)7177834 Dec 31 11:43 nxt-client-0.4.8.zip
Topic: NXT :: descendant of Bitcoin - Updated Information - page 1946. (Read 2761645 times)
Can anyone confirm that this is the bogus client?()
7177834 Dec 31 11:43 nxt-client-0.4.8.zip
)7177834 Dec 31 11:43 nxt-client-0.4.8.zip
By the way, I just checked and Drexme was last online here two hours ago.
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder?
This is gonna get really, really bad...
I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?"
At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far.
It is important to locate the source of the bogus link.
1. What about that guy who lost 250k of coins? Total is about 300K, there are many reports on nextcoin.org forum.
2. Already located.
1. Can you give me the link to 250k loss case.
2. We still don't know where it was posted. Nextcoin or nxtcrypto or where ?
I would support a roll-back if that much money involved.
the problem here is that a rollback may cause even more loss because plenty of btc nxt trades would have happened and no one is rolling back the btc blockchain for us
Time travel paradox. I did not think about it.
It looks like the roll back option would not be possible since it is going to kill DGEX and any other BTC-NXT exchange. We don't even know when the bogus link started to appear. The best option
here to to locate the hacker and demand him to pay back.
By the way, I just checked and Drexme was last online here two hours ago.
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder?
This is gonna get really, really bad...
I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?"
At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far.
It is important to locate the source of the bogus link.
1. What about that guy who lost 250k of coins? Total is about 300K, there are many reports on nextcoin.org forum.
2. Already located.
1. Can you give me the link to 250k loss case.
2. We still don't know where it was posted. Nextcoin or nxtcrypto or where ?
I would support a roll-back if that much money involved.
in fact I almost feel like taking all of my VPSs offline until firm rollback has been initiated network wide
By the way, I just checked and Drexme was last online here two hours ago.
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder?
This is gonna get really, really bad...
I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?"
At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far.
It is important to locate the source of the bogus link.
1. What about that guy who lost 250k of coins? Total is about 300K, there are many reports on nextcoin.org forum.
2. Already located.
1. Can you give me the link to 250k loss case.
2. We still don't know where it was posted. Nextcoin or nxtcrypto or where ?
I would support a roll-back if that much money involved.
the problem here is that a rollback may cause even more loss because plenty of btc nxt trades would have happened and no one is rolling back the btc blockchain for us
In summary,what I found from Chrome history:
from download history, the malware link was:
http://162.243.246.223/nxt-client-0.4.8.zip
...
from download history, the malware link was:
http://162.243.246.223/nxt-client-0.4.8.zip
...
Please edit your post, it looks like you are saying there is bogus software at info.nxtcrypto.org
It looks like you got the bogus software directly from the thief. My guess is that is where paulyC got his as well.
Some folks are claiming that dextern is involved and changed the link on nextcoin - i dont believe that is the case, Graviton removed his moderator access when that mess went down
But as far as I know, dex has still not returned the donation NXT.
well, I didn't mean that, I didn't accussed anyone or any site.
in fact, the current IP of info.nxtcrypto.org is 46.28.204.121,
and it's different from 162.243.246.223, that's where I downloaded the malware
Im the DNS admin for all nxtcrypto.org sites. 46.28.204.121 has always been the address, since info got created; its never been 162.243.246.223. No one else has access to change the records.
Someone else admins the info website, the guy Intel from these forums here.
So did you ever download 0.4.8 from any other place than the info site? If that is the only place you downloaded from then there are only 2 explanations I can think of. Either I changed the IP in DNS temporarily to make people download a bogus client, or intel made a temporary redirect to a bogus client at 162.243.246.223. Which would have been dumb, it would have been much much simpler for him to just temporarily post a bogus client directly on his info site.
So step back, take a few deep breaths, go through your chrome history, and be detailed and tell us how you got the bogus client.
If you still didnt understand, there was a patched NXT Client which logged all password to server of EvilDave!
You certain it was EvilDave? I'm just not seeing that here.
intel, the person you're after is EpicThomas, not EvilDave
162.243.246.223 looks like it is "epicdices.com" (http://domain-kb.com/www/epicdices.com)
Owner of epicdices - EpicThomas - is a member of this topic:
https://bitcointalksearch.org/user/epicthomas-172850
PaulyC:
the 0.4.8 client I used, I forgot where I downloaded it, but from chrome history,
the link was http://162.243.246.223/nxt-client-0.4.8.zip
this client is different from what I Just downloaded from this thread:
the 0.4.8 client I used, I forgot where I downloaded it, but from chrome history,
the link was http://162.243.246.223/nxt-client-0.4.8.zip
this client is different from what I Just downloaded from this thread:
Code:
ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2 nxt-client-0.4.8 (1).zip
948ce760c379f13f4ea9def6babaa36b0d706bf91098f1d64945fdde3eac5f06 nxt-client-0.4.8.zip
162.243.246.223 looks like it is "epicdices.com" (http://domain-kb.com/www/epicdices.com)
Owner of epicdices - EpicThomas - is a member of this topic:
https://bitcointalksearch.org/user/epicthomas-172850
By the way, I just checked and Drexme was last online here two hours ago.
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder?
This is gonna get really, really bad...
I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?"
At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far.
It is important to locate the source of the bogus link.
1. What about that guy who lost 250k of coins? Total is about 300K, there are many reports on nextcoin.org forum.
2. Already located.
1. Can you give me the link to 250k loss case.
2. We still don't know where it was posted. Nextcoin or nxtcrypto or where ?
I would support a roll-back if that much money involved.
intel, when PaulyC reported the theft, lots of people besides EvilDave were suggesting possibilities. The most commonly suggested was keylogger. I remember someone posted something like
1) SHA256 and Elliptic Curve algo broken: 0.0001%
2) Keylogger: 80%
3) Bogus client: 10%
4) Rogue node: 10%
Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too
1) SHA256 and Elliptic Curve algo broken: 0.0001%
2) Keylogger: 80%
3) Bogus client: 10%
4) Rogue node: 10%
Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too
If you still didnt understand, there was a patched NXT Client which logged all password to server of EpicThomas!
Is it the same or separate issue from PaulyC's hacked account ?
The same. All hacked accounts is only work of one patched (infected) client designed by one pair of hands.
EpicDave is OK, EpicThomas is not OK , as he is owner of IP to which password logs leaked. Just confused these two names.
By the way, I just checked and Drexme was last online here two hours ago.
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder?
This is gonna get really, really bad...
I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?"
At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far.
It is important to locate the source of the bogus link.
1. What about that guy who lost 250k of coins? Total is about 300K, there are many reports on nextcoin.org forum.
2. Already located.
I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?"
Maybe see how much damage was done first? The account that PaulyC's 7808 NXT was sent to contains only ~1150 more NXT. newcn lost ~17k. Probably easier to reimburse lost NXT if it isn't too large.
Is it possible to find out how long the fake link was up, and how many people downloaded from it?
intel, when PaulyC reported the theft, lots of people besides EvilDave were suggesting possibilities. The most commonly suggested was keylogger. I remember someone posted something like
1) SHA256 and Elliptic Curve algo broken: 0.0001%
2) Keylogger: 80%
3) Bogus client: 10%
4) Rogue node: 10%
Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too
1) SHA256 and Elliptic Curve algo broken: 0.0001%
2) Keylogger: 80%
3) Bogus client: 10%
4) Rogue node: 10%
Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too
If you still didnt understand, there was a patched NXT Client which logged all password to server of EvilDave!
Is it the same or separate issue from PaulyC's hacked account ?
In summary,what I found from Chrome history:
from download history, the malware link was:
http://162.243.246.223/nxt-client-0.4.8.zip
...
from download history, the malware link was:
http://162.243.246.223/nxt-client-0.4.8.zip
...
Please edit your post, it looks like you are saying there is bogus software at info.nxtcrypto.org
It looks like you got the bogus software directly from the thief. My guess is that is where paulyC got his as well.
Some folks are claiming that dextern is involved and changed the link on nextcoin - i dont believe that is the case, Graviton removed his moderator access when that mess went down
But as far as I know, dex has still not returned the donation NXT.
well, I didn't mean that, I didn't accussed anyone or any site.
in fact, the current IP of info.nxtcrypto.org is 46.28.204.121,
and it's different from 162.243.246.223, that's where I downloaded the malware
By the way, I just checked and Drexme was last online here two hours ago.
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder?
This is gonna get really, really bad...
I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?"
At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far.
It is important to locate the source of the bogus link.
intel, when PaulyC reported the theft, lots of people besides EvilDave were suggesting possibilities. The most commonly suggested was keylogger. I remember someone posted something like
1) SHA256 and Elliptic Curve algo broken: 0.0001%
2) Keylogger: 80%
3) Bogus client: 10%
4) Rogue node: 10%
Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too
1) SHA256 and Elliptic Curve algo broken: 0.0001%
2) Keylogger: 80%
3) Bogus client: 10%
4) Rogue node: 10%
Personally I suggested some nonsense about possible address collision from different passwords. So I guess that makes me a troll too
If you still didnt understand, there was a patched NXT Client which logged all password to server of EvilDave!
Open source incoming! Rally has begun! Anything below .0001 is CHEAP 
By the way, I just checked and Drexme was last online here two hours ago.
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder?
This is gonna get really, really bad...
I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?"
In summary,what I found from Chrome history:
from download history, the malware link was:
http://162.243.246.223/nxt-client-0.4.8.zip
...
from download history, the malware link was:
http://162.243.246.223/nxt-client-0.4.8.zip
...
Please edit your post, it looks like you are saying there is bogus software at info.nxtcrypto.org
It looks like you got the bogus software directly from the thief. My guess is that is where paulyC got his as well.
Some folks are claiming that dextern is involved and changed the link on nextcoin - i dont believe that is the case, Graviton removed his moderator access when that mess went down
But as far as I know, dex has still not returned the donation NXT.
Also clear.
Very big PHEW
Edit: blockchain explorer is back up, btw
Very big PHEW
Edit: blockchain explorer is back up, btw
Great Love the blockchain explorer and nexern's work.
In summary,what I found from Chrome history:
from download history, the malware link was:
http://162.243.246.223/nxt-client-0.4.8.zip
sha256: 948ce760c379f13f4ea9def6babaa36b0d706bf91098f1d64945fdde3eac5f06
the creation time and modification time of the zip file on my local disk was:
in that time period, I only accessed two pages:
from the download history, I probably downloaded the malware from the first page,that is:
http://info.nxtcrypto.org/nxt-client-0.4.8.zip
(I found the new version and checked it on the first page, and it's true, there's an update there, but I don't like the mega site, its slow from my home, so I downloaded the link from the first page)
the thief might changed the link directly,
or he might changed IP address of info.nxtcrypto.org
current IP of info.nxtcrypto.org is 46.28.204.121,
which is different from 162.243.246.223
from download history, the malware link was:
http://162.243.246.223/nxt-client-0.4.8.zip
sha256: 948ce760c379f13f4ea9def6babaa36b0d706bf91098f1d64945fdde3eac5f06
the creation time and modification time of the zip file on my local disk was:
Code:
creation time:2013.12.31,20:31:14
modified time:2013.12.31,20:35:16
modified time:2013.12.31,20:35:16
in that time period, I only accessed two pages:
Code:
20:29 https://bitcointalk.org/index.php?topic=345619.11740
20:30 https://bitcointalk.org/index.php?topic=345619.0
20:30 https://bitcointalk.org/index.php?topic=345619.0
from the download history, I probably downloaded the malware from the first page,that is:
http://info.nxtcrypto.org/nxt-client-0.4.8.zip
(I found the new version and checked it on the first page, and it's true, there's an update there, but I don't like the mega site, its slow from my home, so I downloaded the link from the first page)
the thief might changed the link directly,
or he might changed IP address of info.nxtcrypto.org
current IP of info.nxtcrypto.org is 46.28.204.121,
which is different from 162.243.246.223
Jump to: