Pages:
Author

Topic: RarityCheck VIBGYOR gilded #12 swept yesterday. - page 9. (Read 3976 times)

full member
Activity: 1298
Merit: 176
Krogothmanhattan alt account
Lost coin V1 silver #3 looks very suspicious with transactions.
Looks like it might have been hit as well, unless someone here on the boards swept it for safety.

Perhaps it was swept by a member: VIBGYOR gilded 82 was swept at the same time.

It was me,  I swept 4 coins yesterday , two  was able to read with a high-end magnifying glass with a light in a dark room, the other two even with the magnifying glass I had to reach out to Mopar for some help. it’s nice to see the creator is on here  trying to make things right. But compromised keys or not, I can’t stress enough how extremely aggravated and disappointment I am with the quality and technique used for the font, ink and printing of the private keys. Due to this HUGE ERROR in judgment, I personally will not be collecting any coins from RarityCheck and will be selling a majority of mine on the forum in the coming days. But I want to say again I’m impressed with the companies response so far in trying to make things right, I  don’t want that to be understated.  

  But at the end of the day: Compromised = Compromised



I think creators should from here on out post a sample pic of what their private keys look like so buyers know what they are getting into imo

   And that's why I created this thread yesterday

   https://bitcointalksearch.org/topic/--5505467

    I even loaded it with Bitcoin.  Cheesy

    https://mempool.space/address/1BzYG6KmHvhi8RiLuVDCDd94FFsCGbVPet

    So be my guest everyone....please try and sweep
copper member
Activity: 630
Merit: 113
Lost coin V1 silver #3 looks very suspicious with transactions.
Looks like it might have been hit as well, unless someone here on the boards swept it for safety.

Perhaps it was swept by a member: VIBGYOR gilded 82 was swept at the same time.

It was me,  I swept 4 coins yesterday , two  was able to read with a high-end magnifying glass with a light in a dark room, the other two even with the magnifying glass I had to reach out to Mopar for some help. it’s nice to see the creator is on here  trying to make things right. But compromised keys or not, I can’t stress enough how extremely aggravated and disappointment I am with the quality and technique used for the font, ink and printing of the private keys. Due to this HUGE ERROR in judgment, I personally will not be collecting any coins from RarityCheck and will be selling a majority of mine on the forum in the coming days. But I want to say again I’m impressed with the companies response so far in trying to make things right, I  don’t want that to be understated.  

  But at the end of the day: Compromised = Compromised

Another example of a very poor printed private key from yesterdays debacle:


I think creators should from here on out post a sample pic of what their private keys look like so buyers know what they are getting into imo

I wish everyone who was affected from this a positive outcome along with the creator.
full member
Activity: 1298
Merit: 176
Krogothmanhattan alt account
Many people who tried using a vanity gen software have been compromised. You should have stuck with your original software that worked on your first coins.

   I know you didn't end up using the vangen part but you still used their software. Did the swept funds go to any exchange? Perhaps you can reach out to them to freeze the funds. Always stick with what works. And in your case the first key generation code looks like it was solid.

   Also please post where you got that software so others do not fall in the same trap. And perhaps take legal action as well
copper member
Activity: 406
Merit: 485
Track Burns @ burned.money
We didn’t say our wallets were impacted.
I literally quoted the post in which you said that.

I believe they were referring to the fact that the bad keygen software used has resulted in BTC from other, non-collectibles wallets potentially held by normal, regular users who have nothing to do with this forum, being moved and stolen.

I'm baffled as to why they don't share the software at this stage, given that it could save other folks.
copper member
Activity: 577
Merit: 171
We didn’t say our wallets were impacted.
I literally quoted the post in which you said that.

Apologies. We meant our own RC VIBGYOR coins.
hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
We didn’t say our wallets were impacted.
I literally quoted the post in which you said that.
copper member
Activity: 577
Merit: 171
here you go :  https://ibb.co/2Fg4Tm5
The link isn't loading. Try Talkimg.com?


These private keys are garbage, awful work indeed.
Was that printed on an old inkjet printer? That's pathetic!
I could type it correctly at first try though, so that's something. But any cheap dumb laser printer would provide a sharp font.

What I can say and speak on is that I wish he kept a copy of his keys cuz I can’t decipher SHIT from his fucking lost coin series. Holy fuck!! Use some better ink, larger letters… anything cuz this btc is probably lost. Even using a 10x magnifying glass.
Try a high-res picture (ideally on an offline camera). Note that there is no l (lower case L), I (upper case i), 0 (zero) and O (upper case o) in BASE58.



We understand that not just other coins but our wallets are impacted but even we are trying to root cause it.
We are not 100% sure how this has happened.
But we think the key gen software we used is compromised.
I've seen the question how keys were generated many times, but it hasn't been answered. I'm very curious to see this! Security creating private keys is the very basics of creating loaded coins. It's even very easy to do. Why are you not sharing how you did it?
If your own wallets are also impacted, that means you didn't use a dedicated computer just for creating private keys.

It was pure luck. We wanted to try creating vanity addresses (1O) for VIBGYOR coins so we looked at multiple options.
In the end we didn’t end up creating vanity addresses
But still went with the software we trying to generate vanity addresses
What software is that?

We didn’t say our wallets were impacted.
Our own coins (we keep some reserves for sale etc) were impacted.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
here you go :  https://ibb.co/2Fg4Tm5
The link isn't loading. Try Talkimg.com?


These private keys are garbage, awful work indeed.
Was that printed on an old inkjet printer? That's pathetic!
I could type it correctly at first try though, so that's something. But any cheap dumb laser printer would provide a sharp font.

What I can say and speak on is that I wish he kept a copy of his keys cuz I can’t decipher SHIT from his fucking lost coin series. Holy fuck!! Use some better ink, larger letters… anything cuz this btc is probably lost. Even using a 10x magnifying glass.
Try a high-res picture (ideally on an offline camera). Note that there is no l (lower case L), I (upper case i), 0 (zero) and O (upper case o) in BASE58.



We understand that not just other coins but our wallets are impacted but even we are trying to root cause it.
We are not 100% sure how this has happened.
But we think the key gen software we used is compromised.
I've seen the question how keys were generated many times, but it hasn't been answered. I'm very curious to see this! Security creating private keys is the very basics of creating loaded coins. It's even very easy to do. Why are you not sharing how you did it?
If your own wallets are also impacted, that means you didn't use a dedicated computer just for creating private keys.

It was pure luck. We wanted to try creating vanity addresses (1O) for VIBGYOR coins so we looked at multiple options.
In the end we didn’t end up creating vanity addresses
But still went with the software we trying to generate vanity addresses
What software is that?
copper member
Activity: 577
Merit: 171

Please share your experience. Or pm if possible.

i better make it public, so that the whole procedure here remains transparent, because i think that among all the collectibles makers there should also be a certain cohesion and you should also support each other (up to a certain point, because in some cases the whole thing can turn out to be a scam in the end).

so at the beginning of last year i started to refind all of coldkey's victims, i created this extra thread to make the whole thing visible to everyone and also to present it according to a certain procedure. this way i was also able to identify/fix certain ambiguities but also scammers (who then wrote to me via pm) more quickly


Oh sorry to hear this.
copper member
Activity: 171
Merit: 3
Any info on if the hole coins were generated using the same method? Looks like only 5 or 6 of em were funded to begin with and it seems one person has already swept their funds.

Mainly curious because I just landed in Switzerland for work and am wondering if I should be calling the wife or one of my buddies and trying to walk them through the process of redeeming a coin or not 😂
legendary
Activity: 3304
Merit: 8633
Crypto Swap Exchange

Please share your experience. Or pm if possible.

i better make it public, so that the whole procedure here remains transparent, because i think that among all the collectibles makers there should also be a certain cohesion and you should also support each other (up to a certain point, because in some cases the whole thing can turn out to be a scam in the end).

so at the beginning of last year i started to refind all of coldkey's victims, i created this extra thread to make the whole thing visible to everyone and also to present it according to a certain procedure. this way i was also able to identify/fix certain ambiguities but also scammers (who then wrote to me via pm) more quickly
copper member
Activity: 577
Merit: 171

i can say from personal experience how stressful the whole thing is for raritycheck now and i hope that he can refund all victims and present/clear up everything completely


Hi Cygan

Thank you for the kind words. Indeed very stressful. As we are also working with version 2 of the hole coin series.
Please share your experience. Or pm if possible.
copper member
Activity: 577
Merit: 171

As this is a widespread issue(beyond our collectibles) this means this is an issue with the private key generator we used for VIBGYOR.

We will share the details at 9 pm UK time today.

why did you come up with the idea of using a different key generator for the VIBGYOR series and why not always the same as for the previous editions?
unfortunately, that doesn't make sense to me

i am very curious about the further details...

i can say from personal experience how stressful the whole thing is for raritycheck now and i hope that he can refund all victims and present/clear up everything completely



It was pure luck. We wanted to try creating vanity addresses (1O) for VIBGYOR coins so we looked at multiple options.
In the end we didn’t end up creating vanity addresses
But still went with the software we trying to generate vanity addresses

We are currently trying to help every impacted customer.
Please note that we aim to reach out to every single one by Sunday evening.
legendary
Activity: 3304
Merit: 8633
Crypto Swap Exchange

As this is a widespread issue(beyond our collectibles) this means this is an issue with the private key generator we used for VIBGYOR.

We will share the details at 9 pm UK time today.

why did you come up with the idea of using a different key generator for the VIBGYOR series and why not always the same as for the previous editions?
unfortunately, that doesn't make sense to me

i am very curious about the further details...

i can say from personal experience how stressful the whole thing is for raritycheck now and i hope that he can refund all victims and present/clear up everything completely
copper member
Activity: 406
Merit: 485
Track Burns @ burned.money

Looks like the issue is with the way private keys were generated.


you use an airgapped system correct? if you are using a system that is online, then all your coins are at risk and you need to cease selling any coins and recall all of them - I hope it is not this serious and I am not sure if it was, that you would say so.

Considering your statements on how your keys are generated when previously asked:


Following all the suggestions, we are buying a one time only Printer for printing keys (wired) and one time use-only computer for creating keys.

Thanks
Team RC

so if it is a one use system, was it online? did you lose control of it?

We still posses all the hardware used.
We will share exact details of what we think has happened.
None of the used hardware has ever been connected to the internet.
And the computers  used are also wiped out.

As this is a widespread issue(beyond our collectibles) this means this is an issue with the private key generator we used for VIBGYOR.

We will share the details at 9 pm UK time today.




Is there a reason you are unable to share the details of the keygen software used immediately?
copper member
Activity: 577
Merit: 171

Looks like the issue is with the way private keys were generated.


you use an airgapped system correct? if you are using a system that is online, then all your coins are at risk and you need to cease selling any coins and recall all of them - I hope it is not this serious and I am not sure if it was, that you would say so.

Considering your statements on how your keys are generated when previously asked:


Following all the suggestions, we are buying a one time only Printer for printing keys (wired) and one time use-only computer for creating keys.

Thanks
Team RC

so if it is a one use system, was it online? did you lose control of it?

We still posses all the hardware used.
We will share exact details of what we think has happened.
None of the used hardware has ever been connected to the internet.
And the computers  used are also wiped out.

As this is a widespread issue(beyond our collectibles) this means this is an issue with the private key generator we used for VIBGYOR.

We will share the details at 9 pm UK time today.


copper member
Activity: 577
Merit: 171
Quote
I strongly encourage the team to share details with folks who have the background and skills to help get to the bottom of this.

The refunds and efforts to make people whole are commendable and important, but based on the on-chain activity there are more wallets at risk than just collectibles.

I'm volunteering my time and effort in helping to track this down, but it is extremely important that the RC team provides the information and background for the key generation process, and how it differs from that of their other series.

I have separately dropped them a PM to ask for the same information, in the event that (for whatever reason) they are unwilling to share it publicly at this stage.
Hi raghav

We will not pull the eBay listing.
If someone orders we will send them coins with new holos and new keys.

We understand that not just other coins but our wallets are impacted but even we are trying to root cause it.
We are not 100% sure how this has happened.
But we think the key gen software we used is compromised.
Rest ensured as soon as we know we will provide details.

legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490

Looks like the issue is with the way private keys were generated.


you use an airgapped system correct? if you are using a system that is online, then all your coins are at risk and you need to cease selling any coins and recall all of them - I hope it is not this serious and I am not sure if it was, that you would say so.

Considering your statements on how your keys are generated when previously asked:


Following all the suggestions, we are buying a one time only Printer for printing keys (wired) and one time use-only computer for creating keys.

Thanks
Team RC

so if it is a one use system, was it online? did you lose control of it?
copper member
Activity: 406
Merit: 485
Track Burns @ burned.money
I would hope that the eBay sale page is also being pulled: https://www.ebay.com/itm/115653939905

✂️
raritycheck team: It is imperative that you share how the keys for the VIBGYOR series were generated in as much detail as possible - software used, people involved, computer used, printer used, and everything else that is available. This does appear to be a more widespread attack and funds for many others people outside of collectibles may be at risk.

I strongly encourage the team to share details with folks who have the background and skills to help get to the bottom of this.

The refunds and efforts to make people whole are commendable and important, but based on the on-chain activity there are more wallets at risk than just collectibles.

I'm volunteering my time and effort in helping to track this down, but it is extremely important that the RC team provides the information and background for the key generation process, and how it differs from that of their other series.

I have separately dropped them a PM to ask for the same information, in the event that (for whatever reason) they are unwilling to share it publicly at this stage.
copper member
Activity: 577
Merit: 171

WE ARE STILL ROOT CAUSING THE ISSue. So far we are certain thi isn’t hardware leak.

Regards
Team RC



if it is not a hardware leak - then it someone on your team, or no?

how many are on your team?
how many have access to key generation?

and how do you have private keys stored after the coins were made?? No keys should ever be saved.

We have NO keys backup.
If we had we could save the remaining coins by sweeping their BTC.
But unfortunately we have no backups.

So far we have identified the isssue is neither a hardware issue nor a team member isssue.
Looks like the issue is with the way private keys were generated.

We will do this

1. Create a separate thread for refund
2. Use this thread for root causing

Meanwhile we will order holos for VIBGYOR coins.
Holos will be slightly different so it’s easy to tell these are new.
Each buyer will be given the option to re-holo (and reload) or we ll send BTC.

We continue to refund Btc for impacted people.

Regards
Team RC


Pages:
Jump to: