Security experts have been alarmed after finding out that Darknet Markets, who claims to be a news and informational resource website, has been using bitcoin mixing tutorial to steal money from traders. What is even more disturbing is that the site remains to appear in Google search results, giving it a greater chance to deceive bitcoin traders.
Technology product reviewer CompariTech on Wednesday has warned bitcoin traders of a mixing tutorial on Darknet Markets posing to be a genuine self-help guide but is a phishing scam. The site said it already called out Google's attention regarding the issue but the tutorial article remains on top when looking up the keyword "how to mix bitcoins".
CompariTech's Paul Bischoff stresses the importance of Google for new bitcoin traders as mixing it properly is a "complicated process".
"Many, if not most first timers, turn to Google for help," writes Bischoff. "There's a certain credibility that comes with being a top result; people tend to trust whatever Google ranks highest."
The article titled "A simple guide to safely and effectively tumbling (mixing) bitcoins" published on 10 July 2015 in the said site "offers a straightforward but information tutorial", states Bischoff. However, the external links used within the articles lead to bogus onion sites or pseudo-top-level domain used for anonymous hidden service.
Two popular mixing services on the DarkNet are Helix by Grams and Bitcoin Blender, which are almost exactly the same to legitimate services Helix and BitBlender websites.
CompariTech states "as soon as the victim sends them bitcoin, that money is gone forever".
A Reddit thread was flooded by victims of the site. Novice bitcoin traders who are not aware of the website's reputation are clearly the target of the phishing scam.
Bitcoin mixing, also known as bitcoin laundering or bitcoin tumbling, breaks perceptible connection so traders can anonymously send and receive the cryptocurrency through the blockchain.
CompariTech security researcher Lee Munson told Motherboard the scam "is probably the best phishing scam" he has ever known.
"This is pulling people in who are looking for a particular phrase on google, lulling them into a false sense of security with good information, and then hitting them with a dodgy link to steal their money," says Munson.
A spokesperson for Google refused to comment on the matter, telling Motherboard that phishing sites must be reported to the company.