Guys this is confusing, let's make it easy
1 Who didn't receive his withdrawal?
2 Who didn't receive his funds when he trasnfered money to btc arbs account? (Neutral LTC and Slipknot do you receive your funds in btc arbs now?)
3 Who got wipped his btc arbs account suddenly? (Kriptokings do you solve your issues now? Guncoinsupport it is true your story?)
4 Who can't login in btc arbs account? (Pletharoe can you login now?)
I fucking annoyed about rumors of friends and stuff like that, it is real or not? at the moment there are no real evidence that this site is scam
I WANT REAL EVIDENCES!
Topic: btc-arbs.com - Update: dead HYIP, Refund progress: BTC-arbs still doing refunds - page 158. (Read 276958 times)
April 11, 2014, 06:06:29 AM
April 11, 2014, 05:24:54 AM
So better have people their money stolen then warn them? What is wrong with you really? How can you blame me for warning people not to login as long as they have this vulnerability?
Sure, you disagree with me about it being a ponzi. But this is completely unrelated to that.
I have tried http://filippo.io/Heartbleed/ on btc-arbs.com like 50 times and around 35 times it showed "vulnerable", around 5 times "time-out error" and 10 times "it's safe". If you actually have read the FAQ on that website, you will see that "false negatives" are much more common than "false positives". Better yet, "false positives" is almost impossible because you can actually see a part of the memory on that website. So therefor they were vulnerable and my warning was 100% good no fucking FUD. Actually only right now http://filippo.io/Heartbleed/ returns "seems fixed" all the time, so I actually think it's fixed right now.
Sure, you disagree with me about it being a ponzi. But this is completely unrelated to that.
I have tried http://filippo.io/Heartbleed/ on btc-arbs.com like 50 times and around 35 times it showed "vulnerable", around 5 times "time-out error" and 10 times "it's safe". If you actually have read the FAQ on that website, you will see that "false negatives" are much more common than "false positives". Better yet, "false positives" is almost impossible because you can actually see a part of the memory on that website. So therefor they were vulnerable and my warning was 100% good no fucking FUD. Actually only right now http://filippo.io/Heartbleed/ returns "seems fixed" all the time, so I actually think it's fixed right now.
Now you start providing some details. Anyway, I agree that you were correct about this concern.
April 11, 2014, 02:54:15 AM
I anyone else having trouble logging in?
I am currently unable to log into my account. When I did the "forgot password" procedure, it said that my email address wasn't even registered! I have 2FA and until now no problems.
I am currently unable to log into my account. When I did the "forgot password" procedure, it said that my email address wasn't even registered! I have 2FA and until now no problems.
April 11, 2014, 02:19:14 AM
Also here is my suggestion to get actual proof that previous users are paid with new users funds...
We can share all our account public keys with dates that we used to transfer funds to btcarbs, to someone here we trust (and who can actually detect if any funds were sent from any of these accounts to any of those accounts), if its legit (I personally beleave its not) then we will see rare transwers between those accounts (it will be more random picture) but otherwise we will have older accounts getting incomming transactions from newer ones... And it doesent change a thing if they use a mixer or something if we have addresses we can find any connection between them using blockchain...
As many people here share thair pairs than more obvious will be result.
This information will be only available to that one person we thrust...
I'm expecting your opinions on this suggestion if you please...
We can share all our account public keys with dates that we used to transfer funds to btcarbs, to someone here we trust (and who can actually detect if any funds were sent from any of these accounts to any of those accounts), if its legit (I personally beleave its not) then we will see rare transwers between those accounts (it will be more random picture) but otherwise we will have older accounts getting incomming transactions from newer ones... And it doesent change a thing if they use a mixer or something if we have addresses we can find any connection between them using blockchain...
As many people here share thair
This information will be only available to that one person we thrust...
I'm expecting your opinions on this suggestion if you please...
This is trivial to avoid for a savvy Ponzi operator. Simply move all deposited funds to an exchange and withdraw funds from the exchange to pay for customer withdrawals. Not only does this make the exchange operate as a mixer, it also fits the coverstory.
April 11, 2014, 02:16:45 AM
I'm using BTC-arbs for few days... After reading this thread i'm 90% sure its a ponzi.
Except all those arguments i've read here I can add.
I've withdrawed all funds from First account to see if Second account really gives any profit at all by referall program, and guess what? it didnt?
Also here is my suggestion to get actual proof that previous users are paid with new users funds...
We can share all our account public keys with dates that we used to transfer funds to btcarbs, to someone here we trust (and who can actually detect if any funds were sent from any of these accounts to any of those accounts), if its legit (I personally beleave its not) then we will see rare transwers between those accounts (it will be more random picture) but otherwise we will have older accounts getting incomming transactions from newer ones... And it doesent change a thing if they use a mixer or something if we have addresses we can find any connection between them using blockchain...
As many people here share thair pairs than more obvious will be result.
This information will be only available to that one person we thrust...
I'm expecting your opinions on this suggestion if you please...
Except all those arguments i've read here I can add.
I've withdrawed all funds from First account to see if Second account really gives any profit at all by referall program, and guess what? it didnt?
Also here is my suggestion to get actual proof that previous users are paid with new users funds...
We can share all our account public keys with dates that we used to transfer funds to btcarbs, to someone here we trust (and who can actually detect if any funds were sent from any of these accounts to any of those accounts), if its legit (I personally beleave its not) then we will see rare transwers between those accounts (it will be more random picture) but otherwise we will have older accounts getting incomming transactions from newer ones... And it doesent change a thing if they use a mixer or something if we have addresses we can find any connection between them using blockchain...
As many people here share thair
This information will be only available to that one person we thrust...
I'm expecting your opinions on this suggestion if you please...
April 11, 2014, 01:47:36 AM
So better have people their money stolen then warn them? What is wrong with you really? How can you blame me for warning people not to login as long as they have this vulnerability?
Sure, you disagree with me about it being a ponzi. But this is completely unrelated to that.
I have tried http://filippo.io/Heartbleed/ on btc-arbs.com like 50 times and around 35 times it showed "vulnerable", around 5 times "time-out error" and 10 times "it's safe". If you actually have read the FAQ on that website, you will see that "false negatives" are much more common than "false positives". Better yet, "false positives" is almost impossible because you can actually see a part of the memory on that website. So therefor they were vulnerable and my warning was 100% good no fucking FUD. Actually only right now http://filippo.io/Heartbleed/ returns "seems fixed" all the time, so I actually think it's fixed right now.
Sure, you disagree with me about it being a ponzi. But this is completely unrelated to that.
I have tried http://filippo.io/Heartbleed/ on btc-arbs.com like 50 times and around 35 times it showed "vulnerable", around 5 times "time-out error" and 10 times "it's safe". If you actually have read the FAQ on that website, you will see that "false negatives" are much more common than "false positives". Better yet, "false positives" is almost impossible because you can actually see a part of the memory on that website. So therefor they were vulnerable and my warning was 100% good no fucking FUD. Actually only right now http://filippo.io/Heartbleed/ returns "seems fixed" all the time, so I actually think it's fixed right now.
April 10, 2014, 11:24:15 PM
I did finally find a test that points out there could be an issue. https://lastpass.com/heartbleed/?h=btc-arbs.com Recommended that you don't change your password until it is patched.
Glad to hear that you found that. Now you see that we're not just "whipping up the fear". 
There was FUD postings without any proof. Even the link I found isn't a 100% sure. However, now that the risk is there I won't log in for a few days. Give things time to be patched, just in case. I don't have enough there that I can't let it ride a week or two.
April 10, 2014, 09:47:16 PM
I did finally find a test that points out there could be an issue. https://lastpass.com/heartbleed/?h=btc-arbs.com Recommended that you don't change your password until it is patched.
Glad to hear that you found that. Now you see that we're not just "whipping up the fear". You don't even know if they had any version of openSSL 1.01 ... most sites don't.
I think I read that 59% of sites use OpenSSL, but I don't know about 1.01. I hope that it hasn't been exploited this whole time.EDIT: according to Wikipedia, 17% of secure servers are/were vulnerable. That's a lot.
April 10, 2014, 07:31:38 PM
I did finally find a test that points out there could be an issue. https://lastpass.com/heartbleed/?h=btc-arbs.com Recommended that you don't change your password until it is patched.
April 10, 2014, 07:26:19 PM
That page says "btc-arbs.com IS VULNERABLE. " ?
No it is fine. That test can give a false positive when load is high.
Just to be clear: anyone using BTC-arbs last few days should be very careful. An attacker can steal user's cookies/password as long as btc-arbs.com has this OpenSSL vulnerability. I recommend to not use this site until this vulnerability is fixed.
And well, obviously I recommend to not use them at all since months already but yeh.
What? Now you are just spreading FUD!
Do you really enjoy people losing their money or something? I am just trying to warn people for a serious security vulnerability :\
Where is your proof that BTC-arbs is open to this vulnerability? The test site used early in this thread cleared the site. This is only a problem with unpatched openSSL 1.01. In the meantime you are just whipping up the fear you have been trying since the beginning of this thread.
Heartbleed could end up having a HUGE IMPACT on the internet. And it's not just 1.01, it's 1.01-1.01f. This has been around for about two years, and it could have been exploited during that whole time. 64kb of data times many requests can get you a lot of info.
If you don't know anything about Heartbleed, you should read about it at http://heartbleed.com/. The worst case scenario is not hackers just stealing usernames and passwords, but acquiring the encryption keys and being able to read ALL the traffic between the server and users (including in the past) and being able to impersonate the server at will.
I checked BTC Arbs on http://filippo.io/Heartbleed/ and with Chromebleed Checker at the time of my post about it, and they both said it was vulnerable. Rechecking now says that it's okay, so BTC Arbs must have fixed it. Although BTC Arbs mentioned Heartbleed in the reports, they didn't say anything about their own vulnerability. They are just reminding everyone about 2FA (isn't that vulnerable to Heartbleed anyway?).
It doesn't look like they revoked the certificate, so they haven't gone that far in patching the vulnerability.
You don't even know if they had any version of openSSL 1.01 ... most sites don't. The test pages I tried said they weren't vulnerable. Link was through coinbase and on this thread. Tried both places.
April 10, 2014, 06:45:54 PM
That page says "btc-arbs.com IS VULNERABLE. " ?
No it is fine. That test can give a false positive when load is high.
Just to be clear: anyone using BTC-arbs last few days should be very careful. An attacker can steal user's cookies/password as long as btc-arbs.com has this OpenSSL vulnerability. I recommend to not use this site until this vulnerability is fixed.
And well, obviously I recommend to not use them at all since months already but yeh.
What? Now you are just spreading FUD!
Do you really enjoy people losing their money or something? I am just trying to warn people for a serious security vulnerability :\
Where is your proof that BTC-arbs is open to this vulnerability? The test site used early in this thread cleared the site. This is only a problem with unpatched openSSL 1.01. In the meantime you are just whipping up the fear you have been trying since the beginning of this thread.
Heartbleed could end up having a HUGE IMPACT on the internet. And it's not just 1.01, it's 1.01-1.01f. This has been around for about two years, and it could have been exploited during that whole time. 64kb of data times many requests can get you a lot of info.
If you don't know anything about Heartbleed, you should read about it at http://heartbleed.com/. The worst case scenario is not hackers just stealing usernames and passwords, but acquiring the encryption keys and being able to read ALL the traffic between the server and users (including in the past) and being able to impersonate the server at will.
I checked BTC Arbs on http://filippo.io/Heartbleed/ and with Chromebleed Checker at the time of my post about it, and they both said it was vulnerable. Rechecking now says that it's okay, so BTC Arbs must have fixed it. Although BTC Arbs mentioned Heartbleed in the reports, they didn't say anything about their own vulnerability. They are just reminding everyone about 2FA (isn't that vulnerable to Heartbleed anyway?).
It doesn't look like they revoked the certificate, so they haven't gone that far in patching the vulnerability.
April 10, 2014, 06:27:15 PM
That page says "btc-arbs.com IS VULNERABLE. " ?
No it is fine. That test can give a false positive when load is high.
Just to be clear: anyone using BTC-arbs last few days should be very careful. An attacker can steal user's cookies/password as long as btc-arbs.com has this OpenSSL vulnerability. I recommend to not use this site until this vulnerability is fixed.
And well, obviously I recommend to not use them at all since months already but yeh.
What? Now you are just spreading FUD!
Do you really enjoy people losing their money or something? I am just trying to warn people for a serious security vulnerability :\
Where is your proof that BTC-arbs is open to this vulnerability? The test site used early in this thread cleared the site. This is only a problem with unpatched openSSL 1.01. In the meantime you are just whipping up the fear you have been trying since the beginning of this thread.
April 10, 2014, 04:19:00 PM
Hey all, FYI, I was trying out the btc-arbs site for the past month or so and yesterday my account got wiped out as well. Luckily I only had 0.45 BTC in the account, but it is now all gone.
BE CAREFUL USING THIS SITE AND READ ALL THE RECENT REPORTS OF STOLEN BTC FROM BTC-ARBS VIA GOOGLE SEARCH
BE CAREFUL USING THIS SITE AND READ ALL THE RECENT REPORTS OF STOLEN BTC FROM BTC-ARBS VIA GOOGLE SEARCH
April 10, 2014, 03:51:02 PM
i got a response from Adam (administrator)
he's asked which btc address i've sent it to , will keep you posted.
he's asked which btc address i've sent it to , will keep you posted.
Yea meanwhile my deposit has been credited. oO
I ve sent another one, will report oO But i dont expect a fast credit coz night starts here in CE.
April 10, 2014, 01:54:27 PM
way ahead of ya buddy, grabs the next 6 pack 
LoL... no beer.... i need vodka at this point
April 10, 2014, 01:50:33 PM
way ahead of ya buddy, grabs the next 6 pack
April 10, 2014, 01:41:39 PM
i got a response from Adam (administrator)
he's asked which btc address i've sent it to , will keep you posted.
he's asked which btc address i've sent it to , will keep you posted.
Another friend with funds is taking his out. He received an email stating 36 hrs to receive his payment. Atleast he got an email... I wouldn't be surprised this place goes belly down in 24.... idk...w.e... me being an idiot. I will play it safe and stick with what has been safe in the past. This and BTC prices are depressing me. I need a drink!
April 10, 2014, 01:24:17 PM
i got a response from Adam (administrator)
he's asked which btc address i've sent it to , will keep you posted.
he's asked which btc address i've sent it to , will keep you posted.
April 10, 2014, 01:05:25 PM
AFAIK you never will get email to confirm a withdrawal.
Seems your account has been hacked and some1 withdrew 1.7 BTC.
Seems your account has been hacked and some1 withdrew 1.7 BTC.
I figured I would get an email on taking it out like must exchanges do. This place is a joke.... never again.
You could be right, i never tried withdrawal. I have read here that withdrawals are working, that supplied evidence.
Some1 might changed e mail adress for the time of this 1.7 BTC withdrawal, confirmed withdrawal with his e mail address and restored your address. Ask support what e mail address was used for this transaction or if a unwanted e-mail-address-change was applied.
I have submitted 5 support tix in the last 4 hours... no response. I checked email and it is mine. When I did the .46 withdraw I received no confirmation email.... great security!
Just one question, if somebody hacked your account and stole 1.7 BTC, why would they leave 0.46 BTC in the account for you to withdraw?
?
April 10, 2014, 12:45:40 PM
AFAIK you never will get email to confirm a withdrawal.
Seems your account has been hacked and some1 withdrew 1.7 BTC.
Seems your account has been hacked and some1 withdrew 1.7 BTC.
I figured I would get an email on taking it out like must exchanges do. This place is a joke.... never again.
You could be right, i never tried withdrawal. I have read here that withdrawals are working, that supplied evidence.
Some1 might changed e mail adress for the time of this 1.7 BTC withdrawal, confirmed withdrawal with his e mail address and restored your address. Ask support what e mail address was used for this transaction or if a unwanted e-mail-address-change was applied.
I have submitted 5 support tix in the last 4 hours... no response. I checked email and it is mine. When I did the .46 withdraw I received no confirmation email.... great security!
Just one question, if somebody hacked your account and stole 1.7 BTC, why would they leave 0.46 BTC in the account for you to withdraw?
? Jump to: