Pages:
Author

Topic: RarityCheck VIBGYOR gilded #12 swept yesterday. - page 5. (Read 4059 times)

copper member
Activity: 406
Merit: 485
Track Burns @ burned.money
I still don't know how I had 8 of these coins and NONE of them were swept. I swept all 4 of the 0.01 btc denomination coins and left the other 4 coins that are loaded with 0.001 alone and they are still loaded,  weird.


edit:
Does anyone know how many of the "lost coin series"  0.001 btc coins are still loaded ?  ty

The Lost Coin Series has two variants -  Silver and Alloy.

Rarity Check Lost Coin Series V1 Alloy has 16 unredeemed, 1 redeemed, and 183 unfunded (thanks 2stout!).
Rarity Check Lost Coin Series V1 Silver has 5 unredeemed, 4 redeemed, and 91 unfunded.

For VIBGYOR series, there are still 8 unredeemed Gilded and 15 unredeemed Silver worth 0.044BTC and 0.015BTC respectively.

If you hold an intact, funded VIBGYOR coin or know someone who does, please make sure it is peeled and redeemed. Based on what we know about the keygen compromise so far, funds being stolen from this is a matter of WHEN, not IF. Leaving those coins funded is akin to sending a time-delayed donation to the people behind the bad keygen.
hero member
Activity: 2562
Merit: 607
I still don't know how I had 8 of these coins and NONE of them were swept. I swept all 4 of the 0.01 btc denomination coins and left the other 4 coins that are loaded with 0.001 alone and they are still loaded,  weird.


edit:
Does anyone know how many of the "lost coin series"  0.001 btc coins are still loaded ?  ty

According to Collectible Money, 16 are still funded.

Item 019 from series Rarity Check Lost Coin Series V1 Alloy has been redeemed on 2024-08-07 18:50:58 UTC, worth 0.001 BTC (54.85 USD).

First funded on 2023-09-21 03:30:24 UTC, this item held it's value for 10 months, 21 days, 15 hours.

There are 183 unfunded, 16 funded, and 1 redeemed items in this series now, worth 0.016 BTC (877.61 USD).
copper member
Activity: 672
Merit: 113
I still don't know how I had 8 of these coins and NONE of them were swept. I swept all 4 of the 0.01 btc denomination coins and left the other 4 coins that are loaded with 0.001 alone and they are still loaded,  weird.


edit:
Does anyone know how many of the "lost coin series"  0.001 btc coins are still loaded ?  ty
jr. member
Activity: 52
Merit: 5
Hi everyone!

I'm new here and found this place after researching transaction 5f3720dd75ea36efed2bffd7bc136dc8556e600d6cc94f2a82c38880e0d02b64.

On a certain day (which I honestly don't remember), I accessed bitaddress.org to generate a wallet for my godson. I'm a tech person, so I took every precaution when accessing the site (Mac/Safari or Chrome), generating the document, and even when printing it. I chose to take my laptop to the printer and connected it via a USB cable (I've worked with printer drivers for years).

I had saved the address 1EXkmyQEtNL351Q9ovUsCvsDTYtx4hVgCf to check the balance using the BlueWallet app, to see how my godson's savings were doing. Tonight, when I accessed the website, I was shocked! The funds had been moved. I immediately spoke to my godson's father, who confirmed that the funds hadn't been moved by him and that the paper was safely stored in a vault, as I had given it to him.

I can't stop thinking about where I went wrong in this process.

If you're looking for assistance you might want to start a new thread. Not that someone won't respond to this post but with a new thread some of the more experienced members will see the new thread and might be more likely to respond.
newbie
Activity: 1
Merit: 0
Hi everyone!

I'm new here and found this place after researching transaction 5f3720dd75ea36efed2bffd7bc136dc8556e600d6cc94f2a82c38880e0d02b64.

On a certain day (which I honestly don't remember), I accessed bitaddress.org to generate a wallet for my godson. I'm a tech person, so I took every precaution when accessing the site (Mac/Safari or Chrome), generating the document, and even when printing it. I chose to take my laptop to the printer and connected it via a USB cable (I've worked with printer drivers for years).

I had saved the address 1EXkmyQEtNL351Q9ovUsCvsDTYtx4hVgCf to check the balance using the BlueWallet app, to see how my godson's savings were doing. Tonight, when I accessed the website, I was shocked! The funds had been moved. I immediately spoke to my godson's father, who confirmed that the funds hadn't been moved by him and that the paper was safely stored in a vault, as I had given it to him.

I can't stop thinking about where I went wrong in this process.
copper member
Activity: 288
Merit: 56
Thanks!

YEs am referring to MRCRYPTHOLD PRIVATE KEYS
https://imgur.com/a/7xzZesy
fixed  pic

https://imgur.com/a/p9RiTVH
 authentic pic
full member
Activity: 375
Merit: 124
Could you please elaborate or point me to some specific thread?
(And I assume you meant MrCryptoHodl)

2) The poor quality of the private keys


you have not seen MR HOLD private key .  Wink


YEs am referring to MRCRYPTHOLD PRIVATE KEYS

https://imgur.com/a/7xzZesy

fixed  pic



https://imgur.com/a/p9RiTVH

 authentic pic
copper member
Activity: 288
Merit: 56
Could you please elaborate or point me to some specific thread?
(And I assume you meant MrCryptoHodl)

2) The poor quality of the private keys


you have not seen MR HOLD private key .  Wink
jr. member
Activity: 52
Merit: 5
Maybe another member mentioned this already...But if I'm *RC* I'm turning a negative situation into a positive....

If I'm *RC* I'd design a different *New coin from scratch* and every person that purchased a VIBGYOR coin would now get one of the new designed coin for free....

Here's the kicker......The newly designed coin SHOULD NEVER GO ON SALE.....NEVER EVER......They should only go to the people who purchased a coin in this series...Now *RC* has actually created a new collectible for the people affected...Those who purchased funded get one funded...Those who purchased unfunded get one unfunded....What the people do with the coins once they get them...well that's up to them....

Probably a stupid idea on my part....I don't know....Anyways....it looks like everything the bloke can do he is doing...

Props to *RC* but I'm sure others on here may not see it that way....

full member
Activity: 375
Merit: 124
At the moment the other negative tags on RC have been changed to neutral, going to leave mine as a warning for the moment.
Let's be honest its not going to matter since I don't think anyone is going to be buying anything funded or even with keys they generated for a while.

Once it looks like the majority of the people who lost their funds are paid back at least what they lost I will change it. But for now between the
1) Mistake with the key generation
2) The poor quality of the private keys
3) The admission that more then 1 person had access to the machine that generated / printed the keys

There are too many things that are just not done to the way things should be done to take off the negative in my opinion.

HOWEVER, once it looks like everyone has had their swept coins refunded I will update to a neutral.

raritycheck --> Have you attempted to reach out to the people who have not contacted you yet about this who have the coins? Email / PMs / even a letter though the post office if you have no other way of contacting them since you did ship them a coin you should have their address?

-Dave

2) The poor quality of the private keys


you have not seen MR HOLD private key .  Wink
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
At the moment the other negative tags on RC have been changed to neutral, going to leave mine as a warning for the moment.
Let's be honest its not going to matter since I don't think anyone is going to be buying anything funded or even with keys they generated for a while.

Once it looks like the majority of the people who lost their funds are paid back at least what they lost I will change it. But for now between the
1) Mistake with the key generation
2) The poor quality of the private keys
3) The admission that more then 1 person had access to the machine that generated / printed the keys

There are too many things that are just not done to the way things should be done to take off the negative in my opinion.

HOWEVER, once it looks like everyone has had their swept coins refunded I will update to a neutral.

raritycheck --> Have you attempted to reach out to the people who have not contacted you yet about this who have the coins? Email / PMs / even a letter though the post office if you have no other way of contacting them since you did ship them a coin you should have their address?

-Dave
member
Activity: 153
Merit: 30

Taken from this thread:
https://bitcointalksearch.org/topic/m.56603383
The signs were there in the very first thread.
That "sign" applies to any new coin maker who sells funded collectibles. And you could just as well apply it to every old coin maker.

They were asking very basic questions on how to generate private keys.  That does not apply to every new maker, was unique to this one
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021

Taken from this thread:
https://bitcointalksearch.org/topic/m.56603383
The signs were there in the very first thread.
That "sign" applies to any new coin maker who sells funded collectibles. And you could just as well apply it to every old coin maker.
copper member
Activity: 577
Merit: 171
RC,

You addressed this promptly with communication in these threads. Payment was received.  I appreciate the ownership y’all are taking with this breach. to me, it says a lot about your character and customer service. I have no bad feelings on this. mistakes happen,  I understand you have learned from them and look forward to what you do in the future.

Always a pleasure.

Thank you.
member
Activity: 81
Merit: 7
RC,

You addressed this promptly with communication in these threads. Payment was received.  I appreciate the ownership y’all are taking with this breach. to me, it says a lot about your character and customer service. I have no bad feelings on this. mistakes happen,  I understand you have learned from them and look forward to what you do in the future.

Always a pleasure.
member
Activity: 153
Merit: 30


Taken from this thread:

https://bitcointalksearch.org/topic/m.56603383

The signs were there in the very first thread.
member
Activity: 157
Merit: 16
We are not hiding anything.
We are sorry if something doesn’t make sense. When we were creating keys for VIBGYOR we were (don’t remember what other soft gen) but we were looking to generate 1O (1Orange) for the first coins in the series. That’s all we remember the real reason For change of key gen solution.
And moved from bitaddess to walletgenerator. That’s what we meant that we unluckily changed software.
We took. Sometime because it was 1 am last night until we were responding to messages.
 Then we woke and went to work(day job)  Then we came back and checked as much history as possible and we researched as much as possible and researched only to realized that walletgenerator is compromised.

But we are not hiding anything.

We didn’t answer because weren’t sure how this happened but as soon as possible we had time we responded.

Seavodin you have bough few coins from
Is, what does your heart say? Did we really do something intentionally ?
What does your interactions with us say? Will we hide somehting or makeup somehting ?
Do you not think we are always helpful and caring as much as possible
We are humans and yes a mistake is made for VIBGYOR series.

I dont think anyone here truly thinks you did this maliciously- you would be financially hurting yourself and your brand. It wouldnt make any sense and you would have just ghosted out of the community. But when any sort of a security leak happens, the person or entity involved typically tries to spin things in a way to take as little accountability as possible, and preserve as much trust from society as possible (it could happen to anyone right? just bad luck). This is why the sharing of information immediately is so vital, so your customers within this community can do an independent sort of 'audit' as opposed to you just investigating yourself. As mentioned by other members, there are quite a few engineers/programmers/technically savvy people on the board who can not only assist but verify claims. This is good for you and good for the community.

When information isn't provided immediately, my first reaction is that the person/entity is playing for time and trying to spin the facts. I'm not saying that that was what you were necessarily doing here, but your actions up to that point seemed to indicate it. I appreciate your longer form responses later on, as it lets people understand a bit more about what was going on as opposed to having to speculate, like I did. Perhaps part of this is a language barrier thing, or a PR response kind of issue.

I think Raghavsood provided the missing information here, which clears up how this occurred:

Based on a discussion I had with the team separately earlier today, they opened the website on the computer, before removing the internet connection and generating the keys.

It does not appear that the tool was built from source.

Unfortunately, that does make it extremely hard to validate anything more - even with a date range to work with, past investigations into walletgenerator knock-offs and scams have shown some degree of sophistication in serving "Good" generators to some IPs, and bad seeds to others. Without the original page used by the team to generate the keys being saved and available, it isn't really possible to look futher.

Presumably, the backdoor took the same form as the one described in the previously linked reports in this thread - the page was seeded with bad random data which was saved by the attackers, and they've simply been biding their time for a few years before sweeping to let the pot grow. This matches the on-chain evidence as well.

If this is accurate, then the breach occurred because:
- Using a computer that was not air gapped (was connected to the internet which allowed loading of the malicious website)
- Getting the software supplied by this .net website, and not downloading it from github
- Removing the internet connection did not secure key generation, as the website had already served up code that had an entropy seed value known to the attackers

This contradicts some of the information supplied earlier, but makes sense how this attack occurred.
The original explanations did not make sense in how the attack was perpetrated, and that was what I was trying to clear up.
Without a clear root cause on the issue, not only could you fall into this trap again (or more likely a variation of it)- but others could as well.

I would like to say that I am a fan of RC's designs and own several coins. I do not benefit from attacking his team, as it lowers the value of my collectibles and potentially stops a newer maker from creating new coins: something i support. I've supported this in the past by pre-ordering RC's LC V2 coins prior to this event occurring.

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
And when something went wrong, most of the forum members rushed to immediately provide negative feedback and when we asked 12 hours of time, people were already concluding bad stuff about us on this forum. It hurts so much. That's all.
You're wrong here: from what I've seen, people are very conservative with negative feedback. I've seen only 2 negative tags on your account, and the warning was justified. It's also easy to remove later.

Quote
We also want to remind all that last year when the Yogg debacle happened, we volunteered to help everyone impacted by giving RC coins to each impacted forum member. Every single one impacted. We didn't say not to anyone and helped everyone.
I think most people here agree that your heart is at the right place. But that's just not enough to create secure funded coins.
copper member
Activity: 577
Merit: 171
Guys!

We also want to remind all that last year when the Yogg debacle happened, we volunteered to help everyone impacted by giving RC coins to each impacted forum member. Every single one impacted. We didn't say not to anyone and helped everyone.

And when something went wrong, most of the forum members rushed to immediately provide negative feedback and when we asked 12 hours of time, people were already concluding bad stuff about us on this forum. It hurts so much. That's all.
copper member
Activity: 577
Merit: 171

Based on a discussion I had with the team separately earlier today, they opened the website on the computer, before removing the internet connection and generating the keys.


I went ahead and removed my negative trust, because I feel bad for you, and you have had to pay dearly for this mistake.  But this sentence right here proves you should never, ever make any private keys for anyone ever again.  Full stop.  You don't need a "team" to generate keys, that's the first fuck up.  If it wasn't the well known malware you used, it would have been someone in this "team" to save the keys for later.  There was so much wrong with how you went about this, that to think you can salvage your brand and make more products is astounding.   

Let this thread be an example for anyone who wants to make their own coins.  Don't.  There is zero margin for error in this business.  And without calling out this level of incompetency, we are only encouraging others to follow in your footsteps. 
Thank you
Pages:
Jump to: