Pages:
Author

Topic: [SCAM] Hiring Discord Moderator from @Saruc (Read 402 times)

legendary
Activity: 2730
Merit: 1560
Yes, I'm an asshole
March 31, 2023, 05:09:48 AM
#29
[...]

If i were you I will try recover the account and setup 2FA by using app like Google Authenticator

The account is fully recovered and the scammer, Saruc, bypassed the 2FA by token ID, which they got by faking MEE6 address. A better suggestion will be to always doublecheck a site address prior to inputting sensitive information.

-snip-
No, need I already fully access my account.

[...]

[...]
Token ID Discord can bypass Email, 2FA, Password. You don't need all-of these things, If you have the token ID
- https://www.youtube.com/watch?v=xmCfUizcNLE
- https://www.reddit.com/r/discordapp/comments/nvuyj4/can_tokens_bypass_2fa_and_sms_auth_and_if_they/

That's why, you can login to my account but not changing the password. Because you have the token ID but don't have the password.
copper member
Activity: 2156
Merit: 983
Part of AOBT - English Translator to Indonesia
I also tried contact this guy but I need to add friends and He seems don't accept my request.

Thank bro you make a thread like this, till this date, there is dozen who contact me through Discord and Telegram DM all offering some kind of investment, prize or Pump and Dump group.

If i were you I will try recover the account and setup 2FA by using app like Google Authenticator
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
Looks like a typical session hijack moment, which happened to Linus' YouTube account recently.

They don't need your PW, just the session ID to remain logged in. Scary shit.
legendary
Activity: 2730
Merit: 1560
Yes, I'm an asshole
I was one of the applicants for his job offer. To be honest, I had some suspicions and doubts about him ( not scam but how serious he was ) even before hearing about what happened to the OP. Going back to my conversation with him, I think he was likely looking for someone with an important Discord account. I can't say for sure, but it seems that @saruc was behind the bot trap that was used to hack OP’s account. He left the server immediately after the incident which is suspicious AF.
[...]

The screenshot kinda seal the deal for me, their insistence on people who currently moderating discord shows that OP's suspicion is true. Leaving negative tag as well so any discord admin who see their ann thread and intended to apply could proceed with caution.
legendary
Activity: 2688
Merit: 1262
-snip-
No, need I already fully access my account.

I suggest you to create a flag against this user. I am giving a negative trust to this user though there is already 2 negative trust from DT.
Okay, I created a flag to him: https://bitcointalk.org/index.php?action=trust;flag=3144 feel free to support.

Was your password changed or what?
Nope, It's got overdrive by "token ID". They can bypass "Email, Password, 2FA or other security like SMS from Phone Number". They are not gonna to change your password discord, because they only have the token ID doesn't know the password. So basically, their hacked is accessing without change the password.

He left the server immediately after the incident which is suspicious AF.

Anywone who are curious, I will give quick summary to be easy understand

  • You chat and deal with him
  • He gave you information website, discord link
  • You need to verify on his discord channel (the bot link verified is fake)
  • The hacked is gonna to get your Token ID (Bypas, Email, Password, 2FA, SMS Phone)
  • Your account getting hack

I been research for my accident, and the hacked account is using: https://www.youtube.com/watch?v=0emiy4TxV7A BookMark Verification Scam, In the video is using Dyno for my case it's on MEE6 but how the hacked happened it's the same things. Feel free to see the screenshot I provided

I suggest who are interaction with his discord channel on "LucidNFTs" should check your account, even you're not joined but just chatting. It's better just change your password it will generated new token ID for a better security.
hero member
Activity: 1008
Merit: 755

and you just came back after long inactivity, so it's hard to trust anything you say.
I was one of the applicants for his job offer. To be honest, I had some suspicions and doubts about him ( not scam but how serious he was ) even before hearing about what happened to the OP. Going back to my conversation with him, I think he was likely looking for someone with an important Discord account. I can't say for sure, but it seems that @saruc was behind the bot trap that was used to hack OP’s account. He left the server immediately after the incident which is suspicious AF.


I've had several experiences where scammers and hackers use tricky ways to exploit job seekers. This leads me to believe that this is a scam attempt. I actually shared one of my experiences in a previous topic here: https://bitcointalksearch.org/topic/playmisterium-scam-organization-5438406
full member
Activity: 2324
Merit: 175
My discord just got hacked, after contacting him 1 days ago.
Was your password changed or what?

MORE THAN 20 PEOPLE MESSAGED FROM BITCOINTALK ,NOBODY HAD A PROBLEM ONLY YOU
Did you ''hire'' anyone from all this 20 people, and who applied exactly?
I wonder where are they now and why don't they jump into your defense, they must be some reputable members, not newbies.
Look buddy, you didn't explain anything about job you are offering in your topic, except payment rate, and you just came back after long  inactivity, so it's hard to trust anything you say.
 

He should back it up if it's true that he has 20 people who applied for the job, let them post their experience here and it must not be newly opened accounts, I always have bad feelings with accounts with long inactivity then getting active with an offer, he also tried to defend himself but for him to offer fake link or imitate a group is clearly an indication of his scheme of trying to hack one's account.
A flag should be created for this account to warn others.
legendary
Activity: 2212
Merit: 7064
My discord just got hacked, after contacting him 1 days ago.
Was your password changed or what?

MORE THAN 20 PEOPLE MESSAGED FROM BITCOINTALK ,NOBODY HAD A PROBLEM ONLY YOU
Did you ''hire'' anyone from all this 20 people, and who applied exactly?
I wonder where are they now and why don't they jump into your defense, they must be some reputable members, not newbies.
Look buddy, you didn't explain anything about job you are offering in your topic, except payment rate, and you just came back after long  inactivity, so it's hard to trust anything you say.
 
copper member
Activity: 2422
Merit: 1313
Playbet.io - Crypto Casino and Sportsbook
When any newbie comes after a long period of inactivity and creates such type of offer is a scammer in any way. Though all are not on this criteria maximum users are in such category. If anyone has such a real offer then they should have announced it clearly. But the person was not given clear information. If you visited then you could see a long period of inactivity.

I suggest you to create a flag against this user. I am giving a negative trust to this user though there is already 2 negative trust from DT.
sr. member
Activity: 728
Merit: 421
Wow! I almost applied for this job some days past but upon applying for it something happened that took my attention so I had to stop it and tried finishing up before I could apply. After I was done with it, I was very tired to pay attention to this application and was pushing it upwards until I lost interest in it not to come here to see a scam accusations against the account that made this post and offer. So if I had applied then would this have been my fate. What would I have said to myself if my account got Jack in the cause of doing a planned script hacking act.

My goodness thank you op for revealing this here. I think I made a you turn now not applying anymore and I checked again the account was flagged which is not a good sign.
member
Activity: 527
Merit: 72
Crypto - Fiat Exchange
Was your Discord account your main one? If he has access to your main account it is good to contact (through another way) everyone before he does and let them know you got hacked. The scammer is a piece of shit and will probably hit everyone up with some scam.
legendary
Activity: 1890
Merit: 1537
He asks to hire Moderators for $150/week to hack them on his Discord, it's regrettable, and it's good that you exposed him and exposed his method so that more victims' accounts are not hacked; the scam he did on Discord is not new, it's the verification bot in which the scammer manipulates to put a malicious link, so if the person checks the bot link before opening it, his account will not be hacked, and his token will not be withdrawn. It is worth noting that the scammer can create a bot similar to a popular bot on his server or a site similar to a popular bot site, such as MEE6 or CaptchaBot.. etc. Therefore, there are many scammers, so we must be careful before applying for a job with an unknown person with a small rank account.
legendary
Activity: 2618
Merit: 1105
I was interested in applying for this job but was skeptical about this, because I saw that this user came online after a very long time of inactivity, so I decided not to go for this. And as discord hack stories were in the talks some time ago when I used to moderate some groups, I stopped taking any discord jobs and looked for telegram and other social media. Thank you for bringing this in front of us and stopping us from going for this.
legendary
Activity: 2730
Merit: 1560
Yes, I'm an asshole
What is he going to do with the discord account? I suspect he has bigger plan.
He created phishing link of my project (mint) and posted it on the discord channel I was the moderator. (I was admin/mod in one discord channel at the moment). IMO, he targeting the person who are currently working moderator on some project, to spread any phising fake project.


Ahh, just like what I thought as the possible motive when I read the opening post. Anyway, have you regain full and sole access to the said account? If you want, I can join that channel you moderated and warned people to stay away and ignore any message from your discord account for the time being.
legendary
Activity: 2688
Merit: 1262
ARE YOU BLIND? DON'T YOU SEE YOU DELETED YOUR MESSAGES AND REMOVED ME FROM FRIENDS? ARE YOU UPSET I DIDN'T HIRE YOU?
Who sad not being hired? I'm more sad for the people are falling a scam because your link phising posted with my account because you hacked it. I already respond about message deleted on previous post, no need to talk twice
---
Token ID Discord can bypass Email, 2FA, Password. You don't need all-of these things, If you have the token ID
- https://www.youtube.com/watch?v=xmCfUizcNLE
- https://www.reddit.com/r/discordapp/comments/nvuyj4/can_tokens_bypass_2fa_and_sms_auth_and_if_they/

That's why, you can login to my account but not changing the password. Because you have the token ID but don't have the password.

jr. member
Activity: 57
Merit: 1
ARE YOU BLIND? DON'T YOU SEE YOU DELETED YOUR MESSAGES AND REMOVED ME FROM FRIENDS? ARE YOU UPSET I DIDN'T HIRE YOU?

TOKEN DOESN'T BYPASS 2FA!!!!

MORE THAN 20 PEOPLE MESSAGED FROM BITCOINTALK ,NOBODY HAD A PROBLEM ONLY YOU
legendary
Activity: 2688
Merit: 1262
What is he going to do with the discord account? I suspect he has bigger plan.
He created phishing link of my project (mint) and posted it on the discord channel I was the moderator. (I was admin/mod in one discord channel at the moment). IMO, he targeting the person who are currently working moderator on some project, to spread any phising fake project.

I suggest you to install a fresh copy of the operating system or at least use a virus scanner and scan the device. Safe is to reinstall the operating system and start from a fresh system. If keylogger is installed then by now he already have a lot of details that you have entered in different sites. You may also want to change the account passwords once you have the fresh copy installed in the device.
Thank you for the suggestion, and yes I checking everything right now for my discord account, channel I was moderated and my device.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
Well based on the instruction it's a captcha but to be verified he put a link for verification ask me to redirect link somewhere else, for prove me a human. There is no captcha number or letter, it's ask us to verified on website.

- Listed "URL" to somewhere else pretend for verification. The embed link post is real by MEE6 bots but the link redirect is fake MEE6.
- Pretended to be MEE6 by bookmarking the drag me (Verification) to my browser.
- Then the instruction is to go back into verification with discord browser, and click the link by bookmark.

You can verified MEE6 Official Link: https://mee6.xyz/en and on picture number 2 he put a fake MEE6 feel free to match the domain it's different. My bad not checking this, I check after discovering how my account getting hacked and after contact with him.

This is the fake MEE6 listed to be used for verification on his discord channel, verification is directing to web. As you can see the domain is not .xyz (official MEE6)
All clear, feels great that I don't need to be a discord expert to understand it now. It's a nice new method of phishing attach and working well for the scammer. What is he going to do with the discord account? I suspect he has bigger plan. What if he installed a keylogger and taking every keystrokes you are hitting?

I suggest you to install a fresh copy of the operating system or at least use a virus scanner and scan the device. Safe is to reinstall the operating system and start from a fresh system. If keylogger is installed then by now he already have a lot of details that you have entered in different sites. You may also want to change the account passwords once you have the fresh copy installed in the device.

I am going to tag the person.

Good luck brother
legendary
Activity: 2688
Merit: 1262
-snip-
You are just easily deleted all-the think for the conversation, with my account during the hack. The case is after contacted with you and the only direct message who are getting deleted is only a message with you.

It's clear just check your discord channel listed a fake "MEE6" link for verification based on picture number 2 and number 3 it's requested token ID.

-snip-
Well based on the instruction it's a captcha but to be verified he put a link for verification ask me to redirect link somewhere else, for prove me a human. There is no captcha number or letter, it's ask us to verified on website.

- Listed "URL" to somewhere else pretend for verification. The embed link post is real by MEE6 bots but the link redirect is fake MEE6.
- Pretended to be MEE6 by bookmarking the drag me (Verification) to my browser.
- Then the instruction is to go back into verification with discord browser, and click the link by bookmark.

You can verified MEE6 Official Link: https://mee6.xyz/en and on picture number 2 he put a fake MEE6 feel free to match the domain it's different. My bad not checking this, I check after discovering how my account getting hacked and after contact with him.

This is the fake MEE6 listed to be used for verification on his discord channel, verification is directing to web. As you can see the domain is not .xyz (official MEE6)
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
-snip-
It's clear, you're invited to me into the discord channel you want to hiring.

Make a fake verification by based on the proof 3 image, I only warn people to not fall into the scam. The fake verification is hosted on you by redirected link on your discord channel giving to me one day after contacted with you.

All interacted before the hacked one days it's with you.

YOU WERE NOT BLOCKED AND MY MESSAGES WERE NOT DELETED. WHY ARE YOU LYING?
Gosh! Someone please tech me discord. One is saying he got scammed, his messages were deleted and another one is saying the messages were not deleted and he is lying. What to conclude when I don't have much idea about discord.

2. Link Verification going to MEE6 Fake (.app) domain:

Isn't it supposed to be a kind of CAPTCHA verification instead of taking to a new external URL?
Pages:
Jump to: