Topic: FreeBitco.in Appears Hacked - Monthly Prize Money Stolen From Multiple Users - page 4. (Read 2596 times)
May 22, 2024, 11:06:24 AM
It all seems pointless. Support is inactive. I don't know what to do. We gathered people, we have evidence, but it's all useless
May 09, 2024, 07:42:12 PM
No response from support.
This issue impacted a handful of wagering contest winners. As far as we know.
Malicious scripts gone (cashtravel js).
Attacker's website down (bitwrecken.com).
Complicit accounts disappeared (feleryunfbc: github, jsdelivr).
Evidence vanished.
We know the truth.
What happened can happen again. To us. To others.
Since the attack, I have made a successful withdrawal.
For now, I intend to withdraw everything. No wagering. No deposits.
Confidence remains low.
This issue impacted a handful of wagering contest winners. As far as we know.
Malicious scripts gone (cashtravel js).
Attacker's website down (bitwrecken.com).
Complicit accounts disappeared (feleryunfbc: github, jsdelivr).
Evidence vanished.
We know the truth.
What happened can happen again. To us. To others.
Since the attack, I have made a successful withdrawal.
For now, I intend to withdraw everything. No wagering. No deposits.
Confidence remains low.
May 09, 2024, 11:32:31 AM
I also have no response from the support
May 09, 2024, 07:26:22 AM
Some days after causing the loss of all the funds of some users and having received emails with evidence of the hack, nobody from Freebitco.in has answered my emails or contact to me. We still don't know if the hackers can attack again when they wanted.
The user @TheQuin either responded to the private message I sent him.
I cannot trust in Freebitco.in by the moment.
The user @TheQuin either responded to the private message I sent him.
I cannot trust in Freebitco.in by the moment.
May 09, 2024, 05:04:52 AM
Anyway it seeems FBC is waking up, first Thequin has recently logged in, the script is of the page and the number 10 lambo winner has been announced even the outcome was already as expected.
Anyhow since the script was loaded from his website FBC is responsible, even you have injoyed our 12,5 BTC for your riant holiday.
So @thequin let me know when you are going to send me the 2000€ and 19300€ back.
Anyhow since the script was loaded from his website FBC is responsible, even you have injoyed our 12,5 BTC for your riant holiday.
So @thequin let me know when you are going to send me the 2000€ and 19300€ back.
May 08, 2024, 12:38:37 AM
Don't spam their support. That just annoys and slows things down.
I am looking forward to hearing wtf happened. I'm not worried about the tiny prize, it's just strange and a response would be cool.
Also, I don't use advanced links.
Patching is a priority to talking. We would like to keep a good affiliate relationship with FreeBitco.in, but know users are safe. (I'm not feeling very safe atm
)
I am looking forward to hearing wtf happened. I'm not worried about the tiny prize, it's just strange and a response would be cool.
Also, I don't use advanced links.
Patching is a priority to talking. We would like to keep a good affiliate relationship with FreeBitco.in, but know users are safe. (I'm not feeling very safe atm
) May 06, 2024, 02:28:59 PM
I keep sending emails to support, to TheQuin, and waiting for someone responsible for Freebico.in to answer me something, TheQuin, Support, or whoever.
I won't stop until my stolen money is returned.
My Freebitco.in ID: 51895659
I won't stop until my stolen money is returned.
My Freebitco.in ID: 51895659
Same to me but when you talk about support you mean the email in the FAQS menu into the page? Because i have sent many emails and they never answered.
I would love the my stolen money was returned and someone responsible for Freebico.in gave some explanations as well.
My Freebitco.in ID: 38757724
Hi Drazen2003,
Yes, e-mail: [email protected]
Thank you very much blackmtl308,
I have written with images and documentation but... have you got an answer? I have sent many emails these last days and I never get an answer.
May 06, 2024, 09:45:45 AM
I keep sending emails to support, to TheQuin, and waiting for someone responsible for Freebico.in to answer me something, TheQuin, Support, or whoever.
I won't stop until my stolen money is returned.
My Freebitco.in ID: 51895659
I won't stop until my stolen money is returned.
My Freebitco.in ID: 51895659
Same to me but when you talk about support you mean the email in the FAQS menu into the page? Because i have sent many emails and they never answered.
I would love the my stolen money was returned and someone responsible for Freebico.in gave some explanations as well.
My Freebitco.in ID: 38757724
Hi Drazen2003,
Yes, e-mail: [email protected]
May 06, 2024, 08:45:26 AM
I keep sending emails to support, to TheQuin, and waiting for someone responsible for Freebico.in to answer me something, TheQuin, Support, or whoever.
I won't stop until my stolen money is returned.
My Freebitco.in ID: 51895659
I won't stop until my stolen money is returned.
My Freebitco.in ID: 51895659
Same to me but when you talk about support you mean the email in the FAQS menu into the page? Because i have sent many emails and they never answered.
I would love the my stolen money was returned and someone responsible for Freebico.in gave some explanations as well.
My Freebitco.in ID: 38757724
May 06, 2024, 08:06:20 AM
I keep sending emails to support, to TheQuin, and waiting for someone responsible for Freebico.in to answer me something, TheQuin, Support, or whoever.
I won't stop until my stolen money is returned.
My Freebitco.in ID: 51895659
I won't stop until my stolen money is returned.
My Freebitco.in ID: 51895659
May 06, 2024, 06:32:41 AM
We don't know if freebitco.in has done something or if it was the hackers who removed the malicious code to calm us down, but they will come back.
Seeing that Freebitco.in has neither responded to any email, nor has it given any explanation nor does it appear anywhere, I believe it was the second option and I also believe that there will be no refund. We have been robbed and have lost our funds.
trust in freebitco.in = 0%
Seeing that Freebitco.in has neither responded to any email, nor has it given any explanation nor does it appear anywhere, I believe it was the second option and I also believe that there will be no refund. We have been robbed and have lost our funds.
trust in freebitco.in = 0%
Your attitude and the attitude of all those who have suffered financial loss is completely logical and I agree that the reputation of this service is quite damaged after everything that happened. However, I think that they should be given a chance to show that they are still serious about what they are doing.
We recently had an example where one user received his deposit after 8 months if I am not mistaken, so although it is difficult to find justification for such a delay in solving the problem, we should not completely reject the possibility that freebitco will compensate all those who were victims of malicious scripts.
I agree, it's early days in Freebitco time and I've never seen a case so far where the fault has been found to be with Freebitco and the affected user has not been recompensed.
You're not mistaken about the case you mention, it was a deposit issue, the poor guy really went through it and understandably came to a similar conclusion that his funds were lost.
If Freebitco.in returns me some of what I lost and if I see that everything is safe again, I will raise my confidence and write it for everyone here. I have been with Freebitco.in for years now and I want to continue...
...but this week Freebitco.in is not giving me reasons to do so.
Update: At least it seems FBC is making something. I have a new window i have never seen before (PENDING DEPOSITS) with a deposit from Kraken i have made some minutes ago.
May 06, 2024, 05:50:33 AM
We don't know if freebitco.in has done something or if it was the hackers who removed the malicious code to calm us down, but they will come back.
Seeing that Freebitco.in has neither responded to any email, nor has it given any explanation nor does it appear anywhere, I believe it was the second option and I also believe that there will be no refund. We have been robbed and have lost our funds.
trust in freebitco.in = 0%
Seeing that Freebitco.in has neither responded to any email, nor has it given any explanation nor does it appear anywhere, I believe it was the second option and I also believe that there will be no refund. We have been robbed and have lost our funds.
trust in freebitco.in = 0%
Your attitude and the attitude of all those who have suffered financial loss is completely logical and I agree that the reputation of this service is quite damaged after everything that happened. However, I think that they should be given a chance to show that they are still serious about what they are doing.
We recently had an example where one user received his deposit after 8 months if I am not mistaken, so although it is difficult to find justification for such a delay in solving the problem, we should not completely reject the possibility that freebitco will compensate all those who were victims of malicious scripts.
I agree, it's early days in Freebitco time and I've never seen a case so far where the fault has been found to be with Freebitco and the affected user has not been recompensed.
You're not mistaken about the case you mention, it was a deposit issue, the poor guy really went through it and understandably came to a similar conclusion that his funds were lost.
May 06, 2024, 05:12:32 AM
We don't know if freebitco.in has done something or if it was the hackers who removed the malicious code to calm us down, but they will come back.
Seeing that Freebitco.in has neither responded to any email, nor has it given any explanation nor does it appear anywhere, I believe it was the second option and I also believe that there will be no refund. We have been robbed and have lost our funds.
trust in freebitco.in = 0%
Seeing that Freebitco.in has neither responded to any email, nor has it given any explanation nor does it appear anywhere, I believe it was the second option and I also believe that there will be no refund. We have been robbed and have lost our funds.
trust in freebitco.in = 0%
Your attitude and the attitude of all those who have suffered financial loss is completely logical and I agree that the reputation of this service is quite damaged after everything that happened. However, I think that they should be given a chance to show that they are still serious about what they are doing.
We recently had an example where one user received his deposit after 8 months if I am not mistaken, so although it is difficult to find justification for such a delay in solving the problem, we should not completely reject the possibility that freebitco will compensate all those who were victims of malicious scripts.
May 06, 2024, 02:56:49 AM
The malicious code is gone. But the lost funds were not reimbursed to us and it seems they are not going to, they just threw us
We don't know if freebitco.in has done something or if it was the hackers who removed the malicious code to calm us down, but they will come back.
Seeing that Freebitco.in has neither responded to any email, nor has it given any explanation nor does it appear anywhere, I believe it was the second option and I also believe that there will be no refund. We have been robbed and have lost our funds.
trust in freebitco.in = 0%
May 05, 2024, 09:47:56 AM
The malicious code is gone. But the lost funds were not reimbursed to us and it seems they are not going to, they just threw us
May 05, 2024, 07:50:39 AM
That rogue jquery cdn include is some serious obfuscation. It doesn't look like that one is easy to unobfuscate, It is an enormous function built by lots of mini functions referencing memory addresses, very hard to follow. It would take me hours to decipher all that.
It's gone!
May 05, 2024, 04:53:21 AM
That rogue jquery cdn include is some serious obfuscation. It doesn't look like that one is easy to unobfuscate, It is an enormous function built by lots of mini functions referencing memory addresses, very hard to follow. It would take me hours to decipher all that.
May 05, 2024, 02:34:37 AM
I looked through the malicious JS code. It seems to be targetting user id 31898443 specifically (unless a different ID is loaded based on the url parameters used to load the js from the cashtravel site.
It appears then to hit https://bitwrecken.com/?action=new&id=31898443 to get the new / rogue deposit address. Presumably this is done so the attackers can cycle through various different rogue deposit addresses, or even randomise them.
There is a then a html element called main_deposit_address which is replaced by the value retrieved from the bitwrecken.com site
The script is actually rather simple in how it works, nothing complicated going on.
The worrying part, is how the attackers were able to embed this into the freebitco.in site and whether it has affected all users. It feels like those who clicked the advanced tracking button in the referral page may be the ones who were hit, but not seen any confirmation of this.
Thankyou for your analysis.It appears then to hit https://bitwrecken.com/?action=new&id=31898443 to get the new / rogue deposit address. Presumably this is done so the attackers can cycle through various different rogue deposit addresses, or even randomise them.
There is a then a html element called main_deposit_address which is replaced by the value retrieved from the bitwrecken.com site
The script is actually rather simple in how it works, nothing complicated going on.
The worrying part, is how the attackers were able to embed this into the freebitco.in site and whether it has affected all users. It feels like those who clicked the advanced tracking button in the referral page may be the ones who were hit, but not seen any confirmation of this.
What do you make of this
https://cdn.jsdelivr.net/gh/feleryunfbc/js/jquery.min.js
It looks like something you'd expect to see on https://www.ioccc.org/
May 05, 2024, 02:16:41 AM
I looked through the malicious JS code. It seems to be targetting user id 31898443 specifically (unless a different ID is loaded based on the url parameters used to load the js from the cashtravel site.
It appears then to hit https://bitwrecken.com/?action=new&id=31898443 to get the new / rogue deposit address. Presumably this is done so the attackers can cycle through various different rogue deposit addresses, or even randomise them.
There is a then a html element called main_deposit_address which is replaced by the value retrieved from the bitwrecken.com site
The script is actually rather simple in how it works, nothing complicated going on.
The worrying part, is how the attackers were able to embed this into the freebitco.in site and whether it has affected all users. It feels like those who clicked the advanced tracking button in the referral page may be the ones who were hit, but not seen any confirmation of this.
It appears then to hit https://bitwrecken.com/?action=new&id=31898443 to get the new / rogue deposit address. Presumably this is done so the attackers can cycle through various different rogue deposit addresses, or even randomise them.
There is a then a html element called main_deposit_address which is replaced by the value retrieved from the bitwrecken.com site
The script is actually rather simple in how it works, nothing complicated going on.
The worrying part, is how the attackers were able to embed this into the freebitco.in site and whether it has affected all users. It feels like those who clicked the advanced tracking button in the referral page may be the ones who were hit, but not seen any confirmation of this.
May 05, 2024, 01:21:10 AM
OK, so that people no longer have doubts about how the address is being changed when withdrawing funds. At the end of the video, watch carefully how my output address was changed!!! I hope no one else will say that we are deceiving you and the site is not hacked!
https://dropmefiles.com/56V5d
Update!!:
After I posted the video with the substitution of the withdrawal address, an hour later I tried to withdraw funds again and surprisingly my address did not change and the withdrawal went to the correct address! Is it a coincidence??? Or are hackers monitoring this forum topic?
https://dropmefiles.com/56V5d
Update!!:
After I posted the video with the substitution of the withdrawal address, an hour later I tried to withdraw funds again and surprisingly my address did not change and the withdrawal went to the correct address! Is it a coincidence??? Or are hackers monitoring this forum topic?
It appears you do not have 2FA enabled which is why you received a payment request confirmation email and were therefore able to abort the withdrawal by not clicking the confirmation link in the email.
I have disabled 2FA for this reason.
Thankyou for the video. Much appreciated.
I also turned off 2fa for this reason, but! there is one important caveat, if you withdraw funds to an address linked to an fbc account, then an email with a confirmation link will not be sent. Therefore, you need to make a withdrawal to an address that is not linked to the account!
Thanks for the additional information.
It would seem then that the safest course of action is to turn off 2FA and generate a new Bitcoin wallet address. And of course confirming the address before clicking the confirmation link in the email.
Jump to: