Topic: Should I remove my red tag on bountyhunters.io? DT please discuss (Read 625 times)

Is it bountyhunters.io that sent the PM? If they sent the PM, explaining that they have had a change of heart and you are convinced that they have, then you can remove the tag. Else, it is criminal to request for a private key for payment of bounty, therefore, the tag should remain.

Absolutely not. 

What has he done since you tagged him?  Has he become a community advocate about private key stranger danger, and does he post regularly to remind new users not to send their private keys?

Of course not.  He is using time (which is free) to dilute the seriousness of his actions, and doing nothing else. 

Unless he is a crypto idiot, he knew he was trying to scam gullible users.  He can claim he is sorry, but with no consequences, how sorry will he be?

This is against all the laws of crypto, wallets and privacy. I don't think you should remove the feedback. In fact, I feel pity for the dumbasses still using their service. I expect more DT to leave them negative feedback and other members should avoid the service.

There will no good reason ever to convince why they needed someone's private key to send out bounty payments.

I felt the same way, hence this topic.

That's another reason why I opened this topic. It could be all DTs feel like it "sails right over their head", but it could also be a bunch of nonsense which is typical for any scammer to produce once caught.

You write it down better than I did

Do I get this correctly: you're asking clients to risk their funds, so that you can save a bit on transaction fees?

I was wondering about that too: eventually, a user would want to sell the tokens on an exchange, so they have to be sent out anyway.

It has 38 views. That doesn't sound like thousands of users understand what you're doing.

You're dealing with bounty hunters. Isn't the whole point that they're interested and want their bounty? By making it an extra step for them to request what you owe them, I bet many of them won't do it. That doesn't seem right either.

When using an online wallet to access your funds, you indeed need your private key. It's better to use a local wallet instead of an online wallet, but that choice is up to the user.
In my opinion this can't be compared to the situation where you're only receiving funds.

I'm still not entirely convinced in either one direction

Why? the keys they got are stored, and they can use (or be hacked) even after few months or years.
When you are not the only owner of the private keys you will are not in a safe place.

Like as people said, asking for private key is of course an doubtful task. The most forbidden task in crypto is not to give private key to anyone. So, I think you should not withdraw the feedback. Wait and observe couple of months more and decide later.

We have 2 distribution options for our bounty hosts. Common airdrops may also be used. But as "traditional" airdrops may soon go to the past, and as they may affect projects in a negative way, we offer an alternative solution as well. Its still up to bounty hosts to decide.

First of all, not ALL the tokens require the claiming process. Most of rewards for our latest campaign are to be sent automatically, as a usual airdrop.

Second: there is an option to create a wallet within the system or to sign transactions with Metamask plugin.

Those are all exchanges though, right? Exchange shared wallets have been horribly unsafe since forever and these "decentralized" contraptions might actually be an improvement. It's the opposite with bountyhunters.io - they went from a safe if costly airdrop method to asking for private keys because they want to send out worthless tokens that might not even be worth the TX fee.

If it is worth to mention:

Ether delta(already hacked):


Fork delta:


Idex:


Stellarterm:


And so on...they all ask for private keys.
If I am not wrong, metamask should resolve this problem.

The thing is, I am not really sure about this one and I have more than 1 opinion. I just don't have clear answer and I understand your doubts, especially when someone ask for private keys.

I completely forgot about this bounty service.
Now I have checked them again and still can't withdraw any of my stuffed tokens there. They asking to import my wallet ie keystore file there.

I have read a lot of that information and it's quite interesting, thank you.

However I couldn't find any justification for requiring private keys in any of those articles. Even your solution of having a wallet "within the system" does not sound that much safer. I'm guessing you're doing this because you think your customers wouldn't be able to figure out how to sign the transactions using their own wallets. That still seems to fall under "no clue how to implement it safely".

Anyway, not to derail this thread any further - I'd still recommend for LoyceV to not rush with any revisions just yet.

Merkle airdrop is not only about cutting the costs of an airdrop. Please read the information we have provided.
Currently we have implemented an option to create new wallet right within the system, as well as an options to sign transactions with Metamask plugin, so your claims that "we have no clue how to implement it safely" have no more ground.

Here is a video explanation of the situation made by Mikhail Savchenko (CEO at BountyHunters.io, CTO at chronobank.io): https://www.youtube.com/watch?v=5ffX7tmW2vA&t=2s

(Linkedin profile: https://www.linkedin.com/in/mikhail-savchenko-78291916/)

Take a note, that BuntyHunters is a project created by the ICOPromo team (https://icopromo.com/): a subsidriary of ChronoBank.io (one of the first successful ICOs on the market, that raised over 5,400 BTC in their in early 2017). ChronoBank, in its turn, is well known for its good reputation and strong developer team. Our main investor is Sergei Sergienko (https://www.linkedin.com/in/sergeisergienko/), a well-know figure of the blockchain market.

Our company is totally legit and transparent, and we care about the reputation of our products.

We admit that launching the new system without decent preparation was an incorrect step. Currently we have no any new accusations from the community, as our users can choose between different options to sign their transactions (including Metamask app).  Our bounty hosts are also free to choose between different systems of processing payouts (so traditional airdrops can also be produced).

In the main discussion thread (https://bitcointalksearch.org/topic/bountyhuntersio-probably-will-scam-their-members-watch-out-5067062) we have given enough of information for those who are really interested in the situation. We ask all the participants of the current thread to read it carefully.

The best I can figure out is that you heard of this fancy new thing (Merkle airdrop) that would shift the cost of distributing tokens onto the recipients and you decided to do it despite having no clue how to implement it safely.

As we explained for many times, we DO know how to pay bounty tokens without any confirmations. Traditional airdrop is not a difficult task, but it has disadvantages we want to avoid by moving to the Merkle airdrop system.
In this message you can find detailed explanations about it: https://bitcointalksearch.org/topic/m.48315041

The answer is «yes» and «no».
   
   From our FAQ:
- Confirm your transaction via your private key or with a help of MetaMask plugin. Note, we would highly recommend that you DO NOT use your main Ethereum wallet for this step. Instead, choose a new wallet that contains a minimal amount of funds. (If our website is compromised or you accidentally visit a different website, your funds can be stolen. You are doing this at your own risk). 

   
- The transaction is then formed and signed in the user’s browser. We don’t store or transfer any private data, as we care about the security of your wallet. This operation is only needed when you personally sign a transaction; otherwise we will not be able to transfer your tokens. 
   

If I'm not mistaken, I think I voiced some disagreement about that feedback on mdayonliner.  I happen to believe he wasn't intending to scam but wouldn't rule out the possibility of it happening if someone actually sent him that $100k (or whatever the number was).  I also think he's learned his lesson about doing stuff like that and don't think that feedback removal by hilariousandco would be a bad idea at this point--but there's also the ponzi stuff that other members feel strongly about, and I don't think that feedback is going to be removed.

Most of you may not believe this, but I do believe in second chances and removal of feedback if the member has learned his lesson.  I've removed lots of negs from account buyers/sellers if they've not repeated the behavior and have shown evidence of being a valuable member of the forum. 

I may not have made myself clear in my previous post, but I am not arguing that LoyceV should remove his feedback.  I'm saying I don't understand the explanations given by bountyhunters.io enough on a technical level to judge whether what he was doing was the only option (which is what he initially seemed to be arguing) or whether he was caught in a lie.  I get that asking for private keys is a no-no.  I also get that a member with no escrow history who's not on DT offering to escrow $100k is a no-no.  Both of those things are huge red flags.

In my previous post I said that if bountyhunters.io changed their method to one that doesn't require private keys and if they haven't scammed anyone, LoyceV's feedback might be worth removing.  But suchmoon's point I hadn't considered before writing my post:


If they've got a bunch of people's private keys, they still could scam if they wanted to.  It does make sense to me now to leave the neg intact.

Their "explanations" seem to be just some random texts. No verbal gymnastics can justify asking for private keys. I think their attempt to whitewash it is a big part of the issue. There is also some weird arrogance along the lines of "do you think we would stoop to scamming piddly bounty hunters who only have dust in their addresses" (this is not a literal quote LOL), which is kinda weird attitude towards their customers to say the least.


I haven't read it far enough to figure out if they completely removed the option or just added other options. Here's the thing though: they only did this after get called out and it's impossible to ensure that the keys they already (possibly) collected wouldn't be misused. It's up to LoyceV to decide how much time needs to pass to review this again but I'd say it's all still too fresh ATM.


I was considering it but I'm still missing a few bits of the story that I don't have time to research now... perhaps next year

Apologies for my reply since title said DT discussion. Although I am not DT but I can't stop myself to reply this thread. Just wondering why he has got single negetive feedback ? Who have asked for private key his clear intention is to scam people's. I don't think need to discuse about remove his negative feedback. I believe he deserve more negative feedback a well. Asking for private key I will not take it easy. Just now I have tried to register and check withdrawal option but unfortunately if no balance there is no option for withdrawal. I believe acuusation is valid and you don't need delete your feedback. I have left another negative feedback.

I can see he has self admitted about private key or similar Some thing which is really not legit to ask.
 http://archive.is/RPHqs
How you consider to remove it ? They have asked already and although they fixed it doesn't mean they are legit. There is no point of their Explaination why must need provide private key. If like that then you should remove all negative feedback from Account buyer or seller, because after got tag everyone say sorry and they promise they will not repeat (IMO). Problems was not on website design or coding that they will fix. They are fully aware about that they are asking for private key. Check my above quote. They are asked something that they can control wallet.

If I am not wrong mdayonliner got tag just for asked escrow 20BTC and later on he withdraw his offer. But feedback is still remain. So why should remove negative feedback from Bountyhunter.io ?

I don't mind this either, but I don't think every neg needs to be discussed and voted on.  If you're on DT, you ought to have good judgement to begin with and faith in the strength of your convictions--at least enough such that you don't need to seek advice for the feedback you leave (but there are times when it's necessary, and I've done it myself).  This issue is more complex than other ones IMO and it's good that advice is being sought.

In this case, I think LoyceV was pretty justified in giving a neg to someone asking for people's private keys.  That, in my opinion, is an even worse offense than being a newbie and asking for a no-collateral loan or to buy bitcoin with PayPal, both of which can and do earn those newbies negative trust (usually from Vod).

However, my ignorance of all things ETH-related kicked in pretty quick while reading that scam accusation thread.  But what grabbed me is that if this post is true (which was responded to by bountyhunters.io in the next post), then I would say the neg is completely justified and should stay because that would mean bountyhunters.io outright lied.  But the explanation they gave sails right over my head.  I do understand quite well that asking for someone's private keys is a big no-no, but in this case it seems like the suggested solution of creating a throwaway wallet would solve that problem.  The only thing with that is that we (and certainly bountyhunters.io) know not everyone will do it.

My current understanding is that they've fixed this issue now, is that right?  People no longer have to give up their private keys?  If that's the case and it's also true that they haven't scammed anyone, then feedback removal at this point might be appropriate.  It could be a case of them being naive about how their initial system that required private keys would be perceived, i.e., that people wouldn't think they were scammers.  Unfortunately it's impossible to know someone's intentions; we can only judge people by their actions.