Pages:
Author

Topic: [HELP]help me to get back my money from scammer - page 2. (Read 1046 times)

member
Activity: 65
Merit: 10
Thanks very much for your help, guys.

I have ask the CEX to provide me the XMR address and view key.  If they are got, I will post here.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
A few questions remain to be answered and mostly likely will be in time, hopefully sooner than later.  Here's another one and I'm not pointing fingers but rather looking for more clarification:  Did anyone find it odd that someone would honor a request to take a pic of their own item with someone else's name and date next to it?

You are correct.  That was probably not the best thing to do looking back at it and I should have realized something fishy was going on.  Not gonna make that mistake again...

I would have expected more from a Hero member as a jr member would have know better.

first step is that he admits it - there was no proof of it, he volunteered the information. so that means he should learn from it.
hero member
Activity: 2562
Merit: 607
A few questions remain to be answered and mostly likely will be in time, hopefully sooner than later.  Here's another one and I'm not pointing fingers but rather looking for more clarification:  Did anyone find it odd that someone would honor a request to take a pic of their own item with someone else's name and date next to it?

You are correct.  That was probably not the best thing to do looking back at it and I should have realized something fishy was going on.  Not gonna make that mistake again...

I would have expected more from a Hero member as a jr member would have know better.
hero member
Activity: 784
Merit: 501
A few questions remain to be answered and mostly likely will be in time, hopefully sooner than later.  Here's another one and I'm not pointing fingers but rather looking for more clarification:  Did anyone find it odd that someone would honor a request to take a pic of their own item with someone else's name and date next to it?

You are correct.  That was probably not the best thing to do looking back at it and I should have realized something fishy was going on.  Not gonna make that mistake again...
legendary
Activity: 3206
Merit: 3596
I'm here.
Be able to respond more tomorrow.
hero member
Activity: 2562
Merit: 607
A few questions remain to be answered and mostly likely will be in time, hopefully sooner than later.  Here's another one and I'm not pointing fingers but rather looking for more clarification:  Did anyone find it odd that someone would honor a request to take a pic of their own item with someone else's name and date next to it?
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
Bitcointalk really needs two-factor auth at a minimum these days, and it looks appears it was a very savvy exploitation of previous PM messages to socially engineer a false transaction.

I'm not sure about that. Since the signature really does verify, it means minerjones was in possession of the XMR address in the message, and it appears the funds in question were sent to that address.

We don't actually know what happened without MJ's input. Am I missing something?

No, I don't believe so. Where is Minerjones Huh

He cannot simply state he never received anything and wash his hands of this - I'm sorry but this is not right.

@minerjones - Man up here dude! Let's face it, you've always been particularly shitty about that, so I'm going to leave you a neg soon if you don't reply.... FFS, this is a lot of money. Huh

Can you not even face a fuckin CAT ffs? LOL. 🤷‍♂️

it has been less than 48 hours - sometimes life happens and people are not always able to get here right away. Minerjones has escrowed millions worth of crypto and items and I dont think anyone can say he ripped them off. He also never said he never received the funds - that second dm simply states that he does not have the coins and does not have the funds.

legendary
Activity: 3570
Merit: 1959
Bitcointalk really needs two-factor auth at a minimum these days, and it looks appears it was a very savvy exploitation of previous PM messages to socially engineer a false transaction.

I'm not sure about that. Since the signature really does verify, it means minerjones was in possession of the XMR address in the message, and it appears the funds in question were sent to that address.

We don't actually know what happened without MJ's input. Am I missing something?

No, I don't believe so. Where is Minerjones Huh

He cannot simply state he never received anything and wash his hands of this - I'm sorry but this is not right.

@minerjones - Man up here dude! Let's face it, you've always been particularly shitty about that, so I'm going to leave you a neg soon if you don't reply.... FFS, this is a lot of money. Huh

Can you not even face a fuckin CAT ffs? LOL. 🤷‍♂️
legendary
Activity: 3010
Merit: 8114
Bitcointalk really needs two-factor auth at a minimum these days, and it looks appears it was a very savvy exploitation of previous PM messages to socially engineer a false transaction.

I'm not sure about that. Since the signature really does verify, it means minerjones was in possession of the XMR address in the message, and it appears the funds in question were sent to that address.

We don't actually know what happened without MJ's input. Am I missing something?
hero member
Activity: 784
Merit: 501
this may also help - when going thru the dm's between eseayan/rajubhusal there was a message from rajubhusal to eseayan


however, the image was not rajubhusal's it was djjacket's image

rajubhusal asked djjacket to put his (raj) name on the image. he then used that image as "proof" to eseayan of "ownership"

I was initially in contact with eseayan about selling a set of Monero coins to him, but he passed due to another deal with someone else.
Later in the day, the user rajubhusal contacted me referenced in the PMs Mopar listed above.

Really sorry this happened to you eseayan.

Bitcointalk really needs two-factor auth at a minimum these days, and it looks appears it was a very savvy exploitation of previous PM messages to socially engineer a false transaction.

This really illustrates the need to be VERY careful when doing deals with people here and be sure you have a strong passphrase that is not shared with other sites.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
this may also help - when going thru the dm's between eseayan/rajubhusal there was a message from rajubhusal to eseayan




however, the image was not rajubhusal's it was djjacket's image



rajubhusal asked djjacket to put his (raj) name on the image. he then used that image as "proof" to eseayan of "ownership"
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
as I stated I believe he received them and then received
Would the owner of this address (minerjones) be able to provide a view key?
Code:
45gtrfipMYeYZ9ZRRLN4XKG5q2tiT7HUdSvqn5LUs5V3WmHSnQYHpF6ReaY1U2uGJfMo6QpP5zmS1gThEASRcHdx3KZkDK6
I don't really know how Monero works on block explorers, but I assume the owner would be able to view the balance on external sites. OP (eseayan) paid from an exchange so this could be the final piece of the puzzle.
legendary
Activity: 2716
Merit: 13505
BTC + Crossfit, living life.
I would not easily believe MJ scamming….

Did a lot of buying from him, left stuff for weeks with him … worth a lot more as this particular issue and always got my stuff just how I want it….

MJ is very thrustworty imo and I think he’s not gonna be the issue…

Would still buy from him with no doubts or fear.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
my further guess would be that eseayan sent the funds to minerjones who in fact did receive them - but then that the "hacker" sent a message to minerjones from eseayan's account stating they had received the coins and to release the funds and that minerjones then paid the address provided.
~
if mj can provide verification he received the funds
Minerjones said he doesn't have the coins:


agreed he did say that in the second pm

as I stated I believe he received them and then received some communication that the coins had been received by buyer and then released the funds to seller.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
my further guess would be that eseayan sent the funds to minerjones who in fact did receive them - but then that the "hacker" sent a message to minerjones from eseayan's account stating they had received the coins and to release the funds and that minerjones then paid the address provided.
~
if mj can provide verification he received the funds
Minerjones said he doesn't have the coins:
I've verified this PM through OP's account. It's real:
Quote
« Sent to: eseayan on: September 17, 2021, 11:08:01 AM »
legendary
Activity: 3570
Merit: 1959
Good catch, I totally forgot about that - Bitcointalk has always done that with XMR addresses at that very same position, and I'm not sure why.

That's why I always used to use the [code /] tags when sending anyone XMR addresses in PM.

So where is the escrow guy? Seems like someone with a rep that big would be all over this... Roll Eyes
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I have checked the DM's - I ignored all the other ones that were not related to this issue, reviewing only ones from the raj account, from buckrogers(1message) and from minerjones (2 messages) and I would have to agree that the message does appear to be from minerjones - but I get a "hash mismatch" when attempting to verify the PGP

what we need is to have minerjones chime in here - it appears he sent the dm and did supply the xmr address:

45gtrfipMYeYZ9ZRRLN4XKG5q2tiT7HUdSvqn5LUs5V3WmHSnQYHpF6ReaY1U2uGJfMo6QpP5zmS1gT hEASRcHdx3KZkDK6

I know somewhere above eseayan provided some screenshot of his exchange account that showed the first/last part of the "paid to" address and it appears to match the one supplied by minerjones. However, due to the nature of xmr - we cannot easily verify this txn.

I can see that the txn id: ed435c8c5aaa30a4ab9ea0ab0475986d3de27069538ff3535e096ed6a1a885a8 is a valid txn but that is about it. I cannot see the amount or addresses involved. having the address and transaction hash is only 2 of the 3 parts needed. we also would need the view key.

if minerjones sent that dm then he can provide verification on that xmr address whether it received funds or not. if minerjones did not send that dm - then it might be possible that at some point minerjones forum account was also compromised.

what it appears to me is that this raj account must have gotten access to eseayan's account and copied/used buckrogers dm to con/scam eseayan.

and then possibly changed the email address afterwards in an attempt to lock out eseayan.

---eseayan - can you get the view key from your exchange?

It is late and I am going to bed - I await to see what others say and what minerjones will say.



I am going to update this comment with an update - the pgp message does verify. Due to a 80 character limit there is a space in the address between the two red characters below - if you remove that space, the pgp will verify.

45gtrfipMYeYZ9ZRRLN4XKG5q2tiT7HUdSvqn5LUs5V3WmHSnQYHpF6ReaY1U2uGJfMo6QpP5zmS1gT hEASRcHdx3KZkDK6




so the challenge here is to prove where the funds went to.

my further guess would be that eseayan sent the funds to minerjones who in fact did receive them - but then that the "hacker" sent a message to minerjones from eseayan's account stating they had received the coins and to release the funds and that minerjones then paid the address provided.


Buyer: eseayan
Seller: Rajubhusal
Total amount: 196 XMR + your escrow fee (Paid by the buyer).
Seller's release address (xmr):
43Xf5BWzcdbdhDeHnj6cF1dG4fGnasQEUHyn2F92LK9VbyvP96nbhkdGZuEJKHd2X9eYhhbKQn4C6E1 V2h8EHSSvVjGs1rZ


I also reviewed the outbox from eseayan account - there are no messages between when eseayan provided the transaction id minerjones and raj - the next outbound message is the one saying eseayan got their account back.

but any outbound dm's could have been deleted by the "hacker"

if mj can provide verification he received the funds, show proof of a dm to release the funds and proof he did so - I think that leaves minerjones right where we all expect he would be - in the clear.

the problems here are:

1. eseayan not verifying raj was buckrogers and just accepting that raj was honest - for the amount of money involved - that is an crazy assumption to have made.
2. having coins sent direct to buyer - I would suggest always sending to the escrow - especially with this type of value.

no one deserves to be conned but it is everyone's responsibility to verify. I trust minerjones but I also verify every pgp he sends me when I do pay him - either that or I talk to him directly to confirm.  I have met him personally and I still verify.

DO NOT TRUST - VERIFY.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
The scammer(Rajubhusal) told me buckrogers is Rajubhusal,  this is his mobile account.
https://imgur.com/a/Man0O9w
This should have been a very big red flag: never trust someone who claims to be anyone without verifying it with the original user.

Even this massage quoted the massage that buckrogers sent to me on August 23(At that time I did not understand how Rajubhusal got the buckrogers's massage if this is not the same man). At that time I suspected this may be scam.
The quote (from hacking your account I assume) was a very good trick from the scammer, but you should have followed your gut feeling.

I've seen something like this happen recently as well, to such an extent that I no longer trust ANYTHING about PM's on this forum - Not saying there is someone who may have infiltrated the server, but things are definitely getting shadier around here as time goes on, so I now prefer to use Telegram - How fuckin' sad is that, right? Tongue
I haven't seen anything that gives me a reason to believe PMs are compromised. There's also a Security bounty worth $10-50k for it.
Telegram makes it very easy for scammers to pretend to be someone else, change their nickname and delete posts from being viewed by the other party. I would not recommend it unless you know who you're dealing with.

Can help me to verify how the scammer fake the massage that MJ sent to me? Is the XMR address under control of the scammer?
I confirm this PM was sent by minerjones to eseayan:
The escrow address is from the massage that escrow-man sent to me on August 28. Here is the massage:

Quote
Hello-

Happy to assist for the transaction.
Amount: 196 XMR
Donation: 1.96 XMR
Total to send: 197.96 XMR
Address: 45gtrfipMYeYZ9ZRRLN4XKG5q2tiT7HUdSvqn5LUs5V3WmHSnQYHpF6ReaY1U2uGJfMo6QpP5zmS1gT hEASRcHdx3KZkDK6

Once funds have been sent and confirmed, please use "reply to all" to let us know the txid of the payment.
After this, items can be shipped to the buyer.
When buyer receives items in good standing and reports back, I can release funds to the seller.

Thank you,
minerjones

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

August 28 2021 minerjones escrow between Rajubhusal and eseayan for the amount of 196 XMR using address 45gtrfipMYeYZ9ZRRLN4XKG5q2tiT7HUdSvqn5LUs5V3WmHSnQYHpF6ReaY1U2uGJfMo6QpP5zmS1gT hEASRcHdx3KZkDK6 in exchange for Lealana XMR silver coin set
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.1.13
Comment: https://keybase.io/crypto

wsBcBAABCgAGBQJhKhsKAAoJEIRUCAKscQ+OAscH/ijZxiI3i9nKXHbBRb46IgJJ
eX4NzXc90zeKEFkAc5lNf1e+yIQYQIhyR+7ZYYQVVTzoifaXeVyvIhhLyd2ROy0w
S21NpWxOPyh/FnZXnqi4cUn2ZO0wt8v1MyRRpPPXM9b/oEKAz0n8ZtOYmBfCRMYN
z5r/r62hscWizx2d7b7kE+xRRq9zp+wTdm9jtKP114PE5Y9HBZf+iUbsH92j7ST4
74BPh4FURCEBDDLybcXmwCsS58wZOlrYdktwHGWnXRPz0UihF3lJeUeqEXxDBsCw
3U7ja3IB+buDSWFhh5Qako/XUDTb5aSt2pJP5Q53IBbhnZPJsNgs7WfoTU6Iug4=
=svfC
-----END PGP SIGNATURE-----
I made a checksum to compare the exact quote: it matches.
Message details:
if minerjones sent that dm then he can provide verification on that xmr address whether it received funds or not. if minerjones did not send that dm - then it might be possible that at some point minerjones forum account was also compromised.
Another possibility would be clipboard malware.
In case someone doesn't know yet: https://bitcointalk.org/myips.php shows all IP-addresses that used your account in the last 30 days. Admin will probably have access to older IP-data too.



Quote
When buyer receives items in good standing and reports back, I can release funds to the seller.
Is this "normal" when escrowing Collectibles? I would expect the escrow to receive and verify the goods personally before reshipping it to the buyer. Now the escrow can't possibly verify it if the buyer says he received something else, and the seller still has no evidence. What's the point in paying someone $500 to escrow only the payment but not the goods?
member
Activity: 65
Merit: 10
I have checked the DM's - I ignored all the other ones that were not related to this issue, reviewing only ones from the raj account, from buckrogers(1message) and from minerjones (2 messages) and I would have to agree that the message does appear to be from minerjones - but I get a "hash mismatch" when attempting to verify the PGP

what we need is to have minerjones chime in here - it appears he sent the dm and did supply the xmr address:

45gtrfipMYeYZ9ZRRLN4XKG5q2tiT7HUdSvqn5LUs5V3WmHSnQYHpF6ReaY1U2uGJfMo6QpP5zmS1gT hEASRcHdx3KZkDK6

I know somewhere above eseayan provided some screenshot of his exchange account that showed the first/last part of the "paid to" address and it appears to match the one supplied by minerjones. However, due to the nature of xmr - we cannot easily verify this txn.

I can see that the txn id: ed435c8c5aaa30a4ab9ea0ab0475986d3de27069538ff3535e096ed6a1a885a8 is a valid txn but that is about it. I cannot see the amount or addresses involved. having the address and transaction hash is only 2 of the 3 parts needed. we also would need the view key.

if minerjones sent that dm then he can provide verification on that xmr address whether it received funds or not. if minerjones did not send that dm - then it might be possible that at some point minerjones forum account was also compromised.

what it appears to me is that this raj account must have gotten access to eseayan's account and copied/used buckrogers dm to con/scam eseayan.

and then possibly changed the email address afterwards in an attempt to lock out eseayan.

---eseayan - can you get the view key from your exchange?

It is late and I am going to bed - I await to see what others say and what minerjones will say.



Thanks very much for your help.

Quote
---eseayan - can you get the view key from your exchange?
OK, I will contact my exchange now, and try to get the view key.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I have checked the DM's - I ignored all the other ones that were not related to this issue, reviewing only ones from the raj account, from buckrogers(1message) and from minerjones (2 messages) and I would have to agree that the message does appear to be from minerjones - but I get a "hash mismatch" when attempting to verify the PGP

what we need is to have minerjones chime in here - it appears he sent the dm and did supply the xmr address:

45gtrfipMYeYZ9ZRRLN4XKG5q2tiT7HUdSvqn5LUs5V3WmHSnQYHpF6ReaY1U2uGJfMo6QpP5zmS1gT hEASRcHdx3KZkDK6

I know somewhere above eseayan provided some screenshot of his exchange account that showed the first/last part of the "paid to" address and it appears to match the one supplied by minerjones. However, due to the nature of xmr - we cannot easily verify this txn.

I can see that the txn id: ed435c8c5aaa30a4ab9ea0ab0475986d3de27069538ff3535e096ed6a1a885a8 is a valid txn but that is about it. I cannot see the amount or addresses involved. having the address and transaction hash is only 2 of the 3 parts needed. we also would need the view key.

if minerjones sent that dm then he can provide verification on that xmr address whether it received funds or not. if minerjones did not send that dm - then it might be possible that at some point minerjones forum account was also compromised.

what it appears to me is that this raj account must have gotten access to eseayan's account and copied/used buckrogers dm to con/scam eseayan.

and then possibly changed the email address afterwards in an attempt to lock out eseayan.

---eseayan - can you get the view key from your exchange?

It is late and I am going to bed - I await to see what others say and what minerjones will say.

Pages:
Jump to: