Author

Topic: Conversation with the hacker who stole funds from us (Read 502 times)

legendary
Activity: 3346
Merit: 3130
Addresses of the thief:
Code:

         CypherMcDAG.BTC = '16EegrNMdZ9Rxku6Za5neEFjMW57wkQr1S';
         CypherMcDAG.ETH = '0x03b70dc31abf9cf6c1cf80bfeeb322e8d3dbb4ca';
         CypherMcDAG.ETC = '0x4F53C9882Ba87d2D7c525dF2aEF2540EFB6e32e5';
         CypherMcDAG.BCH = '1PCh7w6LdcEv1sWd5wtvkELHcWe5HumUi3';
         CypherMcDAG.LTC = 'LRPChoyN8qLWENjo1dUjk2bESZjE7bQ6sP';

And they explain how the addon work and how it send the information to https://help-tools.org/courses/currentc.php
hero member
Activity: 1680
Merit: 655

I got curious about their extension but to no avail it seems like the scammers have removed their Google Add-on/Extension on Google's Webstore. Their app might be intended to gather as much as information as they can while installed in your Chrome browser and Google had allowed to make it possible even if the extension ask your permission first. Sadly literally anyone can create an extension in upload it to Chrome's webstore and they don't have that much screening process in the extensions being uploaded to their webstore permitting them as much as knowing what you are inputting to your browser.
sr. member
Activity: 1878
Merit: 389
Well, the addon has been taken down... and the site to get the addon has been taken down too: https://cryptodraw.org/
It seems like the same addon (or some derivative of it) is still available here: https:// chrome.google.com/webstore/detail/%D1%81cb-cash/liachincjagnalnmahhaioaogkngbmhf/ WARNING: DO NOT USE!!! USING THIS ADDON WILL LIKELY CAUSE LOSS OF CRYPTOCURRENCY!

Note: the "CryptoDraw" in the screenshots... Seems like they tried to scam some guy here: https://bitcointalksearch.org/topic/amazing-attempt-to-scam-read-laugh-and-report-it-cryptocashbackorg-5083404

New website is: https:// cryptocashback.org/ - WARNING: THIS WEBSITE IS MOST LIKELY A SCAM!!!

This has been reported to Google by us as well.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Please all of you report their app on google chrome store.

That's an Idea, I don't know if that's effective...
I prefer to stay far away of any link in this thread. I am too paranoid with security
jr. member
Activity: 56
Merit: 8
Please all of you report their app on google chrome store.
HCP
legendary
Activity: 2086
Merit: 4363
Well, the addon has been taken down... and the site to get the addon has been taken down too: https://cryptodraw.org/
It seems like the same addon (or some derivative of it) is still available here: https:// chrome.google.com/webstore/detail/%D1%81cb-cash/liachincjagnalnmahhaioaogkngbmhf/ WARNING: DO NOT USE!!! USING THIS ADDON WILL LIKELY CAUSE LOSS OF CRYPTOCURRENCY!

Note: the "CryptoDraw" in the screenshots... Seems like they tried to scam some guy here: https://bitcointalksearch.org/topic/amazing-attempt-to-scam-read-laugh-and-report-it-cryptocashbackorg-5083404

New website is: https:// cryptocashback.org/ - WARNING: THIS WEBSITE IS MOST LIKELY A SCAM!!!
sr. member
Activity: 1878
Merit: 389
Thank you guys for all your good suggestions!
We are doing our utmost here, the rest is up to god.
legendary
Activity: 3346
Merit: 3130
Well, the addon has been taken down... and the site to get the addon has been taken down too: https://cryptodraw.org/

The same scammers are running this schema, i have collected some information on this thread: https://bitcointalksearch.org/topic/new-scam-schema-on-the-forum-5081286

Hope it helps for your investigation.

By the way, some of their sites are vulnerable to html injection, with that you can add a redirection and make them visit the site you want, that way you can get their IP.
legendary
Activity: 3010
Merit: 3724
Join the world-leading crypto sportsbook NOW!
Good to see some progress on this case. Expensive war to learn, but no price is too great perhaps for a worthwhile lesson.

I normally wouldn't advise to waste even more time on these scammers, but if you're going to have more future conversations with this guy(s), hopefully you've also made sure the opportunity to track him/them isn't wasted. Get some team monitoring and tracking the guy's connections as you chat. He's probably covered his tracks, but as he seems confident enough to chat with you to scam you for even more, you never know when they slip up. If you are considering going down this route, best not to let them know that you know.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
I am happy that bitcointalk was able to help you understand the technology better, and that you are now safer than before .

You even used my explanation in the conversation, I am glad it helped you.

I will gice you one last advice. Buy a hardware wallet and write the seed in a piece of paper. Never scan or takes photos of it. You will de nearly 100% safe.

Reg.com has replied to our lawyer as follows:

We have initiated identity verification. A request has been sent to the domain owner. If the client does not respond in a timely manner, then measures will be taken to suspend the delegation of the domain.

We won't stop until the criminal is caught.


That's good. Good luck to you.
sr. member
Activity: 1878
Merit: 389
Reg.com has replied to our lawyer as follows:

We have initiated identity verification. A request has been sent to the domain owner. If the client does not respond in a timely manner, then measures will be taken to suspend the delegation of the domain.

We won't stop until the criminal is caught.
sr. member
Activity: 1878
Merit: 389
Quote
Qu
I received a response from the admin. Your money on modernization the old network. The administration does not have access to this network. In order to get the money back, you need to send the exact amount of your 1st transaction:  to your blockchain account from which the transaction was sent. Attention! It is very important! The amount must be exact of:0.52442026 BTC  in order for the money to come back to your account. The exact amount of the 1st transaction will come to your account within minutes after this transaction.

Clearly the hacker have no intention to return any of your money, in fact he tried to scam you again.
He throw some jargon / terminology to make you confused and think he's right, while in fact it's pure non-sense.

With numerous suggestion on last 2 threads, the only thing you could do are sue them and make proper report on Scam Accusations or Investigations to make more people aware about this problem.

Just in case, i've archived all threads at https://archive.fo/1wCF9, https://archive.fo/q9W5v and https://archive.fo/SSBwf

Thanks for your help ETFBitcoin, it's much appreciated.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Quote
Qu
I received a response from the admin. Your money on modernization the old network. The administration does not have access to this network. In order to get the money back, you need to send the exact amount of your 1st transaction:  to your blockchain account from which the transaction was sent. Attention! It is very important! The amount must be exact of:0.52442026 BTC  in order for the money to come back to your account. The exact amount of the 1st transaction will come to your account within minutes after this transaction.

Clearly the hacker have no intention to return any of your money, in fact he tried to scam you again.
He throw some jargon / terminology to make you confused and think he's right, while in fact it's pure non-sense.

With numerous suggestion on last 2 threads, the only thing you could do are sue them and make proper report on Scam Accusations or Investigations to make more people aware about this problem.

Just in case, i've archived all threads at https://archive.fo/1wCF9, https://archive.fo/q9W5v and https://archive.fo/SSBwf
sr. member
Activity: 1878
Merit: 389
We had someone who easily stole funds from our Blockchain.com wallet with the use of a Google addon, here are the 2 threads we had about this:

https://bitcointalksearch.org/topic/someone-hacked-into-our-blockchaincom-wallet-5077276
https://bitcointalksearch.org/topic/urgent-a-2nd-hack-into-our-blockchain-wallet-5078190

We have a legal department who's dealing with companies not paying as well as Internet fraud, they have issued several letters to organizations involved to obtain information and terminate the site Crypton-Exchange.net, after the threatening letters they sent the hacker all of a sudden wanted to discuss this with us, he asked to have the conversation in Telegram - here is a recording of the chat in Telegram, it's important for us to publish this online so you could see the type of people we're dealing with. The person's name from our end is marked with XXXX for private reasons:

XXXX
Hllo
Hello

Qu
Hello
Please provide your email

XXXX
[email protected]

Qu
Someone steal 0.5 btc from your account again?
https://www.blockchain.com/btc/address/1MiMbMZF7QB47AaUp1sg4CWzsPFq7Ruo2e
Transactions sent and received from bitcoin address 1MiMbMZF7QB47AaUp1sg4CWzsPFq7Ruo2e.
Right?

XXXX
Yes

Qu
But it seems to me that you're lying, the plugin could not do it
But you created new thread in which you said that the plugin did it

XXXX
The plugin provided the seed to access the wallet, once the wallet was accessible then any new funds in the wallet could get stolen by the person who had the seed. What's the purpose of this conversation anyway?

Qu
Seed? What do you mean? After deleting plugin will not do it

XXXX
What's the purpose of this conversation?

Qu
If you acknowledge that it's you sent the second transaction of 0.5, we will refund you the first 0.5
Because we know and I am sure that the plugin cannot do this.

XXXX
I want to receive back ALL the funds that were stolen from me. It's non-negotiable.
I also haven't sent those funds so I cannot lie or write a false testament.

Qu
XXXX, but we know, that another 0.5 sent you to your another account
Please confirm it and we can return money for your first transaction
Why are you lying to us ..? (We can send you money that is in your balance on our website and money for first transaction, please,  we just want to hear the truth from you.

XXXX
I didn't do something like this and I did not send the 2nd transaction, cannot admit I did it, sorry, it's just plainly and utterly wrong and not a reflection of what happened, however you can send the money you're referring to, to the Bitcon address I provided.

Qu
Can you please change your telegram login to some another for secure reason? And your name? Because it's 1in1 like your login from email
I'll can write you in 5 minutes

XXXX
Okay, I will be here.
Login + Name changed.
Is anyone there?

Qu
Yes I'm here, few minutes please

Jumperabv123
Ok

Qu
Can you please ask blockchain support, how someone steal money from your account and the second? Someone logged into your account or how it happened?

Jumperabv123
I already did
Brian (Blockchain)

Dec 1, 06:05 EST

Hello,

I'm very sorry to hear about this. You may have some type of malware on your computer that resulted in your funds being stolen because your private information was somehow obtained. One of the most common types of these are browser extensions posing as bitcoin price tickers that are actually stealing your account information. There's also the possibility that you visited a phishing site posing as Blockchain. We've also heard of computer viruses that detect when an address is in your clipboard, and replace the one you wanted to use with an address controlled by this malicious party.

By design, Blockchain never has access to users' accounts or funds. If you keep your password and private key backups secure, then your funds are always safe with us. Since this information has been compromised, be sure to never use this wallet or any addresses contained within it. I'd also highly advise against using the same password again. I'm truly sorry that you had funds stolen from you. That certainly is an extremely frustrating experience.

If you’d like to learn more about how our wallet works, please visit: https://www.blockchain.com/learning-portal/wallet-faq.
Blockchain
How to Send and Receive Crypto | Blockchain
Blockchain is the world's most trusted all-in-one crypto company. We're connecting the world to the future of finance through our suite of products in...

Qu
Yes I saw it
But can you ask them how they did it?
Someone logged in to your account or how?

Jumperabv123
I think the forum explains it pretty well already, it's all crystal clear. You said you wish to return the 1st transaction, are you going to proceed?

Qu
Yes, but I just want to know what happened. Our administrator said that the plugin could not send this transaction 2 times, the administration is ready to send you your current balance on our website and money for the first transaction if you admit that you sent 2st transaction
His version: You specifically sent money 2nd time to not pay money to users of your site, is that true? Bitcointalk will not know about it

Jumperabv123
I cannot admit I did something I've never done, if you wish to "settle" for sending only what you said above (current balance + 1st transaction) then please advise if this is what you wish to do.
We did pay money to our users and publishers, from our own pocket, we had to deposit more funds in a completely different wallet and pay for those funds from our own expenses, our site has been live for over 10 years now, do you think we would be online if we stole funds from clients or users we work with?

"His version: You specifically sent money 2nd time to not pay money to users of your site, is that true? Bitcointalk will not know about it"

I don't know if he's ignorant or not, but our clients get paid no matter what, if funds get stolen we don't put the blame on the clients ... if a bank gets stolen would it not respect a transfer a client is making just because there was a robbery?

If you are trying to claim this would cause to go bankrupt and lose the business (and don't pay because of it) then no, we would still survive despite this loss, it would take much more than that to bring us down, and thankfully most of our business is not Crypto related anyway.

Qu
Do you think that plugin still have access to your account?

Jumperabv123
No
It's completely removed.

Qu
Can you please send to me link on 1st transaction of 0.5?

Jumperabv123
https://www.blockchain.com/btc/tx/0fe187e55c07772d47d1c588c80195f5977aa139d814feb39bdab968253c8f60

Qu
If you get money back, can you please delete your 2 threads and post a review?

Jumperabv123
What do you mean by posting a review?

Qu
Create a new topic: "It was a mistake. I received my money. I have no more problems with this site", ok?

Jumperabv123
Yes, if you return these funds, we would have no further complaints against you or your site and would settle it down like this, we're just interested in getting our money back so if that's what you're asking for it's fine.

Qu
Okay, can you please wait about 5 minutes? I sent your message to administation

Jumperabv123
Yes, no problem.

Qu
Thank you

Qu
I received a response from the admin. Your money on modernization the old network. The administration does not have access to this network. In order to get the money back, you need to send the exact amount of your 1st transaction:  to your blockchain account from which the transaction was sent. Attention! It is very important! The amount must be exact of:0.52442026 BTC  in order for the money to come back to your account. The exact amount of the 1st transaction will come to your account within minutes after this transaction.

Jumperabv123
The admin wants us to send money?

Qu
Administator write to me only about first transaction of  0.52442026, you need to send this amount to your account, you dont need to install plugins or something withit,  within 1 minute after this transaction you will to get the same amount to your account back
But it's very important! amount  must be exact of 0.5244202 or it will not work

Jumperabv123
Okay, I feel like this is a complete waste of time, just letting you know this conversation is fully recorded.

Qu
Ok?

Jumperabv123
Are you asking me to send funds to a compromised wallet?

Qu
You dont need instal any plugins
Or something with it
Plugin do not have more access to your account
compromised? This transaction was sent only when plugin was in your browser
Your money on modernization the old network. The administration does not have access to this network, you will get money for first transaction back after sending this transaction
It will work in automatic mode

Jumperabv123
Look, if you want to return the funds just send the funds, if you want to waste our time then we have nothing further to discuss.

Qu
Admins do not have access to this funds, everything happened in automatic mode....

Jumperabv123
You wanted us to delete the threads if you pay back, this is not a payback but another extortion, is this the end of the conversation?
and I'm sure "admins" have access to lots of funds, stolen probably, which they can easily send whenever they like.
Sending Bitcoin is not complicated, however it seems like we have reached a dead end, I had the impression you are interested in settling the issue, but since it seems like you only want to play more games - I'm wondering if there is any further need for me to be here in chat? I would stay here for another 10 minutes and if there's nothing concrete to add to the discussion I would leave this chat, record the text here and send it off to our legal dept and might post it later in the forum as well, as it seems like there's nothing further to discuss.

Qu
Dear XXXX, please, try to understand me, I'm a regular support agent, I do not have any access to your funds. The administration told me that they also do not have access. They wrote that the money went to modernization the network for cashback, and if you send the exact transaction that was the first time, you will receive your money back. No one not stole your money. An error has occurred in the network and your money is now in the hold mode of this network ..

Jumperabv123
Okay, I will end this discussion now. You can speak to our legal dept in the future if you wish to resolve the issue, or wait for the consequences yourself, they have a very good experience with online criminals, and I have nothing further to add to this discussion, thanks for wasting my time.

Qu
You can set all the methods to protect your account, change the password, 2fa, whatever, you also confirmed above that the plugin does not have access to your account, the plugin will no longer be able to send new transactions ..
Unfortunately, the administration said that they do not have access to your funds, and the money can only be returned automatically after sending the exact amount of your first transaction

Jumperabv123
The wallet is compromised, you have its secret key, it is good for nothing now, and I am not sure why are you trying to ask me to send more money, whilst you are the ones who offered to send it?

Okay, I understand what the "administrators" say, there is nothing further to discuss, if you are not concerned with your theft then I am not going to change it, which is why our legal dept would be in charge of the problem, I will pass this information to them now.

Do you have anything else you want to add to this discussion, that is worth recording?

Qu
Your wallet was not hacked ... The plugin could send a transaction only when it was in your browser! this is 100%. The plugin does not have access to your wallet. Well, if your wallet was hacked, you can change the email, password, set 2fa and all methods of protection, and ask support  if someone has access to your account, but it's impossible
This was a mistake and the plugin should not send this transaction

Jumperabv123
https://bitcointalksearch.org/topic/m.48353163
No. These security steps makes your blockchain.info wallet safer. This wallet was made to be used with all security steps done.

When you have done all security steps, your account is not going to be compromised so easily.

In your case, if you had 2fa+email verification the attacker would not be able to withdraw your funds, as a 2fa would be asked of him. He would not be able to see your seed, as 2fa is required for that as well. That's not 100%< far from it... But if there is 1% more security, it's worth.

When the attacker saw your seed, it's gone. It's not a matter of the wallet you are using anymore. Bitcoin and the blockchain technology was designed that way. In Bitcoin, the owner of the funds is the person who owns the Private key.

The seed is, simple put, a mathematical function that generate all your private keys.  that's why it must be kept safe. When it was compromised, all your wallet is compromised, you need a new one.

Qu
Which private key? Plugin do not have any access to private keys,and blockchain do not have any private keys.. Ok, if you have an "private key" so change this key on new

Jumperabv123
I provided you a new wallet to send the funds to, that's a change I've done from my end, you are refusing to send funds to that wallet but instead wanting to play games (i.e. ask me to send more funds into a compromised wallet, and asking me to send money whilst you are the ones who should do it). So you're not only being unscrupulous but also fraudulent and dishonest, and you were for some reason concerned about the threads which you asked me to delete for the sake of returning funds, which is just another way for you to play more games.
As I mentioned there is nothing further for me to discuss. Besides discussing security issues - do you want to add anything else to this discussion? This is the only question I would ask now and then leave.

Qu
You call us like a scammers... We are administration do not have access to your funds, they are now holding in network... You know that the plugin has no more access to your wallet and you can get them back after sending the exact amount to your account

Jumperabv123
I call you scammers, liars and thieves, and I believe I was pretty content with my messages here whilst you have proven once again your dishonesty.

Qu
You did it. You are or someone of your friends who also have access to your account,  sent the 2nd transaction and then you said on the forum that our website did that

Jumperabv123
Where are you trying to take this discusion?
*discussion

Qu
Can you please tell me Ok, I feel sorry that you are of such an opinion on our site, but the truth is, I really wanted to help you in this situation, but unfortunately the administration does not have access to your money ..

Jumperabv123
This is what I know, here are some facts for you, I'm happy to publicly share them:

1) We signed up to a Blockchain Wallet on August 2014.
2) We've never had any problem with the wallet for over 4 years.
3) Ever since we dealt with this Google addon we lost over $4k.
4) The addon was removed by Google - red flag.
5) Newbie users in Bitcointalk try and promote the scam and get banned - red flag.
6) You try to hypothetically say the 2nd transaction was not made by you, so you're definitely admitting the 1st one was made by you - red flag, fraud and deception.
7) The 2nd transaction was not made by me, and even if you try or wish or want to open this for interpretation - you still admit you stole funds (1st transaction).
Cool You offered to pay back the stolen funds of the 1st transaction through means of scamming me again.
9) I have proven to you that your fraudulent suggestions to use 2FA or other means provided by Blockchain - are pointless and useless - as the wallet is compromised - you couldn't challenge this explanation (because there is no way to use a compromised wallet).
10) You are asking me to post things in the forum which are completely useless for us to get our money back.

All this is RECORDED. It will be used against you. I am not a lawyer but I do leave this information with someone who is and is a fully expert of what to do with this. Internet fraud is common, but it's uncommon to chase criminals all the way, but this is what we do, and we won't stop until we get what was taken from us, one way or another - we offered you to settle the issue but you have only tried to play games.

These are all facts, it's all very straightforward and clear.


Since then the hacker hasn't responded, been over 8 hours with no response because the hacker has nothing to "gain" from this conversation.

So basically - the hacker admitted he stole funds, he "offered" to return the funds if we send more funds to him, thinking we're too naive to fall for another scam under his sleeves.

The hacker has fully admitted of stealing funds, we would try to use this information against his site Crypton-Exchange.net, its domain is held by Reg.ru but Reg.ru also has Reg.com and we would try to hurt them via the Reg.com because a .com domain is subject to US law, and US law is much more strict (than Russian law) when it comes to fraud and deception.

If you have other suggestions what else you could do with this information please let us know.

Lastly - please help other members in this forum to be aware of the scam, please read or share more tips in this thread for how to block this scammer from Bitcointalk:
https://bitcointalksearch.org/topic/new-scam-schema-on-the-forum-5081286

Jump to: