Topic: [ANN] Potential Premine SCAM coins: RainbowCoin Evercoin - page 2. (Read 7431 times)

There are alot of changes coming with Bee , better hold it for now.
I'm the new Dev working on Bee and will update as needed.

For the moment Bee is in a transition phase to X11 with POS so I believe you can assume we are on the safe side.

~SoopY~

Bee coin isn't scam there is new dev and he's changing algo from POW to X11 POS, you should read befor telling shits.

It is kind of a bitch to do.. but here's the guide: https://bitcointalksearch.org/topic/building-headless-bitcoin-and-bitcoin-qt-on-windows-149479

Hi there, I want to compile clients from source from now on, where should i look for a good guide on how to do it ?
I have very limited programming skill, i occasionally deal with PHP and HTML only.

many thanks  

Allcoin will freeze the market, so in this insecure situation, we can prevent a bit of panic.

QuarkBar Community Dev here again.

We fixed the upstream code and hardforked the chain effective immediately.

Thank you the reporting

//Edit:
We're doing the maths to check if and how many scam-coins have been created so far

Yes you're right .. fixing premine situation is very difficult.. I'm just giving people a heads up, is all .. no solutions here unfortunately...

Sorry you are going to have to check yourself, source is not posted on github.. 30 mb download taking an hour to get that source in .rar format.. (that in itself is a little suspicious tho..)

could you please check the latest coin? capitalcoin that just announce its existance.

Excellent work. I am so lucky I pulled out of AC when it started to drop like a rock. I think it's really bad news for crypto
and alt coins that AC managed to happen. It probably took some people out permanently.

I think the burden should be on the Exchanges to catch these things.
It's 100% their responsibility I would say. They make the money off them and list them as fair products.

Afaik, there's no way to know what's in the compiled binary they distribute, unless you compile it yourself.. and/or they release a sig'd build (which .. apparently no one does).

However, you are correct that if the key areas of the code do not match up.  Things like Checking transactions, Accepting block hashes.. rewards, etc.  Then those clients will not connect with each other.

The key to all this is 3rd party exchanges and pools.  By in large they are all 100% Linux, and must build from source.. so if you can't connect to them (accept blocks).. then you know that there's something different with your client.  

All coins require those ecosystem infrastructure, which has to be built from source...


This is the reason that the perpetrators of these scams do actually have to release the source, that is basically the same as the compiled binary.. They can do a few things like RPC call diffs, remove seed addresses, or inject trojans in the compiled binaries tho..

QuarkBar Community dev here. Thanks for the post!
We're looking at the code and going to patch it out asap.

micryon, thanks for your effort, i have a small question.

If scammer publish clean source code to github but he compile clients with malicious codes included, then how can we know ? Few people will take that 'clean' source and compile for themself, but this will cause conflict with those clients compiled by dev, right ? Then how can we know if that case happen ?

I'm just asking because i think in future, those scammers will find a more sophisticated way to scam.

We're looking into this. We were not aware of this at all.

Quarkbar's original dev also gone. Now community took over this coin, but i don't know whether or not that community know about this premine. You should put a warning on their thread.

No I am not sure.. that's why I said potential.  The "malicious" code exists in that code base on github.. that's all we know.

If someone can verify and get back to this we can certainly eliminate it as a candidate.

QuarkBar is a scam coin? Are you sure?

Hey guys.. in the wake of the Asiacoin mega-scam.  We've been doing some forensics on the code to understand the premine scam.. my full analysis is listed here:

https://bitcointalksearch.org/topic/m.6535095

This code was also found in SHACoin, which had the exact same premine SCAM that was exposed a week earlier.

cruncher on IRC had a great suggestion to search all of github for a particular string that was associated with the obfuscating premine.

The segment of code resides in the RPC call, that seeks to intercept the amount of coin by returning a modulo version of it.

The result of that search is here: "https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code"

As you can see the string shows up in a bunch of other places (including the AsiaCoinFix repo i pushed up for the forensics exercise).

The following hits to coins were identified:
  EverCoin - never heard of this
  RainbowCoin - recently launched
  ShaCoin - known premine scam
  ccc/qbcc - ??
  BeeCoin - ?
  QuarkBar - premine scam found,  patched



Now it may be the case that some devs accidentally forked a code repo unknowingly.. or the coin has already found the issue and patched it, or maybe this isn't even the original location of the code..

I didn't check the actual blockchain itself to verify.  This is just from a github search using the "obfuscation code"..  But if this code is deployed even without knowing.. it really ought to be patched up anyhow.

Up to everyone's own due diligence to check their own coins now..