The community has finally decided to invite an independent auditor, Titan, an experienced cryptocoder, Luckycoin developer since 2013, to investigate Mooncoin script.
He has promised to complete it till Christmas. He will decompile a wallet and will investigate new and old open sources, too.
If you have ideas on what an independent auditor should focus his attention, please share it, or PM him directly: https://bitcointalksearch.org/user/titan-124654
4 wallets have been suffered since December 7:
2SQDhN8NE4Sk92MikERTzkz4a6PBuJ3HnB
2Z25JRcYYnvN52wJQy4FxZZPhnesBwiiqP
2bfkzvCAvvBASYZihFC66QykKiQNz2xgJ4
2aaiutvFC3nm7vuSM5AST51ANX9PztFKqe
Total coins stolen around 17.5 bln.
Currently there is no evidence that all Mooncoin wallets were compromised, but let's be careful and wait for the end of investigation before final conclusions.
Topic: [ANN][MOON] Mooncoin: You know where it's headed! KGW exploit FIXED 4/3/2014 - page 80. (Read 1106913 times)
December 18, 2014, 10:42:56 AM
December 18, 2014, 04:41:58 AM
Does MoonCoin have the same backdoor as TIPS to steal wallets even with the private key ?
I was reading a document and you can "apparently" clone other peoples wallets and even though there is a private key you can still gain access to it by making a mould....
Maybe that is what happened.
I was reading a document and you can "apparently" clone other peoples wallets and even though there is a private key you can still gain access to it by making a mould....
Maybe that is what happened.
No, I already posted what happened after I talked to Cryptsy's fraud dept.
This was not Cryptsy's fault - people left same RPC PASS/Login across multiple wallets and someone with daemon wallet cleared them out.
THIS IS DEFINITELY NOT PROVEN !!!
It was just a first suspicion of mine that I wrote to cryptsy.
But during the last days I tried to connect via RPC to my mooncoin wallet, testing different mooncoin.conf configurations. And it was not possible for me to reach it because the RPC Port 44663 is not reachable from the internet because my router doesnt know what to do with port 44663. And my computer with the wallet ALWAYS was behind a router. The only way to establish connections from the outside to my wallet is with P2P Port 44664, which the wallet uses for mooncoin network communication.
As long as no one can get access to a mooncoin wallet via RPC (mooncoin.conf in server mode and no rpcuser and no rpcpass set) it is unlikely that the thief could connect via RPC !
Please help to think about other vulnerabilities so that we can find the real reason to disable it within the coming new wallet version!
What is with the SSH-Heartbleed bug?
Does MoonCoin have the same backdoor as TIPS to steal wallets even with the private key ?
I was reading a document and you can "apparently" clone other peoples wallets and even though there is a private key you can still gain access to it by making a mould....
Maybe that is what happened.
--> this is also something we should think about, could you please send me details about the fedoracoin issue?I was reading a document and you can "apparently" clone other peoples wallets and even though there is a private key you can still gain access to it by making a mould....
Maybe that is what happened.
And to avoid panic: please keep your coins ALWAYS in an ENCRYPTED wallet. Then every transaction out needs the wallet passphrase. I made this mistake to not encrypt my wallet and the thief could initiate transactions, on which way ever (we have to find out).
best regards,
peme
December 18, 2014, 03:10:39 AM
sooner or later we will know ....they are investigating ...
when the situation will be clear we will collect donations for compensation to cheat people
December 18, 2014, 01:36:40 AM
Does MoonCoin have the same backdoor as TIPS to steal wallets even with the private key ?
I was reading a document and you can "apparently" clone other peoples wallets and even though there is a private key you can still gain access to it by making a mould....
Maybe that is what happened.
I was reading a document and you can "apparently" clone other peoples wallets and even though there is a private key you can still gain access to it by making a mould....
Maybe that is what happened.
No, I already posted what happened after I talked to Cryptsy's fraud dept.
This was not Cryptsy's fault - people left same RPC PASS/Login across multiple wallets and someone with daemon wallet cleared them out.
December 18, 2014, 12:12:21 AM
Whoever owns 2DMfpxPiMtpVDVyrxQAAmfBbZnDH4XCMfK needs to be taken down. He's stolen 6 billions. How can we track this thief?
These addresses were also cleared from different wallets, where there was more than one address:
2SQDhN8NE4Sk92MikERTzkz4a6PBuJ3HnB
2aaiutvFC3nm7vuSM5AST51ANX9PztFKqe
and kept on:
2JA3Cqf9on8YuxngxdXStCFKanAGnaQU5A
2GWu3v33XYU8G6vHFaChYc6YA6edDmW1cK
together over 11 billions Moon.
December 17, 2014, 09:27:07 PM
Does MoonCoin have the same backdoor as TIPS to steal wallets even with the private key ?
I was reading a document and you can "apparently" clone other peoples wallets and even though there is a private key you can still gain access to it by making a mould....
Maybe that is what happened.
I was reading a document and you can "apparently" clone other peoples wallets and even though there is a private key you can still gain access to it by making a mould....
Maybe that is what happened.
December 17, 2014, 09:19:10 PM
Whoever owns 2DMfpxPiMtpVDVyrxQAAmfBbZnDH4XCMfK needs to be taken down. He's stolen 6 billions. How can we track this thief?
December 17, 2014, 03:01:17 PM
Great hendrix today fed fomc i open short position on the future eur/usd ...
you could do a lot more gains in the stock market future CME..
you could do a lot more gains in the stock market future CME..
Now eur usd futures -1,12
December 17, 2014, 02:49:01 PM
OFFICIAL POOL LIST
Multipool.us: http://multipool.us
Mooncoin P2Pool: Mooncoin P2Pool
moon.bitember.com: http://moon.bitember.com
Multipool.us: http://multipool.us
Mooncoin P2Pool: Mooncoin P2Pool
moon.bitember.com: http://moon.bitember.com
December 17, 2014, 12:50:34 PM
any good pool?
December 17, 2014, 11:12:13 AM
Great hendrix today fed fomc i open short position on the future eur/usd ...
you could do a lot more gains in the stock market future CME..
Now eur/usd futures -1,12
you could do a lot more gains in the stock market future CME..
Now eur/usd futures -1,12
December 17, 2014, 10:13:31 AM
Yes, I have some more, but will keep those in case we reach 60 again or dip under 11. Right now Im in profit, so I basically have a free MOON ride!
You should wriite a book of your successful trading with mooncoin
Lol someone bought all my MOON from the dump to 11. Thanks! Made almost 80% in profits 
i bought some.you have some more?
i hope you are a millionaire by now...
Merry Christmas!
i bought some.you have some more?
i hope you are a millionaire by now...
Merry Christmas!
You should wriite a book of your successful trading with mooncoin
December 17, 2014, 10:09:02 AM
Yes, I have some more, but will keep those in case we reach 60 again or dip under 11. Right now Im in profit, so I basically have a free MOON ride!
Lol someone bought all my MOON from the dump to 11. Thanks! Made almost 80% in profits
i bought some.you have some more?
i hope you are a millionaire by now...
Merry Christmas!
i bought some.you have some more?
i hope you are a millionaire by now...
Merry Christmas!
December 17, 2014, 10:04:45 AM
Lol someone bought all my MOON from the dump to 11. Thanks! Made almost 80% in profits
i bought some.you have some more?
i hope you are a millionaire by now...
Merry Christmas!
i bought some.you have some more?
i hope you are a millionaire by now...
Merry Christmas!
December 17, 2014, 09:55:02 AM
Lol someone bought all my MOON from the dump to 11. Thanks! Made almost 80% in profits
December 17, 2014, 09:16:20 AM
My wall at 30 removed
You can thank whoever nicked all my mooncoins for that.
December 17, 2014, 09:14:56 AM
My wall at 30 removed
December 17, 2014, 09:07:00 AM
Right folks. I've just bought back in - all billion mooncoins I lost.
Long live Moon.
Long live Moon.
December 17, 2014, 08:48:31 AM
too much coins stolen 
Please contact cryptsy with all details to wich addresses your mooncoins have been transferred to.
If they are able to find a cryptsy account to an address they can freeze it.
Please don't give up, we will try everything.
We have to find out why this all could happen to update the new wallet version.
Perhaps cryptsy will think about a blockchain rollback now, we will see.
Hi redjedievolution I have been the victim of a large (over a billion) theft too. I was wondering - would it be worth trying to make a list of all hacked addresses and recipient addresses? We can try to gather evidence and track what has happened. I contacted cryptsy but no response yet.
Yes, and to find out what happened, it would also be nice if we could find out what all the affected users had in common (operating system, behind a router or not, using team viewer, wallet encrypted?, download of other coinwallet before the theft, download of any other software to that machine where the affected wallet was, etc....)
December 17, 2014, 08:46:48 AM
@MooncoinItalia: Tks @cryptsy
Jump to: