RarityCheck VIBGYOR gilded #12 swept yesterday. - page 9.

krogoth

full member

Activity: 1298

Merit: 176

Krogothmanhattan alt account

Quote from: rsincognito on August 08, 2024, 06:22:23 AM

Quote from: seavodin on August 07, 2024, 04:43:06 PM

Lost coin V1 silver #3 looks very suspicious with transactions.
Looks like it might have been hit as well, unless someone here on the boards swept it for safety.

Perhaps it was swept by a member: VIBGYOR gilded 82 was swept at the same time.

It was me, I swept 4 coins yesterday , two was able to read with a high-end magnifying glass with a light in a dark room, the other two even with the magnifying glass I had to reach out to Mopar for some help. it’s nice to see the creator is on here trying to make things right. But compromised keys or not, I can’t stress enough how extremely aggravated and disappointment I am with the quality and technique used for the font, ink and printing of the private keys. Due to this HUGE ERROR in judgment, I personally will not be collecting any coins from RarityCheck and will be selling a majority of mine on the forum in the coming days. But I want to say again I’m impressed with the companies response so far in trying to make things right, I don’t want that to be understated.

But at the end of the day: Compromised = Compromised

I think creators should from here on out post a sample pic of what their private keys look like so buyers know what they are getting into imo

   And that's why I created this thread yesterday

   https://bitcointalksearch.org/topic/--5505467

   I even loaded it with Bitcoin. Cheesy

https://mempool.space/address/1BzYG6KmHvhi8RiLuVDCDd94FFsCGbVPet

So be my guest everyone....please try and sweep

rsincognito

copper member

Activity: 630

Merit: 113

Quote from: seavodin on August 07, 2024, 04:43:06 PM

Lost coin V1 silver #3 looks very suspicious with transactions.
Looks like it might have been hit as well, unless someone here on the boards swept it for safety.

Perhaps it was swept by a member: VIBGYOR gilded 82 was swept at the same time.

It was me, I swept 4 coins yesterday , two was able to read with a high-end magnifying glass with a light in a dark room, the other two even with the magnifying glass I had to reach out to Mopar for some help. it’s nice to see the creator is on here trying to make things right. But compromised keys or not, I can’t stress enough how extremely aggravated and disappointment I am with the quality and technique used for the font, ink and printing of the private keys. Due to this HUGE ERROR in judgment, I personally will not be collecting any coins from RarityCheck and will be selling a majority of mine on the forum in the coming days. But I want to say again I’m impressed with the companies response so far in trying to make things right, I don’t want that to be understated.

But at the end of the day: Compromised = Compromised

Another example of a very poor printed private key from yesterdays debacle:

I think creators should from here on out post a sample pic of what their private keys look like so buyers know what they are getting into imo

I wish everyone who was affected from this a positive outcome along with the creator.

krogoth

full member

Activity: 1298

Merit: 176

Krogothmanhattan alt account

Many people who tried using a vanity gen software have been compromised. You should have stuck with your original software that worked on your first coins.

I know you didn't end up using the vangen part but you still used their software. Did the swept funds go to any exchange? Perhaps you can reach out to them to freeze the funds. Always stick with what works. And in your case the first key generation code looks like it was solid.

Also please post where you got that software so others do not fall in the same trap. And perhaps take legal action as well

raghavsood

copper member

Activity: 167

Merit: 33

Track Burns @ burned.money

Quote from: LoyceMobile on August 08, 2024, 04:44:53 AM

Quote from: raritycheck on August 08, 2024, 04:23:05 AM

We didn’t say our wallets were impacted.

I literally quoted the post in which you said that.

I believe they were referring to the fact that the bad keygen software used has resulted in BTC from other, non-collectibles wallets potentially held by normal, regular users who have nothing to do with this forum, being moved and stolen.

I'm baffled as to why they don't share the software at this stage, given that it could save other folks.

raritycheck

copper member

Activity: 577

Merit: 171

Quote from: LoyceMobile on August 08, 2024, 04:44:53 AM

Quote from: raritycheck on August 08, 2024, 04:23:05 AM

We didn’t say our wallets were impacted.

I literally quoted the post in which you said that.

Apologies. We meant our own RC VIBGYOR coins.

LoyceMobile

hero member

Activity: 1659

Merit: 687

LoyceV on the road. Or couch.

Quote from: raritycheck on August 08, 2024, 04:23:05 AM

We didn’t say our wallets were impacted.

I literally quoted the post in which you said that.

raritycheck

copper member

Activity: 577

Merit: 171

Quote from: LoyceV on August 08, 2024, 03:53:37 AM

Quote from: rsincognito on August 07, 2024, 11:07:57 AM

here you go : https://ibb.co/2Fg4Tm5

The link isn't loading. Try Talkimg.com?

Quote from: Eclipse33 on August 07, 2024, 11:49:36 AM

_{These private keys are garbage, awful work indeed.}

Was that printed on an old inkjet printer? That's pathetic!
I could type it correctly at first try though, so that's something. But any cheap dumb laser printer would provide a sharp font.

Quote from: PreciousMetapsICT on August 07, 2024, 12:48:47 PM

What I can say and speak on is that I wish he kept a copy of his keys cuz I can’t decipher SHIT from his fucking lost coin series. Holy fuck!! Use some better ink, larger letters… anything cuz this btc is probably lost. Even using a 10x magnifying glass.

Try a high-res picture (ideally on an offline camera). Note that there is no l ^{(lower case L)}, I ^{(upper case i)}, 0 ^(zero) and O ^{(upper case o)} in BASE58.

Quote from: raritycheck on August 08, 2024, 01:25:43 AM

We understand that not just other coins but our wallets are impacted but even we are trying to root cause it.
We are not 100% sure how this has happened.
But we think the key gen software we used is compromised.

I've seen the question how keys were generated many times, but it hasn't been answered. I'm very curious to see this! Security creating private keys is the very basics of creating loaded coins. It's even very easy to do. Why are you not sharing how you did it?
If your own wallets are also impacted, that means you didn't use a dedicated computer just for creating private keys.

Quote from: raritycheck on August 08, 2024, 02:08:09 AM

It was pure luck. We wanted to try creating vanity addresses (1O) for VIBGYOR coins so we looked at multiple options.
In the end we didn’t end up creating vanity addresses
But still went with the software we trying to generate vanity addresses

What software is that?

We didn’t say our wallets were impacted.
Our own coins (we keep some reserves for sale etc) were impacted.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: rsincognito on August 07, 2024, 11:07:57 AM

here you go : https://ibb.co/2Fg4Tm5

The link isn't loading. Try Talkimg.com?

Quote from: Eclipse33 on August 07, 2024, 11:49:36 AM

_{These private keys are garbage, awful work indeed.}

Was that printed on an old inkjet printer? That's pathetic!
I could type it correctly at first try though, so that's something. But any cheap dumb laser printer would provide a sharp font.

Quote from: PreciousMetapsICT on August 07, 2024, 12:48:47 PM

What I can say and speak on is that I wish he kept a copy of his keys cuz I can’t decipher SHIT from his fucking lost coin series. Holy fuck!! Use some better ink, larger letters… anything cuz this btc is probably lost. Even using a 10x magnifying glass.

Try a high-res picture (ideally on an offline camera). Note that there is no l ^{(lower case L)}, I ^{(upper case i)}, 0 ^(zero) and O ^{(upper case o)} in BASE58.

Quote from: raritycheck on August 08, 2024, 01:25:43 AM

We understand that not just other coins but our wallets are impacted but even we are trying to root cause it.
We are not 100% sure how this has happened.
But we think the key gen software we used is compromised.

I've seen the question how keys were generated many times, but it hasn't been answered. I'm very curious to see this! Security creating private keys is the very basics of creating loaded coins. It's even very easy to do. Why are you not sharing how you did it?
If your own wallets are also impacted, that means you didn't use a dedicated computer just for creating private keys.

Quote from: raritycheck on August 08, 2024, 02:08:09 AM

It was pure luck. We wanted to try creating vanity addresses (1O) for VIBGYOR coins so we looked at multiple options.
In the end we didn’t end up creating vanity addresses
But still went with the software we trying to generate vanity addresses

What software is that?

raritycheck

copper member

Activity: 577

Merit: 171

Quote from: cygan on August 08, 2024, 02:56:40 AM

Quote from: raritycheck on August 08, 2024, 02:43:29 AM

✂
Please share your experience. Or pm if possible.

i better make it public, so that the whole procedure here remains transparent, because i think that among all the collectibles makers there should also be a certain cohesion and you should also support each other (up to a certain point, because in some cases the whole thing can turn out to be a scam in the end).

so at the beginning of last year i started to refind all of coldkey's victims, i created this extra thread to make the whole thing visible to everyone and also to present it according to a certain procedure. this way i was also able to identify/fix certain ambiguities but also scammers (who then wrote to me via pm) more quickly

Oh sorry to hear this.

Jambo USA

copper member

Activity: 169

Merit: 3

Any info on if the hole coins were generated using the same method? Looks like only 5 or 6 of em were funded to begin with and it seems one person has already swept their funds.

Mainly curious because I just landed in Switzerland for work and am wondering if I should be calling the wife or one of my buddies and trying to walk them through the process of redeeming a coin or not 😂

cygan

legendary

Activity: 3304

Merit: 8633

Crypto Swap Exchange

Quote from: raritycheck on August 08, 2024, 02:43:29 AM

✂
Please share your experience. Or pm if possible.

i better make it public, so that the whole procedure here remains transparent, because i think that among all the collectibles makers there should also be a certain cohesion and you should also support each other (up to a certain point, because in some cases the whole thing can turn out to be a scam in the end).

so at the beginning of last year i started to refind all of coldkey's victims, i created this extra thread to make the whole thing visible to everyone and also to present it according to a certain procedure. this way i was also able to identify/fix certain ambiguities but also scammers (who then wrote to me via pm) more quickly

raritycheck

copper member

Activity: 577

Merit: 171

Quote from: cygan on August 08, 2024, 01:52:22 AM

i can say from personal experience how stressful the whole thing is for raritycheck now and i hope that he can refund all victims and present/clear up everything completely

Hi Cygan

Thank you for the kind words. Indeed very stressful. As we are also working with version 2 of the hole coin series.
Please share your experience. Or pm if possible.

raritycheck

copper member

Activity: 577

Merit: 171

Quote from: cygan on August 08, 2024, 01:52:22 AM

Quote from: raritycheck on August 08, 2024, 01:32:44 AM

✂
As this is a widespread issue(beyond our collectibles) this means this is an issue with the private key generator we used for VIBGYOR.

We will share the details at 9 pm UK time today.

why did you come up with the idea of using a different key generator for the VIBGYOR series and why not always the same as for the previous editions?
unfortunately, that doesn't make sense to me

i am very curious about the further details...

i can say from personal experience how stressful the whole thing is for raritycheck now and i hope that he can refund all victims and present/clear up everything completely

It was pure luck. We wanted to try creating vanity addresses (1O) for VIBGYOR coins so we looked at multiple options.
In the end we didn’t end up creating vanity addresses
But still went with the software we trying to generate vanity addresses

We are currently trying to help every impacted customer.
Please note that we aim to reach out to every single one by Sunday evening.

cygan

legendary

Activity: 3304

Merit: 8633

Crypto Swap Exchange

Quote from: raritycheck on August 08, 2024, 01:32:44 AM

✂
As this is a widespread issue(beyond our collectibles) this means this is an issue with the private key generator we used for VIBGYOR.

We will share the details at 9 pm UK time today.

why did you come up with the idea of using a different key generator for the VIBGYOR series and why not always the same as for the previous editions?
unfortunately, that doesn't make sense to me

i am very curious about the further details...

i can say from personal experience how stressful the whole thing is for raritycheck now and i hope that he can refund all victims and present/clear up everything completely

raghavsood

copper member

Activity: 167

Merit: 33

Track Burns @ burned.money

Quote from: raritycheck on August 08, 2024, 01:32:44 AM

Quote from: MoparMiningLLC on August 08, 2024, 01:20:04 AM

Quote from: raritycheck on August 08, 2024, 01:04:23 AM

Looks like the issue is with the way private keys were generated.

you use an airgapped system correct? if you are using a system that is online, then all your coins are at risk and you need to cease selling any coins and recall all of them - I hope it is not this serious and I am not sure if it was, that you would say so.

Considering your statements on how your keys are generated when previously asked:

Quote from: raritycheck on June 04, 2021, 04:27:02 PM

Following all the suggestions, we are buying a one time only Printer for printing keys (wired) and one time use-only computer for creating keys.

Thanks
Team RC

so if it is a one use system, was it online? did you lose control of it?

We still posses all the hardware used.
We will share exact details of what we think has happened.
None of the used hardware has ever been connected to the internet.
And the computers used are also wiped out.

As this is a widespread issue(beyond our collectibles) this means this is an issue with the private key generator we used for VIBGYOR.

We will share the details at 9 pm UK time today.

Is there a reason you are unable to share the details of the keygen software used immediately?

raritycheck

copper member

Activity: 577

Merit: 171

Quote from: MoparMiningLLC on August 08, 2024, 01:20:04 AM

Quote from: raritycheck on August 08, 2024, 01:04:23 AM

Looks like the issue is with the way private keys were generated.

you use an airgapped system correct? if you are using a system that is online, then all your coins are at risk and you need to cease selling any coins and recall all of them - I hope it is not this serious and I am not sure if it was, that you would say so.

Considering your statements on how your keys are generated when previously asked:

Quote from: raritycheck on June 04, 2021, 04:27:02 PM

Following all the suggestions, we are buying a one time only Printer for printing keys (wired) and one time use-only computer for creating keys.

Thanks
Team RC

so if it is a one use system, was it online? did you lose control of it?

We still posses all the hardware used.
We will share exact details of what we think has happened.
None of the used hardware has ever been connected to the internet.
And the computers used are also wiped out.

As this is a widespread issue(beyond our collectibles) this means this is an issue with the private key generator we used for VIBGYOR.

We will share the details at 9 pm UK time today.

raritycheck

copper member

Activity: 577

Merit: 171

Quote

I strongly encourage the team to share details with folks who have the background and skills to help get to the bottom of this.

The refunds and efforts to make people whole are commendable and important, but based on the on-chain activity there are more wallets at risk than just collectibles.

I'm volunteering my time and effort in helping to track this down, but it is extremely important that the RC team provides the information and background for the key generation process, and how it differs from that of their other series.

I have separately dropped them a PM to ask for the same information, in the event that (for whatever reason) they are unwilling to share it publicly at this stage.

Hi raghav

We will not pull the eBay listing.
If someone orders we will send them coins with new holos and new keys.

We understand that not just other coins but our wallets are impacted but even we are trying to root cause it.
We are not 100% sure how this has happened.
But we think the key gen software we used is compromised.
Rest ensured as soon as we know we will provide details.

MoparMiningLLC

legendary

Activity: 2212

Merit: 2365

EIN: 82-3893490

Quote from: raritycheck on August 08, 2024, 01:04:23 AM

Looks like the issue is with the way private keys were generated.

you use an airgapped system correct? if you are using a system that is online, then all your coins are at risk and you need to cease selling any coins and recall all of them - I hope it is not this serious and I am not sure if it was, that you would say so.

Considering your statements on how your keys are generated when previously asked:

Quote from: raritycheck on June 04, 2021, 04:27:02 PM

Following all the suggestions, we are buying a one time only Printer for printing keys (wired) and one time use-only computer for creating keys.

Thanks
Team RC

so if it is a one use system, was it online? did you lose control of it?

raghavsood

copper member

Activity: 167

Merit: 33

Track Burns @ burned.money

I would hope that the eBay sale page is also being pulled: https://www.ebay.com/itm/115653939905

Quote from: raghavsood on August 07, 2024, 10:24:04 PM

✂️
raritycheck team: It is imperative that you share how the keys for the VIBGYOR series were generated in as much detail as possible - software used, people involved, computer used, printer used, and everything else that is available. This does appear to be a more widespread attack and funds for many others people outside of collectibles may be at risk.

I strongly encourage the team to share details with folks who have the background and skills to help get to the bottom of this.

The refunds and efforts to make people whole are commendable and important, but based on the on-chain activity there are more wallets at risk than just collectibles.

I'm volunteering my time and effort in helping to track this down, but it is extremely important that the RC team provides the information and background for the key generation process, and how it differs from that of their other series.

I have separately dropped them a PM to ask for the same information, in the event that (for whatever reason) they are unwilling to share it publicly at this stage.

raritycheck

copper member

Activity: 577

Merit: 171

Quote from: MoparMiningLLC on August 08, 2024, 12:55:33 AM

Quote from: raritycheck on August 08, 2024, 12:43:17 AM

WE ARE STILL ROOT CAUSING THE ISSue. So far we are certain thi isn’t hardware leak.

Regards
Team RC

if it is not a hardware leak - then it someone on your team, or no?

how many are on your team?
how many have access to key generation?

and how do you have private keys stored after the coins were made?? No keys should ever be saved.

We have NO keys backup.
If we had we could save the remaining coins by sweeping their BTC.
But unfortunately we have no backups.

So far we have identified the isssue is neither a hardware issue nor a team member isssue.
Looks like the issue is with the way private keys were generated.

We will do this

1. Create a separate thread for refund
2. Use this thread for root causing

Meanwhile we will order holos for VIBGYOR coins.
Holos will be slightly different so it’s easy to tell these are new.
Each buyer will be given the option to re-holo (and reload) or we ll send BTC.

We continue to refund Btc for impacted people.

Regards
Team RC

Topic: RarityCheck VIBGYOR gilded #12 swept yesterday. - page 9. (Read 3976 times)