A hacker from the dark web has claimed to have earned more than $1 million from phishing Bitcoin.
The phisher, who goes by the moniker “Phishkingz”, stated that they have racked up the cash through exploiting users on just one Bitcoin site: AlphaBay. “The volume of accounts I have had since operating on AlphaBay is obscene. I have made over $1M in the last year phishing just AlphaBay,” they told Deepdotweb.
AlphaBay was an online darknet market operating on the Tor network. It was shut down after a law enforcement action in the United States, Canada, and Thailand. AlphaBay was noteworthy in the world of darknet markets for accepting another cryptocurrency in supplement to bitcoin; support for Monero, supposed to be more anonymous, was implemented at the end of August 2016.
Phishkingz claims to have traded approximately 500 BTC on Localbitcoins in the last 14 months, the entirety of which was generated through phishing. The decision to start phishing was made following their discovery of an error on the Alphabay forums.
Phishkingz directly contacted new members, sending them false links to a verification process.
“They should be happy I’m a phisher and not a fed”
“I started on the forum. You see, there was a glitch that allowed me to see new members the second they joined … so I would then send them to my link with a verification process. They would see my made up fake verification page.”
Phishkingz would then steal all the login details, mnemonic phrases and PGP private key information. The phisher said that they would then save a bookmark using blockchain.info and highlight 50 addresses at a time every 20 minutes “checking for deposits”.
At one point, Phishkingz said, up to 27 people were running Bitcoin-stealing programs under their guidance. “Sometimes I would have to laugh at myself with the massive amounts of bitcoins that these people would throw at me, and us phishers out there.”
On whether they feel “bad” about their actions, Phishkingz admitted that there is some guilt but “I am teaching them a lesson they need to learn in places like these. They should be happy I’m a phisher and not a fed.”
Phishkingz said that the AlphaBay moderators rarely cared for the victims. “The admins didn’t really care about their customers, and it only took opening a support ticket with a problem to learn this.” One AlphaBay moderator – named Big Muscles – was and “especially stupid one”: “He would let me into accounts for 50% if I provided mnemonic phrase knowing I had phished the account in the first place.”
Since AlphaBay’s shutdown Phishkingz has moved to Dream Market and claims to have made 4 BTC ($8,924) already.