Pages:
Author

Topic: FreeBitco.in Appears Hacked - Monthly Prize Money Stolen From Multiple Users - page 4. (Read 2884 times)

jr. member
Activity: 130
Merit: 3
The only thing we seem to have in common is that our USER IDs were visible on the fbtc site.

For example the daily jackpot leaderboard and the wagering and referral contest leaderboards.

I have no browser extensions, system is updated daily and avast reports no issues.

The attacker claimed he used a known xss vulnerability to steal our funds.

Deposit and withdrawal addresses were manipulated among other things.

Fbtc knew or should have known about unpatched xss security vulnerabilities.

Bugbounty lists some of these unpatched security vulnerabilities:

https://www.openbugbounty.org/reports/domain/freebitco.in/

Here is an example of the injected malicious code used during the second wave of attacks:

https://pastebin.ai/eo0q78pbuj
copper member
Activity: 126
Merit: 35
As a programmer I suggest all scammed users to check which browser extensions they have in common.
It is easier for extension to put any code inside any website so always use extensions that are neccessary and trusted.

I also want to ask how you guys are making so much money on fbc Cheesy
copper member
Activity: 68
Merit: 2
I'm still getting near daily email (spams) from them which make no mention of any trouble.

Have none of you clicked "reply" and seen what happens?

I sent them messages to 2 email addresses( [email protected] [email protected]) and wrote a personal message on this site, and a message was also sent through the fbc website in the FAQ section. There is no feedback from them
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
I'm still getting near daily email (spams) from them which make no mention of any trouble.

Have none of you clicked "reply" and seen what happens?
copper member
Activity: 68
Merit: 2
Has anyone been contacted about the theft? I wrote several emails and personal messages to support, sent them a video of how the address changed during the withdrawal, but never received a response.
jr. member
Activity: 130
Merit: 3


No response from support.

No response from TheQuin.


List of reported security vulnerabilities:

https://www.openbugbounty.org/reports/domain/freebitco.in/
copper member
Activity: 68
Merit: 2
Did someone got paid back already?

I still havent got an answer about a missing 21300€ from our accounts.

I didn't get it back. No answer was given. Does anyone have contact information for the admin of the fbc site?
newbie
Activity: 16
Merit: 0
Did someone got paid back already?

I still havent got an answer about a missing 21300€ from our accounts.
jr. member
Activity: 57
Merit: 1
Freebitco.in never responded to me and my money was stolen because of Freebitco.in

People have to be clear that if there is any problem there is no one in technical support so everything accumulated can be lost and no one will help us.
copper member
Activity: 68
Merit: 2
It all seems pointless. Support is inactive. I don't know what to do. We gathered people, we have evidence, but it's all useless
jr. member
Activity: 130
Merit: 3
No response from support.

This issue impacted a handful of wagering contest winners. As far as we know.


Malicious scripts gone (cashtravel js).

Attacker's website down (bitwrecken.com).

Complicit accounts disappeared (feleryunfbc: github, jsdelivr).

Evidence vanished.


We know the truth.

What happened can happen again. To us. To others.


Since the attack, I have made a successful withdrawal.

For now, I intend to withdraw everything. No wagering. No deposits.

Confidence remains low.

copper member
Activity: 68
Merit: 2
I also have no response from the support
jr. member
Activity: 57
Merit: 1
Some days after causing the loss of all the funds of some users and having received emails with evidence of the hack, nobody from Freebitco.in has answered my emails or contact to me. We still don't know if the hackers can attack again when they wanted.

The user @TheQuin either responded to the private message I sent him.

I cannot trust in Freebitco.in by the moment.
newbie
Activity: 16
Merit: 0
Anyway it seeems FBC is waking up, first Thequin has recently logged in, the script is of the page and the number 10 lambo winner has been announced even the outcome was already as expected.

Anyhow since the script was loaded from his website FBC is responsible, even you have injoyed our 12,5 BTC for your riant holiday.

So @thequin let me know when you are going to send me the 2000€ and 19300€ back.
legendary
Activity: 4018
Merit: 1250
Owner at AltQuick.com
Don't spam their support.  That just annoys and slows things down.

I am looking forward to hearing wtf happened.  I'm not worried about the tiny prize, it's just strange and a response would be cool.

Also, I don't use advanced links. 

Patching is a priority to talking.  We would like to keep a good affiliate relationship with FreeBitco.in, but know users are safe.   (I'm not feeling very safe atm Tongue)
jr. member
Activity: 57
Merit: 1
I keep sending emails to support, to TheQuin, and waiting for someone responsible for Freebico.in to answer me something, TheQuin, Support, or whoever.

I won't stop until my stolen money is returned.

My Freebitco.in ID: 51895659

Same to me but when you talk about support you mean the email in the FAQS menu into the page? Because i have sent many emails and they never answered.

I would love the my stolen money was returned and someone responsible for Freebico.in gave some explanations as well.

My Freebitco.in ID: 38757724

Hi Drazen2003,

Yes, e-mail:  [email protected]

Thank you very much blackmtl308,

I have written with images and documentation but... have you got an answer? I have sent many emails these last days and I never get an answer.
jr. member
Activity: 143
Merit: 1
I keep sending emails to support, to TheQuin, and waiting for someone responsible for Freebico.in to answer me something, TheQuin, Support, or whoever.

I won't stop until my stolen money is returned.

My Freebitco.in ID: 51895659

Same to me but when you talk about support you mean the email in the FAQS menu into the page? Because i have sent many emails and they never answered.

I would love the my stolen money was returned and someone responsible for Freebico.in gave some explanations as well.

My Freebitco.in ID: 38757724

Hi Drazen2003,

Yes, e-mail:  [email protected]
jr. member
Activity: 57
Merit: 1
I keep sending emails to support, to TheQuin, and waiting for someone responsible for Freebico.in to answer me something, TheQuin, Support, or whoever.

I won't stop until my stolen money is returned.

My Freebitco.in ID: 51895659

Same to me but when you talk about support you mean the email in the FAQS menu into the page? Because i have sent many emails and they never answered.

I would love the my stolen money was returned and someone responsible for Freebico.in gave some explanations as well.

My Freebitco.in ID: 38757724
jr. member
Activity: 143
Merit: 1
I keep sending emails to support, to TheQuin, and waiting for someone responsible for Freebico.in to answer me something, TheQuin, Support, or whoever.

I won't stop until my stolen money is returned.

My Freebitco.in ID: 51895659
jr. member
Activity: 57
Merit: 1
We don't know if freebitco.in has done something or if it was the hackers who removed the malicious code to calm us down, but they will come back.
Seeing that Freebitco.in has neither responded to any email, nor has it given any explanation nor does it appear anywhere, I believe it was the second option and I also believe that there will be no refund. We have been robbed and have lost our funds.
trust in freebitco.in = 0%


Your attitude and the attitude of all those who have suffered financial loss is completely logical and I agree that the reputation of this service is quite damaged after everything that happened. However, I think that they should be given a chance to show that they are still serious about what they are doing.

We recently had an example where one user received his deposit after 8 months if I am not mistaken, so although it is difficult to find justification for such a delay in solving the problem, we should not completely reject the possibility that freebitco will compensate all those who were victims of malicious scripts.

I agree, it's early days in Freebitco time and I've never seen a case so far where the fault has been found to be with Freebitco and the affected user has not been recompensed.

You're not mistaken about the case you mention, it was a deposit issue, the poor guy really went through it and understandably came to a similar conclusion that his funds were lost.

If Freebitco.in returns me some of what I lost and if I see that everything is safe again, I will raise my confidence and write it for everyone here. I have been with Freebitco.in for years now and I want to continue...

...but this week Freebitco.in is not giving me reasons to do so.

Update: At least it seems FBC is making something. I have a new window i have never seen before (PENDING DEPOSITS) with a deposit from Kraken i have made some minutes ago.
Pages:
Jump to: