Pages:
Author

Topic: ecrypto.net exchange; NEVER FORGET THE SCAM (Read 4528 times)

member
Activity: 101
Merit: 10
April 02, 2016, 02:32:36 PM
#51
Never forget, Bruce never paid us back as promised.

Also beware C-Cex is fast looking like a scam with regards to the impossibility of withdrawing delisted coins.

_https://www.facebook.com/smagik

Blur scammer back to life .

CURRENT CITY AND HOMETOWN

Victoria, British Columbia
Current city

Halifax, Nova Scotia (former city)
Hometown

We never forget to fuck you  Grin
full member
Activity: 194
Merit: 100
Never forget, Bruce never paid us back as promised.

Also beware C-Cex is fast looking like a scam with regards to the impossibility of withdrawing delisted coins.
full member
Activity: 194
Merit: 100
NEVER FORGET.

Bruce claimed so sincerely in his emails to me he would be refunding everyone asap and yet he has gone into hiding like a coward.
member
Activity: 101
Merit: 10
bruce degrosbois
bruce de grosbois
canada
british columbia
programmer
webmaster
vancouver

Just in the case someone search for his name on google...
+1
legendary
Activity: 1680
Merit: 1205
bruce degrosbois
bruce de grosbois
canada
british columbia
programmer
webmaster
vancouver

Just in the case someone search for his name on google...
legendary
Activity: 1022
Merit: 1001
Bruce has been overly quiet of late. Lets give this thread a bump just to make sure everyone knows who he his and to let him know we havent forgotten about him Smiley

I only lost coins from one hacked exchange, all the others paid me out of their own pockets.

I forget the name of the one that ripped me off, but I remember he put a picture of a cartoon cow in place of the site and refused to communicate, until someone posted his name and address here.

CoinEx is nothing compared to that!

I know how you feel about delayed withdrawals. I have lost quite a lot of money from them after missing trading opportunities.

It was ecrypto.net - see https://bitcointalk.org/index.php?topic=385591.20

The scammer that ran the site  (Bruce Degrosbois) thought it was quite funny after he did a runner & put a picture of a cow up. That was until his face got plastered all over the net as a conman. He claimed he intended to pay everyone back within a month or so, yet we have heard nothing from him since.

This is his pic


legendary
Activity: 1680
Merit: 1205
February 28, 2014, 04:05:07 AM
#45
we will never forget.
full member
Activity: 194
Merit: 100
February 27, 2014, 07:35:43 PM
#44
NEVER FORGET we are still owed money. Bruce Degrosbois doesn't reply to his email anymore. Last thing he said he had investment for a new exchange, repayment of lost funds approx end of January. We've given him another months grace now, where is the money??

facebook.com/smagik
newbie
Activity: 21
Merit: 0
sad situation, new customers and exchanges learn from this
full member
Activity: 238
Merit: 100
It definitely had issues, but they were not ones that would cause serious problems. SQL injections were blocked, and get variables were only used for display, not calculations, so they were not a top priority.

the script output was different depending on whether an injected "' and [ask your question here] -- -" condition was true or false. that's all you need for a blind sql injection attack. the database was open for the public. some people would call this a "serious problem".
member
Activity: 101
Merit: 10
I asked Bruce a few questions by email to clear up this mystery. Here are the Q & A's, answers from Bruce in bold;

1. Your facebook page recently mentioned $15k worth of deposits in the first few days, yet the stolen/deleted bitcoins (i'm not sure which it is from what you wrote) number at 11, which is around $7500. As far as i am aware nobody was able to make any successful withdrawals from the site whilst it was running so this figure should have been more like 20btc. Can you explain the discrepancy in figures please?

The value estimate was based on 11 BTC at $1000 per coin + the value of the other coins.  It was just a rough estimate that was only meant for my family and friends.  It was never intended to be a precise estimate.

2. As mentioned above, can you clarify whether this was a theft or deletion of the users bitcoins?

The BTC were all stolen, while the alt coins were simply deleted.  Most of the coins that came in had arrived within 24 hours of the attack.  Unfortunately the automatic backup did not trigger in time to save the destroyed wallets.  In hindsight I should have shut down the wallet server and manually backed it up.

3. Why did you decide to remove any mention of the site from your facebook page?

I removed it from facebook simply because i have been under attack.  My facebook page is personal, not business and I will not subject my family or friends and family to the abuse that was coming in.

4. Your statement mentions that the site was as secure as possible but others have noted that, for example that you were not not sanitizing user inputs on your GET variables and other measures leaving the site open to attack. What is your response to these comments?

The site suddenly - literally overnight went from 0 users to 900.  It definitely had issues, but they were not ones that would cause serious problems.  SQL injections were blocked, and get variables were only used for display, not calculations, so they were not a top priority.  I will admit that the site needed more work, and I probably should have kept it under wraps while that was done.  I did not anticipate the HUGE burst of traffic that occurred.

5. Many of us will have holdings that may hold a fraction of their original value once you have reimbursed us, even catering for the extra 50% we are offering. Do you have a response for that, for example can you offer a btc equivalent reimbursement for the value my EAC had at the time of the attack?

This is a good point.  I will do my best to make sure that people don't lose anything.  Hopefully the value of the coins will increase.

6. Can you comment on why, during the uptime of the site, withdrawals were (to my knowledge) impossible to complete through any browser, despite your scrolling update on the site saying they were working?

Withdrawls were actually happening, and are recorded in the database as completed.  Just before the attack happened I became aware of an issue in Mozilla, however they were working in chrome.  I can provide the log of withdrawals completed if that helps


Im sure I cant withdraw in any browser , Chrome , FF and Ie .Only had fail to withdraw message .

Nice job demoniality , you rox .
full member
Activity: 194
Merit: 100
I asked Bruce a few questions by email to clear up this mystery. Here are the Q & A's, answers from Bruce in bold;

1. Your facebook page recently mentioned $15k worth of deposits in the first few days, yet the stolen/deleted bitcoins (i'm not sure which it is from what you wrote) number at 11, which is around $7500. As far as i am aware nobody was able to make any successful withdrawals from the site whilst it was running so this figure should have been more like 20btc. Can you explain the discrepancy in figures please?

The value estimate was based on 11 BTC at $1000 per coin + the value of the other coins.  It was just a rough estimate that was only meant for my family and friends.  It was never intended to be a precise estimate.

2. As mentioned above, can you clarify whether this was a theft or deletion of the users bitcoins?

The BTC were all stolen, while the alt coins were simply deleted.  Most of the coins that came in had arrived within 24 hours of the attack.  Unfortunately the automatic backup did not trigger in time to save the destroyed wallets.  In hindsight I should have shut down the wallet server and manually backed it up.

3. Why did you decide to remove any mention of the site from your facebook page?

I removed it from facebook simply because i have been under attack.  My facebook page is personal, not business and I will not subject my family or friends and family to the abuse that was coming in.

4. Your statement mentions that the site was as secure as possible but others have noted that, for example that you were not not sanitizing user inputs on your GET variables and other measures leaving the site open to attack. What is your response to these comments?

The site suddenly - literally overnight went from 0 users to 900.  It definitely had issues, but they were not ones that would cause serious problems.  SQL injections were blocked, and get variables were only used for display, not calculations, so they were not a top priority.  I will admit that the site needed more work, and I probably should have kept it under wraps while that was done.  I did not anticipate the HUGE burst of traffic that occurred.

5. Many of us will have holdings that may hold a fraction of their original value once you have reimbursed us, even catering for the extra 50% we are offering. Do you have a response for that, for example can you offer a btc equivalent reimbursement for the value my EAC had at the time of the attack?

This is a good point.  I will do my best to make sure that people don't lose anything.  Hopefully the value of the coins will increase.

6. Can you comment on why, during the uptime of the site, withdrawals were (to my knowledge) impossible to complete through any browser, despite your scrolling update on the site saying they were working?

Withdrawls were actually happening, and are recorded in the database as completed.  Just before the attack happened I became aware of an issue in Mozilla, however they were working in chrome.  I can provide the log of withdrawals completed if that helps
member
Activity: 101
Merit: 10
UPDATE:

Explanation for loss of service and plans for recovery and repayment.

From the day Ecrypto started operating it was under attack. Many attempts to penetrate the servers occured and attempts to hack my personal accounts were constant. Unfortunatly on the morning of December 28 the attacker was successful in gaining entry to the wallet servers. Things were operating normally when I noticed the wallet balance had gone to -11 BTC. A few minutes later the wallet servers stopped responding completly, and access to them through the command line became impossible. Digital Ocean began to investigate the problem and after some time sent this response.

Greetings,

I appreciate your patience. After loading your droplet's into a recovery environment, it appears that someone has compromised both of your droplet's, and stolen your bitcoin from the `W2` droplet. This is confirmed from the `.bash_history` file, which the attack did not effectively remove. In an attempt to cover their tracks, they attempted to wipe out your droplets filesystem with `rm -rf /`, but mistakenly left the `/root` folder, which left some of the data for the blocks you had found.

On the `W1` droplet, it is not apparent if there were any *coin's transferred, as the .bash_history folder over there was effectively wiped out prior to the `rm -rf /` on that droplet.

For your reference, both droplets remain in the recovery environment right now, and have the drives mounted. I've taken a few screenshots of the console and pulled of the transfer of your 11 bitcoin on blockchain.info to confirm the theft:
http://screencast.com/t/Ba7Mvgh6md0
http://screencast.com/t/1eKtogngnw
https://blockchain.info/address/19Xn6GPjMoj8FMLMWg77Wq7PNiFSUsZxSV

Given the nature of bitcoin, this theft is effectively irreversible. Unfortunately, even if the data of your droplet's did remain intact, the theft would remain irreversible.

I would certainly be quite suspicious of this compromise, as if these bitcoin were just transferred last night, it would seem someone associated with you, or the other party, is well aware of your two mining droplets, or may have had access to the droplet's prior.

Unfortunately, there is truly nothing more that we are able to do for you at this point.

Regards,
Russell Mitchell | Support Team

There is noone with access to the account information hare so clearly this was a pure hack. I made great efforts to make the servers impossible to hack, however the hacker simply walked right in and stole everything. The coins they did not steal, they deleted. Since the attack I have just been sick to my stomach. Ecrypto has taken 6 months of 16 hour days to build, and anyone suggesting this was a theft by me is a complete fool. The total stolen was only 11 BTC which is not a huge amount. If the hacker had waited, they would have been able to steal a significant amount more, but it is obviously just an impatient child. I am currently reworking the entire setup, making significant changes that will make it impossible to penetrate. The wallet servers will have NO communications with the website server at all, and gaining access to them should be impossible. The weak point will be the weak passwords that Digital Ocean automatically generates for servers, but since the wallet server will have no connection with the website, even finding the server will be nearly impossible. I will also change the location of the wallet server at least once a week, and transfer the majority of BTC and LTC in the wallets into cold storage for additional security.

So the next question is, when will you get the coins you lost back? We have backup images of the wallet balances at the time of the attack. When the site comes back up, 100% of fees collected by the site will go to pay back lost coins. Not only will you receive the coins you lost, you will receive a 50% bonus. So for every 2 coins you had at the time of the attack - you will receive 3 coins as repayment.

Unfortunatly this is the best I can do for now. I personally suffered a large loss as well which makes it impossible to repay the lost coins faster than the plan.

When will the service resume operations? I am thinking a month or so. I need to make the servers bulletproof, and that will take time. If you feel the need to rant or call me names you can email [email protected]. Reasonable emails will be responded to ASAP.

How can this be ?

I lost over one milion EAC on his site ,thats time I sale for ~ 5 BTC ,If he really a true man he will answer to me and the community on facebook ,  I did send some messenges and got no reply ,then last night his facebook disappear .
legendary
Activity: 1680
Merit: 1205
I only hope he will honore his words... I'm waiting
full member
Activity: 194
Merit: 100
December 31, 2013, 07:32:27 PM
#37
UPDATE:

Explanation for loss of service and plans for recovery and repayment.

From the day Ecrypto started operating it was under attack. Many attempts to penetrate the servers occured and attempts to hack my personal accounts were constant. Unfortunatly on the morning of December 28 the attacker was successful in gaining entry to the wallet servers. Things were operating normally when I noticed the wallet balance had gone to -11 BTC. A few minutes later the wallet servers stopped responding completly, and access to them through the command line became impossible. Digital Ocean began to investigate the problem and after some time sent this response.

Greetings,

I appreciate your patience. After loading your droplet's into a recovery environment, it appears that someone has compromised both of your droplet's, and stolen your bitcoin from the `W2` droplet. This is confirmed from the `.bash_history` file, which the attack did not effectively remove. In an attempt to cover their tracks, they attempted to wipe out your droplets filesystem with `rm -rf /`, but mistakenly left the `/root` folder, which left some of the data for the blocks you had found.

On the `W1` droplet, it is not apparent if there were any *coin's transferred, as the .bash_history folder over there was effectively wiped out prior to the `rm -rf /` on that droplet.

For your reference, both droplets remain in the recovery environment right now, and have the drives mounted. I've taken a few screenshots of the console and pulled of the transfer of your 11 bitcoin on blockchain.info to confirm the theft:
http://screencast.com/t/Ba7Mvgh6md0
http://screencast.com/t/1eKtogngnw
https://blockchain.info/address/19Xn6GPjMoj8FMLMWg77Wq7PNiFSUsZxSV

Given the nature of bitcoin, this theft is effectively irreversible. Unfortunately, even if the data of your droplet's did remain intact, the theft would remain irreversible.

I would certainly be quite suspicious of this compromise, as if these bitcoin were just transferred last night, it would seem someone associated with you, or the other party, is well aware of your two mining droplets, or may have had access to the droplet's prior.

Unfortunately, there is truly nothing more that we are able to do for you at this point.

Regards,
Russell Mitchell | Support Team

There is noone with access to the account information hare so clearly this was a pure hack. I made great efforts to make the servers impossible to hack, however the hacker simply walked right in and stole everything. The coins they did not steal, they deleted. Since the attack I have just been sick to my stomach. Ecrypto has taken 6 months of 16 hour days to build, and anyone suggesting this was a theft by me is a complete fool. The total stolen was only 11 BTC which is not a huge amount. If the hacker had waited, they would have been able to steal a significant amount more, but it is obviously just an impatient child. I am currently reworking the entire setup, making significant changes that will make it impossible to penetrate. The wallet servers will have NO communications with the website server at all, and gaining access to them should be impossible. The weak point will be the weak passwords that Digital Ocean automatically generates for servers, but since the wallet server will have no connection with the website, even finding the server will be nearly impossible. I will also change the location of the wallet server at least once a week, and transfer the majority of BTC and LTC in the wallets into cold storage for additional security.

So the next question is, when will you get the coins you lost back? We have backup images of the wallet balances at the time of the attack. When the site comes back up, 100% of fees collected by the site will go to pay back lost coins. Not only will you receive the coins you lost, you will receive a 50% bonus. So for every 2 coins you had at the time of the attack - you will receive 3 coins as repayment.

Unfortunatly this is the best I can do for now. I personally suffered a large loss as well which makes it impossible to repay the lost coins faster than the plan.

When will the service resume operations? I am thinking a month or so. I need to make the servers bulletproof, and that will take time. If you feel the need to rant or call me names you can email [email protected]. Reasonable emails will be responded to ASAP.
legendary
Activity: 1022
Merit: 1001
December 31, 2013, 06:31:45 AM
#36
I also just saw the "grinning" cow on the website. He wouldn't have posted it, if he were in over his head. Seems to me, he just ran with all the money he collected.

This is very unfortunate for the people who deposited their coins there.

Which exchange do you trust besides Cryptsy?

I trust cn.bter.com and (maybe) vircurex.

P.S.

Name: bruce degrosbois
Organization: sitemagik
Street: 19613-42 ave
City: langley
State/Province: BC
Postal Code: v3a3a3
Country: CA
Phone: +1.6045399527

This the same guy?

Experience
Recreation and Tourism Alumni Event Coordinator at Vancouver Island University
Professional Driver at AC Taxi
Coder at Coastal Webmasters (Self-employed)
Assistant Manager at Agape Ministry
Manager at Edmonton Restaurant Slowpitch League, Edmonton, AB
Coder at Coastal Webmasters (Self-employed)



(From Linkedin) Experience

CEO
Ecrypto
October 2013 – Present (3 months)Vancouver, Canada Area
Ecrypto is developing the worlds most advanced cryptocurrency trading platform. Ecrypto is currently in Alpha development with an expected Beta release date of December 1, 2013.
http://www.Ecrypto.net

Projects

Understanding Bitcoin
March 2013
I suspect Bitcoin is a game changer much like windows was. It is hard not to love it once you understand it. The growth of Bitcoin is unprecedented and surprisingly the percentage growth of the alternate digital currency called Litecoin has been even higher. Many millionaires have been created by this and for the rest of us, well we missed the boat - this time.

I see understanding Bitcoin as...more
HeartofGoldProject.ca(Link)



Simon Fraser University
Urban Planning Certificate, Urban Planning
2013 – 2014 (expected)
RFABC
Masters certificate, facility management
2012 – 2013
I have been doing the courses for the past year and a half. I currently need 1 course to complete my certificate, however the course has not been offered - ever. Will complete it ASAP
member
Activity: 100
Merit: 10
December 31, 2013, 06:28:16 AM
#35
I also just saw the "grinning" cow on the website. He wouldn't have posted it, if he were in over his head. Seems to me, he just ran with all the money he collected.

This is very unfortunate for the people who deposited their coins there.

Which exchange do you trust besides Cryptsy?

I trust cn.bter.com and (maybe) vircurex.

P.S.

Name: bruce degrosbois
Organization: sitemagik
Street: 19613-42 ave
City: langley
State/Province: BC
Postal Code: v3a3a3
Country: CA
Phone: +1.6045399527
full member
Activity: 168
Merit: 100
December 31, 2013, 06:26:51 AM
#34
I also just saw the "grinning" cow on the website. He wouldn't have posted it, if he were in over his head. Seems to me, he just ran with all the money he collected.

This is very unfortunate for the people who deposited their coins there.

Which exchange do you trust besides Cryptsy?
member
Activity: 100
Merit: 10
December 31, 2013, 05:10:53 AM
#33
Any news regarding the website? Bruce de Grosbois appears to be the biggest troll of the week. https://www.facebook.com/smagik
sr. member
Activity: 280
Merit: 250
Pages:
Jump to: