Topic: [HELP]help me to get back my money from scammer (Read 964 times)

Once again, sorry about your lost eseayan.

Based photos/proof, you account it's hacked through link phishing. It's almost same of the date I got some PM here and sharing to other members here : https://bitcointalksearch.org/topic/m.57746225  not with some virus(maybe).

Yeah, I have bought a new computer to do things about cryptocurrencies. And the old one will be formatted and newly installed.

If you start using Keepass: don't forget to make regular backups of your password database.

As for the virus you found: I would never trust a once infected computer again without wiping it and doing a clean installation.

Good ideas. I will try to do that now.

agreed - there is no point in escrow for an in person exchange unless the escrow is there.

the deal does appear to have been a transaction where the items would be shipped.

I am not sure of the body of the dm's that "came" from both parties that suddenly changed it to an "in person" exchange.

Perhaps it would have been better to have returned the funds to the buyer and allow them to pay the seller direct.

If that had occurred the scammer would have been the only loser here.


in further review of the dm's - several were restored by Theymos - with a disclaimer, if one party still retains the dm, then it can be restored but if all parties on the dm have deleted it then the message is gone. So there is possibility of further messages that cannot be restored if all parties deleted them.

that being said, I can see where I believe eseayan's account was compromised. The sending account should be flagged.

the incoming dm


inspection of the link


close up of the link


also - in the restored dm's were dm's to mj from eseayan stating it would be an in person transaction and then a followup stating the transaction was concluded.

notice to minerjones that this would be an in-person transaction


notice to minerjones to release funds and that coins were in eseayans possession


and a dm to eseayan and minerjones from raj thanking both for a smooth transaction.


then the dm from minerjones stating funds were released


this does not help eseayan recover his funds but it does show it was some elaborate scheme/scam on the part of raj and the "mtowfiq" account. Worth noting is that the mtowfiq account had been actually identified as an account being used to impersonate other forum members and was actually left negative feedback by minerjones about a week before the dm to eseayan was sent.

Agreed on this. It's as if the escrow is useless if the transaction is delivered in person.

On the other note, I guess this can be prevented if the involve party used a different messaging app for faster communication or the escrow has other means of way to communicate, obviously to ping on what had happened to the buyer/seller.

Any last-minute change to the deal should be considered a big red flag, which justifies a delay.

at the time he was told there was a physical exchange, there had been no indication of any issues. at least that is how it seems to me - that it was not until the next day that an alarm was issued when the account was identified as compromised.

The point of delaying the release of the money is to wait for someone to potentially say that something is wrong. If he already knows something is wrong, there is a dispute and he should mediate accordingly.

I dont argue against your points.

I just dont see what alternative minerjones could have had if both buyer and seller appeared to agree to an in person exchange and then both parties appeared to express satisfaction with the deal.

how can you delay funds transfer if there has not been any notification that  the account was compromised and no indication of it either?

I would not have agreed to escrow a transaction that involved in person delivery. What if for example, the OPs account had not been hacked, and there was simply a dispute as to if the physical coin was actually delivered? There would be no way to resolve the dispute as it would be one persons word against the others.

Notwithstanding the above, if the terms of the trade changed, I think it would be prudent to delay the release of the money. This would allow for the buyer to flag something as being wrong.

I would have preferred this:

It looks like the scammer has at least one more account:

I agree that the earlier messages state it was to be shipped but, I am not sure what he can do if he received a pm from both buyer and seller that the coins would be hand delivered and then another set from both that the coins had been transferred in person and to release funds - what else can he do but release funds?

According to what appears to be the escrow agreement, the coins were to be shipped to the buyer.

This was not long after eseayan's password was changed, and should have set off red flags.

I am interested to see what MJ plans to do about the situation.

You should NEVER reuse your passwords for anything again, and I hope you learned a lesson about that.
Use some password manager like KeyPass for storing and generating new strong password for each website.

It could be a false positive, but it's possible that you have some clipboard malware that could collect your passwords and any keys related with crypto.
Switching to Linux may also be a good idea so you won't need to use any antiviruses, and offline computer is much better for dealing with crypto.

sent a PM to theymos, copied to LoyceV

1.Maybe the hacker hacked my email, and my bitcointalk account password is same as that of my email account(I have changed them different passwords and applied F2A in my email account.).
2.Maybe the hacker instructed Trojan virus in my computer, because I had found some virus when I used windows defender to scan my computer some months ago.

I remember a case in which someone signed a message with someone else's name, that was also used to scam. This is just as bad: it's common practice on the Collectibles board to ask for a photo with a handwritten username and the current date as proof of ownership.
You have single-handedly made this entire concept useless by doing this:


Was this part of the escrow deal? Even if the delivery would have happened, you would have no way to confirm this if either party says the other one didn't show up.


I must say I'm quite disappointed that 2 veteran Collectibles traders let themselves be used by a scammer!

Admin can restore deleted posts, I assume the same applies to PMs. But eseayan should ask for that, either by sending a PM to theymos, or by opening a topic in Meta. Admin may also be able to connect the account to other accounts.

Do you have any idea how your account got hacked?

I am glad to know the full process. I believe what MJ said is ture. But it is so bad to hear the xmr is funded.

No matter that I can afford the loss. It is a big lesson that I should learn from. Here I will not blame anyone. I appreciate to get timely help from nutildah, MoparMiningLLC, LoyceV, owlcatz, etc. Guys, you make me still believe bitcointalk is the best forum on cryptocurrencies.

Thanks again.

 
EDIT:
This message should be sent by the hacker through my hacked account before I recognized my account is hacked. What i wanna buy is physical coins, which need some days to be shipped to me from USA to China. I will not send message to confirm I have received them after the second escrow day.

so my guess is raj sent the dm's from eseayan's account saying it would be an "in person delivery" and then that it had happened.

some may wish to see those DM's as they are not actually in eseayan's account. and in none of the DM's presented was it stated it would be hand delivered.


edit - is there any way to retrieve deleted dm's?

Going off of times from my PMs:

Aug 28 2021 073933AM: eseayan contact about escrow

Aug 28 2021 084554AM: Rajubhusal contact confirming escrow with release address of 43Xf5BWzcdbdhDeHnj6cF1dG4fGnasQEUHyn2F92LK9VbyvP96nbhkdGZuEJKHd2X9eYhhbKQn4C6E1 V2h8EHSSvVjGs1rZ

Aug 28 2021 045333PM: eseayan paid escrow

Aug 28 2021 082807PM: eseayan confirm that coins will be delivered in person

Aug 29 2021 113837AM: minerjones confirms payment

Aug 29 2021 120243PM: eseayan send PM saying the coins were received

Aug 29 2021 012253PM: Rajubhusal confirms, saying to release to given address previously (see above)

Aug 29 2021 014725PM: minerjones releases funds.

Aug 30 2021 045711PM: from new/alt account "aseayan" asking to stop the deal because account "eseayan" was hacked.

Funds were received and sent out: