Topic: [closed] Liberty Payout (lrp) and wallet.dat exploit (Read 2613 times)
If this has been concluded without due harm to both sides, please close and mark the thread as so to keep down the clutter.
I had this issue with the wallet file too once. It was because there were too many tiny amounts of coins spread over many addresses, and trying to send coins overloaded Bitcoin-at with too many address inputs. In my case i had to extract the private keys and sweep them a few at a time. I seriously doubt it's an exploit.
Thanks for this input.
I had this issue with the wallet file too once. It was because there were too many tiny amounts of coins spread over many addresses, and trying to send coins overloaded Bitcoin-at with too many address inputs. In my case i had to extract the private keys and sweep them a few at a time. I seriously doubt it's an exploit.
Excuses, excuses. Save it for the judge.
They're not excuses. You guys are asking questions and I am responding. I spend 2 days away from the forum and you guys overreact. This is btctalk so I really am not surprised.
Excuses, excuses. Save it for the judge.
While I do feel bad about furrycoat, and your history of being scammed. I did not scam you. Anyway my wallet.dat WAS corrupted and it is not hostile. I had to go jumping from nick, to nick which makes people even more weary of my "scamming". But it's because I had enroll on my nick so unless i auth'd it would boot me.
Then why were you using 'Azephur_' as a nick? Pretty hard to jump from nick to nick and claim innocence especially when the nicks involved are respected OTC members.
There was a point where I was under the impression azelphur had screwed me over. Let me explain the reasoning:
With my issues on OTC it kept telling me my password was wrong, on top of that I had bottles whom I have never met claiming I scammed him. I then assumed that it was Azel that had used the wallet.dat I had sent him a few weeks ago and had been scamming in my name. Far fetched? Maybe. Regardless Aethro than helped me recover my password and reset my OTC key.
Before I had reset this data, when I kept getting my password wrong, OTC stopped letting me use my nick. Kept giving me the unavailable error. So I decided to try a new nick, Azelphur's was simply the first one to come to mind. I spent a total of about 3 seconds on it before I went back, to trying to recover my own nick.
While I do feel bad about furrycoat, and your history of being scammed. I did not scam you. Anyway my wallet.dat WAS corrupted and it is not hostile. I had to go jumping from nick, to nick which makes people even more weary of my "scamming". But it's because I had enroll on my nick so unless i auth'd it would boot me.
Yes, the police have been contacted and show interest in this case. I've been speaking to an administrator from FBI internet crime bureu she has showed great interest in it and the case is moving along. You cant simply steal 1500$ and get away with it. This is my second time being scammed and I can promise you this peice of shit is going to be a prison bitch.
What court? Are there people really going to involve the state? That would be the first time out of 500.
LRP is a SCAMMER. https://bitcointalksearch.org/topic/liberty-payout-1000-131107
Not to worry tho, he will be dealt with in court if the funds are not received.
Not to worry tho, he will be dealt with in court if the funds are not received.
This didn't happen to me, I'm just passing on the info in interest of protecting people or getting some answers
short version: a day or two ago, aethero received a wallet.dat from someone who claimed they couldn't open it, asking for help. thinking it was harmless, he tried to open it, and believes it was an exploit. Seisatsu mentions that LRP tried the same thing on him
(timezone: US Central - Austin/Chicago)
here's some more background
http://66.68.146.89/otc/?*76.124.34.93*
see also http://bitcoin-otc.com/viewratingdetail.php?nick=LRP
somewhat related news, LRP allegedly scammed Seisatsu and bottles in #bitcoin-otc
short version: a day or two ago, aethero received a wallet.dat from someone who claimed they couldn't open it, asking for help. thinking it was harmless, he tried to open it, and believes it was an exploit. Seisatsu mentions that LRP tried the same thing on him
DO NOT ACCEPT WALLET.DAT FROM ANYONE.
DO NOT TRY TO OPEN A .DAT FILE THAT YOU DON'T FULLY TRUST.
DO NOT TRY TO OPEN A .DAT FILE THAT YOU DON'T FULLY TRUST.
(timezone: US Central - Austin/Chicago)
Quote
[12-19 17:56] ;;rate lrp -10 Sent me the currupted and most likely hostile wallet.dat file
[12-19 17:57] <+TheButterZone> http://66.68.146.89/otc/query.php?imperial
[12-19 17:57] <@gribble> Rating entry successful. Your rating of -10 for user lrp has been recorded.
[12-19 17:57] he still an asshole?
[12-19 17:57] ah
[12-19 17:57] <+ReliableSource> aethero: lrp was the one with the .dat fil??
[12-19 17:57] He was telling me last night
[12-19 17:57] Believe so
[12-19 17:57] <+ReliableSource> wow
[12-19 17:57] <+ReliableSource> this guy gets around
[12-19 17:57] how his bitcoin software kept crashing
[12-19 17:57] Yes
[12-19 17:57] and he'd send me his wallet so I could get his key out
[12-19 17:57] Its a wallet.dat file with exploit code.
[12-19 17:57] so he could auth
[12-19 17:57] QUIT , Reite , , *[email protected] , "Ping timeout: 276 seconds"
[12-19 17:57] I had to format the moment I opened it in my qt
[12-19 17:57] <+ReliableSource> please post about this on the forums
[12-19 17:57] DO NOT OPEN HOSTILE WALLET.DAT FILES
[12-19 17:57] when he found out I was going to use a third party program to extract the key
[12-19 17:57] he never sent it
[12-19 17:57] <+TheButterZone> http://66.68.146.89/otc/query.php?imperial
[12-19 17:57] <@gribble> Rating entry successful. Your rating of -10 for user lrp has been recorded.
[12-19 17:57]
[12-19 17:57]
[12-19 17:57] <+ReliableSource> aethero: lrp was the one with the .dat fil??
[12-19 17:57]
[12-19 17:57]
[12-19 17:57] <+ReliableSource> wow
[12-19 17:57] <+ReliableSource> this guy gets around
[12-19 17:57]
[12-19 17:57]
[12-19 17:57]
[12-19 17:57]
[12-19 17:57]
[12-19 17:57] QUIT , Reite , , *[email protected] , "Ping timeout: 276 seconds"
[12-19 17:57]
[12-19 17:57] <+ReliableSource> please post about this on the forums
[12-19 17:57]
[12-19 17:57]
[12-19 17:57]
here's some more background
http://66.68.146.89/otc/?*76.124.34.93*
Quote
[12-17 19:02] JOIN , MountainDew , #bitcoin-otc , *!4c7c225d@gateway/web/freenode/ip.76.124.34.93 ,
...
[12-17 19:22] and blockchain.info won't import my wallet.dat
...
[12-17 19:22]
see also http://bitcoin-otc.com/viewratingdetail.php?nick=LRP
Quote
[12-18 10:53] **[PUBLIC SERVICE ANNOUNCEMENT] Do _not_ open wallet.dat files in your bitcoin client unless they are from a trusted person.
[12-18 10:53] <+jcpham> can -qt execute a binary
[12-18 10:53] sounds like a basic thing
[12-18 10:53] Apparently there is an exploit. I was infected last night by a hostile wallet.dat file.
[12-18 10:53] <+jcpham> code excution is a basic thing
[12-18 10:54] you'd think that "wallet" files would be like the bitcoin "documents", things that can be "opened" by the bitcoin program
[12-18 10:54] JOIN , praeconium , #bitcoin-otc , *[email protected] ,
[12-18 10:54] <+jcpham> i wouldn't think that in a windows environment
[12-18 10:54] <+jcpham> anything is possible in windows now
[12-18 10:54] <+Cusipzzz> aethero: you sure it was wallet.dat and not walletdat.exe?
[12-18 10:54] JOIN , manuelol , #bitcoin-otc , *!579f9b93@gateway/web/freenode/ip.87.159.155.147 ,
[12-18 10:54] Yes.
[12-18 10:54] thanks, aethero. (but why would you open a strange wallet.dat? I'm curious)
[12-18 10:54] but if bitcoin has this problem, it's quite a problem
[12-18 10:54] aethero: did it manage to steal any of your coins? (i assume that's its purpose)
[12-18 10:55] Nope. I keep all of my coins in an offline cold wallet.
[12-18 10:55] <+jcpham> so common sense is still common sense
[12-18 10:55] <+Cusipzzz> would like to see the file, assuming no money in it of course
[12-18 10:55] Cusipzzz PMing
[12-18 10:55] <+jcpham> me too!
[12-18 10:55] <+Cusipzzz> did you post it on the forums?
[12-18 10:55] Not yet
[12-18 10:55] me 3!
[12-18 10:55] any prodigy fans here?
[12-18 10:56] <+jcpham> i want it,especially if it's a binary
[12-18 10:56] <+jcpham> also i think aethero uses armory
[12-18 10:57] <+jcpham> if screenshot memory serves me correctly
[12-18 10:57] <+Cusipzzz> ahhh, armory? may explain it. prob intentional, from the devs
[12-18 10:57] JOIN , Cylta , #bitcoin-otc , *[email protected] ,
[12-18 10:57] FonziScheme: you in the uk?
[12-18 10:57] i have some spare tickets for tonights london gig
[12-18 10:58] nope. USA
[12-18 10:58] 
[12-18 10:58] <+jcpham> i'm what you call a visual learner
[12-18 10:58] <+jcpham> difficult to forget what i see
[12-18 10:58] <+Cusipzzz> prodigy was pretty good. cheaper than Compuserve too
[12-18 10:58] the user savetheintermac(here in the chat) identified himself to me as the user savetheinternet,which i checked with the command
[12-18 10:58] is it then okay to deal with him?
[12-18 10:58] I think savetheintermac == savetheinternet. is he authed?
[12-18 10:59] ;;ident savetheintermac
[12-18 10:59] <+pigeons> ;;gettrust manuelol [ident savetheintermac]
[12-18 10:59] <@gribble> Trust relationship from user manuelol to user savetheinternet: Level 1: 0, Level 2: 0 via 0 connections. Graph: http://serajewelks.bitcoin-otc.com/trustgraph.php?source=manuelol&dest=savetheinternet
[12-18 10:59] <+jcpham> ;;ident FonziScheme
[12-18 10:59] <@gribble> Nick 'FonziScheme', with hostmask 'FonziScheme!farg@unaffiliated/fbastage', is not identified.
[12-18 10:59] gribble says he's savetheinternet [12-18 11:00:13] Nick 'savetheintermac', with hostmask '[email protected]', is identified as user savetheinternet, with GPG key id 080CC10AC3E7E093, key fingerprint 9D8100004B70196CD780C3C0080CC10AC3E7E093, and bitcoin address None
[12-18 10:59] <+pigeons> ;;gettrust [ident savetheintermac]
[12-18 10:59] <@gribble> Trust relationship from user pigeons to user savetheinternet: Level 1: 0, Level 2: 7 via 5 connections. Graph: http://serajewelks.bitcoin-otc.com/trustgraph.php?source=pigeons&dest=savetheinternet
[12-18 11:01] Cusipzzz no, this had nothing to do with armory
[12-18 11:01] I specifically loaded this in bitcoin-qt
[12-18 11:02] <+pigeons> where did you get the file? what happened?
[12-18 11:02] yes i get the in gribble this ...is identified as user savetheinternet, with GPG key id....
[12-18 11:03] <+jcpham> so no armoury
[12-18 11:03] <+jcpham> this is a -qt wallet
[12-18 11:03] <+jcpham> what is the source, be vague
[12-18 11:03] I no longer have logs as I immedately pulled my net connection and wiped my system, but there was a guy in here last night who was having issues with his wallet.dat file. He asked for help because the wallet.dat crashed his QT every time he loaded it. I grabbed the file and loaded it in mine.
[12-18 11:04] * gribble sets mode: +v StoneHead
[12-18 11:04] <+jcpham> hrm
[12-18 11:04] He needed to auth with gribble using one of the private keys
[12-18 11:04] <+jcpham> so i need a new virtual machine for this
[12-18 11:04] <+jcpham> that's what you are saying to me
[12-18 11:04] Yes
[12-18 11:04] <+jcpham> with -qt
[12-18 11:04] I was going to spin up a VM for it, but I figured there was almost 0 chance of there being an exploit
[12-18 11:05] and what do you mean when you say you were "infected"? what happend?
[12-18 11:05] also, which version of qt were you running?
[12-18 11:05] you can't tell these things. it's not like the flu that you can tell when you are ill
[12-18 11:05] <+jcpham> actually i don't need a vm
[12-18 11:06] and yet, he's telling us these things
[12-18 11:06] <+jcpham> i have a pc right here i can throw away
[12-18 11:06] <+helo> pcs have feelings too
[12-18 11:06] I dont remember. It was either latest stable or the one right before that. I was able to sign a message for him to change nicks with gribble. The wallet showed 2.6 coins in it, which I attempted to send, which is when the QT client crashed. I think I still have a pic of the error message, one sec
[12-18 11:07] a core dump would be better, but i guess you are on windows?
[12-18 11:07] QUIT , darkee| , , *!~darkee@gateway/tor-sasl/darkee , "Read error: Connection reset by peer"
[12-18 11:07] JOIN , Sealy , #bitcoin-otc , *!~Sealy@unaffiliated/sealy ,
[12-18 11:07] <+pigeons> it crashed, but what made you think it tried to execute code or was even crafted to crash?
[12-18 11:07] JOIN , darkee| , #bitcoin-otc , *!~darkee@gateway/tor-sasl/darkee ,
[12-18 11:08] Well, his behavior the whole time was suspicious, so after it crashed I checked for any unknown processes. There was a new startup entry that I did not recognize in autoruns
[12-18 11:08] At that point I pulled my net connection and formatted
[12-18 11:08] JOIN , a5m0 , #bitcoin-otc , *[email protected] ,
[12-18 11:08] QUIT , a5m0 , , *[email protected] , "Changing host"
[12-18 11:08] JOIN , a5m0 , #bitcoin-otc , *!~a5m0@unaffiliated/a5m0 ,
[12-18 11:08] <+pigeons> and you don't have a backup of the file?
[12-18 11:08] QUIT , taub , , *[email protected] , "Read error: Connection reset by peer"
[12-18 11:08] I already PM'd the wallet.dat to Cusipzzz and jcpham
[12-18 10:53] <+jcpham> can -qt execute a binary
[12-18 10:53]
[12-18 10:53]
[12-18 10:53] <+jcpham> code excution is a basic thing
[12-18 10:54]
[12-18 10:54] JOIN , praeconium , #bitcoin-otc , *[email protected] ,
[12-18 10:54] <+jcpham> i wouldn't think that in a windows environment
[12-18 10:54] <+jcpham> anything is possible in windows now
[12-18 10:54] <+Cusipzzz> aethero: you sure it was wallet.dat and not walletdat.exe?
[12-18 10:54] JOIN , manuelol , #bitcoin-otc , *!579f9b93@gateway/web/freenode/ip.87.159.155.147 ,
[12-18 10:54]
[12-18 10:54]
[12-18 10:54]
[12-18 10:54]
[12-18 10:55]
[12-18 10:55] <+jcpham> so common sense is still common sense
[12-18 10:55] <+Cusipzzz> would like to see the file, assuming no money in it of course
[12-18 10:55]
[12-18 10:55] <+jcpham> me too!
[12-18 10:55] <+Cusipzzz> did you post it on the forums?
[12-18 10:55]
[12-18 10:55]
[12-18 10:55]
[12-18 10:56] <+jcpham> i want it,especially if it's a binary
[12-18 10:56] <+jcpham> also i think aethero uses armory
[12-18 10:57] <+jcpham> if screenshot memory serves me correctly
[12-18 10:57] <+Cusipzzz> ahhh, armory? may explain it. prob intentional, from the devs
[12-18 10:57] JOIN , Cylta , #bitcoin-otc , *[email protected] ,
[12-18 10:57]
[12-18 10:57]
[12-18 10:58]
[12-18 10:58]
[12-18 10:58] <+jcpham> i'm what you call a visual learner
[12-18 10:58] <+jcpham> difficult to forget what i see
[12-18 10:58] <+Cusipzzz> prodigy was pretty good. cheaper than Compuserve too
[12-18 10:58]
[12-18 10:58]
[12-18 10:58]
[12-18 10:59]
[12-18 10:59] <+pigeons> ;;gettrust manuelol [ident savetheintermac]
[12-18 10:59] <@gribble> Trust relationship from user manuelol to user savetheinternet: Level 1: 0, Level 2: 0 via 0 connections. Graph: http://serajewelks.bitcoin-otc.com/trustgraph.php?source=manuelol&dest=savetheinternet
[12-18 10:59] <+jcpham> ;;ident FonziScheme
[12-18 10:59] <@gribble> Nick 'FonziScheme', with hostmask 'FonziScheme!farg@unaffiliated/fbastage', is not identified.
[12-18 10:59]
[12-18 10:59] <+pigeons> ;;gettrust [ident savetheintermac]
[12-18 10:59] <@gribble> Trust relationship from user pigeons to user savetheinternet: Level 1: 0, Level 2: 7 via 5 connections. Graph: http://serajewelks.bitcoin-otc.com/trustgraph.php?source=pigeons&dest=savetheinternet
[12-18 11:01]
[12-18 11:01]
[12-18 11:02] <+pigeons> where did you get the file? what happened?
[12-18 11:02]
[12-18 11:03] <+jcpham> so no armoury
[12-18 11:03] <+jcpham> this is a -qt wallet
[12-18 11:03] <+jcpham> what is the source, be vague
[12-18 11:03]
[12-18 11:04] * gribble sets mode: +v StoneHead
[12-18 11:04] <+jcpham> hrm
[12-18 11:04]
[12-18 11:04] <+jcpham> so i need a new virtual machine for this
[12-18 11:04] <+jcpham> that's what you are saying to me
[12-18 11:04]
[12-18 11:04] <+jcpham> with -qt
[12-18 11:04]
[12-18 11:05]
[12-18 11:05]
[12-18 11:05]
[12-18 11:05] <+jcpham> actually i don't need a vm
[12-18 11:06]
[12-18 11:06] <+jcpham> i have a pc right here i can throw away
[12-18 11:06] <+helo> pcs have feelings too
[12-18 11:06]
[12-18 11:07]
[12-18 11:07] QUIT , darkee| , , *!~darkee@gateway/tor-sasl/darkee , "Read error: Connection reset by peer"
[12-18 11:07] JOIN , Sealy , #bitcoin-otc , *!~Sealy@unaffiliated/sealy ,
[12-18 11:07] <+pigeons> it crashed, but what made you think it tried to execute code or was even crafted to crash?
[12-18 11:07] JOIN , darkee| , #bitcoin-otc , *!~darkee@gateway/tor-sasl/darkee ,
[12-18 11:08]
[12-18 11:08]
[12-18 11:08] JOIN , a5m0 , #bitcoin-otc , *[email protected] ,
[12-18 11:08] QUIT , a5m0 , , *[email protected] , "Changing host"
[12-18 11:08] JOIN , a5m0 , #bitcoin-otc , *!~a5m0@unaffiliated/a5m0 ,
[12-18 11:08] <+pigeons> and you don't have a backup of the file?
[12-18 11:08] QUIT , taub , , *[email protected] , "Read error: Connection reset by peer"
[12-18 11:08]
somewhat related news, LRP allegedly scammed Seisatsu and bottles in #bitcoin-otc
Jump to: