Topic: Massively fraudulent Escrow Transaction! - page 3. (Read 941 times)

I was waiting for you to chime in here.  I thought it was a bit odd that suddenly an escrow drama blows up after you again start launching attacks on me.  Last time you started launching attacks on me via the trust network and posting lies there was the drama of the telegram impersonator which stopped completely once your Freudian slip of the tongue seemingly became an admission of guilt...  I wasn't going to bring up the timing of this, but it is suspect to say the least given your recent harassment and negative trust.  I have no evidence other than coincidence, but if the shoe fits...  I only hope this drama blows up enough for you to be worth the escrow fee it cost...

This should be moved to reputation so that I at least get paid for sig spam for engaging in what I believe to be manufactured forum drama.

I didn't say it was OG's fault !

Just thought it would be a good idea for OP to prove he is the owner of the scott2k account in a more credible way, not just confirming some shipping addresses that anyone who had access to his account could probably see in the PMs

This might help to find out if the account was hacked, but it's not a guarantee that scammer will get the money back. In this position, we never understand, whether the user recieved the product or pretends to. Or the fact does not received. because, the account that communicated earlier was hacked, so it's hard to accept any excuses. So, even though he signed a message, OgNasty couldn't do anything because he had already provided services according to the policy he had.

- Receive escrow money,
- Buyer confirms receiving the goods
- Escrow is released to the seller.

So, in this case, the sign message will only tell us if the account has been hacked, not to demand responsibility from OgNasty to return the money, because that is no longer possible, and this is not ognasty fault.

OP, can you please sign this message "Today is 17 Aug 2022 and I am the owned of the account scott2k" from the address you sent OG the coins ?

Either to him in a PM and he can confirm or in this thread

But considering that he uses a single address for escrow one might assume your address is https://blockchair.com/bitcoin/address/bc1qk8skrwwuegucy796gmfmfc7zxy0d0pll6aysk2

I don’t see any fault on the escrow side because your account itself is the one who confirmed that everything is good and tracking number is not required to received by escrow if the you already give the signal for a success trade. OG will never know if your account is compromised or not unless he will browse your trust record and this will only possible after the deal went successful.

You are responsible for your account security and you should enable 2FA if you are dealing with huge amount here in the forum. You should state too on the agreement that you will only allow the escrow to release funds if you have the tracking number of the parcel because it’s available since day 1 once the parcel is already book for delivery. Securing the tracking number is your responsibility and not the escrow. The escrow will just release the funds if you say so regardless if you have the tracking number or not.

Interesting but not new it happens often, when you are “online” anything can be compromised. What if it’s not BTT but your email was compromised or may be your laptop is infected with a virus? Or may be someone known to “you” who knew your password?

Og is right how would he know if it’s “you”? Once your password is compromised means scammer now have access your message too so proving a shipping address proves nothing.

Your whole point revolves around not getting any tracking number, but this too can be framed very easily. What if scammer mailed you an empty box or may be a “brick” with a valid tracking id and when it’s delivered, funds released.

I’m just trying to show you that even a tracking id would have saved you.

In short in this case you can’t blame OgNasty. You should have been vigilant before transacting such big amount.

I was going to stay out of this until I remembered this.... SO.... I'll just leave it here, and you can all decide for yourselves who is the scammiest escrow around?

https://bitcointalk.org/index.php?topic=3160695.0;all

Maybe you exchanged some personal messages with him, and you clicked on some link he sent you.
Scammers often use this tactics to steal login information from their victims, by opening phishing page and entering login details in fake login page.

Even 2FA is not perfect protection, but you could improve security by adding 2FA (not sms related) to your email address.
In forum profile settings you can modify it by visiting Account Related Settings, and enabling option to Limit IP retention, BUT there are some risks when doing this and you can lock your profile.
You can also sign a bitcoin message in forum to prove ownership of your account.
I think it's a good idea to move private conversation from forum PM to more private conversation with encrypted conversation, maybe email or other alternative.

For what it's worth, I think this applies:

A signed message from the buyer's used address or the refund one (if different) should be a MUST for any confirmation to release funds to the seller IMO. Did not use any escrow service (yet) and don't know first hand the whole process but seems to be a necessary practice if it's not already a requirement.

Waiting to see what/if Burky155 replies in this thread...

Why is the consensus (maybe not in this thread, but on the forum as a whole) that 2FA is unnecessary? OP's password could have been typed into a phishing site (as LoyceV suggested) or lifted by some clipboard malware or copied by a keylogger. Even a basic implementation of 2FA and lazy (single device) usage would have prevented any of those attack vectors from working...

I've (naively, I should know better by now) made a topic about this here: The forum needs 2FA

Very sad to hear that but that's something childish. Crypto has nothing to do with this case. It's your fault of course.

If the amount was released to the agreed address and there was a confirmation from your account, I don't think you can blame on OgNasty for this though OgNasty could have done some more investigation as an experienced escrow service provider, you can't blame him at all. It's your responsibility to secure your account.

@BetGalaxyADM, please read the forum rules, because that will help you not to break them.

---

The security features provided by the forum could definitely be better, but don't blame the lack of 2FA for what happened to you. Ask yourself how it is possible that you exposed your password in some way, and that regardless of the fact that you used a respectable escrow, you did not additionally secure the whole deal with a signed message of your BTC address.

In that case, you would have additional insurance even in case your BTT account is hacked, because the escrow would not release the funds without you confirming it with a new signed message. The chances of someone hacking your crypto wallet and stealing your private key are still negligible, right?

This is the most likely case.
OP, look at the accounts your opponent owns.


One has already been charged with fraud.
https://bitcointalk.org/index.php?action=trust;u=663730


This person most likely hacked you, OP, because his reputation suggests a dishonest person. Check all links sent by this account.
At the same time, it is not surprising that you were contacted by an account that has been in a dream for three years, although its second account lives safely on the forum.

Here's my topic on Best practices for Bitcointalk escrow providers, with links to the case where $50k was scammed.

@OP: any chance you entered your password on a phishing site? Chances are you got a link by PM before your account got hacked.

Without this, escrow provides false security. It can go wrong on so many levels if one of the parties is an innocent Newbie and the other an advanced scammer.

Yeah, and I still don't even know how my account was hacked.

I also would love to know how to keep any account secure when there is no 2FA option available.

Yes, you had the funds for nearly 3 full days... but he specifically stated it would take him UP TO 3 days just to SHIP IT... and he would LET US KNOW once shipped...

Which he never did...

I get it, you can't hold funds ransom, but you have to know that something could have gone wrong... the fact that it never appeared to have even been shipped yet...

and to release the funds to him within 40 mins of him requesting it from MY account... so fast... like cmon...

In the future, I would recommend REQUIRING a tracking # be confirmed to be provided... AND at least 2 days thereafter before any release can happen.

Because I am obviously not the only person who has had their account broken into.


And additionally, use whatever pull you have if you have any, and get the btctalk devs to add fkn 2fa... its 2022 for Christ's sake.

I held the funds for 3 days.  That's plenty of time for shipping to have occurred, especially considering they were discussing this deal for days before BTC was sent.  When they asked me to release funds I even made the buyer double confirm that everything was ok and to release funds.  It's not my place to hold onto someone's funds when they tell me twice to release them to the seller.  The release approval was from the right account.  It was being released to the prior agreed upon address.  

Keeping your account secure is important. 

1. Yes, sure. But the way my account was reset first, and then email changed... makes me think some fuckery afoot.
2. Yes, and I chose Og because I have used him for other transactions in the past. Those that weren't with a scammer though... smaller transactions as well.
3. Agree maybe I shouldn't have, but this is also one of the only places to really facilitate such trades... The platform should be more secure especially considering how common these trades take place.... and apparently how easy it is to hack a btctalk account... is there even auto-lock on too many failed attempts? Can it be attempted a million times if the guy just changes his IP address and clears cache?
4. The agreement was that after the item was shipped, and after I received it and verified it is a authentic Antminer L7 miner... I would release the funds.
5. I have gotten some replies from Og, but nothing from Burky155. I do not believe Burky155 sent the miner... because the "hacker" told Og to release the funds to Burky.. Clearly a scam took place and there is no mythical Antminer L7 in the mail on it's way to me.

---

And regarding your last question "How would I proceed from here?"

First and foremost, obviously try to get Burky155 to refund the funds or ACTUALLY send the miner (this won't happen though, we all know that). Second, course of action will be to ask my lawyer to file subpoena requests through the courts to obtain the information I need to proceed with either prosecution, or the file a lawsuit if it is deemed against regulations and/or illegal to facilitate such services without proper security systems in place.

That's where I'm at with this, and I have the resources to go as far as I want with it... and given enough subpoena's to exchanges, this website, etc to find out the true identities of these people... I will eventually get at minimum a lawsuit filed.

While I know ultimately the scammer is "at fault"... I also believe that btctalk may have a legal obligation to have some bare minimum security features if they wish to continue to facilitate marketplace services... I don't know though until I ask my lawyer tomorrow to begin investigating the laws and what I can and cannot go after.

I sure as hell am going to try.

---

Update:

Og gave me his last dm... he has now blocked me from dming him...

He said the miner could have been overnighted... lol

I tried to remind him that..

In the message with the TXID of my payment, I specifically instructed Burky155 to provide tracking information, to insure it, and signature delivery.

Burky then replied saying okay, and he would ship it in 1-3 days and would LET US KNOW when it was shipped.

That didn't happen... and he STILL released it..


And then he blocks me


Fact of the matter is... yes I screwed up, but so did OgNasty, and his complete lack of taking ANY responsibility for not following the exact guidelines of the deal... and letting a scam take place... is going to bite him.

I am going to release the hounds on this one... I don't appreciate getting a terrible service, being told that IM the one that screwed up SOLELY... and then blocking me from further communication.

No empathy. No offer of refund of his fee (measly $150, who cares anyway)... Pure assholery and smart ass responses that just lead me further to imply that he possibly is "in" on it.

I am going to utilize all of my resources to find that out, and also all of them to make sure people know to not use his escrow services, and to generally not use escrow services on a platform that has horseshit security.

Probably because they're two of the most established and trusted escrows here? That's what you requested, right?


Didn't you make a little research as to the two options provided? How did you come up with Og and not minerjones?

Also, did you not also check the background of the user you're about to do transaction with? I'm asking because burky155 was inactive for more than 3 years before suddenly coming out of nowhere selling something.


A 2FA could indeed be of help. But knowing that it doesn't have this feature, why did you proceed with the transaction? Also, what happened to you could be considered isolated. I mean, it's not everyday that an account involved in a transaction got hacked in the middle of it.


I don't think so.

Have the three of you been communicating until now? How would you proceed from here? Do you believe that user burky155 really sent the item that you bought? I guess you should communicate with him/her. If he/she indeed sent it, then no problem. If he/she didn't, then it is obvious he/she is scamming you.

Funny, the seller was only okay with using OgNasty or minerjones.

ONLY THEM.

Doesn’t that imply some sort of coordination?

---

How can I properly secure my account when this platform doesn’t even have basic (and FREE) services to do so? Like google 2fa.

And the reason the escrower should also have had a red flag was that there’s no physical way the package could have arrived to me that quickly. Not just the fact that he hadn’t given tracking info yet.

---

What I find interesting, is that the “hacker” first reset my password, and THEN changed my email address.

For those familiar with the emails you receive when those actions are done… only the reset password email has a link to lock the account, but the email change does not have this link.

So I find it curious that he changed the password first, knowing I could instantly lock the account…. And didn’t first change the email so that I wouldn’t get the follow up email that the password was changed (the one with the link to lock account).

The fact that he didn’t change email first… tells me he maybe HAD to reset my password first to get into the account at all…

What I want to know is very important and my lawyers will have a way to find out:

1) does OgNasty have any access to any backend systems that allows him to reset a password for a user? Like a support feature.

2) if so, was that backend system accessed by anyone and was my password reset via that…

---

And Og no longer will reply to me on this account... because "he doesn't even know who I am"

Even though I explained clearly that I am Scott2k and provided confidential info that only Scott2k would know (like the original shipping address).

Just avoiding the issue.

I don't blame him... I'd want to crawl in a hole too.