Pages:
Author

Topic: bitcoinblackfriday.info - Do NOT use their website. - page 7. (Read 17064 times)

hero member
Activity: 756
Merit: 500
its so obvious now, i am so pissed at myself. it makes it even more frustrating  Angry , you always end up fucking up shit when you are in a hurry. :/
hero member
Activity: 756
Merit: 500
I think this would be fairly difficult if bitcoin is used properly, eg a new address for every transaction. Also if you use a SPV client then you will want to create a new wallet every so often as the number of addresses your client is monitoring grows large enough. Plus some people keep their wallets/private keys completely off the internet. 

Requiring people to manually generate a unique address per transaction is an annoying quirk of Bitcoin that can and should be fixed. With BIP 47, for example, the recipient publishes a single BIP 47 address, and using this the sender and recipient can negotiate a unique long-term shared secret which allows them to generate very large number of one-use addresses for all future transactions between these two people.

I will need to find out the txid's of the forum advertisements

ffb0cf99d315417d6c26feb7fc4916ecfda93384a18a7904429a82a3ac2e8ab5

This is a very clear-cut case, so I'm willing to release his IPs to reputable people who are going to investigate the issue. I don't want the IPs to become public, though, since that could lead to witch-hunting and potentially violence. It seems that the IPs were all proxies, though I haven't carefully checked to see if he slipped up at any point.

i have filed a complaint with the IC3  http://www.ic3.gov/default.aspx


i am honestly thinking of going to the police with all of my screenshots of his fake bitmain website along with screenshots of all the bitmain addresses. i am just not sure it would do me any good, i wouldnt know where to begin to explain to them what happened.
legendary
Activity: 4592
Merit: 1851
Linux since 1997 RedHat 4
e-coin
https://bitcointalk.org/index.php?topic=917350.0;topicseen
sent out an email 16 hours ago that included a link:

Code:
We recommend exploring other deals for Bitcoin Black Friday at bitcoinblackfriday.info Save on hundreds of items using bitcoin. Find out more by visiting the site.
administrator
Activity: 5222
Merit: 13032
I think this would be fairly difficult if bitcoin is used properly, eg a new address for every transaction. Also if you use a SPV client then you will want to create a new wallet every so often as the number of addresses your client is monitoring grows large enough. Plus some people keep their wallets/private keys completely off the internet. 

Requiring people to manually generate a unique address per transaction is an annoying quirk of Bitcoin that can and should be fixed. With BIP 47, for example, the recipient publishes a single BIP 47 address, and using this the sender and recipient can negotiate a unique long-term shared secret which allows them to generate very large number of one-use addresses for all future transactions between these two people.

I will need to find out the txid's of the forum advertisements

ffb0cf99d315417d6c26feb7fc4916ecfda93384a18a7904429a82a3ac2e8ab5

This is a very clear-cut case, so I'm willing to release his IPs to reputable people who are going to investigate the issue. I don't want the IPs to become public, though, since that could lead to witch-hunting and potentially violence. It seems that the IPs were all proxies, though I haven't carefully checked to see if he slipped up at any point.
copper member
Activity: 2996
Merit: 2374
I will need to find out the txid's of the forum advertisements and of the purchase of the account that ran the signature campaign. The BTC in the signature campaign appears to be a dead end as it seems to have been funded via coinjoin transactions.

I can help with the account purchase.



quickly typed it into blockchain

here's our transaction

Address used to pay is 14W5d8JNXhc68g3rWpyYQSsKS3sX4iH1tN

Further digging I leave to you.


Unfortunately, it appears that the BTC most likely came from LocalBitcoins, which means it is pretty much a dead end.

There was BTC later sent out of that address via a CJ transaction, however I do not have the tools necessary to track them further.
legendary
Activity: 1876
Merit: 1295
DiceSites.com owner
Yes, F5 on https://bitmain-tech.com/user/orderDelivery.php a lot and you can be pretty sure. But my internet sucks so if others can find more thats only good Smiley


Obvious scam is obvious.
I don't think this scam is going to be all that obvious to a lot of newer users to Bitcoin.

Oh yes, agree, I can't blame anyone for falling for this. I mean it's obvious if you realize those domains are fake. But the setup (including ads/paying for social media/news-sites , etc) was pretty "good" so def tricky to recognize.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
How do you know this is an all-inclusive list of addresses? Are you visiting each phishing site until you see a single address multiple times?
that is what i did, but only for bitmain site.

I sent dozens to houndreds requests to primedice.io, finding three more addresses than NLN.
Same I did for gyft, uncovering 6 more (together with saturn).
For Bitmain I'm currently searching, couldnt find any more yet.
The list might not be complete, but its getting better and better.
hero member
Activity: 756
Merit: 500
Bitmain
https://blockchain.info/address/1NbA3NtMtt39mQxSEr55Ai1VhHWehNukj5   6.43370775
https://blockchain.info/address/18jXhWToqix3jybpCNGTB75gFQULuV6guX   2.941
https://blockchain.info/address/16kLWoe8yab4dbTR3h26d9eJARBfueC3cY   2.941
https://blockchain.info/address/18jP3xv6cEx3nvf3bdnVVm4tXHNzyAYyju   2.941
https://blockchain.info/address/14Jgcr7wWx2C9nmTW5jLSasVrgFvsHrvjt   0
https://blockchain.info/address/1Nx7m1q2DuPtA6ZtuhcDxBJa2CPfBEErDx   0
https://blockchain.info/address/1HyVFLUewenfqkKkaMkQE2wuqSHkvw5AyE   0


Gyft
https://blockchain.info/address/1NTxoRjw5TkjTz268f5UZy1qnAcQ4tsFnW   2.33645
https://blockchain.info/address/1by1bz5gMe7Bprz2hMDQK3YibvjscjaxP   1.16822
https://blockchain.info/address/1GSsawawzuzdUj8EkAoa16i3qNro9WxCup 1.16822
https://blockchain.info/address/1Egkp39fM2NPnD5d1MhTRTHgpC4ybfzyx6  1.07196
https://blockchain.info/address/1K3cJFmCb2NJ7UnxF75Q4b71YoUmyWrP3h 0.23364
https://blockchain.info/address/15ePGqNtSibc9gnubJnSigQxdPp9bTjkYq   0
https://blockchain.info/address/14Dk3WffwCc3f5km8np2EcsFHdo8dFq5ts 0
https://blockchain.info/address/13yefnodG4ykWCRGXkdbX6N1zXcg4cuGZE 0

Primedice
https://blockchain.info/address/1DLUj39TFwPhEsvZLdAE7mXQVW6TXNx7VY    0
https://blockchain.info/address/1EeKpzVDPygc5wSPSRJp1Ra3anVo4dJRY7   0
https://blockchain.info/address/1MTnmDsajxLjsJ5CH3zcRTWgZAXoujM5wT   0
https://blockchain.info/address/1oigkZNjaSocPVY9VUgN1v1v7PKzrLJUW   0
https://blockchain.info/address/12rzdeuaAtBThVi6ZDXPjdvVfumWCLoou5   0
https://blockchain.info/address/1CMpZDNfAdhV6LZ1dCkmrPHLfP6qemATUC   0
https://blockchain.info/address/1A8At7MSthUmt1cWfSGS35UvwHY5KcTEjv   0
https://blockchain.info/address/1NNaeZwb4Jz5A4bwVKgvQBd6VEdjgNeU7g   0

Spondoolies
CoinPayments - blocked

BuyTrezor
CoinPayments - blocked

Block-C
CoinPayments - not blocked


6.43370775+2.941+2.941+2.941+2.33645 +1.16822+1.16822+1.07196+0.23364 = total 21.23

Potentially more with CoinPayments. Maybe one can mail CoinPayments too to block that Block-C one (real is without dash.)


edit: added the gyft ones, thanks Lutpin & saturn643.
How do you know this is an all-inclusive list of addresses? Are you visiting each phishing site until you see a single address multiple times?


that is what i did, but only for bitmain site.
copper member
Activity: 2996
Merit: 2374
Bitmain
https://blockchain.info/address/1NbA3NtMtt39mQxSEr55Ai1VhHWehNukj5   6.43370775
https://blockchain.info/address/18jXhWToqix3jybpCNGTB75gFQULuV6guX   2.941
https://blockchain.info/address/16kLWoe8yab4dbTR3h26d9eJARBfueC3cY   2.941
https://blockchain.info/address/18jP3xv6cEx3nvf3bdnVVm4tXHNzyAYyju   2.941
https://blockchain.info/address/14Jgcr7wWx2C9nmTW5jLSasVrgFvsHrvjt   0
https://blockchain.info/address/1Nx7m1q2DuPtA6ZtuhcDxBJa2CPfBEErDx   0
https://blockchain.info/address/1HyVFLUewenfqkKkaMkQE2wuqSHkvw5AyE   0


Gyft
https://blockchain.info/address/1NTxoRjw5TkjTz268f5UZy1qnAcQ4tsFnW   2.33645
https://blockchain.info/address/1by1bz5gMe7Bprz2hMDQK3YibvjscjaxP   1.16822
https://blockchain.info/address/1GSsawawzuzdUj8EkAoa16i3qNro9WxCup 1.16822
https://blockchain.info/address/1Egkp39fM2NPnD5d1MhTRTHgpC4ybfzyx6  1.07196
https://blockchain.info/address/1K3cJFmCb2NJ7UnxF75Q4b71YoUmyWrP3h 0.23364
https://blockchain.info/address/15ePGqNtSibc9gnubJnSigQxdPp9bTjkYq   0
https://blockchain.info/address/14Dk3WffwCc3f5km8np2EcsFHdo8dFq5ts 0
https://blockchain.info/address/13yefnodG4ykWCRGXkdbX6N1zXcg4cuGZE 0

Primedice
https://blockchain.info/address/1DLUj39TFwPhEsvZLdAE7mXQVW6TXNx7VY    0
https://blockchain.info/address/1EeKpzVDPygc5wSPSRJp1Ra3anVo4dJRY7   0
https://blockchain.info/address/1MTnmDsajxLjsJ5CH3zcRTWgZAXoujM5wT   0
https://blockchain.info/address/1oigkZNjaSocPVY9VUgN1v1v7PKzrLJUW   0
https://blockchain.info/address/12rzdeuaAtBThVi6ZDXPjdvVfumWCLoou5   0
https://blockchain.info/address/1CMpZDNfAdhV6LZ1dCkmrPHLfP6qemATUC   0
https://blockchain.info/address/1A8At7MSthUmt1cWfSGS35UvwHY5KcTEjv   0
https://blockchain.info/address/1NNaeZwb4Jz5A4bwVKgvQBd6VEdjgNeU7g   0

Spondoolies
CoinPayments - blocked

BuyTrezor
CoinPayments - blocked

Block-C
CoinPayments - not blocked


6.43370775+2.941+2.941+2.941+2.33645 +1.16822+1.16822+1.07196+0.23364 = total 21.23

Potentially more with CoinPayments. Maybe one can mail CoinPayments too to block that Block-C one (real is without dash.)


edit: added the gyft ones, thanks Lutpin & saturn643.
How do you know this is an all-inclusive list of addresses? Are you visiting each phishing site until you see a single address multiple times?
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
I will need to find out the txid's of the forum advertisements and of the purchase of the account that ran the signature campaign. The BTC in the signature campaign appears to be a dead end as it seems to have been funded via coinjoin transactions.

I can help with the account purchase.



quickly typed it into blockchain

here's our transaction

Address used to pay is 14W5d8JNXhc68g3rWpyYQSsKS3sX4iH1tN

Further digging I leave to you.

copper member
Activity: 2996
Merit: 2374
In general, it'd be good to add more trust/identity features to the Bitcoin ecosystem at the wallet level. Though this should be done in a way that doesn't compromise anonymity, fungibility, censorship-resistance, etc.
I think this would be fairly difficult if bitcoin is used properly, eg a new address for every transaction. Also if you use a SPV client then you will want to create a new wallet every so often as the number of addresses your client is monitoring grows large enough. Plus some people keep their wallets/private keys completely off the internet. 
legendary
Activity: 2296
Merit: 2262
BTC or BUST
They did spend around 4BTC for their signature campaign, so I guess they earned scammed a little bit less than anticipated.
Fixed..


Hi, this is my real name. I founded and run BitcoinBlackFriday.com. I am legit, 4 years in business and I've never scammed anyone.

How did you not notice this?
They were advertising your site, what everyone thought was your site but rather a clone of, all this time, you had nothing to do with it, and you didn't notice them doing it or find it suspicious that they were advertising your site for you and paying to do it themselves?

I'm confused..
copper member
Activity: 2996
Merit: 2374
Obvious scam is obvious.
I don't think this scam is going to be all that obvious to a lot of newer users to Bitcoin.

Unless you are very familiar with how provable fairness works (or at least have a general understanding of it), then you will not understand why it would be a very bad idea for an already established casino to be offering a 1BTC deposit bonus without any kind of (posted) rollover requirement. I would be willing to say there is a fairly good percentage of the people who regularly gamble on PD that do not understand this, let alone the general public.

Based on the posts that I have read, many people do not understand the business side of things when dealing with mining manufacturers, and why they are unlikely to offer their equipment at such a deep discount (they always have the option of simply mining on their own then slowly lower the price until their inventory sells).

Ironically, trezor offered a blackfriday special that is not all that more expensive then what the phishing site was offering. Other then the fact that people are being directed to a fake domain, I do not see any glaring red flags that this is a scam (I can say 100% that it is a scam though). So unless you already know specifically what domain that trezor is selling their trezors on, and are paying close attention, then you will not realize this is a scam.


From what I can see, it appears that this scam was targeted largely towards newer, and less experienced users of Bitcoin. He also was using a good amount of advertising on the forum (and potentially elsewhere as well).

It is for these reasons that I believe I know who is behind this scam. Although the advertising was not exactly where I would expect this person to advertise, and the end result was not exactly what I would expect, then general MO does match this person and he would have the general ability to clone all those websites. If I am right about this, then this person's first name starts with a "D" and was in the US (more specifically California) last summer (based on US seasons - it was winter where he lives). I would need to consult with someone prior to making this claim with more certainty.

If I am incorrect about the above person being behind this scam, then this scam was almost certainly the work of moriartybitcoin. Actually now that I think about this a little bit more, I think the chances of this being moriartybitcoin actually might be greater then the person above.

I will need to find out the txid's of the forum advertisements and of the purchase of the account that ran the signature campaign. The BTC in the signature campaign appears to be a dead end as it seems to have been funded via coinjoin transactions.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
Additional batch of primedice.io addresses I've found:

https://blockchain.info/address/1DTZdAZWMy7wXoGmG1txF3sbaL8QJvaBmd     0
https://blockchain.info/address/18GHPQ81vw2WmMCXMGwQJh5DoNWBjpHGtH   0
https://blockchain.info/address/14kMnWT8a7hRAHF29VQPCRRu1GXz5KwMzM   0

all zeroes for pd.io so far (the site is set up pretty bad/good no one fell for this patricular one),
three more addresses.
Now checking for bitmain, will update once/if I've found more than NLN. couldn't find any undiscovered addresses.
hero member
Activity: 826
Merit: 1000
Really great catch, but I'm afraid it was a little too late. The campaign ends tomorrow (or today considering your time zone). They did spend around 4BTC for their signature campaign, so I guess they earned a little bit less than anticipated. Anyways, I guess it's better to know now rather than never. Again good catch!
legendary
Activity: 1582
Merit: 1006
beware of your keys.
 Shocked what da shit, my deal here, luckily this guy did not send 'customers' to a scam site, after visiting the link, i proven it.
hero member
Activity: 756
Merit: 500
i am hoping a cpl of the other ppl who sent the 3 BTC can come and join the conversation. im guessing they do not realize yet it is a scam.  Angry
You should also check all of the other "deals" on that site and try to find the addresses for the payments. Some of them are legit though, like Newegg (I think it was based on the URL) so double check the site whether it is a scam or legit.
nvm working again, i tried with the only other one it will let me, the PSU, and it generates same addressess
hero member
Activity: 728
Merit: 500
i am hoping a cpl of the other ppl who sent the 3 BTC can come and join the conversation. im guessing they do not realize yet it is a scam.  Angry
You should also check all of the other "deals" on that site and try to find the addresses for the payments. Some of them are legit though, like Newegg (I think it was based on the URL) so double check the site whether it is a scam or legit.
Pages:
Jump to: