Correct me, but aren´t the makers of bitscalper from Germany?
Wasn't the site ran from Italy?
Correct me, but aren´t the makers of bitscalper from Germany?
Completely mixed up. He claims to be Italian but hosted through KalyHost in Germany.
Topic: bitscalper anyone use this ? [PASSWORDS LEAKED] - page 4. (Read 40963 times)
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
Wasn't the site ran from Italy?
Completely mixed up. He claims to be Italian but hosted through KalyHost in Germany.
Correct me, but aren´t the makers of bitscalper from Germany?
Wasn't the site ran from Italy?
as of today he's been online,
https://bitcointalksearch.org/user/bitscalper-49490
what's up dude? why can't i log in to my account?
https://bitcointalksearch.org/user/bitscalper-49490
what's up dude? why can't i log in to my account?
Correct me, but aren´t the makers of bitscalper from Germany?
Is the 10 days he couldn't use the site for incase he was arrested over?
For all you know, this site is Atlas's.
what?
marked
As far as I know the site still hasn't paid anyone, so it looks like I was right and it was a scam.
The nature of the vulnerability made me especially suspicious. All login attempts were being logged to a text file at http://bitscalper.com/p/app/log . It's possible that Bitscalper was intentionally logging passwords, and this was the only way he knew how to do it with his CMS.
The nature of the vulnerability made me especially suspicious. All login attempts were being logged to a text file at http://bitscalper.com/p/app/log . It's possible that Bitscalper was intentionally logging passwords, and this was the only way he knew how to do it with his CMS.
You need to put a scammer tag on your account.
STAY FAR AWAY FROM THIS SHIT!
Bit late for that, isn't it?
STAY FAR AWAY FROM THIS SHIT!
WELP, looks like I'm never gonna get my money back
A big "IDIOT" tag on the people that gave money to bitscalper and complain they were scammed?
And a bigger tag for those who didn't earn on it back then when it was bringing 2% a day. 
A big "IDIOT" tag on the people that gave money to bitscalper and complain they were scammed?
If there was such a tag for every victim of every bitcoins scam, the board would be full of these. Quite discouraging, to say the least.
Can we get a "SCAMMER" tag on bitscalper for not giving all their depositors money back?
and....
A big "IDIOT" tag on the people that gave money to bitscalper and complain they were scammed?
and....
A big "IDIOT" tag on the people that gave money to bitscalper and complain they were scammed?
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
Whether Bitscalper is a blatant ponzi, or just another MyBitcoin scam is besides the point--- the owner wants to remain 100% anonymous at all costs, did not backup any wallets or site code, does not understand security, constantly brags about who he knows and what he can do and yet falls short of even the mildest of expectations. This site should not be avoided because "someone didn't get paid out", it should be avoided because anonymous services that hold your money are a bad idea. For all you know, this site is Atlas's.
Well.. following this thread is interestering..
I was very convinced this whole thing was nothing but a big scam.. still i am but less than before. IF it was a scam, why "coming back to life" when they had a good reason to run off with the money? Currently i just think that they work on the most obvious duplication bug(s) and hence wont allow withdrawals.. but hey.. it could be just a big scam afterall ,0)
I was very convinced this whole thing was nothing but a big scam.. still i am but less than before. IF it was a scam, why "coming back to life" when they had a good reason to run off with the money? Currently i just think that they work on the most obvious duplication bug(s) and hence wont allow withdrawals.. but hey.. it could be just a big scam afterall ,0)
Update:
Set up withdrawal on Sat 18th.
Sun 19th Feb still "Processing".
(Changed password with no difficulty Sunday)
Monday No response can't log in
Tuesday No response can't log in; withdrawals still "processing"
Probability this is a scam approaches 99%.
Set up withdrawal on Sat 18th.
Sun 19th Feb still "Processing".
(Changed password with no difficulty Sunday)
Monday No response can't log in
Tuesday No response can't log in; withdrawals still "processing"
Probability this is a scam approaches 99%.
This password fiasco remembers me of some emails exchange I had with their support on 13 January:
bitscalper:
Dear User,
We apologize but your password was changed because of a technical problem to the database. Your password is now : ******
Feel free to change it by logging in into your account.
me:
I changed the password to the old one and now I can't login with either of the 2
can you change the password again but with a stronger one?
bitscalper: Try now with ***** and try again to change it yourself. I think you did not set the one you had before. The hash looked differently!
me:
the ****** worked and changed it again to the old one
I'm 100% that was the correct one this time and I have the same problem
pls change it again and send me the new pass.
My guess is that you are not sanitizing the input field or something like that
I guess I will have to use a normal password with only alphanumeric characters
bitscalper:
Strange, the input is automatically hashed and saved in the db. We'll look into that. I'll change your password now.
In the end everything was ok.
So they had some problems with the passwords on 13 January
They also say that they are hashing the passwords
bitscalper:
Dear User,
We apologize but your password was changed because of a technical problem to the database. Your password is now : ******
Feel free to change it by logging in into your account.
me:
I changed the password to the old one and now I can't login with either of the 2
can you change the password again but with a stronger one?
bitscalper: Try now with ***** and try again to change it yourself. I think you did not set the one you had before. The hash looked differently!
me:
the ****** worked and changed it again to the old one
I'm 100% that was the correct one this time and I have the same problem
pls change it again and send me the new pass.
My guess is that you are not sanitizing the input field or something like that
I guess I will have to use a normal password with only alphanumeric characters
bitscalper:
Strange, the input is automatically hashed and saved in the db. We'll look into that. I'll change your password now.
In the end everything was ok.
So they had some problems with the passwords on 13 January
They also say that they are hashing the passwords
As far as I know the site still hasn't paid anyone, so it looks like I was right and it was a scam.
The nature of the vulnerability made me especially suspicious. All login attempts were being logged to a text file at http://bitscalper.com/p/app/log . It's possible that Bitscalper was intentionally logging passwords, and this was the only way he knew how to do it with his CMS.
The nature of the vulnerability made me especially suspicious. All login attempts were being logged to a text file at http://bitscalper.com/p/app/log . It's possible that Bitscalper was intentionally logging passwords, and this was the only way he knew how to do it with his CMS.
We seem to be in regime of shoot the messenger here!
Anyone who has such knowledge has to make a judgement call:
1. to quietly notify the site to get it fixed
or
2. To tell everyone so that they can change passwords ASAP and/or get their funds out.
or
3. Do both.
Which you do depends on your view of the site and how it will react to the message.
Is it a scam vs not a scam.
If it is a scam and you alert the owner who legs it, everyone else will be pissed.
If it isn't a scam and you alert everyone else the site may be badly damaged or killed.
We can all be wise after the event but that does not make Theymos's judgement call negligent.
Anyone who has such knowledge has to make a judgement call:
1. to quietly notify the site to get it fixed
or
2. To tell everyone so that they can change passwords ASAP and/or get their funds out.
or
3. Do both.
Which you do depends on your view of the site and how it will react to the message.
Is it a scam vs not a scam.
If it is a scam and you alert the owner who legs it, everyone else will be pissed.
If it isn't a scam and you alert everyone else the site may be badly damaged or killed.
We can all be wise after the event but that does not make Theymos's judgement call negligent.
i do believe this is highly negligible and criminal what theymos has tried to do.
what did he do
Theymos pointed every scammer on the internet to bitscalper.
This can be taken as proof.
We are just checking that everything is in order, funds appear safe. We had hundreds of hack attempts those last days and we need to make sure there was no security breach at all and remove the bogus requests before filling withdrawals.
this is text book definition criminal negligence, this kind of action by an admin of bitcointalk should not be allowed to stand.
Lets say a reporter said on TV to not buy cars at a car dealership because they the cars they sold all used the exact same key. Then a bunch of scammers went to the dealership because they heard the report and tried to steal the cars. The fault lies with the car dealership not the reporter for being negligent in not knowing how to secure a car lock.
Jump to: