-
PowerShell-CurrencyConverter
A PowerShell wrapper for the currency conversion APIs provided by ExchangeRate-API.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
I'm the developer of the ExchangeRate-API.com service.
Obviously it's upsetting to have our API used by a scammer, but our service couldn't have been involved in this hack beyond fetching a JSON-formatted response of up-to-date exchange rates because that's the only functionality our service/domain provides.
My guess is that the scammer implemented a call to our API to fetch up-to-date exchange rates in order to make their fake wallet seem more plausible & real. Interestingly my API doesn't even support any exchange rates involving cryptocurrencies and so the scammer would have had to additionally integrate with a different API to get something like the exchange rate between BTC and USD.
The API is a very simple service - it's just a few endpoints that supply JSON formatted exchange rates over HTTPS. Anyone with an email address can sign up to use the service for free and there are even some totally "open access" endpoints that don't require any authentication. One of these has been used in the GNU `units` converter software for a while.
With regard to proving it's a legitimate service, this is the point where I wish I had made more progress with the landing page update that emphasizes social proof I've been working on recently! The API is used by ICs/teams at hundreds of recognizable companies. There are tens of thousands of free users including some that have used the API consistently for free for over a decade. I guess you could check many instances of the service being archived on the wayback machine? https://web.archive.org/web/20240000000000*/https://www.exch... I'll definitely admit the domain does look a bit odd but back in 2010 when registering it the "Exact Match Domain" bonus was a big factor for SEO. The site has been a top 3 Google result for "exchange rate api" pretty consistently - presumably also how the scammer ended up using the service.
I've used Cloudflare since approx. 2019 and their "cloudflared" tunnel infrastructure since approx. 2021 to secure servers against DDoS.
I'll contact popey to see if we can get more details on the exact path/request they saw being made to our domain and if that leads to any further information or logging from our side.