Topic: SCAM - Ulord(UT) FAKE ANN and FAKE Wallet to Spread Malware. (Read 985 times)

Great job thank you for keeping us all safe

What do you mean added to your list? The real Ulord (UT) project/team has nothing to do with this scam accusations.

The ANN in the OP was posted from a hacked account with fake GitHub and everything, simply impersonating their project. There were hundreds of those fake announcement threads for the last couple of months.

Great work. They are added to my scam list too.

As a community we need to weed out these thieves no matter how big or small their scam operation is and no matter what their ultimate goal or plan is.

If we all get together to keep posting about the scammers then they have less and less chance of succeeding by ripping people off. Unfortunately somewhere along the line a newbie or gullible person will invest and lose out but by far the majority of people will be protected.

I would say anywhere between one to three days. My experience with GitHub support has been quite good so far, I think I have taken down 3 or 4 of those fake ones. HyperCash-HC was removed within 24hrs of my report.

Make sure your report has all the details, you need to include links to both infected wallet and virustotal. As for MultiVAC, ask TakeItEasy to test their latest two repository uploads - "Core" and "Release". Report these two.

Edit;

Update: May 21, 2019, GitHub is taken down!

Good work @Morvillz7z, looks like the mods are doing a good job right now and also responding in time to delete the scammer's threads once they are reported.
I did try to report their GitHub profiles too including this one; https://github.com/MultiVAC
but for some reason, it is not getting removed, I don't know why?
I did include information about the scammer trying to spread malware alongside the virus total results.

Does the process take a long time before the account gets removed?

Yes, they've been a problem for a while now...and it's not just fake ANN, these people use compromised accounts which appears to be the bigger issue here.

I honestly have no problem reporting a few of those every day, but not 20+, that's just crazy and takes way too much time and energy.

Forum administration seems to be aware of the problem though, that's a positive sign!

Tagged & reported. These fake ANNs are becoming a bit of a problem....

These guys had a field day yesterday with all-time high in created fake announcement threads. I counted 28.

Way more relaxed today as I found just one (there could be more) but this one was way too obvious.

[ANN][PoW][X16R] Zyrk - Pushing the boundaries of blockchain technology - (archived)

And their fake GitHub created just a few hours ago: https://github.com/release-coin

Original Zyrk thread: https://bitcointalksearch.org/topic/annpowx16r-zyrk-pushing-the-boundaries-of-blockchain-technology-5139507

https://github.com/ZyrkProject/zyrk-core

They even tried to hide/mask it:



Interesting to point out, account posting their thread is from 2012 (woke up May 16th), I suppose a brand new batch of compromised accounts.

At least 10 new fake ANN posted in the last two hours, good grief   All using MultiVAC's malware wallet/GitHub.

I will update this post shortly:

[ANN] BitGrin (XBG) – MimbleWimble with Bitcoin economics – Windows wallet! - (archived)

Original BitGrin thread: https://bitcointalksearch.org/topic/ann-bitgrin-xbg-mimblewimble-with-bitcoin-economics-windows-wallet-5104608

Proof:

Rig software
https://www.virustotal.com/#/file/7a60731b74243daeebf7e675c1c19beaf37f8514d0b72add822730c1d19a765b/detection
Wallet
https://www.virustotal.com/#/file/40a7e731b9aadca0f29cd1c25f90ac30f4df4765bfe6d2bb3c79fc53e6730b93/detection

---

[ANN][CLAM] CLAMs, Proof-Of-Chain, Proof-Of-Working-Stake, a.k.a. "Clamcoin" - (archived)

Original CLAMs thread: https://bitcointalksearch.org/topic/annclam-clams-proof-of-chain-proof-of-working-stake-aka-clamcoin-623147

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

[ANN][TZC] TrezarCoin Super-Secure-PoW/PoS - (archived)

Original TrezarCoin thread: https://bitcointalksearch.org/topic/anntzc-trezarcoin-super-secure-powpos-2140812

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

[ANN] [SPN] SpartanCoin - (archived)

Original SpartanCoin thread: https://bitcointalksearch.org/topic/ann-spn-spartancoin-the-cryptocurrency-flying-on-the-internet-5119179
https://bitcointalksearch.org/topic/ann-spartancoin-cryptocoin-for-the-competitive-world-491637

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

[ANN] Ravencoin [RVN] PoW GPU Mining | Asset Transfer Blockchain (Updated ANN) - (archived)

Original Ravencoin thread: https://bitcointalksearch.org/topic/ann-ravencoin-rvn-pow-gpu-mining-asset-transfer-blockchain-updated-ann-3238497

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

[ANN]SwiftCash - Decentralized Governance and Economy - (http://archive.fo/6Void)

Original SwiftCash thread: https://bitcointalksearch.org/topic/swiftcash-digital-store-of-value-p2p-decentralized-governance-economy-5062453

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

eXperience Points [XP] ENGLISH - (archived)

Original eXperience Points thread: https://bitcointalksearch.org/topic/experience-points-xp-english-2313170

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

[ANN] Denarius [D] - Originator "Tribus" PoW/PoS Hybrid Masternodes - (archived)

Original Denarius thread: https://bitcointalksearch.org/topic/ann-denarius-d-first-tribus-powpos-hybrid-masternodes-ring-sigs-1967207

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

[ANN] [VBK] [PoP/PoW] VeriBlock: Securing the World's Blockchains Using Bitcoin - (archived)

Original VeriBlock thread: https://bitcointalksearch.org/topic/ann-vbk-poppow-veriblock-securing-the-worlds-blockchains-using-bitcoin-3133450

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

[ANN][POS/MN] [Bounties] Coin2Play - Gambling and Casino online - (archived)

Original Coin2Play thread:https://bitcointalk.org/index.php?topic=4849316

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

[EAC] EarthCoin (EAC) !!! RELOADED !!! - (archived)

Original EarthCoin thread: https://bitcointalksearch.org/topic/eac-earthcoin-eac-reloaded-2161853

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

[ANN][POS/MN] ⭐ SafeGames [SGS] - Build your own Game ⭐ CryptoBridge paid - (archived)

Original SafeGames [SGS] thread: https://bitcointalksearch.org/topic/annposmn-safegames-sgs-build-your-own-game-cryptobridge-paid-5111563

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

[ANN][TLRM] - Tellurium Official - RELEASE 17/04/19 14:00 GMT+2 !!! - (archived)

Original Tellurium thread: https://bitcointalksearch.org/topic/anntlrm-tellurium-official-release-170419-1400-gmt2-5132724

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

❤️[ANN] Surfcoin SURF❤️Only Browser Mining❤️Ad Platform❤️POS❤️Mobile Mining❤ - (archived)

Original Surfcoin thread: https://bitcointalksearch.org/topic/ann-surfcoin-surfonly-browser-miningad-platformposmobile-mining-5078617

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

---

They might have a bot to post all these threads. Take a look at my recent tags vs. newbie accounts who woke on April 28th.





If that's true, I won't be able to keep up with all these fake threads, the Night King has won.

And another one !

User : OLC Team

[ANN] ONLINE-LEAGUE [OLC] | LoL | CS:GO | THE GAME IS YOUR's | PoS | PoW | MN

Now self moderated  !

Archive:  https://archive.fo/ed3MS


The Original for Ann for ONLINE-LEAGUE is here : https://bitcointalksearch.org/topic/ann-online-leagueio-olc-lol-csgo-the-game-is-yours-pos-pow-mn-5141278

I don't want to edit my previous post the 4th time, so I'll post my new findings here:

It's pretty much a game of cat and mouse at this point:



With the exception of ChanceBetCoin and Tampa Bay Token all other ANN seems to be fake. There are all posted within the last hour or so and have a link to the same GitHub (which is created also an hour ago).

https://github.com/Core-Wallet/

I will update this post, tag and report users involved later...that's close to 20 fake topics today, a good/productive start of the week.  

---

[ANN] Halcyon v1.1.0.3 ~ NeoScrypt PoW and up to 100% PoS - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original Halcyon thread - https://bitcointalksearch.org/topic/ann-halcyon-v1102-neoscrypt-pow-and-up-to-100-pos-895829

---

ANN] ONEROOT NETWORK - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original ONEROOT thread - https://bitcointalksearch.org/topic/ann-oneroot-network-projectco-creating-a-value-and-data-network-3121006

---

[ANN][XCP] Counterparty - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original Counterparty thread - https://bitcointalksearch.org/topic/annxcp-counterparty-pioneering-peer-to-peer-finance-official-thread-395761

---

ANN] MNPR coin - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original MNPR coin thread - https://bitcointalksearch.org/topic/ann-mnpr-coin-mn-services-mnpos-coin-mnproio-crypto-bridge-paid-5113359

---

[ANN] [BSV] [Bitcoin SV] Original Satoshi Vision - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original BSV thread - https://bitcointalksearch.org/topic/ann-bsv-bitcoin-sv-original-satoshi-vision-4985868

---

[ANN] [BCRM] Bitcoin RM: A new Bitcoin Fork is now LIVE - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original [BCRM] Bitcoin RM thread - https://bitcointalksearch.org/topic/ann-bcrm-bitcoin-rm-a-new-bitcoin-fork-is-now-live-4735005

---

[ANN] Lytix - PoS Maxnode - (archived])

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original Lytix thread - https://bitcointalksearch.org/topic/ann-lytix-pos-maxnode-crypto-platform-5066344

---

[ANN] BitGrin (XBG) - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original BitGrin thread - https://bitcointalksearch.org/topic/ann-bitgrin-xbg-mimblewimble-with-bitcoin-economics-windows-wallet-5104608

---

[ANN] Bitcoin Confidential - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original Bitcoin Confidential thread - https://bitcointalksearch.org/topic/ann-bitcoin-confidential-the-truly-fungible-cryptocurrency-5135251

---

[ANN][POW]🥇DeroGold🥇 - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original DeroGold thread - https://bitcointalksearch.org/topic/annpowderogold-the-future-of-crypto-0-premine-cn-upx-algo-5088519

---

[ANN][POW][HARDFORK] MicroBitcoin - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original MicroBitcoin thread - https://bitcointalksearch.org/topic/annpow-microbitcoin-micro-payments-protocol-3982489

---

[XVC] Vcash Official Community Thread ▱ Zerotime ▱ Anon ▱ Auto Block Size - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original Vcash thread - https://bitcointalksearch.org/topic/xvc-vcash-official-community-thread-zerotime-anon-auto-block-size-1504342

---

Good work sir definitely this will just keep helping the community on not to encounter losses in future.

I don't want to start a new thread for every fake ANN with malicious wallets so I will be making a MEGA thread by the end of the week. Will list every single one of them in chronological order and update it daily. In my estimation, there are +30 already (all created in the past 30 days).

Ones I've spotted today (will tag and report whenever I get more info about wallets):

[ANN] [Masternode] [POS] FYD Coin - (archived)

Fake Github, created 5 hours ago - https://github.com/Fyd-Coin

Original FydCoin - https://github.com/Fydcoin/FYD and their ANN

Proof:
https://www.virustotal.com/#/file/b4cc9f85f184cffe882d2c56993d03fc1f38de338e838d40f26d884725b4a7c2/detection

---

[RSIN] Roketsin - (archived) Fake ann with links to bitbucket.

Original announcement thread for Roketsin - [RSIN] Roketsin

Proof:
https://www.virustotal.com/#/file/e92d4760a0d1736821cdbccc8bfb195274acce9f1d6080b318ce09523ecfa3c4/detection

---

MultiVAC (MTV)

Proof:

Rig software
https://www.virustotal.com/#/file/7a60731b74243daeebf7e675c1c19beaf37f8514d0b72add822730c1d19a765b/detection
Wallet
https://www.virustotal.com/#/file/40a7e731b9aadca0f29cd1c25f90ac30f4df4765bfe6d2bb3c79fc53e6730b93/detection

---

MIR COIN

https://github.com/MIR-COIN

Proof:

https://www.virustotal.com/#/file/7a45aae25028d287fd4d1efac5671ccb6c61635e38931d8fc76c238e2463a0d1/detection

Again, special thanks to TakeItEasy for wallet testing!

---

These two are very likely to be fake as well, having links to mega.nz wallets (self-moderated) opposed to the original project having their own GitHub.

Fakes:

[ANN] ONLINE-LEAGUE [OLC] | LoL | CS:GO | THE GAME IS YOUR's | PoS | PoW | MN - (archived)

[ANN] ONLINE-LEAGUE [OLC] | LoL | CS:GO | THE GAME IS YOUR's | PoS | PoW | MN - (archived)

Original - https://bitcointalksearch.org/topic/ann-online-leagueio-olc-lol-csgo-the-game-is-yours-pos-pow-mn-5141278 and their GitHub - https://github.com/ProjectOnlineLeague

EDIT; One of the topics was just edited...and replaced lol

https://bitcointalksearch.org/topic/--5142590 - (archived)

EDIT2;

ONLINE-LEAGUE impersonators tagged and reported.

Proof:

---

EDIT3;

Yet another fake ANN (6 total for today), possibly comprised account as well (judging by mipari's post history).  

[ANN] [Stellar] Stellar Gold XLMG Pre-Mine - (archived)

Wallet straight from fake DUO NETWORK Github:

---

Where I suspected this account was slightly hacked and used to make that post is where I open my browser and the account wasn't login rather it was just the normal bitcointalk.org interface I saw. I was surprised.

Definitely I go by what you said here this alone can happen to more  other users in the platform if it's not taking care of.

If I get to change this account password yesterday it won't give a proof that I wasn't the one that posted that topic I will need to get access to my IP logs from theymos so I compare the activities that took place on this account the day the account was hacked.

@bbvedf is from my local board, and has opened a thread there to try to get some help on the matter (see Ayuda con mi cuenta de BCT – it’s in Spanish though). The way he’s depicting the events, he claims that he was “silently hacked”. That is to say, someone gained access to his account, using his same credentials (not changing them), and published the fake Ann thread from his account. If true, that would be the best way to use an account for wrong doing, although it does constitute a very difficult case to prove.

It also likely denotes a weak password management, as for this to happen without brute force, he would have to have used the same password in a crypto related site and have the password leaked from there. That alone is arguably irresponsible to some extent, but I’m pretty sure there are thousands of users here that use the same password on a couple of sites.

The only possible way to move on with trying to clear @bbvedf’s claims (which are very similar to @Mrengage’s) would be for both of the to ask @theymos for their access logs for the date of events, and see what that may show. It certainly will not be conclusive, but may show something interesting (i.e. common IPs from Russia for example – again not conclusive, but opens a door to suspicion).

Looking at the archived thread (http://archive.fo/yfa4D), I believe tagging the accounts is correct (how not to, seeing the evidence), but it would be good to know if we are facing a couple of more intelligent account hacks here, where the accounts are only taken temporarily without changing the credentials. It’s likely nearly impossible to prove this were it to be true, but the IP logs could help to raise suspicion or drown it altogether.

Of course making IP log retrieval a general habit would be a pain in the back side, and likely won’t be done except on an rare occasions, but perhaps it’s worth a go here to see what it may lead to.

Alright, let's wait for Theymos' response.
If, you account was hacked then you really need to secure it and that starts with changing passwords which you haven't done up to now since the said hack.

No problem... I will be waiting