There has recently been more reports of accounts being phished as BlackBank increases in popularity. Please ensure that you are using the correct Onion URL when using BlackBank through the below more reliable sources:
Ensure that the URL being used is listed as below:
http: // w z t y b 7 v l f c w 6 l 4 x d . o n i o n
Note the following for BlackBank onion URL:
- Starts with White Zebra Thanks You
- Ends with Love 4 eXtra Dogs
The phishing site reported will appear to be fully functional as it will use log in credentials to access BlackBank and relay all requests back to the client while rewriting the URL and Bitcoin addresses in between. Please refer to the below for the attack vectors:
Client -> Phishing Site -> BlackBank
When client enters a Bitcoin address for withdrawal into the Phishing Site, the phishing site replaces the withdrawal address with their own and submits it to BlackBank.
BlackBank -> Phishing Site -> Client
When BlackBank sends out a page, a string replacement is made to change all URL references to the fake phishing site and the altered Bitcoin addresses appear to be normal.
It is recommended to ensure that the Onion URL is correct by comparing over multiple reliable sources when there is doubt of the authenticity of a market's URL. We are unable to assist with any issues if an account is compromised by the use of a phishing site.
If there are any questions or feedback, please feel free to contact us at any time or share in the forums.
8 characters is nowhere near enough entropy - it would take me less than an hour to generate a hidden service key that would fingerprint match those exact rules.
The full 16 characters of an onion URL is already barely enough entropy, you shouldn't compromise it further by retraining users to only check 50% of what is already a 50% shortened hash.