Pages:
Author

Topic: [ANN] Free Bitcoin Vanity Address Generation Website. - page 3. (Read 14814 times)

newbie
Activity: 29
Merit: 0
Hello nibor,m

I paid 0.1 btc for 1perogijwqgDFN2HAhQZQfehiCyAadc3L

Please send refund to: 1D8ADgs37jobPjeNFKRc3sge2nLismc1zk

Thank you very much and have a great day!
perogi.
hero member
Activity: 742
Merit: 502
Circa 2010
AHha... Rely ? That is wonderful. WHos fault is we lost balances ? I don't care about 0.003 i paid for it. It was urs responsibility to provide SECURE keys like u say on ur site . Nvm as far i am concerned , u may not even be hacked. For 3 months not to notice change in ur own code its ridiculous. Now will be refunding what we paid for them , but not balance that was on them.... Hahahaha.... Great.

Well let's be honest - there aren't many people nice enough in the world to refund 10K of losses unless your a bigtime player or a big business. There are really just two scenarios:

a) Not hacked, instead maliciously edited code to steal coins. Then logic tells you that he would never refund your losses, but possibly only the cost of the addresses themselves in order to maintain some respectability for his account
b) Hacked, and refunding because it's the least he could do. Still can't give you a full refund because he doesn't have the funds necessary to cover it.

Both cases make sense with his actions so you can't really tell. The lesson to be learned with all of this is that is your going to make addresses do so yourself and don't trust it to any external party at all.
legendary
Activity: 2464
Merit: 1037
CEO @ Stake.com and Primedice.com
Just to be clear I mean we will refund cost of Addresses as they are now useless if you used the calckey page.

AHha... Rely ? That is wonderful. WHos fault is we lost balances ? I don't care about 0.003 i paid for it. It was urs responsibility to provide SECURE keys like u say on ur site . Nvm as far i am concerned , u may not even be hacked. For 3 months not to notice change in ur own code its ridiculous. Now will be refunding what we paid for them , but not balance that was on them.... Hahahaha.... Great.
newbie
Activity: 17
Merit: 0
Quote
Any addresses bought since 31st Dec 2013 will be refunded on request via
forum. This may take a while as we will do all in one go (and all our
coins you paid us were taken so we need to get some!).

If this is true, my adress was:
1BREDYpxyYZbFRxgYD8Bo92TNqqNH6N7pB (https://blockchain.info/address/1BREDYpxyYZbFRxgYD8Bo92TNqqNH6N7pB)

You can refund to:  1MbKhR9gdzBYijLGuJ1r6z8Y9kmAJvgXyZ  (https://blockchain.info/address/1MbKhR9gdzBYijLGuJ1r6z8Y9kmAJvgXyZ)

(this address was used to fund hacked address) - https://blockchain.info/tx/6d026ac21c1fcddb6e439e1a1fd76a104cc72c3137da9896f6c6814b046647f8

Total: 0.7598 BTC

Thank You!


-----BEGIN BITCOIN SIGNED MESSAGE-----
Ondrej Bredy Novak
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: 1BREDYpxyYZbFRxgYD8Bo92TNqqNH6N7pB

HFWi/iKNWX3RITlVlfKo+1krHWj5UUohn5k4+qgkhKxnJlAbj5q8RjddZccRUVvfO5vvDlrqTnb9x+nEIN3yI1U=
-----END BITCOIN SIGNATURE-----
sr. member
Activity: 438
Merit: 291
Just to be clear I mean we will refund cost of Addresses as they are now useless if you used the calckey page.
sr. member
Activity: 308
Merit: 250
1DankFtSthZdyTqsuCt4cHpYEyGj8ymUH4  i lost almost .08 from being hacked
legendary
Activity: 2464
Merit: 1037
CEO @ Stake.com and Primedice.com
We have emailed all users who we had an address for to mitigate any damage as much as we can.


Well yes i got email. And if u guys rely going to even try to refund, that is for respect . And i take back all i said about u guys scamming. Will delete that post till further notice.

How do i request refund ?

My addy that i been taken 0.4 btc from is : 1microLtvk1LzFzdbBeoWz9pBfXkP26yJ
Tx: https://blockchain.info/tx/9e95fd443621d3d9fc150f290144401feb1627573c9161beb08edb472069a819

Is that enough ?

Ah well and my address where refund should go : 1GyDQ3npFsa72Ute6bXm3wen7U1GEFfpF4

I did not expect this from u guys if u pull this off will be rely amazing. Tnx.


Wait wait wait, do they mean we only get refund what we paid for address to be made or what we are stolen Huh
newbie
Activity: 29
Merit: 0
What information did you want us to post here to get refunded?

Thank you,
perogi.
sr. member
Activity: 438
Merit: 291
We have emailed all users who we had an address for to mitigate any damage as much as we can.
legendary
Activity: 3038
Merit: 1032
RIP Mommy
If you downloaded the source of bitaddress.org from GitHub to generate your vanity key in conjunction with bitcoinvanity.appspot.com, it should be safer than not.
legendary
Activity: 2464
Merit: 1037
CEO @ Stake.com and Primedice.com
We have found hack. They hacked the calckey page and posted keys to:
http://192.241.136.248

So if you calculated you private key using bitaddress.org like suggested in the help page you should to the best of our knowledge be OK.

But if you calc'd the private key using our calckey page they KNOW your private key (we do not though).

Looking at the date on the file they did it on the 31st Dec 2013.

We are still investigating.

We have decided to shut the site down as only ran it for fun - and now it is no fun!


Well tnx guys rely i paid for addy and u guys did not even checked code for 3 months rely ? 
Anyways i lost all coins i had , coz they all been stored on that address 0.4 btc i worked 2 months for. Rely tnx guys.
sr. member
Activity: 438
Merit: 291
We have found hack. They hacked the calckey page and posted keys to:
http://192.241.136.248

So if you calculated you private key using bitaddress.org like suggested in the help page you should to the best of our knowledge be OK.

But if you calc'd the private key using our calckey page they KNOW your private key (we do not though).

Looking at the date on the file they did it on the 31st Dec 2013.

We are still investigating.

We have decided to shut the site down as only ran it for fun - and now it is no fun!
sr. member
Activity: 438
Merit: 291
We think we have been hacked. But currently have no idea what is going on.

Will post updates when we understand what happened.

Very sorry for this update. All our funds have been taken too.

If you used your own Public/Private key you should be safe as we know of no way that it would be possible to get you coins. However if as we suspect our site was compromised and they uploaded bogus code they could have found keys of addresses that used the browser generated keys.
legendary
Activity: 2097
Merit: 1070
I see you decided to steal all the Bitcoin in the end.
newbie
Activity: 25
Merit: 0
confirmed scam... nibor u are scum lol... good thing I only had 0.1 btc on it... some of the other people clearly had more
https://blockchain.info/tx/9e95fd443621d3d9fc150f290144401feb1627573c9161beb08edb472069a819
member
Activity: 108
Merit: 10
I am very lucky i eventually created my vanity addresses by myselsf. The service was too expensive or 7 letters.

Thanks or the warning, sorry for your loss.
I tipped you a milli Smiley

Thanks chief. Very much appreciated. Smiley
member
Activity: 108
Merit: 10
Thanks for your information...
i request an address from bitcoinvanity too.... i pay the total amount but until now never get the private key....

Consider yourself lucky.
legendary
Activity: 1470
Merit: 1000
Want privacy? Use Monero!
I am very lucky i eventually created my vanity addresses by myselsf. The service was too expensive or 7 letters.

Thanks or the warning, sorry for your loss.
I tipped you a milli Smiley
newbie
Activity: 8
Merit: 0
Thanks for your information...
i request an address from bitcoinvanity too.... i pay the total amount but until now never get the private key....
member
Activity: 108
Merit: 10
I just lost 2.3 Bitcoin I had stored on an address generated with this service.

Edit: I don't know why this didn't pop up when I initially researched the site. Just lost 2.3+ BTC today to this site.

I made a reddit post on this topic.

You can upvote it here if you're so inclined: http://www.reddit.com/r/Bitcoin/comments/1y7upu/bitcoinvanityappspotcom_is_not_secure_and/

Here's the blow by blow:

Oh the blessings and curses of irreversible transactions. I'll be honest - this one stings a bit.
I have some pretty damning circumstantial evidence that bitcoinvanity.appspot.com is skimming the private keys of their users, and transferring away Bitcoin from those who create addresses on their service.
Here's the sequence of events:
1) Over the weekend, I decided I wanted to create some vanity BTC addresses for myself and family (because, hey, if those 1Enjoy 1Sochi bitspammers get one, why not me?).
2) Of the several addresses I created, on of them was a goof account (1FartsVaXCqT8MAJxAjTwrfz3UAXqVKbCh).
3) I imported the vanity addresses into my hot-wallet on Blockchain.info.
4) I swept an old, non-vanity address where I kept change from purchases into the new vanity address
5) I messaged a buddy of mine, joking that I was going to bitspam the world with 1Enjoy 1Farts, and showed him the address.
6) He replied back "Whoa, looks like there was once 2.36244159 BTC in there."
7) As soon as I see it, my stomach sinks, because that BTC should not be in the past tense.
Cool I log into Blockchain.info, and notice that the BTC is 8 confirmations away from a wallet address I control, having been transferred to 1JMPsVyyCrLt8xRSiBypG6JKawsUVTGjKy.
I rang up my aforementioned buddy (a BTC veteran) diagnosed the possibilities:
1) My blockchain.info account has been compromised. I determine this to be unlikely, since only the contents of that vanity address have been swept, not the entire wallet.
2) Blockchain.info may have erroneously swept the address into another holding address. That's possible, since it says the transfer occurred on a BCI IP adress.
3) The vanity address generator I used (https://bitcoinvanity.appspot.com) has been compromised. I haven't seen anything on the web indicating that, but it's the most likely thing, since it's the only address that's been compromised in my wallet. I'm 100% certain my traffic wasn't packet-sniffed since I created the vanity address on my home network, which is highly-engineered and secured by me. I'm on a Chromebook that I regularly check for malware, so I'm not being keylogged. The only vulnerability is the obvious one: the service.
I'm hoping and praying, at this point, that it's #2, and BCI can fix it, but I know that I've been scammed, and it was stupid to put a non-trivial amount of BTC into a newly created address that's possibly insecure... I know in the pit of my stomach that it's #3.
I ping a few people I know that can fast track my ticket at BCI, and get directly in touch with Mandrik of Blockchain.info, who was very apologetic as he confirmed what I suspected.
He pointed me to a discussion I'd missed in my research on the vanity address service that described what had happened to me. I noted that the transaction showed that it was relayed by BCI, but as I suspected and he confirmed, that meant very little:
"There really isn't anything we can do if the funds really were stolen, whether the transaction was relayed by us or not. Anyone can relay a transaction through our site, but they could just as easily do it from any other wallet app. They could easily import any private key across multiple wallets if they wanted to, too. If these funds were stolen, then they are essentially gone forever. The only person who can return them is the one who has access to the key the funds were sent to."
At some point, I'll probably pursue some legal action against this company (there is a British corporation listed, according to a friend I was just on the phone with). I haven't had the time to contemplate or investigate my options - this all happened over the last couple of hours.
Here's the lessons to take away from this one:
1) Don't trust third-party services (free or paid) with non-trivial amounts of coin unless they have a seriously impeccable reputation.
2) Blockchain.info customer service is pretty bad-ass, but they're not miracle workers. Irreversible transactions are irreversible.
3) If you're using a third-party service where you're risking non-trivial amounts of money, and you have a seed of doubt, either conclusively quash that seed through research, or don't use them.

Tip me? 1LpLLDP1hMp34eDQXSS6yFj9FVtsJ83WWA
Pages:
Jump to: