When the article was published, there was a suggestion that the hack may have been caused by a compromised Litecoin Cash (LCC) digital wallet. The core LCC development team comprises Tanner, Loxley, Roger, and Michael “Scarlet” Wyszynski. Loxley posted in the GitHub issue, created by the individual that had been hacked, to say that there was very little evidence of a problem with their wallet. Roger has emailed Crypto Disrupt to say, “We have more than a thousand users that have downloaded our wallet and are experiencing no issues with our wallets. The specific issue you are referring to (extra .jar files) was reported by a single reddit user, and was never able to be reproduced by any of us in the dev team, or any of our community members.” Roger also pointed out that they recommend all wallet users verify the checksums of the files they download and the checksums are clearly shown on their website.
The mystery of how the coins were stolen has now been solved, and again, we learn that we can’t trust search engines to recommend reputable websites. The individual that was hacked normally uses the Google Chrome web browser, and he checked his history of sites that he had visited when he noticed the coins had disappeared. It turns out that after re-installing Windows 10, he temporarily used the default Microsoft Edge browser and the history shows he downloaded a fake Electrum wallet. The image below shows identical meta details for two different websites with the second one being the fake site. The fake site was registered in Kuala Lumpur on December 12, 2017, and the duplicate content alone should have been enough for Bing’s SERP algorithm to pick it up as a phishing site.
The Edge browser history shows that the default search engine, Bing, brought up this phishing site as one of the top ranked sites for “Electrum LTC.” The phishing site doesn’t have an SSL certificate, and this should have been a red flag to the coin holder. Reddit has several threads that highlight the particular phishing site, and users have previously notified Google, but not Bing, that it’s a fake site. There is clearly something wrong with the SERP algorithms used by top search engines like Google and Bing if they recommend sites run by hackers. Despite Google being warned of the phishing site, it still appears as the number one ranked site for a particular search term. Why hasn’t it been removed entirely from their database or flagged as a site run by hackers?