Yesterday, the Ontology Network warned users of an fake wallet and directed it to only download the Ontology app using their company official GitHub page:
There is known as a fake OWallet circulating, Ontology’s only GitHub repo is: https://t.co/zrL26m0y2R. Please be extra careful and wary for scams. You are able to download OWallet, Ontology’s desktop wallet, at: https://t.co/jU88ihiCp2. $ONT $ONG
— Ontology September 12, 2019
The circulation with the fake software has recently been short lived: one Reddit user claimed they received a message directing these people to download the wallet on a?fake GitHub page. Now, cheaper than 24 hours later, the GitHub page was taken down and then the fake wallet carries disappeared with out a trace.
No archives belonging to the fake GitHub page exist, that make it difficult to determine may nature for the wallet. However, that the fake GitHub page used the name of the official Ontology wallet in its address suggests this was a phishing attempt.
GitHub does allow forks of software, nevertheless it really seems unlikely the wallet had been a legitimate fork. The immediate takedown is extremely damning evidence on the GitHub page’s legitimacy.
Poor Distribution Practices
Ontology is a lot from the only platform to suffer any such attack. Fake crypto wallets definitely are a fairly common approach to stealing users’ private keys and funds. For example, Ethereum’s MetaMask wallet was recently substituted with a doppgleganger relating to the Google Chrome store.
Fake wallets usually are detected before they actually much harm. However, the Ontology team’s distribution within their official wallet is decidedly subpar. A certified GitHub link that this team tweeted was criticized by so many users, who generally be prepared download software directly from an official website.
Oddly enough, Ontology’s mobile wallet does have distinctive official website, as another user observes. Yet Ontology would not host their official desktop wallet. The Ontology website directs desktop users to their GitHub page, which, as proven today, is not a worry to imitate.
Another user notes that your Twitter account Ontology would once link to the state run wallet is “even if it’s just a verified Twitter”. To put it differently, another scammer can certainly make an account that impersonates Ontology’s Twitter page, in the same way a scammer impersonated their GitHub page.
Hopefully, Ontology will increase their distribution and verification practices someday. In the mean time, a whole collection of approved wallets is offered on Ontology’s dApp page.