Yesterday, the Ontology Network warned users of a fake wallet and directed them to only download the Ontology app from their official GitHub page:
There is a fake OWallet circulating, Ontology’s only GitHub repo is: https://t.co/zrL26m0y2R. Please be extra careful and wary for scams. You can download OWallet, Ontology’s desktop wallet, at: https://t.co/jU88ihiCp2. $ONT $ONG
— Ontology (@OntologyNetwork) September 12, 2018
The circulation of the fake software seems to have been short lived: one Reddit user claimed that they had received an email directing them to download the wallet from a fake GitHub page. Now, less than 24 hours later, the GitHub page has been taken down and the fake wallet seems to have disappeared without a trace.
No archives of the fake GitHub page exist, which makes it difficult to determine the exact nature of the wallet. However, the fact that the fake GitHub page used the name of the official Ontology wallet (OWallet) in its address suggests that this was a phishing attempt.
GitHub does allow forks of software, but it seems unlikely that this wallet was a legitimate fork. The immediate takedown is quite damning evidence against the GitHub page’s legitimacy.
Suggested Reading : Need help choosing a cryptocurrency wallet? Take a look at our comprehensive guide.
Poor Distribution Practices
Ontology is far from the only platform to suffer this type of attack. Fake crypto wallets are a fairly common way of stealing users’ private keys and funds. For example, Ethereum’s MetaMask wallet was recently replaced by a doppgleganger on the Google Chrome store.
Fake wallets are usually detected before they do much harm. However, the Ontology team’s distribution of their official wallet is decidedly subpar. The official GitHub link that the team tweeted was criticized by many users, who generally expect to download software directly from an official website.
Oddly enough, Ontology’s mobile wallet (ONTO) does have its own official website, as another user observes. Yet Ontology does not host their official desktop wallet. The Ontology website directs desktop users to their GitHub page, which, as proven today, is easy to imitate.
Another user notes that the Twitter account Ontology used to link to the official wallet is “not even a verified Twitter”. In other words, another scammer could make an account that impersonates Ontology’s Twitter page, just as a scammer impersonated their GitHub page.
Hopefully, Ontology will improve their distribution and verification practices in the future. In the mean time, a complete collection of approved wallets is available on Ontology’s dApp page.
The post Fake Ontology Wallet Circulates Briefly Before Vanishing appeared first on UNHASHED.