Topic: NXT :: descendant of Bitcoin - Updated Information - page 1365. (Read 2761645 times)

is IP address known to bitcointalk.org?
BTW: who hosts bitcointalk.org?

NOOOOOOOOOOOOOOOOOOOO


I'm also getting this with .5.10. Is it something serious?

got a error with NRS 0.5.9, don't know whether it is a bug.

DEBUG: Failed to analyze hallmark for peer geodreieck.redirectme.net

As far as I am concerned, you're right

Would like to hear some vircurex news today...

Stolen NXT Now On Bitcoin Blockchain...And Gone!?!

As previously discussed here  ( https://bitcointalksearch.org/topic/m.4656340 ), stolen NXT went on the move Jan 21 and Graviton said it was laundered thru Dgex by a "well known and reputable NXT community member".  As radio commentator Paul Harvey used to say, here's "the rest of the story"...

First of all, my apologies for Graviton for rushing into print using the juicy shock-value phrase "well known and reputable NXT community member".   Graviton didn't know I was going to do that, and I should not have.  As graviton later wrote to me, "I don't want to make it look like I'm suspecting or even setting up XYZ by assuming the identity instantly so strong as it looked like. My position is neutral - the wording about the thief being a prominent community member was wrongly chosen in haste, not anticipated for public distribution."  So...I'm sorry, Graviton.  

A forensic investigation should deal solely with facts and purge emotion as much as possible.  I fell short of that standard.

So here are the facts as gathered by Graviton on Dgex use in laundering the stolen NXT:

******** BEGIN GRAVITON PM TO OPTICALC, RICKYJAMES AND SALSACZ ***********************

I do not expect a reply from the NXT thief any more after 30+ hours have passed from my contact, so here is the data I have available. I trust you make of it what you can, if anything;

Account number: 9550
Account established: Jan 19th
IP Address: 188.132.251.194 (did not change)
Account holder email: [email protected] (is delivered to, but does not reply - not surprisingly)
Deposited 284634 NXT from 2647797480528736696 on Jan 19th
Quick sold everything after deposit confirmed 2014-01-20 09:23 to 2014-01-20 09:34
Withdrew through instant cashout when it came available 2014-01-20 11:37 to 2014-01-20 12:22 in 7 payments (max system limit 3 BTC at once) to bitcoin address 13BDBCHyd916pTAyAXK4hYyjViqSzCuRcH
---
I hope the information helps you some forward, although you were probably expecting more than this.

The content of this message is ok for public release.

Regards,
Graviton

******** END GRAVITON PM TO OPTICALC, RICKYJAMES AND SALSACZ ***********************

So, do I believe Salsacz distributed Trojan clients weeks ago and opened up a new Dgex account in his own name to launder stolen NXT?  No, I do not.  Way too obvious.

I believe this is a setup or frame job, a last twist-of-the-knife joke by somebody who is a reader of this forum.  So in that sense, it is still an inside job.

I've checked a few other things and I'm pretty much at a dead end.  

Epic Thomas has not been on Bitcointalk since Jan 16, so if he's watching all of this and laughing, he's not using his old username.  Somehow I don't think he's that smart.  So I personally don't think this is EpicThomas any more than I think it is Salsacz.

There are a few interesting things I've learned about 188.132.251.194.  It's in Turkey, but it seems to be owned by a Czech company called Mars Global Datacenter Services located at Probrezni 118, Prauge, Czech Republic.  This is where you would have to go for the  server logs to determine who was behind the Turkish proxy on the day of the Dgex withdrawal...

It's curious to me that the computer used in the heist is owned by a company in the same city/country as the suspect it fingers.  Even moreso that they would try to frame a white-hat with experience in catching hackers who has dealt with thousands of cheaters ( https://bitcointalksearch.org/topic/m.4322484 ).  

My own personal opinion is that Salsacz has done WAY too much for the NXT community to rob others of their NXT.  However, the way things sometimes work is that somebody around him could have seen Salsacz's enthusiasm for NXT and hatched a plot of their own.  But that is just rank speculation on my part, I will never know.

So much for the getaway vehicle's license plate number.  On to following the money.

Bitcoin address 13BDBCHyd916pTAyAXK4hYyjViqSzCuRcH is registered at Blockchain.info, which is one of the biggest online Bitcoin wallets.  So the stolen NXT has been laundered into BTC, and here it sits, all $17,371.76 of it:

https://blockchain.info/address/13BDBCHyd916pTAyAXK4hYyjViqSzCuRcH

So I wrote Blockchain.info an email:

************ BEGIN RICKYJAMES EMAIL TO BLOCKCHAIN.INFO ***************

My name is Ricky X and I am a resident of X, X, USA. My
 cell phone number is X.

I have been investigating the theft of large numbers of NXT coins through
 use of a Trojan software package that was used by at least five users. On
 Jan 20 the thief finally laundered the money through dgex.com to the
 following Blockchain.info address:


https://blockchain.info/address/13BDBCHyd916pTAyAXK4hYyjViqSzCuRcH

I formally request that you freeze all funds this account until you can
 examine my chain of evidence and verify that I am telling you the truth.
 Once you have done so, I ask that you release to me the email address and
 cell number of the owner of this account.

Please let me know a direct email address to your security department and a
 ticket number for this request and I will provide further details
 immediately. Thanks for your help in investigating this theft.

-Ricky J. X

************ END RICKYJAMES EMAIL TO BLOCKCHAIN.INFO ***************

to which I got this response...


************ BEGIN BLOCKCHAIN.INFO EMAIL TO RICKYJAMES ***************

Ricky, Blockchain.info only deals in bitcoin, and no other altcoin. We also don't have any access to the funds in a user's wallet. This is due to the way our wallets work. A user controls his or her passwords and private keys, and Blockchain.info only stores the encrypted backups. We don't even know what public address are in a wallet, and a user doesn't even need to provide any type of personal information to setup a wallet. Sorry to hear of this, but Blockchain.info is unable to do any type of freeze on an account, especially since a user could easily import those private keys into any other wallet service available.

Mandrik | Blockchain.info Support


************ END BLOCKCHAIN.INFO EMAIL TO RICKYJAMES***************

As an aside, I never heard back from Bter.com.

So I am out of ideas and I think it is the end of the line for me.  I gave it my best shot.

As salsacz has noted, ( https://bitcointalksearch.org/topic/m.4649481 ) I still haven't caught 1 thief or thief's Bitcointalk account or didn't find any new theft except of those who were found by others.  

That's kinda like Yoda's "Do or do not, there is no try".

Sigh, sometimes the bad guys win.  

A loss for us all, and a lesson to start from this point and do everything we can to strengthen NXT security, especially for new users that don't check SHA-256 of a client file or make a password longer than 11 characters.

Lots of hardworking shibes digging quietly behind the scenes to make Nxt shinier. We're proud, but we could also use some Nxt  

Let's try to mention, and tip more people. I think QBTC is keeping servers running? But I don't hear her mentioned a lot.

You have to put * in web.xml under AllowedBotHost or something like this... i think it's not an error from the script cause in that case it should return an error, so maybe it's local host that can't handle API try with an online one or configure your local one,  or also local PHP is not working (maybe) cause something has to write when i insert a wrong server address php (in an online server) return me that he can't connect to that server address)

Alright men,

Another update. I'm figuring out how I can do this automatically.
In the mean time if you want newsletters of the latest news of NXT send a mail to [email protected].

The newsletter will look like this;



if you like it; join the movement!

So negative   Welcome all new shibes nxters!  

EDIT: barbierir, thanks for suggesting Diceware. I've added a link to it from the wiki page. If folks prefer such methods to be more prominent, you can format the page, or comment in the page's Discussion page. Just register and edit.

or not YET trolls

http://www.nxtcrypto.org/

I don't know everyone who is behind this site - all of the contributors...

but, you have made it into something to be proud of.

PR pays off after a while

In the last few days i'm seeing a lot of newcomers to this thread, more than in the past.

So far everywhere I mention Nxt there is a BIG sentiment against it, because the entire coin supply was distributed for 21 BTC, And I can certainly understand them, because it does have a negative image. What do you guys usually say about this?


True, but wouldn't people call it unfair ALOT less if there were more stakeholders? The less stakeholders there are the more people call it unfair and a scam, which decreases the adoption rate.


Wait ... what? Are you saying BCNext wants the original stakeholders to make all the important decisions or people who own Nxt in general? The former would mean that Nxt fate should be decided by a select few, the latter would mean that decisions will be made by the entire community (which makes sense), but why is the logical conclusion from that to shorten the IPO and only take 21 BTC? Wouldn't it make more sense to have way more original stakeholders so more people in the community have the power to help and distribute or give away coins? I just don't understand why the IPO was rushed like this.

Sorry if this has been asked before, and I don't want to attack Nxt, just want to know what you guys have to say about this.

You could try dotNXT

@barbierir:

Thanks for suggesting Diceware, I've linked to it from the wiki page. We can format the page to make such methods more prominent, I'll leave it up to everyone to decide. Just register and edit.

Yes, it would be pretty nice.

You method compares well with Diceware, I only worry that a newbie could use it incorrectly. The Diceware method ensures a strong passphrase without human bias.

I read that Keepass is not only a storage aid, it also uses a random seed from mouse movements and keyboard hits in order to generate true random passphrases. I'm not an expert but it sounds good and is often reccomended.

I tried different times to send money using this script. I'm running XAMPP local on my machine. I tried http @ port 7874 and https @ port 7875. I think it's a problem with my passphrase. I have some quotes and other special characters in it. I also tried to make a backslash (\) before a quote (") because it's a PHP-string and maybe it doesn't like special characters like quotes. Doesn't work. I click the button and the page reloads and the form is empty. Any ideas?

Peerlist: It should be an option, but maybe hidden on default.

Overall, keep it f**king simple (this is key!), but provide options for a more sophisticated app. It should start very simple, few options, few settings, few text. Few all.

PC folks may disagree, but apple's strategy (simplicity!) is unbeaten. Keep that in mind!