When criminals tried to con investors during its recent initial coin offering (ICO), Blockstack, a startup building a decentralized internet, used its tech expertise to turn the tables on the tricksters.
Scammers hoping to lure investors feeling left out because the firm limited its token sale to accredited investors only set up phishing sites by copying the entire blockstack.com code.
But doing so meant the fake sites were actually in contact with a server that Blockstack controlled, which fed the top banner of the legitimate site with tweets from the company’s Twitter account.
And that connection allowed the Blockstack team to undermine the phishing sites with what was effectively their own man-in-the-middle counterattack.
In a man-in-the-middle attack such as this, data is changed on a trusted website by someone who manages to insert themselves between a visitor and a publisher. For example, someone can create a Wi-Fi hotspot that changes a webpage before it reaches your browser.
Blockstack developers, though, used the attack for good, putting themselves in-between their own twitter feed and the scam websites. The team’s simple solution used the backdoor into the banner to warn those who potentially could have lost funds that the sites were not legitimate (see below)…