Pages:
Author

Topic: [RESOLVED] Bitherium.cc not a full decentralized exchange - PrivKey leaks - page 2. (Read 607 times)

legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
You are insulting people here,
and the way you are speaking it is obvious you are same person as your other account bitherium.cc

registered yesterday  Roll Eyes
newbie
Activity: 12
Merit: 0
Now among adults and developers,

Have you ever tried to contact this project?
to find out if this company actually wants to cheat

or whether there was a technical problem or whether there was a problem at all?

A company works for this project
they are in the process of optimizing some things.

Privatekey login is completely deactivated. Not because of the Exchange but because it is a danger for the user to have the Prvatekey on the computer.

This Guys have also completely outsourced the creation of wallets.
You are wrong if you say there is a scam.

Think about it before you say these things and it would have been professional to contact the project first, they are fighting for the same thing as you 1

hero member
Activity: 1138
Merit: 574
I can understand that the platform is in a beta stage.

No DEX wallet needs anyway to send your private keys to the server, even for a check. That's a major failure, or a scam attempt.
Plenty libs exists to handle that client side though Javascript (eg. https://github.com/nakov/client-side-ethereum-wallet).

If you show honesty and fix that issue, I'll remove my complaint.
newbie
Activity: 12
Merit: 0
they're both stupid or just retarded, or both  Huh Huh Huh

They both got too little love ?

He has stated that the exchange is currently development phase
and a decentralized smart contract is in development progress

Don't you understand what that statement means?


that it was a hybrid exchange before and everything went well

they make themselves completely ridiculous

 Roll Eyes Roll Eyes Roll Eyes Roll Eyes Roll Eyes Grin
hero member
Activity: 1138
Merit: 574
The screens are only showing the XHR request with all the data, that was sent to the server. The data contain your private key, password.
On most browsers it's easy to track the network activities.

Not even technicaly speaking, a real DEX just don't need your private key. It only need your sign to commit an action to the blockchain. The smartcontract do the job.

1. You send the private key to the server.
2. Then you identify the user though a token to commit an order (like buying), which mean that the private key is stored server-side.

It's not how work a DEX.



 Wink
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
Thank you very much for your non constructive and totally useless post. Your words are saying much more about you now.

Your actions and lies say much more about you.


You can use your private key, keystore file, metamask  to log into our exchange, just like every decentralized exchange offers this login, similar to myetherwallet.
We can't collecting or saving anything from this details.

Our hired developer company got questions about security and we will inform you as soon as possible. If dev company have created any security issues we will publish their name immediately. For now it looking like the users can see their own private keys only in their own web browser and the exchange only authorize them.

We never have and will never collect or keep private keys from wallets.

Some users seem to be trying hard to spread fud, thanks for that.
However, we do not accept any dubious offers from you to receive positive fake posts here in Bitcointalk. We are a hard working project. We do not need this and will not respond to your offers.

If we were Scammers, we wouldn't program Dex. We would also not be transparent in our external communication. All accusations are nothing more than accusations and defamations

The accusations that the privatekey is read by users completely invented.

We immediately end the possibility that the user can log in to us with his private key. It only works with the metamask, Keystore file and we will work on it to connect to the general ledger.

Why did you stop your shit if everything is 'invented' ?
copper member
Activity: 24
Merit: 0
Here he is with his feelings hurt now....oh poor little clown worried about imagined evil 'campaign' against their circus.
It would also be good to learn proper English language when you write, but it will not help you.

Thank you very much for your non constructive and totally useless post. Your words are saying much more about you now.
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
Here he is with his feelings hurt now....oh poor little clown worried about imagined evil 'campaign' against their circus.
It would also be good to learn proper English language when you write, but it will not help you.
copper member
Activity: 24
Merit: 0
Hello Bitcointalk,


It took a little longer because we had to reconstruct and evaluate things first.

To the allegations

We never have and will never collect or keep private keys from wallets.

Some users seem to be trying hard to spread fud, thanks for that.
However, we do not accept any dubious offers from you to receive positive fake posts here in Bitcointalk. We are a hard working project. We do not need this and will not respond to your offers.

If we were Scammers, we wouldn't program Dex. We would also not be transparent in our external communication. All accusations are nothing more than accusations and defamations

We are completely in the development phase. Deposits and withdrawals are deactivated.

Here you can see that we are working on the development of our smart contract (which is not yet finished): https://ropsten.etherscan.io/address/0x8b1c480428038e93f9e99fc9e34194a5f4c1fc60#code

The accusations that the privatekey is read by users completely invented. This screenshot only shows that the user can see his own private key in his own browser session!

Here is a report from our developer team:





The consequences:

We will immediately end the ability to create wallets directly about our exchange. We will add a link to MyEtherWallet with a note on creating a Keystore wallet.

Now we are on the next topic
We immediately end the possibility that the user can log in to us with his private key. It only works with the metamask, Keystore file and we will work on it to connect to the general ledger.

Thanks a lot for this organized, negative campaign it made sure that we will make bitherium even safer.
sr. member
Activity: 1218
Merit: 251
It turns out that there are still many scamers who continue to commit fraud and that is the average claiming to be a fully decentralized exchange, even though they want to find users by importing their private that has been saved by scamer. This is an extraordinary catch in my opinion.
legendary
Activity: 2086
Merit: 1282
Logo Designer ⛨ BSFL Division1
Great work OP
This is multiple way scam.
Now I expect to see their clown account to come here and write a bunch of stupid things
sr. member
Activity: 1419
Merit: 275
Community built, Privacy driven
Well this is going to be interesting. I knew it is scam from the first moment I have seen it. Too much nice talk about it and not much proof about who is who. That paper from Seychelles Certificate of Incorporation can be faked.
legendary
Activity: 1834
Merit: 1208
Domain : bitherium.cc
Registrar : DYNADOT, LLC
Registered On : 2019-04-05
Expires On : 2020-04-05
Updated On : 2020-02-25
Status : clientTransferProhibited
Name Servers : liv.ns.cloudflare.com
                        mario.ns.cloudflare.com

I using this site to find the WHOIS https://www.whois.com/whois/bitherium.cc



I also don't understand about his invest plan, it's like a certain level to earn more profit. Maybe a ponzi? But I'm not sure.. just my suspicion
hero member
Activity: 1138
Merit: 574
Resolved here: https://bitcointalksearch.org/topic/m.53954607
Archive of that thread: http://web.archive.org/web/20200303104953/https://bitcointalk.org/index.php?topic=5228661.0&all=
Archive of the official thread: http://web.archive.org/web/20200303105444/https://bitcointalksearch.org/topic/ann-bitheriumcc-full-decentralized-exchange-with-profit-share-token-5226563&all=

tldr;
1. I accused them to send the users privatekeys to the server.
2. They goes to maintenance mode, then back online.
3. It seem they resolved the issue.




Accusation:
Bitherium claim to be a full decentralized exchange, but your private key and password are sent plaintext to the server.


Proof:
You can try by yourself, but here a screenshot of the XHR POST request when you create an account:






And when you want to unlock your wallet:






Obliviously, everything is managed server-side. A token is bind to you. It mean that your private key remain on the server somehow:




Other red flags:
  • Hidden team.
  • Very hard to verify the Seychelles Certificate of Incorporation.
  • Many low accounts are enjoying Bitherium on the main thread.
  • Hidden WHOIS.


Official thread: https://bitcointalksearch.org/topic/ann-bitheriumcc-full-decentralized-exchange-with-profit-share-token-5226563
Pages:
Jump to: