Disallow: /security-research? Crypto Phishing Sites' Failed Attempt to Block Investigators

Description

An analysis of robots.txt files revealed over 60 cryptocurrency phishing pages impersonating hardware wallet brands Trezor and Ledger. The actor behind these pages attempted to block phishing reporting sites by including their endpoints in the robots.txt file, demonstrating a misunderstanding of its function. Most sites were hosted on Cloudflare Pages, with a few on custom domains. The campaign's unusual robots.txt pattern was also found in GitHub repositories containing crypto-themed spoof pages. Merge conflicts in README files suggest the actor may lack web development expertise. Various free web hosting providers were used for similar spoofed pages. The campaign highlights the ongoing targeting of cryptocurrency users and the potential effectiveness of even poorly executed phishing attempts.