Topic: Altilly Exchange FAKE Refunds, Possible Exit Scam - page 3. (Read 1009 times)

Okay Charles, do you realize there's no reasonable way I could make 1118 screenshots of emails even if I had those? It takes days and nights.

Usernames and emails are largely irrelevant in crypto world. Where you should start is your main hot wallet address where all deposits eventually ended and all withdrawals came from. It was only one for most coins listed on your exchange. Doesn't take much chain analysis to locate it. Then you compile a list of addresses which funded it. Every such address belongs to one user of your exchange. You make another list of external addresses which were actually used to send coins to your exchange, one list per user. All of it can be scripted. Every user has to prove ownership of his addresses. The universal way of doing it is by signing a message like "User XXX email YYY claims address ZZZ used for Altilly deposits" with his private key. You verify it with the public key, match deposit tx's and amounts. That's all.

Two things that I failed to understand:

1. You guys clear your inbox? Why? You use that email address both for personal and crypto so you need to keep them clean? It's personal preference though, so I can't comment further, just curious why bother cleaning your inbox.

2. Not even 1 tx proof, or screenshot or anything, left in your possession? Alltily indeed asked a deposit confirmation email, but the way I see it, that's not necessarily all 1,118 deposits. They just ask for an email showing that the address --a static, non-changing address that they dedicate for you-- is yours. One is enough.

If I may add a third one, is the PhoenixCoin platform has a fund history? Like a proof showing a token successfully mined or moved somewhere? If they have, maybe you can use that.

---

As for HodlerCompany, would a screenshot of tx history from the sender side --suppose there is any-- sufficient? What about a signed message from the sender address like what ph4nt0m had tried? It's a valid ownership proofing method that's even acknowledged by this forum. If your aim is just to have a proof that some address is belonged to someone, I think thats a proof of ownership enough

---

P.s.: oh, and last, coinman76 stop spamming

Hello, this is Charles

Due to the loss of our database to the hacker, we have absolutely no way of showing who owned what wallet address without the deposit confirmation emails.
These emails contained your username your, deposit address, the amount of the deposit and the TX ID.

We sent out these emails for any deposit that was made and due to the amount of people trying to claim deposits that did not belong to them by simply grabbing
a tx id off of an explorer that showed an address and claiming it was theirs we had to do something to ensure we were not giving refunds to fake claims.



I will approve any refund however if you can provide me your deposit address, that it is an altilly address and some sort real proof that it belongs to you. 

We have absolutely no intentions of trying to keep anyone from a refund. We just need to know beyond doubt that it is legitimate.

If you are able to provide the above then please by all means reply back to your tickets and ask for me personally.

Charles aka Chuck
Altilly Customer Service

Yeah, it's actually easy to find out who deposited how much. Every user had a single deposit address for every coin listed there.

Cryptopia was also hacked and they lost their DB, too, but you could actually reason with the liquidators and prove ownership manually. These Altilly guys just don't listen to common sense. Less they pay out, more they save for themselves.

no, you misunderstood. Each user was assigned one permanent address for deposits, and then all the coins from these user addresses were sent to a common wallet, where they were all stored. Therefore, it is not difficult to find out who made deposits and the total amount of each of the coins, but Altilli decided to blame all the losses from the hack on users or this is another exit scam.

If Altilly has been acquired by Qredit, there's nothing wrong with bothering them with claims. Looks like their site is still active. https://www.qredit.io/altilly


Do you mean they use disposable deposit addresses? I'm just reassuring that they won't store every new deposit address of every user (especially if it applies to all coins) because that's a huge database unless it ends up burning. That's why they will deny ownership signed message verification because it's definitely useless. They failed at this.

I confirm the same situation.
They also refused to return (refund) my PXC and several other supposedly unsaved assets. I spent a lot of time negotiating with Charles Naughton to resolve the issue amicably, but they are not going to return anything, demanding a YEAR LATER ONLY screenshots of email deposits as proof, knowing that practically no one keeps them. For example, I have Gmail (messages that are in the Trash for more than 30 days will be automatically deleted). They simply decided to pass on all the losses from the hack to the users of the unsaved assets. While there is no evidence that this was a hack, it may have been a planned exit scam.
I am sure that there are many such users, to whom Altilly is not going to refund anything, since there were a lot of "unsaved assets".

It is sad. I also don't really believe that I can get my coins back from Cryptopia. There, in total, over 20M PXC are stuck. At this rate, PXC will soon become a very scarce asset)) I want to once again remind everyone about the basic rule of the crypto world “Not your keys, not your coins”.

Altilly was hacked in late December, 2020. I don't know what exactly happened there. The ops said it was a hack and all exchange data including wallets were deleted. I didn't see a police report or forensic analysis or whatever. I didn't really buy what the ops said, but they promised to refund everyone, so okay. I filled the refund form like everyone else. It's a year after the hack now, they finish processing these forms and the real fun begins. Looks like they are not going to refund me at all.

Here's how stuff worked on this exchange. Every user got a deposit address. Once a deposit cleared, a script transferred it automatically to their hot wallet which was used to fund withdrawals. Looks like they didn't have cold storage and didn't even have private key backups of that hot wallet (WTF really?).

Back to my case. I had 529k Phoenixcoin (PXC) deposited there. That was like 0.2 BTC at the hack time. Mostly mined coins, so there were 1118 deposits. Sure thing I didn't keep all those deposit confirmation emails in my mailbox once the deposits were confirmed. Why should I? Now these exchange ops say they are not going to refund me anything without all those emails. How convenient, huh? I still have access to my mining wallets, told them my deposit address, even told them their main hot wallet address in case they couldn't figure it out. BTW there are 6.6 million PXC stuck, it's like 7% of the total supply.

I bet no one else claimed my deposit address, but I even offered them to sign a message with privkeys of my mining addresses to prove they're mine. Nope, they rejected. Must be too complicated for them. Show the emails or piss off. Now it sounds like a SCAM.