This is a warning to all users. There is an ongoing scam where there are Edge clone websites with scammers that are posing as Edge or offering a web platform from which you should be able to manage your funds.
Please remember that Edge Wallet is available only as a mobile wallet.
Edge made a conscious decision to restrict our wallet to native mobile applications. Website infrastructures are notoriously difficult to secure as there are many different attack vectors allowing hackers access user credentials.
These include but are not limited to:
* Javascript injection
* Server-side hacks modifying HTML/Javascript
* Fake URL phishing attacks
* Man-in-the-middle attacks
* Rogue browser plug-ins
* Keyboard or screen loggers
Note that with the exception of keyboard or screen loggers, Edge is not susceptible to any of the above attacks. Fully compromised Edge servers or even the network around a user’s device do NOT give an attacker any access to user data or funds. We have carefully designed the client-server architecture with this in mind as we know Bitcoin security is paramount and is critical for achieving mass adoption.
These fake websites have already been reported.
How to recognize a fake website?
Edge domain is https://edge.app/ and the associated SSL certificate is released to edge.app
Every service associated with Edge run under edge.app domain, for example the Support section (https://support.edge.app/) or the Developer section (https://edge.app/developer/).
Even the team members emails are registered under this domain: for example david@edge.app (in my case) or support@edge.app (the general Support email).
The only other domain related to Edge is our old https://airbitz.co/ that now redirects to https://edge.app/, but you could receive communications from an airbitz.co-related mail if you opened a ticket within our old Airbitz app.
There is no other Edge website.
In this comparison, the real Edge website on the left and a clone scam website on the right
If you look carefully at the fake website above, you will notice the different logo but also something strange in the menu: there are a Log in and a Register link!
As mentioned before, there is no web version of our Edge app and we never ask the users for their credentials.
This is the Log In page, probably used for grabbing user credentials and then login to their Edge accounts through the Edge Wallet app.
The grabbing technique could be used even within the registration page, so DO NOT enter any data on any pages!
The fake websites also have a "Lost your password?" link that bring you to this page:
DO NOT enter your email or username!
An attacker could potentially gain access to your Edge account through social engineering, as we mentioned here: https://edge.app/blog/hardware-software-and-programmable-security/
If you are an Edge user you should know that we don't collect user data and we are not able to restore an account or create a new password, simply because we don't have access to users' accounts.
Clone websites very often use pictures they find on the legit website to make their project look legit, so you could see, for example, pictures of our CEO and Co-Founder Paul Puey or other team members. They simply stole the pics from our website and uploaded them to the fake one.
Be careful out there and, if possible, report any scam or suspect scam to support@edge.app.
Comments
0 comments
Please sign in to leave a comment.