Author

Topic: -account compromised- (Read 3395 times)

copper member
Activity: 2310
Merit: 1032
March 18, 2013, 06:44:48 AM
#43
Message:
Code:
I'm psy. Squall1066 has been scammed by MAC in 24 BTC. This is just a test message intended for Bitcointalk and not to be taken seriously by anyone. Mon, March 18 2013 10:40 AM

Signature:
Code:
G+tumBo0kYxAttLfFXfbiCTYICQjHd0zy98d7K79UTA9nXxN280XB8sKLYcR//Jr1MoUDLnyXRG0XPGoa+6qprQ=

Now anyone can check my OTC page(linked in my signature), get my public Bitcoin address from there and verify I was the one who signed a message.

To verify, open Bitcoin-qt, File > Verify Message, enter my bitcoin address in the 1st field, the message in the 2nd field and the signature in the 3rd field and press the Verify Message button.

FFS, this is in Bitcoin-qt, with a graphical interface. Any donkey can do it.

EEeehh AAAAuuuuhhhhh, I cant do it lol, Where is the address for the first field?

OK, I got it.



Check the part on the quote that wasn't bolded by you...
legendary
Activity: 1358
Merit: 1002
March 18, 2013, 06:39:06 AM
#42
Message:
Code:
I'm psy. Squall1066 has been scammed by MAC in 24 BTC. This is just a test message intended for Bitcointalk and not to be taken seriously by anyone. Mon, March 18 2013 10:40 AM

Signature:
Code:
G+tumBo0kYxAttLfFXfbiCTYICQjHd0zy98d7K79UTA9nXxN280XB8sKLYcR//Jr1MoUDLnyXRG0XPGoa+6qprQ=

Now anyone can check my OTC page(linked in my signature), get my public Bitcoin address from there and verify I was the one who signed a message.

To verify, open Bitcoin-qt, File > Verify Message, enter my bitcoin address in the 1st field, the message in the 2nd field and the signature in the 3rd field and press the Verify Message button.

FFS, this is in Bitcoin-qt, with a graphical interface. Any donkey can do it.

EEeehh AAAAuuuuhhhhh, I cant do it lol, Where is the address for the first field?

Check the part on the quote that wasn't bolded by you...
copper member
Activity: 2310
Merit: 1032
March 18, 2013, 06:35:19 AM
#41
Message:
Code:
I'm psy. Squall1066 has been scammed by MAC in 24 BTC. This is just a test message intended for Bitcointalk and not to be taken seriously by anyone. Mon, March 18 2013 10:40 AM

Signature:
Code:
G+tumBo0kYxAttLfFXfbiCTYICQjHd0zy98d7K79UTA9nXxN280XB8sKLYcR//Jr1MoUDLnyXRG0XPGoa+6qprQ=

Now anyone can check my OTC page(linked in my signature), get my public Bitcoin address from there and verify I was the one who signed a message.

To verify, open Bitcoin-qt, File > Verify Message, enter my bitcoin address in the 1st field, the message in the 2nd field and the signature in the 3rd field and press the Verify Message button.

FFS, this is in Bitcoin-qt, with a graphical interface. Any donkey can do it.

EEeehh AAAAuuuuhhhhh, I cant do it lol, Where is the address for the first field?
hero member
Activity: 952
Merit: 1009
March 18, 2013, 06:11:04 AM
#40
Even better. So that system is already in place.
legendary
Activity: 1358
Merit: 1002
March 18, 2013, 05:42:45 AM
#39
Message:
Code:
I'm psy. Squall1066 has been scammed by MAC in 24 BTC. This is just a test message intended for Bitcointalk and not to be taken seriously by anyone. Mon, March 18 2013 10:40 AM

Signature:
Code:
G+tumBo0kYxAttLfFXfbiCTYICQjHd0zy98d7K79UTA9nXxN280XB8sKLYcR//Jr1MoUDLnyXRG0XPGoa+6qprQ=

Now anyone can check my OTC page(linked in my signature), get my public Bitcoin address from there and verify I was the one who signed a message.

To verify, open Bitcoin-qt, File > Verify Message, enter my bitcoin address in the 1st field, the message in the 2nd field and the signature in the 3rd field and press the Verify Message button.

FFS, this is in Bitcoin-qt, with a graphical interface. Any donkey can do it.
legendary
Activity: 906
Merit: 1002
March 18, 2013, 05:06:04 AM
#38
Hm... maybe it would be a good feature if there is a fix bitcoin address bound to every user account (set during registration) and only admins/mods can change those. Maybe thats too much trouble for mods, so second possibility there is a bitcoin address bound to every user account with the timestamp when it has been set and a public log of the old bitcoin addresses with the old timestamps.

When you use those addresses for transactions (at least for the bigger ones) the right owner would get the funds and could send them back later in case he didnt request that transaction.
If an address had changed in the last couple of days you can still decide if you trust that new address and/or ask the "owner" if its not possible to use an "older" address from the logs.
vip
Activity: 1316
Merit: 1043
👻
March 18, 2013, 04:41:47 AM
#37
Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?

Now I don't claim to understand the signature thingy completely, but the way I understand it it is possible to sign a message with the client. This signature depends on the context of the message and the wallet keys and can be checked for authenticity in another client. The following should then be possible:
- Build a central repository of signatures for users (yeah, yeah, I know, centralization bad, but bear with me)
- When a user requests a loan, have him sign that message with the client.
- Now you should be able to check that signature against the signature in the repository via your own client and determine if the person is indeed who they claim to be.

Someone correct me if I'm wrong here. I'm not good with the signature stuff, it breaks my brain, but this is how I would assume it works.

Well I know less than you on this (and it shows how well used a feture it must be) But if I understand correctly, There is no way to varify a new user, As there is no "history" of the signature? So at some point someone has to take a first gamble? Which instantly make me think of shill acounts and fake build up, We have to keep using coins to keep the system alive, But the way things are going, Everyone will be to scared to spend them for feer of it not arriving to the person they wanted it to.  Shocked
It's based on address - you know I have the address firstbits 1GLados (because I've traded substantially with it, eg buying asicminer shares, bitfunder public asset listings), and then you know whoever can sign a message from 1GLados has access to my private keys. There's still the risk of compromise, but less than just someone logging into a forum account without 2fa.
hero member
Activity: 952
Merit: 1009
March 18, 2013, 04:41:27 AM
#36

Well I know less than you on this (and it shows how well used a feture it must be) But if I understand correctly, There is no way to varify a new user, As there is no "history" of the signature? So at some point someone has to take a first gamble? Which instantly make me think of shill acounts and fake build up, We have to keep using coins to keep the system alive, But the way things are going, Everyone will be to scared to spend them for feer of it not arriving to the person they wanted it to.  Shocked

Yes, the repository would only work reliably for established users. The idea is specifically preventing things like your situation where an established users forum account is taken over. I think you are very right in assuming that these things will be happening more often now.
copper member
Activity: 2310
Merit: 1032
March 18, 2013, 04:37:54 AM
#35
Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?

Now I don't claim to understand the signature thingy completely, but the way I understand it it is possible to sign a message with the client. This signature depends on the context of the message and the wallet keys and can be checked for authenticity in another client. The following should then be possible:
- Build a central repository of signatures for users (yeah, yeah, I know, centralization bad, but bear with me)
- When a user requests a loan, have him sign that message with the client.
- Now you should be able to check that signature against the signature in the repository via your own client and determine if the person is indeed who they claim to be.

Someone correct me if I'm wrong here. I'm not good with the signature stuff, it breaks my brain, but this is how I would assume it works.

Well I know less than you on this (and it shows how well used a feture it must be) But if I understand correctly, There is no way to varify a new user, As there is no "history" of the signature? So at some point someone has to take a first gamble? Which instantly make me think of shill acounts and fake build up, We have to keep using coins to keep the system alive, But the way things are going, Everyone will be to scared to spend them for feer of it not arriving to the person they wanted it to.  Shocked
hero member
Activity: 952
Merit: 1009
March 18, 2013, 04:24:11 AM
#34
Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?

Now I don't claim to understand the signature thingy completely, but the way I understand it it is possible to sign a message with the client. This signature depends on the context of the message and the wallet keys and can be checked for authenticity in another client. The following should then be possible:
- Build a central repository of signatures for users (yeah, yeah, I know, centralization bad, but bear with me)
- When a user requests a loan, have him sign that message with the client.
- Now you should be able to check that signature against the signature in the repository via your own client and determine if the person is indeed who they claim to be.

Someone correct me if I'm wrong here. I'm not good with the signature stuff, it breaks my brain, but this is how I would assume it works.
copper member
Activity: 2310
Merit: 1032
March 18, 2013, 04:17:40 AM
#33
Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?

I thought that just ties up the client with a address, If an account is hacked, Could it not come from any client?
hero member
Activity: 952
Merit: 1009
March 18, 2013, 04:14:32 AM
#32
Not much point in I.P's mose scammers use TOR anyway, We need something else.

If we're dealing with identity theft do we not already have a solution for that with the signature function in the client?
copper member
Activity: 2310
Merit: 1032
March 18, 2013, 04:05:47 AM
#31
Not much point in I.P's mose scammers use TOR anyway, We need something else.
sr. member
Activity: 280
Merit: 250
March 17, 2013, 07:46:03 PM
#30
lol if you can think of it, its already been done.
newbie
Activity: 50
Merit: 0
March 17, 2013, 01:03:13 PM
#29
So any random can come in here with multiple account pretending to loan to himself to build rep? Doesn't seem very safe for lenders.

You arent here for long right? Otherwise you would know that they try that every week and no lender consider loans from one "no reputation account" to another "no reputation account" as reputation.

Have only been here a couple week, have only known about btc for a month or so. Just learning the ropes in a sense.
legendary
Activity: 906
Merit: 1002
March 17, 2013, 12:32:12 PM
#28
So any random can come in here with multiple account pretending to loan to himself to build rep? Doesn't seem very safe for lenders.

You arent here for long right? Otherwise you would know that they try that every week and no lender consider loans from one "no reputation account" to another "no reputation account" as reputation.
newbie
Activity: 50
Merit: 0
March 17, 2013, 12:17:49 PM
#27
Wow. I can't believe that a forum dealing with lending wouldn't check IP's. So any random can come in here with multiple account pretending to loan to himself to build rep? Doesn't seem very safe for lenders.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
March 17, 2013, 12:13:35 PM
#26
Does this site not check IPs? Hence a mod can't check the IP of the poster and compare it to the previous IP's?


I can't see IP's; only theymos can. It would be good to have that feature though for a quick deductions in cases like this.
sr. member
Activity: 364
Merit: 250
firstbits 1LoCBS
March 17, 2013, 12:11:43 PM
#25
In my conversations with them, I referred to you as an example of a stand-up guy who's benefiting long-term from stepping up and taking responsibility for a circumstance that was beyond your control (the stolen money in the UK post incident)

In the long-run, we'll know and evaluate our peers by the manner in which they handle unfortunate occurrences such as this.

I've been on a conference call with MAC (Mike) and Ascension (Jerrod)

They will be covering the 24 BTC lost in this incident - Squall1066 will be made whole.


I am glad to hear that, Squall doesnt deserve this.

newbie
Activity: 50
Merit: 0
March 17, 2013, 11:46:41 AM
#24
Does this site not check IPs? Hence a mod can't check the IP of the poster and compare it to the previous IP's?
hero member
Activity: 504
Merit: 500
March 17, 2013, 11:00:14 AM
#23
I've been on a conference call with MAC (Mike) and Ascension (Jerrod)

They will be covering the 24 BTC lost in this incident - Squall1066 will be made whole.


I am glad to hear that, Squall doesnt deserve this.
sr. member
Activity: 364
Merit: 250
firstbits 1LoCBS
March 17, 2013, 10:29:38 AM
#22
I've been on a conference call with MAC (Mike) and Ascension (Jerrod)

They will be covering the 24 BTC lost in this incident - Squall1066 will be made whole.
sr. member
Activity: 457
Merit: 250
March 17, 2013, 08:54:52 AM
#21
Mac has logged on since and not written to me or posted anything, Something is not right, If a hacker then why return to the scene of the crime, If not, Why is mac quiet? I shall warn everyone away untill this is sorted.


Also, Why use a vanity address? and the coins have not moved since?

Squall, MAC's account should be locked/banned by the MOD's until he can prove ownership of the account. The hacked posted another thread in the long term loans and maybe logged in to see if he had any responses to that thread to steal even more? If you would like MAC to call your IRL send me a PM with your phone number and he will give you a call. I am posting on his behalf because his account is currently locked out.

Thanks,
Ascension
copper member
Activity: 2310
Merit: 1032
March 17, 2013, 08:40:40 AM
#20
Mac has logged on since and not written to me or posted anything, Something is not right, If a hacker then why return to the scene of the crime, If not, Why is mac quiet? I shall warn everyone away untill this is sorted.


Also, Why use a vanity address? and the coins have not moved since?
member
Activity: 84
Merit: 10
Weighted companion cube
March 17, 2013, 06:36:42 AM
#19
Making everyone auth on OTC paid off!
full member
Activity: 238
Merit: 100
March 17, 2013, 05:12:03 AM
#18
As the larget bitcoin community site its fucking retarded that the forum doesnt have 2 factor auth.

copper member
Activity: 2310
Merit: 1032
March 17, 2013, 04:36:43 AM
#17
I got shot again, This is not the real mac? I shall wind up my business here, And leave the community.
legendary
Activity: 906
Merit: 1002
March 17, 2013, 04:20:22 AM
#16
Could also be malware that started recording bitcointalk account details instead of just mt gox ones? Since apparently his facebook account was hacked too.

In 95% of the cases its a weak password. Malware aint really easy to get to a specific target user and even so its the users fault to open the links or click the exe file. There are cases of course where you got the malware through an exploit. So its your fault for not updating your software.

Those exploits who are "unknown" and where no update could have helped are very rare and really expensive. They arent used to scam "only" $1000 ...
legendary
Activity: 1358
Merit: 1002
March 17, 2013, 04:06:58 AM
#15
You are not the smartest criminal psy Smiley
Not the smartest and also not the dumbest. Just not a criminal at all Smiley
vip
Activity: 1316
Merit: 1043
👻
March 17, 2013, 04:05:46 AM
#14
Could also be malware that started recording bitcointalk account details instead of just mt gox ones? Since apparently his facebook account was hacked too.

Either way, this raises the issue of authentication. This is where PGP comes in Roll Eyes
legendary
Activity: 906
Merit: 1002
March 17, 2013, 04:05:27 AM
#13
You are not the smartest criminal psy Smiley

So instead of stealing directly 24BTC from any thirdparty you are later trying to convince the original owner to give you 12 BTC.
Maybe it works for low reputational accounts but no low rep acc holder can give you 12 BTC. So either way its no masterplan Smiley
legendary
Activity: 1358
Merit: 1002
March 17, 2013, 03:58:03 AM
#12
So the 24 BTC are lost? Puh, i dodged that bullet.

http://s1.directupload.net/images/130317/trwlkozq.jpg

Looks like my request for an ID scared him off, taking my loan offer. Smiley

Mac should offer Squall some kind of compensation because it was his password that was too weak and causing this problem... Maybe a 50/50 split of the 24BTC?

Great method to steal money.
You compromise an account and post a loan request from it, then you come with your regular account and pretend to loan 24 BTC. Then you make the real account owner feel bad about your "loss", so he will give you 50% of the Bitcoins "lost" to the hacker.
I see a lot of potential for abuse. Not saying Squall hacked his account, mind you.
legendary
Activity: 906
Merit: 1002
March 17, 2013, 03:15:47 AM
#11
So the 24 BTC are lost? Puh, i dodged that bullet.



Looks like my request for an ID scared him off, taking my loan offer. Smiley

Mac should offer Squall some kind of compensation because it was his password that was too weak and causing this problem... Maybe a 50/50 split of the 24BTC?
sr. member
Activity: 457
Merit: 250
March 16, 2013, 11:09:48 PM
#10
Quote
From BTCQuick:
This account has been comprised. I just talked to MAC in real life and he did not post these threads.
Wow, and I was planning to lend him some btc on btcjam.. Dodged a bullet right there thanks to confirmations

Is his btcjam account compromised?

Actually, is his account even compromised? Or pretend to be and run away with 24 btc?

I was browsing the lending forums when I saw MAC's post's. I immediately called him and asked him if he made the post's and he said no. His facebook account was also hacked. I know MAC IRL.

His btcJam loan is still valid. MAC is working on changing all his passwords for all his accounts.

MAC & I will never post anything requiring a BTC loan ASAP. This should have been the first indication that the post was fishy. As soon as MAC regains control of his account he will post a response to this mess.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
March 16, 2013, 10:37:53 PM
#9
Quote
From BTCQuick:
This account has been comprised. I just talked to MAC in real life and he did not post these threads.
Wow, and I was planning to lend him some btc on btcjam.. Dodged a bullet right there thanks to confirmations

Is his btcjam account compromised?

According to Ascension, nope. However, I'd be wary of lending anything until further verification is done.
vip
Activity: 1316
Merit: 1043
👻
March 16, 2013, 10:34:08 PM
#8
Quote
From BTCQuick:
This account has been comprised. I just talked to MAC in real life and he did not post these threads.
Wow, and I was planning to lend him some btc on btcjam.. Dodged a bullet right there thanks to confirmations

Is his btcjam account compromised?

Actually, is his account even compromised? Or pretend to be and run away with 24 btc?
legendary
Activity: 1288
Merit: 1227
Away on an extended break
March 16, 2013, 10:04:37 PM
#7
Quote
From BTCQuick:
This account has been comprised. I just talked to MAC in real life and he did not post these threads.
sr. member
Activity: 350
Merit: 251
March 16, 2013, 08:53:50 AM
#6
I understand that people here are hesitant towards lending to me, however I have a rock solid record and profile on BTCJAM. Over 530 BTC repaid, fully verified, and eBay / PayPal accounts over 8 years old.

I have borrowed multiple 100 / 150 BTCs and have all repaid them back. There is no reason for me to default on this loan.

Thanks,
MAC

Because you can take out a few loans and pay a few hundred dollars in interest, then default on one and make off with $9000.
copper member
Activity: 2310
Merit: 1032
March 16, 2013, 07:04:54 AM
#5
P.M'd

Edit - Send repay - 1CeciAAmh2FdMonbgfRqqvJrsRkjVhoGS6
legendary
Activity: 906
Merit: 1002
March 16, 2013, 05:10:57 AM
#4
"I am seeking a 24 bitcoin loan to cover some significant and profitable orders recently placed."

According to that statement you already have the order, the exchange rate and you know exactly how much USD you can pay as interest... so I dont understand what currency risks you are talking about.
Anyway I can only offer you an USD denominated loan due all those price jumps latly. let me know in case you change your mind.
legendary
Activity: 906
Merit: 1002
March 16, 2013, 04:37:58 AM
#3
How about an USD denominated loan?

Can fund your loan (via MtGox USD or BTC or paypal) for $100 interest per two weeks. Max runtime 2 months. Need a copy of a valid passport or drivers license and a proof of residence like a gas / telephone / electricity bill.

sr. member
Activity: 350
Merit: 251
March 16, 2013, 12:48:33 AM
#2
I am seeking a 24 bitcoin loan to cover some significant and profitable orders recently placed. I'd like to fill this loan through the forums.

Here is my solid BTCJAM profile with over 530 BTC repaid: https://btcjam.com/users/594

17/17 rating, and my accounts have being over 8 & 13 years old. I need the coins urgently to fill the orders, or we would be forced to cancel them.

26.4 BTC will be repaid within 2 weeks from day.

My address: 1MACx2wdi4MqriR2Ate1Uhwa7vh73XgXXV

Please reply with your repayment address.

MAC is a top-notch guy.

If anyone wishes to buy insurance on any of his loans, please PM.

MAC is legit. He's a trusted borrower on the secret ”other” site. (Don't PM me about it)


Thanks,
MAC / Mike McNierney

What you might as well be saying:
"Can I borrow 200 BTC? It's totally worth the risk, because I'll pay you back 300% in an hour."
MAC
newbie
Activity: 37
Merit: 0
March 16, 2013, 12:14:35 AM
#1
DO NOT LEND ANYTHING FOR THE MOMENT.

NEW: I am still seeking BTC, 5% / week interest rate: https://bitcointalksearch.org/topic/account-compromised-154032

I have also revealed our business (btcQuick.com)


I am seeking a 24 bitcoin loan to cover some significant and profitable orders recently placed. I'd like to fill this loan through the forums.

Here is my solid BTCJAM profile with over 530 BTC repaid: https://btcjam.com/users/594

17/17 rating, and my accounts have being over 8 & 13 years old. I need the coins urgently to fill the orders, or we would be forced to cancel them.

26.4 BTC will be repaid within 2 weeks from day.

My address: 1MACx2wdi4MqriR2Ate1Uhwa7vh73XgXXV

Please reply with your repayment address.

MAC is a top-notch guy.

If anyone wishes to buy insurance on any of his loans, please PM.

MAC is legit. He's a trusted borrower on the secret ”other” site. (Don't PM me about it)


Thanks,
MAC / Mike McNierney
Jump to: