Topic: [HELP]help me to get back my money from scammer - page 2. (Read 968 times)

Thanks very much for your help, guys.

I have ask the CEX to provide me the XMR address and view key.  If they are got, I will post here.

first step is that he admits it - there was no proof of it, he volunteered the information. so that means he should learn from it.

I would have expected more from a Hero member as a jr member would have know better.

You are correct.  That was probably not the best thing to do looking back at it and I should have realized something fishy was going on.  Not gonna make that mistake again...

I'm here.
Be able to respond more tomorrow.

A few questions remain to be answered and mostly likely will be in time, hopefully sooner than later.  Here's another one and I'm not pointing fingers but rather looking for more clarification:  Did anyone find it odd that someone would honor a request to take a pic of their own item with someone else's name and date next to it?

it has been less than 48 hours - sometimes life happens and people are not always able to get here right away. Minerjones has escrowed millions worth of crypto and items and I dont think anyone can say he ripped them off. He also never said he never received the funds - that second dm simply states that he does not have the coins and does not have the funds.

No, I don't believe so. Where is Minerjones

He cannot simply state he never received anything and wash his hands of this - I'm sorry but this is not right.

@minerjones - Man up here dude! Let's face it, you've always been particularly shitty about that, so I'm going to leave you a neg soon if you don't reply.... FFS, this is a lot of money.

Can you not even face a fuckin CAT ffs? LOL. 🤷‍♂️

I'm not sure about that. Since the signature really does verify, it means minerjones was in possession of the XMR address in the message, and it appears the funds in question were sent to that address.

We don't actually know what happened without MJ's input. Am I missing something?

I was initially in contact with eseayan about selling a set of Monero coins to him, but he passed due to another deal with someone else.
Later in the day, the user rajubhusal contacted me referenced in the PMs Mopar listed above.

Really sorry this happened to you eseayan.

Bitcointalk really needs two-factor auth at a minimum these days, and it looks appears it was a very savvy exploitation of previous PM messages to socially engineer a false transaction.

This really illustrates the need to be VERY careful when doing deals with people here and be sure you have a strong passphrase that is not shared with other sites.

this may also help - when going thru the dm's between eseayan/rajubhusal there was a message from rajubhusal to eseayan




however, the image was not rajubhusal's it was djjacket's image



rajubhusal asked djjacket to put his (raj) name on the image. he then used that image as "proof" to eseayan of "ownership"

Would the owner of this address (minerjones) be able to provide a view key?
I don't really know how Monero works on block explorers, but I assume the owner would be able to view the balance on external sites. OP (eseayan) paid from an exchange so this could be the final piece of the puzzle.

I would not easily believe MJ scamming….

Did a lot of buying from him, left stuff for weeks with him … worth a lot more as this particular issue and always got my stuff just how I want it….

MJ is very thrustworty imo and I think he’s not gonna be the issue…

Would still buy from him with no doubts or fear.

agreed he did say that in the second pm

as I stated I believe he received them and then received some communication that the coins had been received by buyer and then released the funds to seller.

Minerjones said he doesn't have the coins:
I've verified this PM through OP's account. It's real:

Good catch, I totally forgot about that - Bitcointalk has always done that with XMR addresses at that very same position, and I'm not sure why.

That's why I always used to use the [code /] tags when sending anyone XMR addresses in PM.

So where is the escrow guy? Seems like someone with a rep that big would be all over this...

I am going to update this comment with an update - the pgp message does verify. Due to a 80 character limit there is a space in the address between the two red characters below - if you remove that space, the pgp will verify.

45gtrfipMYeYZ9ZRRLN4XKG5q2tiT7HUdSvqn5LUs5V3WmHSnQYHpF6ReaY1U2uGJfMo6QpP5zmS1gT hEASRcHdx3KZkDK6




so the challenge here is to prove where the funds went to.

my further guess would be that eseayan sent the funds to minerjones who in fact did receive them - but then that the "hacker" sent a message to minerjones from eseayan's account stating they had received the coins and to release the funds and that minerjones then paid the address provided.


Buyer: eseayan
Seller: Rajubhusal
Total amount: 196 XMR + your escrow fee (Paid by the buyer).
Seller's release address (xmr):
43Xf5BWzcdbdhDeHnj6cF1dG4fGnasQEUHyn2F92LK9VbyvP96nbhkdGZuEJKHd2X9eYhhbKQn4C6E1 V2h8EHSSvVjGs1rZ


I also reviewed the outbox from eseayan account - there are no messages between when eseayan provided the transaction id minerjones and raj - the next outbound message is the one saying eseayan got their account back.

but any outbound dm's could have been deleted by the "hacker"

if mj can provide verification he received the funds, show proof of a dm to release the funds and proof he did so - I think that leaves minerjones right where we all expect he would be - in the clear.

the problems here are:

1. eseayan not verifying raj was buckrogers and just accepting that raj was honest - for the amount of money involved - that is an crazy assumption to have made.
2. having coins sent direct to buyer - I would suggest always sending to the escrow - especially with this type of value.

no one deserves to be conned but it is everyone's responsibility to verify. I trust minerjones but I also verify every pgp he sends me when I do pay him - either that or I talk to him directly to confirm.  I have met him personally and I still verify.

DO NOT TRUST - VERIFY.

This should have been a very big red flag: never trust someone who claims to be anyone without verifying it with the original user.

The quote (from hacking your account I assume) was a very good trick from the scammer, but you should have followed your gut feeling.

I haven't seen anything that gives me a reason to believe PMs are compromised. There's also a Security bounty worth $10-50k for it.
Telegram makes it very easy for scammers to pretend to be someone else, change their nickname and delete posts from being viewed by the other party. I would not recommend it unless you know who you're dealing with.

I confirm this PM was sent by minerjones to eseayan:
I made a checksum to compare the exact quote: it matches.
Message details:
Another possibility would be clipboard malware.
In case someone doesn't know yet: https://bitcointalk.org/myips.php shows all IP-addresses that used your account in the last 30 days. Admin will probably have access to older IP-data too.

---

---

Is this "normal" when escrowing Collectibles? I would expect the escrow to receive and verify the goods personally before reshipping it to the buyer. Now the escrow can't possibly verify it if the buyer says he received something else, and the seller still has no evidence. What's the point in paying someone $500 to escrow only the payment but not the goods?

Thanks very much for your help.

OK, I will contact my exchange now, and try to get the view key.

I have checked the DM's - I ignored all the other ones that were not related to this issue, reviewing only ones from the raj account, from buckrogers(1message) and from minerjones (2 messages) and I would have to agree that the message does appear to be from minerjones - but I get a "hash mismatch" when attempting to verify the PGP

what we need is to have minerjones chime in here - it appears he sent the dm and did supply the xmr address:

45gtrfipMYeYZ9ZRRLN4XKG5q2tiT7HUdSvqn5LUs5V3WmHSnQYHpF6ReaY1U2uGJfMo6QpP5zmS1gT hEASRcHdx3KZkDK6

I know somewhere above eseayan provided some screenshot of his exchange account that showed the first/last part of the "paid to" address and it appears to match the one supplied by minerjones. However, due to the nature of xmr - we cannot easily verify this txn.

I can see that the txn id: ed435c8c5aaa30a4ab9ea0ab0475986d3de27069538ff3535e096ed6a1a885a8 is a valid txn but that is about it. I cannot see the amount or addresses involved. having the address and transaction hash is only 2 of the 3 parts needed. we also would need the view key.

if minerjones sent that dm then he can provide verification on that xmr address whether it received funds or not. if minerjones did not send that dm - then it might be possible that at some point minerjones forum account was also compromised.

what it appears to me is that this raj account must have gotten access to eseayan's account and copied/used buckrogers dm to con/scam eseayan.

and then possibly changed the email address afterwards in an attempt to lock out eseayan.

---eseayan - can you get the view key from your exchange?

It is late and I am going to bed - I await to see what others say and what minerjones will say.