Topic: FreeBitco.in Appears Hacked - Monthly Prize Money Stolen From Multiple Users - page 6. (Read 2587 times)

Same here, my profile address never changed.

I didn't even attempt a withdrawal.

The hackers triggered the withdrawal seconds after the prize money was credited to my account, and somehow they managed to bypass my profile address.

Even with 2fa, my default profile address never changed (pictured), and that's the withdraw I used.

2fa should protect... unless it's displaying a fake address, because I tripled checked that dude. (no emails notifying of account changes either)

I don't think it's by chance that the contest winners got hit.  It was a big way to leak that amount at once for someone that is in the system, but doesn't have the private keys + requires action from the user.  *shrugs*

I'm looking forward to an official answer or update...

I didn't do anything. I certainly wasn't tricked into doing anything

I received an email notification that I had won a place in the wagering contest. I was expecting this email. I didn't click any links.

I opened chrome and clicked my freebitcoin bookmark to check if the prize money was in my account. It was. I was staring right at the balance. It disappeared. Went to zero. Then the referral coins started trickling in again.

Then I got an email notification about a pending withdrawal.

I hadn't done anything except open freebitcoin in chrome to check my balance.

After an hour the withdrawal was reversed and the coins returned to my account.

That's when I made the mistake of enabling 2FA

It seems to me the freebitco.in's backend works as it should but somebody found a way to inject a script on the front-end of the app and it manipulates the DOM and tricks you into doing the shit you shouldn't be doing.

Like: "You are hacked, send x amount of btc to this adress to get unhacked"

In reality, you weren't hacked at all. It is just what this script kiddie wants you to believe. Regardless of that, it should be handled asap.

Just cashed out all my satoshis from the platform yesterday after reading all these news. Withdrawal went fine and arrived on my wallet without delays, as usual.

It really seems only a few number of accounts are compromised, although we can't give ourselves the luxury of playing with luck there, because if there are any flaws on the system, and support team isn't concerned about it, nothing prevent us from being the next victims.

Personally, I prefer to retreat while I can.

It's really sad to see this new bombard of complaints against freebitco.in right after the novel it took for them to solve an issue with another user which didn't have his deposit credited for 6 months of waiting.

We can't trust so much a service which completely lost touch with its community.

My advices if you decide to withdraw:

• Verify your deposit address is the correct one clicking on the Deposit button in the home page.
• Important: Even if it puts your correct address in the withdrawal window or you think that entering it by hand will work... don't do it. First check the previous point!!!
• Go to developer tools in your internet navigator and in the source tab, take a look to the code in the path: Top > freebitco.in > ?op=home
• Search in the right code "cash" or "cashtravel". If you find it, don't do anything because your account is compromised.
• Pray because it seems nobody in Freebitco.in wants to investigate this TERRIBLE security issue.

Freebitco.in support is known for being slow to response here in the forum even when their website still running smoothly without this multiple issue occur. This slow support already backfire now when multiple users already have a same complaints which is related to security breach.

This issue was already pointed out to them multiple times yet they keep ignoring since they view most of the complaints here as hoax. Now that the real issue arises, no one from support or representative is available to answer the concern which is sucks since this is regarding a security breach.

They might suffer huge loss just because they have a very poor customer support.

Similar quandary...

I have a similar situation. I cannot make an additional deposit because the deposit address was replaced with a false one and I cannot withdraw funds, since upon final confirmation of the withdrawal the address is automatically replaced with the address of the attackers and the funds go to them

It's a real shame that things like this happen with this service, and it seems to me that the owner can't (or doesn't want to) maintain his project the way he used to. When we add to that that the official representative on the forum no longer communicates with anyone (at least not publicly), then it is quite clear that things have gone downhill.

I advise everyone to refrain from making deposits until further notice, and to be extra careful when making withdrawals - I personally have a nice sum there, but I don't know if it's worse to do nothing for now or to still try to make a withdrawal

I hope so...

... but by the moment i have been stolen twice, my account is in danger because after more than 26 hours i see the wrong deposit address clicking the "Deposit" button and the cashtravel script then i cannot play, widthdraw or deposit (they has left my account to 0) and after some emails and facebook claim i haven't received any answer.

By right? Please, tell me how to ask for the compensation because i have screenshots and in fact, if you go to the Stats in my account it is so clear that the information does not fit with the real addresses i have got.

By right, the victims should be compensated as long as the breach is verified on their end.

I see that several people have already been victims of a hacker attack on the fbc website. Is it really possible that we will be reimbursed for our losses?

Code:
What happened: over the month of April, I had made large deposits of $2,000 at least three times and made my way into the monthly wagering contest. As one of the top 10, I ended up winning the contest at number 7 for a total of $500. Upon winning I received an email confirming my victory
https://i.imgur.com/rW1fvb7.png
However, less than a couple minutes later I noticed that my balance was drained and set to zero and I had gotten an email stating that I had made a withdrawal request which I did not make. I didn't even have time to.
https://i.imgur.com/mvHbjQf.png
I did not confirm the withdrawal as in I did not click the link. Therefore, it should be sent back to my balance within an hour.
I immediately started to change my 2fa and my passwords to keep my account secure.
https://i.imgur.com/svUWSzf.png
https://i.imgur.com/fjLAS4W.png

While in the meantime My unauthorized request was canceled because the hour had lapsed. And the money was put back into my account.
https://i.imgur.com/olzcwZM.png

I also had changed my deposit address into my crypto.com  wallet and made that into my default address.
Scammed by freebitco.in https://imgur.com/gallery/3HUWdyy

I tried to cash it out however it got sent to a totally different address supposably my Bitcoin wallet on freebitco.in and it happened to be my old address so I changed my default address yet it sent it to my old address which I don't know how it did that
 Here are two screenshots of how I don't even know this is possible.
https://i.imgur.com/UNGWjUh.png
https://i.imgur.com/1kUxsDW.png

Now since I enabled my 2fa. It made it so I no longer needed a to do a email confirmation before the deposit was sent so I never got a verification email.

However, I got a verification that the Bitcoin had been sent to this supposed old address which I never sent to. Furthermore, the balance never showed up.
https://i.imgur.com/pFhAN9p.png

Here is a screenshot of it being confirmed on the freebitco.in website saying that I got a deposit from myself, however it never showed up in my balance.
https://i.imgur.com/GHhcd9l.png


At that moment I was screwed. Here's a summary of what I think is going on.

Keep in mind that the owner of the website the Quinn fails to ever respond to problems his users face on his website. Here's the summary.


The 2fa thing is part of the scam.

They make a withdraw request which triggers the email.

As a result of an UN requested withdrawal the customer gets spooked and immediately changes there security settings in belief that this will help secure there account.

However, this is a trojan horse that that allows the  withdrawal confirmation request to be disabled.

Thus, the original attacker is able to capitalize on the ignorance of the individual who is thinking there securing there account by enabling there 2fa security measures.

Using fear to trap the individual into unknowingly let there defense down and be luted by either hackers or some one on the inside or backend of the freebitco.in site.

It's genius really but completely f***** up

Either way, security or no security measures anyone can be targeted rendering this website
Extremely dangerous for anyone who has a balance.

This happened to me the other day right after I had won the wagering contest 7th place $500.

We can speculate all we want as to whether or not the websites secure .

But the fact that the matter is there's a few of us that would like to get the hard-earned money that we won.

So we can keep talking about what's wrong with the website or we can discuss how we're going to make reparations to these individuals.

However, if it's an inside job, there's little chance for recovering the funds other than reporting to the FTC and financial crimes units.

Mr. Quinn in my opinion is either part of The problem by allowing this to happen or he's directly involved. Either way, he's guilty by association because he knows his website's faulty and he fails to do anything about it.

And I also have another issue which I doubt will ever get solved. But I ordered a hardware wallet with my hard-earned reward points. I never got that wallet and I never got refunded my reward points but that's an issue for some other time I guess. Or that ship is already sailed which sucks.

:

Scammers Profile Link: https://bitcointalksearch.org/user/thequin-143168 

https://freebitco.in/#



Reference Link: c2e76e8865c2757c040f0f58b12866eaa6d2426aea40b4dcedfb527e36e9f0bb ...


Amount Scammed:
0.00823099 BTC ($500) 


Payment Method:
BTC on https://blockchain.com


Proof ofPayment: https://www.blockchain.com/explorer/transactions/btc/c2e76e8865c2757c040f0f58b12866eaa6d2426aea40b4dcedfb527e36e9f0bb... 


USER ID 53314860

A similar post https://bitcointalk.org/index.php?topic=5495091.0;dt talks about users who have changed their security settings recently on freebitco.in

My deposit not credited to my account USER ID 4548360
I made two transfers to my account:
1. TRANSACTION
c89f3e5fc455e8e97cf60c86e626848bc12bc4616ef6af00994e232f48915890

2. Transaction
c97dd551d9d1c1255cbba7b9a6fa7eecba868922977463fc1f8e10800f174580

BTC is credited to the wallet balance 15xgSi6AuH2qdni23EoofPBnoHzyFpzuU5, but not to the my account balance.

Screenshot of the btc address on the fbc website:
https://ibb.co/Qc9pPwz

Please return my money to the btc address:
bc1qncasm898lfrjmzks4aa69nv5td5khp4ek3jf6c

The amount of damage: 2000 usd

My situation is identical.

I won tenth place in the referral wagering contest which set of a sequence of events just as the OP described above.

I should disclose that I was one of the original chat moderators (Antminer) on Cointiply back in 2018. Unnatural and FlatfootHarry entrusted me with their young brand.

Despite what may be construed by some as a conflict of interest, I have always held freebitco.in in equally high regard.

Given the situation at freebitco.in and lack of support or user engagement otherwise, I would recommend avoiding any interaction with freebitco.in until the current situation is resolved.

USER ID12591058

Well, this is a first in my 10+ Bitcoin career... Hacked, but I *STRONGLY* believe it is on FreeBitco.in's side and I would strongly suggest NOT logging into your account until Support settles it.

(Background: I own FreeBitcoins.com and AltQuick.com.  We have used FreeBitco.in for years to help fund our own faucet.)

1. I received an email that I had won a $300 affiliate prize.
2. I logged into my account and saw the 0.004 flash to zero.
3. I received an email for a withdraw to an unknown account:15C8FetAcZ7fkdgf2FAHamwqX4EUE1zhgP
4. I deleted this email right away to prevent it from being clicked if I was pwned.
5. I changed the password and applied QR 2fa on my account.
6. I then received an email that my withdraw to the unknown account was canceled. (April 30 at 21:47)
7. I then requested an "Instant" withdraw to my Bitcoin address on file as fast as possible after the above time and confirmed that it had not changed.  Normally this withdrawal takes 15 minutes.  I used my profile address button and double checked my addy before clicking as well.
8. Roughly an hour later, at April 30 at 22:42, I received an email that my payment had been processed to 15C8FetAcZ7fkdgf2FAHamwqX4EUE1zhgP.  I never received a second email for the payment after the first one canceled... which seemed strange.

This seems to have happened to multiple prize winners and appears to be a targeted attack for the prize money.

It also seems to be that FreeBitcoin is likely has their system compromised.  I used no copy/paste.  All of my account information is showing the same as I've had it forever on my front end.

Something is seriously wrong.  I've used this website for *years* and hate writing this.





My normal and unchanged account address:



I strongly believe this was a targeted hack because I can't understand why I wouldn't have been targeted on 4/10 or 4/11.  



There are also multiple users who won the contest that appear to have had the same thing happen to them as well.

For the time being, we've temporarily removed our FreeBitco.in affiliate links from AltQuick.com and FreeBitcoins.com.  (Which I hate doing as well, because we have over 5,800 affiliates...)

I waited a few days to see if their customer support would answer in their thread before making this post.  My OP is here: https://bitcointalksearch.org/topic/m.64015156

I'm certainly not compromised because if someone was changing my addy's... lol.. 0.004 btc would be the least of my losses.

It feels too strange to be random.

Hoping this gets rectified and solved on FreeBitco.in's end.