NXT :: descendant of Bitcoin - Updated Information - page 1929.

wesleyh

sr. member

Activity: 308

Merit: 250

Quote from: EpicThomas on January 02, 2014, 10:32:21 AM

I have just read the last 50 pages of this topic and wow this is crazy.

First of all yes the client was posted by me and I added some code that would send the secrets to my server.
A week ago there were all the ddos issues and billions created which led to a lot of client updates.
During these updates I noticed a lot of those clients had different hashes which made me wondering how easy it would be to modify the client and get it circulated.
So that is what I did. I quoted the official post made by jean-luc on 31/12 and changed the url. Setting this all up took less then an hour.
The server was only online for about an hour and I decided to shut it down after I had gotten access to about 10 accounts.

Now here is what is odd. Yes I got access to some accounts but not those people here who are claiming they got hacked.
The accounts that I got access to never had more then 1000 nxt in them and I never had the intention of taking it.
To the people who got hacked before 0.4.8 I can say that it was definetly not me who could have stolen your coins.

Normally at this point I was going to post details about how easy it is to steal nxt and how people have to be aware about where they download their client instead if only focussing only on their pass strength.
That point has been made very clear now in an unfortunate way.

To be honest if I had found an account containing a 50 million next I would have probably taken it and diseappeared but that was not the case. I am human after all.

I know there are other modified clients around whether they use the same type of attack I don't know.
Digitalocean has also contacted me that people here have sent complaints and that different IP's have logged in on my account.
Whether someone else had access to my vps, people downloaded a different infected client or someone is playing it smart letting me take the blame I do not know.

People are angry and ofcourse I can understand that but the only thing I can do is tell my story and hope a correct explanation for these thefts will appear.

Heh..

Assuming this were true, where are the clients you've noticed that have different hashes? Please post them here.

rickyjames

full member

Activity: 196

Merit: 100

Quote from: Kodoka on January 02, 2014, 10:39:15 AM

Quote from: rickyjames on January 02, 2014, 10:00:31 AM

Quote from: rickyjames on January 02, 2014, 09:27:59 AM

The fact is that the stolen NXT from all five of these guys is sitting stuck in the five thief accounts and it can't get converted to BTC without going thru Dgex. That ain't gonna happen.

This is a major crime in the tens of thousands of dollars range and we know who did it. People go to prison for years for this kind of crap.

(Are you reading this, EpicThomas? I know you are.)

You know, if the NXT were somehow to be magically transferred back into the accounts where it is supposed to be, maybe just maybe I won't personally make it my mission to find your home address and phone number, post it right here on this forum, and call the police in your local town or city.

Do you feel lucky, punk?

A MESSAGE TO EPIC THOMAS:

Dude, I'm coming for you. You had better put back the NXT where it belongs before I find out who you are and go to the police. I will stop if you repay the NXT you have taken from others. Once I find out a name and address and turn it over to law enforcement, things are out of my hands. Until that time you can save yourself. Do it.

My email to customer service at Digital Ocean:

Can you identify the real name, email address, mailing address, and telephone number of the user renting a cloud server from you at 162.243.246.233 for the past several days? This person is involved in illegal activities and has stolen over $23,000 that we know of so far through unauthorized transfers of assets. When you have obtained this information, please let me know the name and location of the representative who may be contacted by local law enforcement.

This is not a prank or joke. My name is X. I am a resident of X and you can contact me at my cell number of X if needed. Thank you, and I look forward to your prompt response.

I understand your enthusiasm. I'd be pissed if my Nxt was stolen, too. Theft of crypto-currency is tricky, though.

Hell, I'm not out to convict him. I'm out to bankrupt him through lawyer fees to defend his sorry ass. A conviction would just be icing on the cake.

Kodoka

member

Activity: 63

Merit: 10

Quote from: rickyjames on January 02, 2014, 10:00:31 AM

Quote from: rickyjames on January 02, 2014, 09:27:59 AM

The fact is that the stolen NXT from all five of these guys is sitting stuck in the five thief accounts and it can't get converted to BTC without going thru Dgex. That ain't gonna happen.

This is a major crime in the tens of thousands of dollars range and we know who did it. People go to prison for years for this kind of crap.

(Are you reading this, EpicThomas? I know you are.)

You know, if the NXT were somehow to be magically transferred back into the accounts where it is supposed to be, maybe just maybe I won't personally make it my mission to find your home address and phone number, post it right here on this forum, and call the police in your local town or city.

Do you feel lucky, punk?

A MESSAGE TO EPIC THOMAS:

Dude, I'm coming for you. You had better put back the NXT where it belongs before I find out who you are and go to the police. I will stop if you repay the NXT you have taken from others. Once I find out a name and address and turn it over to law enforcement, things are out of my hands. Until that time you can save yourself. Do it.

My email to customer service at Digital Ocean:

Can you identify the real name, email address, mailing address, and telephone number of the user renting a cloud server from you at 162.243.246.233 for the past several days? This person is involved in illegal activities and has stolen over $23,000 that we know of so far through unauthorized transfers of assets. When you have obtained this information, please let me know the name and location of the representative who may be contacted by local law enforcement.

This is not a prank or joke. My name is X. I am a resident of X and you can contact me at my cell number of X if needed. Thank you, and I look forward to your prompt response.

I understand your enthusiasm. I'd be pissed if my Nxt was stolen, too. Theft of crypto-currency is tricky, though.

plasticAiredale

full member

Activity: 207

Merit: 120

Quote from: EpicThomas on January 02, 2014, 10:32:21 AM

I have just read the last 50 pages of this topic and wow this is crazy.

First of all yes the client was posted by me and I added some code that would send the secrets to my server.
A week ago there were all the ddos issues and billions created which led to a lot of client updates.
During these updates I noticed a lot of those clients had different hashes which made me wondering how easy it would be to modify the client and get it circulated.
So that is what I did. I quoted the official post made by jean-luc on 31/12 and changed the url. Setting this all up took less then an hour.
The server was only online for about an hour and I decided to shut it down after I had gotten access to about 10 accounts.

Now here is what is odd. Yes I got access to some accounts but not those people here who are claiming they got hacked.
The accounts that I got access to never had more then 1000 nxt in them and I never had the intention of taking it.
To the people who got hacked before 0.4.8 I can say that it was definetly not me who could have stolen your coins.

Normally at this point I was going to post details about how easy it is to steal nxt and how people have to be aware about where they download their client instead if only focussing only on their pass strength.
That point has been made very clear now in an unfortunate way.

To be honest if I had found an account containing a 50 million next I would have probably taken it and diseappeared but that was not the case. I am human after all.

I know there are other modified clients around whether they use the same type of attack I don't know.
Digitalocean has also contacted me that people here have sent complaints and that different IP's have logged in on my account.
Whether someone else had access to my vps, people downloaded a different infected client or someone is playing it smart letting me take the blame I do not know.

People are angry and ofcourse I can understand that but the only thing I can do is tell my story and hope a correct explanation for these thefts will appear.

Wow. Just Wow.

Jimmy2011

hero member

Activity: 589

Merit: 500

Quote from: Come-from-Beyond on January 02, 2014, 09:58:52 AM

Quote from: laowai80 on January 02, 2014, 09:55:45 AM

Let's see... 0.4.8 was more stable than 0.4.7e, even on 512 Mb. If 0.4.9e is even better, then we're getting where it should be.

The goal is to run NRS on 64 KiB devices. Wink

Yeah, Bill Gates said he will join in Nxt.

EvilDave

hero member

Activity: 854

Merit: 1001

Now this is gonna get interesting....

opticalcarrier

full member

Activity: 238

Merit: 100

Quote from: EpicThomas on January 02, 2014, 10:32:21 AM

I have just read the last 50 pages of this topic and wow this is crazy.

First of all yes the client was posted by me and I added some code that would send the secrets to my server.
A week ago there were all the ddos issues and billions created which led to a lot of client updates.
During these updates I noticed a lot of those clients had different hashes which made me wondering how easy it would be to modify the client and get it circulated.
So that is what I did. I quoted the official post made by jean-luc on 31/12 and changed the url. Setting this all up took less then an hour.
The server was only online for about an hour and I decided to shut it down after I had gotten access to about 10 accounts.

Now here is what is odd. Yes I got access to some accounts but not those people here who are claiming they got hacked.
The accounts that I got access to never had more then 1000 nxt in them and I never had the intention of taking it.
To the people who got hacked before 0.4.8 I can say that it was definetly not me who could have stolen your coins.

Normally at this point I was going to post details about how easy it is to steal nxt and how people have to be aware about where they download their client instead if only focussing only on their pass strength.
That point has been made very clear now in an unfortunate way.

To be honest if I had found an account containing a 50 million next I would have probably taken it and diseappeared but that was not the case. I am human after all.

I know there are other modified clients around whether they use the same type of attack I don't know.
Digitalocean has also contacted me that people here have sent complaints and that different IP's have logged in on my account.
Whether someone else had access to my vps, people downloaded a different infected client or someone is playing it smart letting me take the blame I do not know.

People are angry and ofcourse I can understand that but the only thing I can do is tell my story and hope a correct explanation for these thefts will appear.

wow and so now you take us for idiots?

rickyjames

full member

Activity: 196

Merit: 100

Quote from: EpicThomas on January 02, 2014, 10:32:21 AM

I have just read the last 50 pages of this topic and wow this is crazy.

First of all yes the client was posted by me and I added some code that would send the secrets to my server.
A week ago there were all the ddos issues and billions created which led to a lot of client updates.
During these updates I noticed a lot of those clients had different hashes which made me wondering how easy it would be to modify the client and get it circulated.
So that is what I did. I quoted the official post made by jean-luc on 31/12 and changed the url. Setting this all up took less then an hour.
The server was only online for about an hour and I decided to shut it down after I had gotten access to about 10 accounts.

Now here is what is odd. Yes I got access to some accounts but not those people here who are claiming they got hacked.
The accounts that I got access to never had more then 1000 nxt in them and I never had the intention of taking it.
To the people who got hacked before 0.4.8 I can say that it was definetly not me who could have stolen your coins.

Normally at this point I was going to post details about how easy it is to steal nxt and how people have to be aware about where they download their client instead if only focussing only on their pass strength.
That point has been made very clear now in an unfortunate way.

To be honest if I had found an account containing a 50 million next I would have probably taken it and diseappeared but that was not the case. I am human after all.

I know there are other modified clients around whether they use the same type of attack I don't know.
Digitalocean has also contacted me that people here have sent complaints and that different IP's have logged in on my account.
Whether someone else had access to my vps, people downloaded a different infected client or someone is playing it smart letting me take the blame I do not know.

People are angry and ofcourse I can understand that but the only thing I can do is tell my story and hope a correct explanation for these thefts will appear.

Nice to meet you. I haven't received a response from Digital Ocean yet. The clock is ticking. I don't back down. Ask my wife.

EpicThomas

newbie

Activity: 19

Merit: 0

I have just read the last 50 pages of this topic and wow this is crazy.

First of all yes the client was posted by me and I added some code that would send the secrets to my server.
A week ago there were all the ddos issues and billions created which led to a lot of client updates.
During these updates I noticed a lot of those clients had different hashes which made me wondering how easy it would be to modify the client and get it circulated.
So that is what I did. I quoted the official post made by jean-luc on 31/12 and changed the url. Setting this all up took less then an hour.
The server was only online for about an hour and I decided to shut it down after I had gotten access to about 10 accounts.

Now here is what is odd. Yes I got access to some accounts but not those people here who are claiming they got hacked.
The accounts that I got access to never had more then 1000 nxt in them and I never had the intention of taking it.
To the people who got hacked before 0.4.8 I can say that it was definetly not me who could have stolen your coins.

Normally at this point I was going to post details about how easy it is to steal nxt and how people have to be aware about where they download their client instead if only focussing only on their pass strength.
That point has been made very clear now in an unfortunate way.

To be honest if I had found an account containing a 50 million next I would have probably taken it and diseappeared but that was not the case. I am human after all.

I know there are other modified clients around whether they use the same type of attack I don't know.
Digitalocean has also contacted me that people here have sent complaints and that different IP's have logged in on my account.
Whether someone else had access to my vps, people downloaded a different infected client or someone is playing it smart letting me take the blame I do not know.

People are angry and ofcourse I can understand that but the only thing I can do is tell my story and hope a correct explanation for these thefts will appear.

timmyd

hero member

Activity: 714

Merit: 500

Quote from: rickyjames on January 02, 2014, 09:27:59 AM

Quote from: xyzzyx on January 02, 2014, 09:21:33 AM

Quote from: rickyjames on January 02, 2014, 09:15:15 AM

You guys need to rethink this. The evidence shows pretty conclusively that Sparta_cuss was actually robbed and reported it before either PaulyC or newcn. Plus Framewood beat them all to it by a couple of days.

So - we gonna create a loss fund to cover 300K NXT and counting?

I'm relatively NXT poor, but I'll contribute 1k to a theft fund if it's set up.

The fact is that the stolen NXT from all five of these guys is sitting stuck in the five thief accounts and it can't get converted to BTC without going thru Dgex. That ain't gonna happen.

This is a major crime in the tens of thousands of dollars range and we know who did it. People go to prison for years for this kind of crap.

(Are you reading this, EpicThomas? I know you are.)

You know, if the NXT were somehow to be magically transferred back into the accounts where it is supposed to be, maybe just maybe I won't personally make it my mission to find your home address and phone number, post it right here on this forum, and call the police in your local town or city.

Do you feel lucky, punk?

Door kicking crew grouped and ready for a visit in the uk if needed. Just need an adress

bitcoinrocks

legendary

Activity: 1372

Merit: 1000

I read talk of 4.9e but it isn't posted on the first page of this thread. Is it available?

rickyjames

full member

Activity: 196

Merit: 100

Quote from: gbeirn on January 02, 2014, 10:19:30 AM

If anyone else wants to contribute anything to helping reimburse those who were affected my account is: 7692313866255280204

I just received 35K NXT from neer.g. Once we get some confirmations on that I will begin sending it out.

I think this is a great effort but I urge you to hold off for a day or two and see if we can get EpicThomas to rethink the wisdom of keeping his ill-gotten gains and put the money back that he stole.

Worth a shot. And I am 99.99% sure I will have the law on his tail if he doesn't. I am a persistent fellow once I take up a cause.

bitcoinrocks

legendary

Activity: 1372

Merit: 1000

Quote

To be honest, if the quality of software and all the ecosystem does not improve significantly, people will go away very soon. Now I guess most people here are attracted by the insanely fast growing price. Once it is stabilized, we will see more and more complains about the user experience.

For example, could you imagine an organization having millions of dollars does not have a reliable downloading service for frequent software upgrading? Is it so expensive to get a reliable VPS and setup a downloading server, or simply as a temporary solution just pay dropbox to get an official account with larger bandwidth?

I'm an Nxt believer but this is very true.

BitcoinForumator

legendary

Activity: 1120

Merit: 1000

Quote from: BitThink on January 02, 2014, 04:31:29 AM

Quote from: landomata on January 02, 2014, 04:28:11 AM

Quote from: swartzfeger on January 02, 2014, 04:24:27 AM

One thing that hasn't been mentioned (I don't think), how are we going to vet/verify future client downloads?

As much as I don't share some users' level of conviction when it comes to user adoption vs. difficulty (I think this is rickyjames point), regular users having to worry about 1) brain wallet, 2) clunky client installer PLUS having to verify SHA256 for every update might drive people away.

I also think a permanent solution should be found the above issues.

To be honest, if the quality of software and all the ecosystem does not improve significantly, people will go away very soon. Now I guess most people here are attracted by the insanely fast growing price. Once it is stabilized, we will see more and more complains about the user experience.

For example, could you imagine an organization having millions of dollars does not have a reliable downloading service for frequent software upgrading? Is it so expensive to get a reliable VPS and setup a downloading server, or simply as a temporary solution just pay dropbox to get an official account with larger bandwidth?

This is so true.

wesleyh

sr. member

Activity: 308

Merit: 250

Quote from: Come-from-Beyond on January 02, 2014, 10:17:47 AM

Quote from: wesleyh on January 02, 2014, 10:13:58 AM

2) Auto-updates now check the sha256 and won't continue if it does not match what is said in the blockchain.

How do u check it if u have not caught recent blocks yet?

If the app version is bigger or same as in blockchain then we won't proceed with downloading anyway. only when a new version is found in the blockchain will we check the sha256. If nothing is found in blockchain (or not yet caught up) the user will not get an update notice.

gbeirn

full member

Activity: 126

Merit: 100

If anyone else wants to contribute anything to helping reimburse those who were affected my account is: 7692313866255280204

I just received 35K NXT from neer.g. Once we get some confirmations on that I will begin sending it out.

Someone else PMd me that would like to contribute 1K.

In the spirit of transparency: http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=7692313866255280204

I love the community support here. Thank you everyone.

S3MKi

legendary

Activity: 1540

Merit: 1016

Quote from: gbeirn on January 02, 2014, 10:13:34 AM

Quote from: plasticAiredale on January 02, 2014, 10:00:05 AM

Quote from: Vega on January 02, 2014, 09:38:06 AM

...

Paying back stolen Nxt is not realistic. Shit happends.
However PaulyC (and for a smaller extent newcn) should (and did) get bounty for uncovering the method of the theft, saving others.

Yeah, the amount of NXT stolen is quite a lot of money at this point, I can't imagine everyone being made whole. I'd love to be proved wrong, but I'm not expecting any compensation for what was my mistake in the end. Outside of EpicThomas refunding the NXT, or DGEX blacklisting/rerouting any attempts to sell the NXT, I'm not seeing this ending well for us.

Any chance some big holders want to cash out and crash the price a little? I'd love to buy back in at my original price. Wink

I received a PM from someone who plans to send me some NXT to help divide up among those who lost NXT. Can we get a comprehensive list of who lost what as of right now.

I think this story with stolen nxt is specially surfaced the day before release source code. And i think we will new users who lose nxt because a holiday now/

landomata

legendary

Activity: 2184

Merit: 1000

Congratulations to HASH!

TOTAL VOTE:

HASH: 79
QTBC: 65

Disqualified (Accounts were open after Vote started):
nebina - Hash
mayat - Hash
nexter - Hash
chindit - QTBC
Permafrost -Hash
Bezy - Hash

POSTED TWICE:
Attack-in- front - HASH
Punkrock - Hash & QTBC (I think he meant to change his vote but rules are rules)

https://nextcoin.org/index.php/topic,1927.0.html

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: wesleyh on January 02, 2014, 10:13:58 AM

2) Auto-updates now check the sha256 and won't continue if it does not match what is said in the blockchain.

How do u check it if u have not caught recent blocks yet?

plasticAiredale

full member

Activity: 207

Merit: 120

Topic: NXT :: descendant of Bitcoin - Updated Information - page 1929. (Read 2761645 times)