Topic: BTCrow.com Escrow Service Fraud (Read 6067 times)

About 5 years back, BTCrow was purchased by:
                             
William Hulskamp - from Australia                   
biometrics74[at]gmail.com 


here's the body of email:
==================================================================

Hi,

Could you provide a little more info on this site. Do you have any
aggregated statistics for escrow transactions e.g.

Number of transactions (per month, since started ...)
Average transaction value

Also what are the hosting requirements? e.g. Windows, Linux ...
development platform(s) (php, perl ...), database (mysql?), and third
party software requirements. Also could it run on shared hosting?

Kind Regards,

Paul


and the full headers:

============================================================

Received: by 10.236.80.66 with SMTP id j42mr3784528yhe.98.1316067618616;
        Wed, 14 Sep 2011 23:20:18 -0700 (PDT)
Received: from [10.66.32.101] (s044E.static.pacific.net.au [61.8.19.78])
        by mx.google.com with ESMTPS id k12sm12984312anc.19.2011.09.14.23.20.15
        (version=SSLv3 cipher=OTHER);
        Wed, 14 Sep 2011 23:20:17 -0700 (PDT)
Message-ID: <[email protected]>
Date: Thu, 15 Sep 2011 16:19:54 +1000
From: bios

gmail.com>

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: [email protected]
Subject: Flippa Auction - btcrow.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Again, gfy BTCrow & thank you for your disservice to the community. Real class act you are to advertise your 59btc scam against me a top your commissions spreadsheet to prospective buyers: http://imgur.com/NMNbitB

Shame on the buyer who has interest in buying BTCrow (particularly as they claim someone is bidding upwards of 1300btc)!

Just because a website uses the word escrow, doesn't make them trustworthy, why would anyone send such sums to random strangers on the internet? Looks like they played you for a fool and used insider knowledge to manipulate your funds into their wallet. Probably not hard to find whoever is behind BTCrow, but they are probably on holiday right now spending your money. Karma will come back to get them but the police will help too.

There is no NEW OWNER,is the fucking same. 

So long BTCrow, good luck with your plan to scam another party via your website/'business' sale!

Thank you for being a lying scumbag & making off with undeserved/stolen btc!
View BTCrow support deceiving their customer when ask where the payment was/went. They claim the receiver address was stored encrypted via email: http://imgur.com/X3rBbyj

and clearly the selective scammers have full access to payout address they choose to withhold within their admin:
https://i.imgur.com/puzErTr.jpg

Thanks also for ducking legal and attorney contact you piece of work.

NOBODY purchase BTCrow.com the SCAM Escrow Fraud

Maybe you want to contact the hosting provider and ask them who owns 5.134.117.43 at the moment. The host takes bitcoin though so it might be hard to trace. They also do CC, PayPal, and wire transfer.

Thank you key!


Unsure this message from BTCrow is new or helpful, hopefully they will update & amend their protocol asap. It is clear they still only worry about the receipt of payments to them & place no priority to see the payout reaches a legitimate address. Further, the frauds/hackers are privy to their bogus service which fails to safeguard funds and are able to take full advantage. Indeed BTCrow is either a selective scammer and/or utterly incompetent.

It looks like it came from a webmail program iRedMail, running on a VPS in Alicante, Spain.

X-PHP-Originating-Script: 1000:functions.php

The IP of that machine is 5.134.117.43. This is the hosting provider, http://lowendbox.com/tag/ginernet-com/

Did you see the new message which pops up when you go to their site?

Do you know which email is that one that is supposedly spoofed?

Thank you very much, appreciate the clarity as I have been curious how a subdomain from btcrow (s2.btcrow) equates to a spoofed email/address.

Email #1) Please confirm transaction
Delivered-To: m********[email protected]
Received: by 10.194.134.66 with SMTP id pi2csp246460wjb;
        Sat, 7 Nov 2015 06:07:49 -0800 (PST)
X-Received: by 10.28.133.133 with SMTP id h127mr16713029wmd.41.1446905269821;
        Sat, 07 Nov 2015 06:07:49 -0800 (PST)
Return-Path: <[email protected]>
Received: from s2.btcrow.com ([5.134.117.43])
        by mx.google.com with ESMTPS id uz5si6579998wjc.199.2015.11.07.06.07.49
        for [email protected]>
        (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
        Sat, 07 Nov 2015 06:07:49 -0800 (PST)
Received-SPF: neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=5.134.117.43;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected];
       dkim=temperror (no key for signature) [email protected]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=btcrow.com; s=mail;
   h=Date:Message-Id:Reply-To:From:Content-type:MIME-Version:Subject:To; bh=oSgjeZxnH8emju5vkrpa969ANgF0uT2poQPs7vBqYvU=;
   b=bqpdiVWIFv6bpNdUOUfP/xYsSs2m9sIyvjUA+mceu+sRYxKjtp7bHSJNBFo1N8c/ahaDeSQdPydtFGRuMpa4h4I8KbZdOgE6gKdFX/WEnX5wzqi7oG4HetqE4Ut7Yx8uDQyZAzaaBImy+AcV/ue8t3Yn8c7NeHtlJsuxShWD1/I=;
Received: from admin by s2.btcrow.com with local (Exim 4.80)
   (envelope-from <[email protected]>)
   id 1Zv48k-0001pc-23; Sat, 07 Nov 2015 09:06:46 -0500
To: m********[email protected]
Subject: Please confirm transaction #JLdhofwi4E563e05376f1e2
X-PHP-Originating-Script: 1000:functions.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: BTCrow.com<[email protected]>
Reply-To: [email protected]
X-Mailer: PHP/5.4.41-0+deb7u1
Message-Id: <[email protected]>
Date: Sat, 07 Nov 2015 09:06:46 -0500

---

Email #2) Payment Received
Delivered-To: m********[email protected]
Received: by 10.194.134.66 with SMTP id pi2csp1281408wjb;
        Mon, 9 Nov 2015 08:31:05 -0800 (PST)
X-Received: by 10.28.16.203 with SMTP id 194mr28935765wmq.55.1447086665479;
        Mon, 09 Nov 2015 08:31:05 -0800 (PST)
Return-Path: <[email protected]>
Received: from s2.btcrow.com ([5.134.117.43])
        by mx.google.com with ESMTPS id u8si19143549wja.11.2015.11.09.08.31.05
        for [email protected]>
        (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
        Mon, 09 Nov 2015 08:31:05 -0800 (PST)
Received-SPF: neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=5.134.117.43;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected];
       dkim=temperror (no key for signature) [email protected]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=btcrow.com; s=mail;
   h=Date:Message-Id:Reply-To:From:Content-type:MIME-Version:Subject:To; bh=p/D8Vsdp6CJfm3ZqoUCUDqJIwKHDiYebsdLWG/5WJAs=;
   b=qOmf5WNbrBrJArCmUDoxoLa4+6+G0PR0oWM2Ti4qpm54r2ACsjQqoQ4DfZL5pSd12fYlaWyvWmJyNqkRAHmrONTvvSEFxQKWM2pyFVf0vOiTQhYbh/0hYe/5Xp5EsQHVhM2Wo+uC2dUxBhhuBS3GZaxvphjIAYp+P9MoI8Hawdw=;
Received: from admin by s2.btcrow.com with local (Exim 4.80)
   (envelope-from <[email protected]>)
   id 1ZvpKT-0003a2-Ih; Mon, 09 Nov 2015 11:30:01 -0500
To: m********[email protected]
Subject: BTCrow Transaction - Payment Received
X-PHP-Originating-Script: 1000:functions.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: BTCrow.com<[email protected]>
Reply-To: [email protected]
X-Mailer: PHP/5.4.41-0+deb7u1
Message-Id: <[email protected]>
Date: Mon, 09 Nov 2015 11:30:01 -0500

---

Email #3) Item(s) Sent
Delivered-To: m********[email protected]
Received: by 10.194.82.65 with SMTP id g1csp725947wjy;
        Wed, 11 Nov 2015 05:37:47 -0800 (PST)
X-Received: by 10.194.184.7 with SMTP id eq7mr10210720wjc.26.1447249067420;
        Wed, 11 Nov 2015 05:37:47 -0800 (PST)
Return-Path: <[email protected]>
Received: from s2.btcrow.com ([5.134.117.43])
        by mx.google.com with ESMTPS id m134si12576512wmd.84.2015.11.11.05.37.47
        for [email protected]>
        (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
        Wed, 11 Nov 2015 05:37:47 -0800 (PST)
Received-SPF: neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=5.134.117.43;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected];
       dkim=temperror (no key for signature) [email protected]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=btcrow.com; s=mail;
   h=Date:Message-Id:Reply-To:From:Content-type:MIME-Version:Subject:To; bh=WIAaNewrELU1UVcg10meMm302ZfGK8n1waZ0XUrQyhE=;
   b=soaFtkL98eZLBarsFryG+Wc8CFG8knnUMJbet2g+BoOGPxNvZzd5dlbU87nTGhHXR87Vz2VONLGJ38TPy37w0tkC3iMOXFapjiH1jf0SwRg2oBJ/RtO7ctj+9/zBQJ0Z7fKlDbKM/kVfkn+Um6mwy52krBMD29aUNoi+TYQC2lk=;
Received: from admin by s2.btcrow.com with local (Exim 4.80)
   (envelope-from <[email protected]>)
   id 1ZwVZq-0006YF-CO; Wed, 11 Nov 2015 08:36:42 -0500
To: m********[email protected]
Subject: Item(s) Sent - Transaction #JLdhofwi4E563e05376f1e2
X-PHP-Originating-Script: 1000:functions.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: BTCrow.com<[email protected]>
Reply-To: [email protected]
X-Mailer: PHP/5.4.41-0+deb7u1
Message-Id: <[email protected]>
Date: Wed, 11 Nov 2015 08:36:42 -0500

---

Email #4) Item(s) Received
Delivered-To: m********[email protected]
Received: by 10.194.82.65 with SMTP id g1csp783389wjy;
        Wed, 11 Nov 2015 07:31:57 -0800 (PST)
X-Received: by 10.28.11.207 with SMTP id 198mr38691064wml.47.1447255917015;
        Wed, 11 Nov 2015 07:31:57 -0800 (PST)
Return-Path: <[email protected]>
Received: from s2.btcrow.com ([5.134.117.43])
        by mx.google.com with ESMTPS id cm4si12276047wjb.78.2015.11.11.07.31.56
        for [email protected]>
        (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
        Wed, 11 Nov 2015 07:31:56 -0800 (PST)
Received-SPF: neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=5.134.117.43;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected];
       dkim=temperror (no key for signature) [email protected]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=btcrow.com; s=mail;
   h=Date:Message-Id:Reply-To:From:Content-type:MIME-Version:Subject:To; bh=fnRvQWnXwd5j2ghFrxzr48uwS3UB/PJeo11gogcEdqo=;
   b=fWVMXX7YgBx610QQhR52lgJdruPJToc26ok1iAGsohIiRwsTsDjciDlbKbI0f1cylZoeOyUTipejWiwjLVK3ujca8zdHw8auTjmJHdvNZTuXzPQZEwFJF4vtUB7UisIsfL6oDVszzsqR9ytoxdTZrWQ8EgmQn5MhirERHaPzoDk=;
Received: from admin by s2.btcrow.com with local (Exim 4.80)
   (envelope-from <[email protected]>)
   id 1ZwXMI-0000Ik-JD; Wed, 11 Nov 2015 10:30:50 -0500
To: m********[email protected]
Subject: Item(s) Received - Transaction #JLdhofwi4E563e05376f1e2
X-PHP-Originating-Script: 1000:functions.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: BTCrow.com<[email protected]>
Reply-To: [email protected]
X-Mailer: PHP/5.4.41-0+deb7u1
Message-Id: <[email protected]>
Date: Wed, 11 Nov 2015 10:30:50 -0500

---

Email #5) Funds released
Delivered-To: m********[email protected]
Received: by 10.194.82.65 with SMTP id g1csp1961217wjy;
        Sun, 22 Nov 2015 22:09:47 -0800 (PST)
X-Received: by 10.68.162.193 with SMTP id yc1mr28778151pbb.148.1448258987816;
        Sun, 22 Nov 2015 22:09:47 -0800 (PST)
Return-Path: <[email protected]>
Received: from a2i559.smtp2go.com (a2i559.smtp2go.com. [103.47.206.47])
        by mx.google.com with ESMTPS id b69si17141613pfd.30.2015.11.22.22.09.46
        for [email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 22 Nov 2015 22:09:47 -0800 (PST)
Received-SPF: neutral (google.com: 103.47.206.47 is neither permitted nor denied by domain of [email protected]) client-ip=103.47.206.47;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 103.47.206.47 is neither permitted nor denied by domain of [email protected]) [email protected];
       dkim=pass [email protected]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
   d=smtpcorp.com; s=a0-2; h=Feedback-ID:X-Smtpcorp-Track:Date:Message-ID:
   Subject:From:To; bh=sOwQYQhFQoAZ5OMPxm63XNji2FH5UA9efNyQgc8d9IA=; b=jNWCKZDMp
   P5o9hpzb4ITomHD7vuJvlFQY7RoWfuVG46nAKjScK8v5tTbg1BnWrHc4XgZCbF3DWtcxyBAE4DyQl
   ApEecKAc41yM4tzrY/0Gx9ptjoTQ8MwAF+xGlxV5WN2F5VJhhcbx7vGsKirXnu4rxLxX76DfDZaQz
   woAVLtnvUqSXy5NalOejHnuDNbewbZb+znCsf0teLIC+IbKjOHreZd6HVLQ9bt1OODkC0iTFMfQy4
   0BvGET2D/cq6R6A+cyc8Sw5Cm26aoudQIc89ZuhGfDgY0sl/gFw0Jh5SyCD4uQCnRctFICxyFaB2Y
   V1iYC0527223X0qC4KlXhw8kQ==;
To: m********[email protected]
From: BTCrow <[email protected]>
Subject: Funds released for btcrow.com transaction #JLdhofwi4E563e05376f1e2
 [Transaction Expired]
Message-ID: <[email protected]>
Date: Mon, 23 Nov 2015 06:09:08 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Smtpcorp-Track: 1a0kJq4pkR2QK5.lr2nuuP1q
Feedback-ID: 175870m:175870aw3Cd9W:175870sR_HtFR_JQ:SMTPCORP
X-Report-Abuse: Please forward a copy of this message, including all
 headers, to <[email protected]>

I was contacted about this thread by our mutual friend DP. Can you paste email headers of the supposedly spoofed emails? We can see if they were spoofed or not. Of course they could have made them appear spoofed to engage in this fraud.

Wow.
Nearly a $30,000 loss...
Dude, I feel for you.

Go to the police.

Do you think!?maybe the buyer is the same person
I'm just saying because is very weard what I just read
Sorry for you.

Thanks again for your cooperation BTCrow.

It's painfully obvious BTCrow protects themselves, ensuring they receive payments & disregards the security of their customers.

Allow my rebuttal for your skepticisms:
- There were 4 previous transactions with different amounts, in one of them the IP of buyer and seller were the same.
I recall only 1 previous transaction which was indeed for a different amount. Living in USA, I made a deal with an international buyer in USD. The deal was for 23k (USD) which was agreed upon in the beginning of Oct 2015. At the time, that translated to roughly 100 btc. Buyer needed a couple weeks to gather funds and then more time to acquire bitcoins. Early in Nov, when bitcoin value spiked, and rapidly dropped, receiving 48 coins was not welcomed and therefor I initiated a new transaction which the buyer agreed upon, totaling ~59 btc.
- The buyer never replied to any of our emails.
Did you require the buyer to reply to your emails? I also do not enjoy talking to this buyer and preferred doing business as passively/peacefully as possible.
- After initiated the inspection period the buyer has the option to release the payment, but he never release the payment.
I had given the buyer plenty of time & as I grew impatient I did make a special request for him to release payment. By the time he replied, the payment had been released to the fraudulent address.
- You contact us three times about this and I told you two times that request the of release payment (a option in the seller panel), but you preferred to wait until the transaction expire.
Some degree of arrogance you have to make such an assumption. What, were you in a rush to pay the fraudulent wallet? I do not understand 90% of your skepticism, but thanks for sharing - truly enlightening information from BTCrow!

I do feel as though I have been scammed hard, at least in large part by BTCrow.

After forwarding all emails to BTCrow support they share with me that I have been victim to their front page fraud. However, being the receiver/seller...the warning imho falls short & highlights the failure of BTCrow's service.
If I may reiterate, all of their highly publicized frauds w/ regards to their business could have been eliminated had they reach the escrow payment receiver & provide payment address.

BTCrow states I was victim of a scam with a spoofed email address because I failed to discern:

Allow me to provide off the cuff comments with regards to their security warnings:

• Do NOT send bitcoins to a bitcoin address you received via email

Not an applicable warning as I hoped to receive a release of payment.

• Check the URL domain is btcrow.com

Being the party which chose BTCrow for the escrow service, my feelings are that I was perfectly able to traffic BTCrow.com's secure website without issue.

• Check the automated emails are from a btcrow.com address

This bullet point sure does get quickly glossed over by BTCrow....

• You must verify your email address and the escrow details on btcrow.com for each transaction

Easy enough. How about the company which is receiving 1.5% of the cut handle their share of the verification of email address and escrow details?!

• We do not send the escrow's payment address via email

How you justify hiding the release of escrow payment address from view is baffling, distasteful and ripe for fraud/abuse.

• If the confirmation email goes to your SPAM or Junk folder it's most likely a spoofed email

Not once did gmail send your spoofed (or spuffed as you say) emails to SPAM/Junk folder, fyi.

• Always confirm your transaction exists on our website, and ALL details are correct

Always did confirm transaction existed on BTCrow.com, however ALL details are not transparent. Again, how dare your company conceal the release of payment address information...how are you trying to protect/fool?

• Contact us immediately if you have any suspicions

Consistent communication is what you received from my end. Allow me to sum up BTCrow's support and fill in some gaps had any party wish to use this company. While using BTCrow escrow, I learned the 1 day inspection period would not be followed by an immediate release of payment. Support shares a 7 day security period is followed by the inspection period (had the buyer not take the initiative to go out to their way to release the payment). Further, 7 day security period is later defined/clarified by BTCrow support as 7 business day period....
Perhaps during, or better yet, before the inspection & security period, BTCrow should take notice of an IP log consisting of half use from Texas & the other traffic from Amsterdam?
IP Log:
87.226.2.122
176.126.252.12
87.226.2.122
99.99.185.213
87.226.2.122
99.99.185.213
87.226.2.122
99.99.185.213

956Vette, I've already sent the information requested by private, we have a privacy policy but you are free to publish your own information.
Some of the headers of your received emails are spuffed emails. It can be a "man in the middle" attack between you and us. As I recommended initially go to the police.

I was skeptical for several reasons:

- There were 4 previous transactions with different amounts, in one of them the IP of buyer and seller were the same.
- The buyer never replied to any of our emails.
- After initiated the inspection period the buyer has the option to release the payment, but he never release the payment.
- You contact us three times about this and I told you two times that request the of release payment (a option in the seller panel), but you preferred to wait until the transaction expire.

And finally the payment is released but strangely you do not receive it. For me it was very rare. But after seeing the emails spuffed undoubtedly some kind of scam has occurred and will do everything possible to help you find the culprit.

I used btcrow with large amounts without problems a few weeks ago, be sure to not have a RAT (remote administration tool) on your computer, it could be a problem of that kind.

956Vette, I feel like you have been scammed hard by BTCRow....
I feel like you should get law enforcement on them and sue them if need be...
Well, BTCRow, can you please send the information that has been requested onto public chat? This Includes all BTC addresses without them being cleared of course.

Thank you for your continued support and astounding high degree of confidence in your system. I should mention to the onlookers BTCrow disregarded or didn't care to respond to multiple inquires in private earlier in the week. Thanks again to the bitcoin community here for provided such a valuable resource.

All emails have been forwarded to BTCrow.

How doubtful is it that I visited Coinbase via a spoofed email & went through multiple verification processes only to have copied and pasted a fraudulent bitcoin wallet address?

If you are a company that's victim to so many scam attempts per week...it is amazing that you have so few verification steps.... Maybe it's worth reiterating to the folks...BTCrow NEVER verifies the release of payment address to the seller & encrypts/conceals until the end.

Thank you for admitting fault in your process & your consideration going forward that you'll be wise to verify the address before release of payment to avoid these devastating situations.

I expect all logs to be provided to me via email (& feel free to publish IP addresses here) and to be provided with your legal address/contact information for law enforcement & attorney.