Author

Topic: btc-arbs.com - Update: dead HYIP, Refund progress: BTC-arbs still doing refunds - page 158. (Read 277012 times)

newbie
Activity: 58
Merit: 0
Guys this is confusing, let's make it easy


1 Who didn't receive his withdrawal?

2 Who didn't receive his funds when he trasnfered money to btc arbs account? (Neutral LTC and Slipknot do you receive your funds in btc arbs now?)

3 Who got wipped his btc arbs account suddenly? (Kriptokings do you solve your issues now? Guncoinsupport it is true your story?)

4 Who can't login in btc arbs account? (Pletharoe can you login now?)


I fucking annoyed about rumors of friends and stuff like that, it is real or not? at the moment there are no real evidence that this site is scam

I WANT REAL EVIDENCES!
hero member
Activity: 854
Merit: 510
So better have people their money stolen then warn them? What is wrong with you really? How can you blame me for warning people not to login as long as they have this vulnerability?

Sure, you disagree with me about it being a ponzi. But this is completely unrelated to that.

I have tried http://filippo.io/Heartbleed/ on btc-arbs.com like 50 times and around 35 times it showed "vulnerable", around 5 times "time-out error" and 10 times "it's safe". If you actually have read the FAQ on that website, you will see that "false negatives" are much more common than "false positives". Better yet, "false positives" is almost impossible because you can actually see a part of the memory on that website. So therefor they were vulnerable and my warning was 100% good no fucking FUD. Actually only right now http://filippo.io/Heartbleed/ returns "seems fixed" all the time, so I actually think it's fixed right now.

Now you start providing some details.   Anyway, I agree that you were correct about this concern.   
sr. member
Activity: 278
Merit: 250
I anyone else having trouble logging in?

I am currently unable to log into my account.  When I did the "forgot password" procedure, it said that my email address wasn't even registered!  I have 2FA and until now no problems.
hero member
Activity: 728
Merit: 500
Also here is my suggestion to get actual proof that previous users are paid with new users funds...

We can share all our account public keys with dates that we used to transfer funds to btcarbs, to someone here we trust (and who can actually detect if any funds were sent from any of these accounts to any of those accounts), if its legit (I personally beleave its not) then we will see rare transwers between those accounts (it will be more random picture) but otherwise we will have older accounts getting incomming transactions from newer ones... And it doesent change a thing if they use a mixer or something if we have addresses we can find any connection between them using blockchain...

As many people here share thair pairs than more obvious will be result.
This information will be only available to that one person we thrust...

I'm expecting your opinions on this suggestion if you please...

This is trivial to avoid for a savvy Ponzi operator. Simply move all deposited funds to an exchange and withdraw funds from the exchange to pay for customer withdrawals. Not only does this make the exchange operate as a mixer, it also fits the coverstory.
full member
Activity: 237
Merit: 100
I'm using BTC-arbs for few days... After reading this thread i'm 90% sure its a ponzi.

Except all those arguments i've read here I can add.

I've withdrawed all funds from First account to see if Second account really gives any profit at all by referall program, and guess what? it didnt?

Also here is my suggestion to get actual proof that previous users are paid with new users funds...

We can share all our account public keys with dates that we used to transfer funds to btcarbs, to someone here we trust (and who can actually detect if any funds were sent from any of these accounts to any of those accounts), if its legit (I personally beleave its not) then we will see rare transwers between those accounts (it will be more random picture) but otherwise we will have older accounts getting incomming transactions from newer ones... And it doesent change a thing if they use a mixer or something if we have addresses we can find any connection between them using blockchain...

As many people here share thair pairs than more obvious will be result.
This information will be only available to that one person we thrust...

I'm expecting your opinions on this suggestion if you please...
legendary
Activity: 1876
Merit: 1303
DiceSites.com owner
So better have people their money stolen then warn them? What is wrong with you really? How can you blame me for warning people not to login as long as they have this vulnerability?

Sure, you disagree with me about it being a ponzi. But this is completely unrelated to that.

I have tried http://filippo.io/Heartbleed/ on btc-arbs.com like 50 times and around 35 times it showed "vulnerable", around 5 times "time-out error" and 10 times "it's safe". If you actually have read the FAQ on that website, you will see that "false negatives" are much more common than "false positives". Better yet, "false positives" is almost impossible because you can actually see a part of the memory on that website. So therefor they were vulnerable and my warning was 100% good no fucking FUD. Actually only right now http://filippo.io/Heartbleed/ returns "seems fixed" all the time, so I actually think it's fixed right now.
hero member
Activity: 854
Merit: 510
I did finally find a test that points out there could be an issue.   https://lastpass.com/heartbleed/?h=btc-arbs.com    Recommended that you don't change your password until it is patched.    
Glad to hear that you found that.  Now you see that we're not just "whipping up the fear".  Cheesy

There was FUD postings without any proof.   Even the link I found isn't a 100% sure.   However, now that the risk is there I won't log in for a few days.    Give things time to be patched, just in case.    I don't have enough there that I can't let it ride a week or two.   
 
newbie
Activity: 42
Merit: 0
I did finally find a test that points out there could be an issue.   https://lastpass.com/heartbleed/?h=btc-arbs.com    Recommended that you don't change your password until it is patched.    
Glad to hear that you found that.  Now you see that we're not just "whipping up the fear".  Cheesy

You don't even know if they had any version of openSSL 1.01 ... most sites don't.
I think I read that 59% of sites use OpenSSL, but I don't know about 1.01.  I hope that it hasn't been exploited this whole time.

EDIT: according to Wikipedia, 17% of secure servers are/were vulnerable.  That's a lot.
hero member
Activity: 854
Merit: 510
I did finally find a test that points out there could be an issue.   https://lastpass.com/heartbleed/?h=btc-arbs.com    Recommended that you don't change your password until it is patched.   

hero member
Activity: 854
Merit: 510
That page says "btc-arbs.com IS VULNERABLE. " ?

No it is fine.  That test can give a false positive when load is high.
What are you talking about? It gives part of the memory as proof :s


Just to be clear: anyone using BTC-arbs last few days should be very careful. An attacker can steal user's cookies/password as long as btc-arbs.com has this OpenSSL vulnerability. I recommend to not use this site until this vulnerability is fixed.

And well, obviously I recommend to not use them at all since months already but yeh. Will be perfect end for ponzi too "ah shit, got hacked".

What?  Now you are just spreading FUD!  
Why? With this vulnerability attackers can get ~64KB of random data from the memory, and an attacker can keep doing this to get more memory data. In the memory data there can be sessions IDs of users so the attacker can take over their session and for example do a BTC withdrawal. This is widely documented already, for example: https://www.mattslifebytes.com/?p=533 , https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/ , etc. and the scripts for it are pretty easy to find too.

Do you really enjoy people losing their money or something? I am just trying to warn people for a serious security vulnerability :\

Where is your proof that BTC-arbs is open to this vulnerability?    The test site used early in this thread cleared the site.   This is only a problem with unpatched openSSL 1.01.   In the meantime you are just whipping up the fear you have been trying since the beginning of this thread.   


Heartbleed could end up having a HUGE IMPACT on the internet.  And it's not just 1.01, it's 1.01-1.01f.  This has been around for about two years, and it could have been exploited during that whole time.  64kb of data times many requests can get you a lot of info. 

If you don't know anything about Heartbleed, you should read about it at http://heartbleed.com/.  The worst case scenario is not hackers just stealing usernames and passwords, but acquiring the encryption keys and being able to read ALL the traffic between the server and users (including in the past) and being able to impersonate the server at will. 

I checked BTC Arbs on http://filippo.io/Heartbleed/ and with Chromebleed Checker at the time of my post about it, and they both said it was vulnerable.  Rechecking now says that it's okay, so BTC Arbs must have fixed it.  Although BTC Arbs mentioned Heartbleed in the reports, they didn't say anything about their own vulnerability.  They are just reminding everyone about 2FA (isn't that vulnerable to Heartbleed anyway?). 

It doesn't look like they revoked the certificate, so they haven't gone that far in patching the vulnerability.

You don't even know if they had any version of openSSL 1.01 ... most sites don't.   The test pages I tried said they weren't vulnerable.   Link was through coinbase and on this thread.   Tried both places.   
newbie
Activity: 42
Merit: 0
That page says "btc-arbs.com IS VULNERABLE. " ?

No it is fine.  That test can give a false positive when load is high.
What are you talking about? It gives part of the memory as proof :s


Just to be clear: anyone using BTC-arbs last few days should be very careful. An attacker can steal user's cookies/password as long as btc-arbs.com has this OpenSSL vulnerability. I recommend to not use this site until this vulnerability is fixed.

And well, obviously I recommend to not use them at all since months already but yeh. Will be perfect end for ponzi too "ah shit, got hacked".

What?  Now you are just spreading FUD!  
Why? With this vulnerability attackers can get ~64KB of random data from the memory, and an attacker can keep doing this to get more memory data. In the memory data there can be sessions IDs of users so the attacker can take over their session and for example do a BTC withdrawal. This is widely documented already, for example: https://www.mattslifebytes.com/?p=533 , https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/ , etc. and the scripts for it are pretty easy to find too.

Do you really enjoy people losing their money or something? I am just trying to warn people for a serious security vulnerability :\

Where is your proof that BTC-arbs is open to this vulnerability?    The test site used early in this thread cleared the site.   This is only a problem with unpatched openSSL 1.01.   In the meantime you are just whipping up the fear you have been trying since the beginning of this thread.   


Heartbleed could end up having a HUGE IMPACT on the internet.  And it's not just 1.01, it's 1.01-1.01f.  This has been around for about two years, and it could have been exploited during that whole time.  64kb of data times many requests can get you a lot of info. 

If you don't know anything about Heartbleed, you should read about it at http://heartbleed.com/.  The worst case scenario is not hackers just stealing usernames and passwords, but acquiring the encryption keys and being able to read ALL the traffic between the server and users (including in the past) and being able to impersonate the server at will. 

I checked BTC Arbs on http://filippo.io/Heartbleed/ and with Chromebleed Checker at the time of my post about it, and they both said it was vulnerable.  Rechecking now says that it's okay, so BTC Arbs must have fixed it.  Although BTC Arbs mentioned Heartbleed in the reports, they didn't say anything about their own vulnerability.  They are just reminding everyone about 2FA (isn't that vulnerable to Heartbleed anyway?). 

It doesn't look like they revoked the certificate, so they haven't gone that far in patching the vulnerability.
hero member
Activity: 854
Merit: 510
That page says "btc-arbs.com IS VULNERABLE. " ?

No it is fine.  That test can give a false positive when load is high.
What are you talking about? It gives part of the memory as proof :s


Just to be clear: anyone using BTC-arbs last few days should be very careful. An attacker can steal user's cookies/password as long as btc-arbs.com has this OpenSSL vulnerability. I recommend to not use this site until this vulnerability is fixed.

And well, obviously I recommend to not use them at all since months already but yeh. Will be perfect end for ponzi too "ah shit, got hacked".

What?  Now you are just spreading FUD!  
Why? With this vulnerability attackers can get ~64KB of random data from the memory, and an attacker can keep doing this to get more memory data. In the memory data there can be sessions IDs of users so the attacker can take over their session and for example do a BTC withdrawal. This is widely documented already, for example: https://www.mattslifebytes.com/?p=533 , https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/ , etc. and the scripts for it are pretty easy to find too.

Do you really enjoy people losing their money or something? I am just trying to warn people for a serious security vulnerability :\

Where is your proof that BTC-arbs is open to this vulnerability?    The test site used early in this thread cleared the site.   This is only a problem with unpatched openSSL 1.01.   In the meantime you are just whipping up the fear you have been trying since the beginning of this thread.   
full member
Activity: 158
Merit: 100
Hey all, FYI, I was trying out the btc-arbs site for the past month or so and yesterday my account got wiped out as well.  Luckily I only had 0.45 BTC in the account, but it is now all gone.

BE CAREFUL USING THIS SITE AND READ ALL THE RECENT REPORTS OF STOLEN BTC FROM BTC-ARBS VIA GOOGLE SEARCH
copper member
Activity: 658
Merit: 500
Blockchain Just Entered The Real World
i got a response from Adam (administrator)

he's asked which btc address i've sent it to , will keep you posted.


Yea meanwhile my deposit has been credited. oO

I ve sent another one, will report oO But i dont expect a fast credit coz night starts here in CE.
hero member
Activity: 854
Merit: 506
way ahead of ya buddy, grabs the next 6 pack Wink

LoL... no beer.... i need vodka at this point
legendary
Activity: 1492
Merit: 1021
way ahead of ya buddy, grabs the next 6 pack Wink
hero member
Activity: 854
Merit: 506
i got a response from Adam (administrator)

he's asked which btc address i've sent it to , will keep you posted.

Another friend with funds is taking his out. He received an email stating 36 hrs to receive his payment. Atleast he got an email... I wouldn't be surprised this place goes belly down in 24.... idk...w.e... me being an idiot. I will play it safe and stick with what has been safe in the past. This and BTC prices are depressing me. I need a drink!  Undecided
legendary
Activity: 1492
Merit: 1021
i got a response from Adam (administrator)

he's asked which btc address i've sent it to , will keep you posted.
hero member
Activity: 854
Merit: 506
AFAIK you never will get email to confirm a withdrawal.
Seems your account has been hacked and some1 withdrew 1.7 BTC.

I figured I would get an email on taking it out like must exchanges do. This place is a joke.... never again.

You could be right, i never tried withdrawal. I have read here that withdrawals are working, that supplied evidence.

Some1 might changed e mail adress for the time of this 1.7 BTC withdrawal, confirmed withdrawal with his e mail address and restored your address. Ask support what e mail address was used for this transaction or if a unwanted e-mail-address-change was applied.



I have submitted 5 support tix in the last 4 hours... no response. I checked email and it is mine. When I did the .46 withdraw I received no confirmation email.... great security!

Just one question, if somebody hacked your account and stole 1.7 BTC, why would they leave 0.46 BTC in the account for you to withdraw?HuhHuh?
I have no idea. This is why I am hoping maybe the site did this by mistake. Yes I would expect a hacker to take it all.
legendary
Activity: 1652
Merit: 1007
DMD Diamond Making Money 4+ years! Join us!
AFAIK you never will get email to confirm a withdrawal.
Seems your account has been hacked and some1 withdrew 1.7 BTC.

I figured I would get an email on taking it out like must exchanges do. This place is a joke.... never again.

You could be right, i never tried withdrawal. I have read here that withdrawals are working, that supplied evidence.

Some1 might changed e mail adress for the time of this 1.7 BTC withdrawal, confirmed withdrawal with his e mail address and restored your address. Ask support what e mail address was used for this transaction or if a unwanted e-mail-address-change was applied.

I have submitted 5 support tix in the last 4 hours... no response. I checked email and it is mine. When I did the .46 withdraw I received no confirmation email.... great security!

Just one question, if somebody hacked your account and stole 1.7 BTC, why would they leave 0.46 BTC in the account for you to withdraw?HuhHuh?
Jump to: