Hey what happened to my account why is my upvotes didn't count its all photos are captured by me sir what you do to my account

Thank you so much for the post.

Why exactly did you downvote my post???
I worked hard to prepare it myself.
All photos and texts that are quotes are references.
Explain exactly one to me!!!!!!
@hivewatchers / @spaminator/ @adm


Congrats on promoting shitcord, start using bee chat, already integrated with peaks but no notification system yet

It makes me fucking furious everytime I see one of you comments downvoted, just so you know I have not forgotten about and have for the 2nd time denounced the shitwatchers shit.

hive chain is realy very strick in copyrights .