Author

Topic: TAB TRADER SCAM AND THIEF PROGRAM IT COST ME LOST 6000 DOLLARS (0.922214472 btc) (Read 912 times)

brand new
Activity: 11
Merit: 0
Decentralization will destroy you all

And in the end, it will be just a bad memory
legendary
Activity: 2338
Merit: 1261
Heisenberg
This is like a case of someone following poor security procedures for their Social media account by getting their login credentials leaked and then when hackers gain access to his account, he goes on to blame the platform.

If Tab trader was hacked or indeed it's scam. Why would they go for just less than 1 BTC, yet they have thousands of traders using the app with a lot more money?
OP's API keys got probably compromised, and he still thinks it's tabtrader's fault. You can't blame someone else for your mistakes.
newbie
Activity: 33
Merit: 0
Suppose the password is leaked from where he got the email

On this point, I only benefited from the fact that my country does not support digital currencies, even if I go to the police who will not help me.

Thus, I found a way to evade responsibility

This is 101 Data Breach fyi.
Poloniex or Coinmana gets hacked. Some emails+passwords+some other info is then sold on darknet. Buyer gets the entire database and tries all entries on all similar websites, including other exchanges, wallets, emails, online banks, apps.

You can see how many times your email was leaked  and even set alerts on new inputs here: https://haveibeenpwned.com/ or here https://monitor.firefox.com/
Additionally you can use telegram bots and even see parts of your own password -> @mailsearchbot   

You ever wonder why you and mixicali are alone in this thread?
Because almost everyone else uses a strong password and doesn't reuse old passwords.
And just by using Google Signup you can eliminate this password altogether, because it uses a different security mechanism.

newbie
Activity: 33
Merit: 0
Mixicali, do you understand that you reused a leaked old password and a bad actor just logged into your account?
Just logged in. It means he had your login and password.
There is nothing wrong with an app.

You won't be blaming a thief if you leave keys to your apartment on the main market square in the city. And never change the locks after the first theft. And use the same keys in all your apartments, houses, security boxes.


Hello

So far, the app warning has been published via Facebook in two groups:
The first group is 6500 members .
The second group is 11500 members .

Still expanding and spreading .

https://imgur.com/r5bFcod

https://imgur.com/v7ZTIG5
brand new
Activity: 11
Merit: 0
If they do not solve the problem. We will do them as Indians do with Tik Tok
newbie
Activity: 20
Merit: 0
Hello

So far, the app warning has been published via Facebook in two groups:
The first group is 6500 members .
The second group is 11500 members .

Still expanding and spreading .

https://imgur.com/r5bFcod

https://imgur.com/v7ZTIG5
newbie
Activity: 20
Merit: 0
Where is the problem, in this case we will be candles burning to light the way of others.
Big thanks to Bitcointalk for this outlet for expressing opinion.
brand new
Activity: 11
Merit: 0
Suppose the password is leaked from where he got the email

On this point, I only benefited from the fact that my country does not support digital currencies, even if I go to the police who will not help me.

Thus, I found a way to evade responsibility
newbie
Activity: 33
Merit: 0
The best course of action for you is to contact you local law enforcement.
Exchanges will be able to reveal bad actor identity because he was KYCed.
And you will be able to get your funds back.

Try to avoid the following your mistakes in future:
Do not to reuse old passwords
Do not use same passwords on multiple services
Do not use passwords with you name
Use strong unique passwords especially in financial services

Because ultimately your mistakes allowed the bad actor to simply login to your account. He was not even trying brute forcing, he just logged in. Because he knew your leaked password.
newbie
Activity: 33
Merit: 0
What happened to mixicali.

This user:
a) you were careless by reusing your password and also using the same passwords in multiple services.
b) this password leaked before multiple times and we showed you a service where anyone can purchase all your passwords.
c) among hundreds of thousand of users you were one the very few users who reused leaked passwords and was affected. You admitted that you reused a password from a previously leaked database.
d) our service is not hacked, no data breach happened, no funds were lost. If the app simply allowed hacking the bad actor would have stolen millions of dollars, which never happened.

Below is our post mortem explaining what happened in your case.
newbie
Activity: 33
Merit: 0
Hello

You were removed because you violated the rules of the telegram group.
brand new
Activity: 11
Merit: 0
When I posted things on the topic in their Telegram, they deleted
It is a failed application right
We will do what we can to expose them
newbie
Activity: 20
Merit: 0
I was also stolen from the same app
When I spoke of support, this was their response
Hello,
We cannot really pay out any compensation legally, because there's no legal case.
As a company bond by law, we cannot possibly do it.
However we can grant you a lifetime PRO subscription. This is the least we could do for you. I'm very sorry.
Yes, they are procrastinating on us

Something very unfortunate that the owner of an app like this is an avid thief.
I was offere to him only half the compensation, but he refused, although he admitted that the breach was from him.
But we will not stop defaming.

https://imgur.com/X4rsQXt
brand new
Activity: 11
Merit: 0
Why was I removed from the group if you were honest

https://imgur.com/a/hroQF8O
brand new
Activity: 11
Merit: 0
I was also stolen from the same app
When I spoke of support, this was their response
Hello,
We cannot really pay out any compensation legally, because there's no legal case.
As a company bond by law, we cannot possibly do it.
However we can grant you a lifetime PRO subscription. This is the least we could do for you. I'm very sorry.
Yes, they are procrastinating on us
newbie
Activity: 20
Merit: 0
Hello

Would any of my friends help me in an international authority that would file a complaint for judicial follow-up or to provide a lawyer at this address?

Rapenburgerstraat 73-D5, 1011 VK, Amsterdam, Netherlands

https://imgur.com/xovy82K

My loss is 0.92214472 sold at price 6357  Angry Angry, now the amount is 0.92214472*9600=9000 usd

https://imgur.com/y5dLtCC

Thanks
legendary
Activity: 2758
Merit: 6830
I did not download a fake wallet but rather from the official website that referred me to the Google Store
That's not the only way you could have messed up. Phising and malwares can occur from many sides. You could have been infected with a different app, or you could have been hacked in other ways. Even your BitTrex could have been hacked somehow. However, those are only POSSIBILITIES. I'm not saying this is what happened. This is what COULD have happened with you or anyone else. And in the same way, that could have been their fault.

If the problem from me , how do I buy at a high price and sell at a cheap price?
Does this do sane?
I mean, if you somehow ended up leaking your API keys (malware, phishing, etc...), the user with possession of your keys could do any kind of trades (along with what permissions you choose for it) without any issues. They could, for example, buy or sell any coins they wanted for any price they wanted, which is what seems to have happened. When you give TabTrader your api key, they do all of this stuff in your name (selling, buying, trading, etc...). If a malicious actor also gets hold of that key - from you or TabTrader - , he can do the same, but in a way you didn't permitted and which benefits him (e.g selling low and buying high).

I'm not saying it's your fault and TabTrader is clean. And neither I said thats all their fault. Only them can give you an answer, and they said they are investigation, so you can only wait. In the end, I can only see them possibly giving you any kind of reimbursement if they admited it was their fault and that their system/app were breached, which we can't if it happened.

I hope it all goes well for you. I have used them before and never had any issues, but this doesn't make them hack-proof. Losing your coins like this is one of the most frustrating things that could happen with anyone.
newbie
Activity: 20
Merit: 0
There are some preliminary findings which we are trying to confirm.
Related to security issues in your app or OP simply getting his API keys compromised by something that was his entirely responsibility (e.g malware in his device, phishing, etc...). I'm not trying to spread any FUD, but if there is any possibility of your app being vulnerable in anyway, you need to disclose it.

I myself have used your app for quite some time and only stopped recently because you do not support my favorite local exchange, but I still have the app installed in my phone. I don't want to risky anything because of a possible issue on your part. =/

Now, if the issue is on your hands, OP, I can't see why TabTrader would return anything to you. Electrum or Bitcoin Core don't reimburse people if they get hacked or download a fake wallet.

Thanks for participating
I did not download a fake wallet but rather from the official website that referred me to the Google Store
If the problem from me , how do I buy at a high price and sell at a cheap price?
Does this do sane?
I have done all the protection measures in my phone and I have been dealing for years with other sites and applications, and I have not been exposed to such before
How do you want me to lose something I have no reason for.
legendary
Activity: 2758
Merit: 6830
There are some preliminary findings which we are trying to confirm.
Related to security issues in your app or OP simply getting his API keys compromised by something that was his entirely responsibility (e.g malware in his device, phishing, etc...). I'm not trying to spread any FUD, but if there is any possibility of your app being vulnerable in anyway, you need to disclose it.

I myself have used your app for quite some time and only stopped recently because you do not support my favorite local exchange, but I still have the app installed in my phone. I don't want to risky anything because of a possible issue on your part. =/

Now, if the issue is on your hands, OP, I can't see why TabTrader would return anything to you. Electrum or Bitcoin Core don't reimburse people if they get hacked or download a fake wallet.
newbie
Activity: 20
Merit: 0
We are 100% with you.
We really are sorry that you lost some of your funds.
We are trying to find what happened.

Thanks for the encouraging reply
Please put yourself in my position and look at the scale of frustration
I hope for seriousness and firmness because every day that passes without a solution is destroying me
newbie
Activity: 33
Merit: 0
We are 100% with you.
We really are sorry that you lost some of your funds.
We are trying to find what happened.
newbie
Activity: 20
Merit: 0
Hello respectable brother.
It means that we still doing our investigation.
We are on your case.
There are some preliminary findings which we are trying to confirm.

But like we said if we were hacked and our user data was compromised hundreds of thousand of users would have been here in this thread. But they aren't.

I am very sorry to attack you in this forum, but it was my lost money that made me neither sleep nor sleep
newbie
Activity: 33
Merit: 0
Hello respectable brother.
It means that we still doing our investigation.
We are on your case.
There are some preliminary findings which we are trying to confirm.

But like we said if we were hacked and our user data was compromised hundreds of thousand of users would have been here in this thread. But they aren't.
newbie
Activity: 20
Merit: 0
Hello dears,
Last answer from tabtrader support in Tuesday 21/04/2020 says investigation finish during this week,

((Hello,
We're still in the middle of investigation. We're going to to come up with the results during this week, as soon as all our suspicions are confirmed.
Apologies for keeping you waiting. We'll update you as soon as possible))


It means before sanday 26/04/2020.
We are now in 1/5/2020 it means one week more, but no answer . I am writing to him and he does not answer, What does this mean ?
Part from last answer from BITTREX:

((We understand this is a frustrating situation. While we are sorry that your funds were lost, it is ultimately your responsibility to maintain the security of your API. There is no way to recover your funds at this time. If you have not already done so, we strongly encourage you to do the following))


Can the respectable brothers help me and my advice?

https://imgur.com/4gLEQ08

https://imgur.com/1qBaO1l

newbie
Activity: 20
Merit: 0
Is it possible to further clarify the idea of theft without the need to withdraw the balance

Having access to enough funds on an exchange, one can for an example buy a lot of the same shitcoin which has very low volume, then using the other accounts he places buy orders to buy his bags for a lot higher, they can then make buy orders for the same shitcoin on his main account and then using the other accounts he makes a lot of sell orders so he can buy-back those coins for cheap, and then again sell it for a higher price, rinse and repeat.

Since the hacker/attacker can't withdraw funds, all they do is liquate you to their favor, in other words making 100% winning traders and then withdraw the funds from their main account, one might think that a "reputable" exchange like Bittrex should sense such P&D operations going on and lock all accounts involved, but I don't trust any of these crypto exchanges, you are simply paying for the mistake of using a third-party app that has control over your funds, people think that because these apps can't withdraw money directly from their account - then their funds are safe, which is a misconception.

Also, the fact that no more victims showed up, it's safe to assume the app itself was not hacked and it's more likely that your API keys got compromised somehow. If you are lucky enough then bittrex might have blocked the account/accounts who made those trades and your stolen money is still there, but I would give that a 10% at best case scenario, the 90% scenario is that the funds are long gone, Tabtrader will refuse to compensate you saying it's your fault for not keeping your credentials safe, Bittrex will say those orders were made by an app which you personally gave it the keys to trade for you, and in the end, it's really your mistake for trusting something like Tabtrader or other platforms when you could have simply used the exchange's app itself.
 
Thank you for your smart reply.
Actually, this is what deceived us, which is that the money is wasted by withdrawals only
But the official is the failed application because my phone is highly secure and I do not use the computer

legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U
Is it possible to further clarify the idea of theft without the need to withdraw the balance

Having access to enough funds on an exchange, one can for an example buy a lot of the same shitcoin which has very low volume, then using the other accounts he places buy orders to buy his bags for a lot higher, they can then make buy orders for the same shitcoin on his main account and then using the other accounts he makes a lot of sell orders so he can buy-back those coins for cheap, and then again sell it for a higher price, rinse and repeat.

Since the hacker/attacker can't withdraw funds, all they do is liquate you to their favor, in other words making 100% winning traders and then withdraw the funds from their main account, one might think that a "reputable" exchange like Bittrex should sense such P&D operations going on and lock all accounts involved, but I don't trust any of these crypto exchanges, you are simply paying for the mistake of using a third-party app that has control over your funds, people think that because these apps can't withdraw money directly from their account - then their funds are safe, which is a misconception.

Also, the fact that no more victims showed up, it's safe to assume the app itself was not hacked and it's more likely that your API keys got compromised somehow. If you are lucky enough then bittrex might have blocked the account/accounts who made those trades and your stolen money is still there, but I would give that a 10% at best case scenario, the 90% scenario is that the funds are long gone, Tabtrader will refuse to compensate you saying it's your fault for not keeping your credentials safe, Bittrex will say those orders were made by an app which you personally gave it the keys to trade for you, and in the end, it's really your mistake for trusting something like Tabtrader or other platforms when you could have simply used the exchange's app itself.
 
newbie
Activity: 20
Merit: 0
We are helping you identify what happened to your funds.
And yet you go to forums too.

For everyone concerned:
1) This individual is the only one had this issue out of hundreds of thousands of users. If there was an issue in the app, scammers would have used this vulnerablity multiple times. Why scam one person if you could scam all of the users. Just doesn't make sense.

[For full disclosure 2 of his mates also from the same African country reported this issue. Maybe it is the same person just with multiple reports, one in the app, one in email one in telegram, group. Anyway we are talking to all 3 of them in best faith trying to help.]

2) Preliminary investigation showed that this user has compromised his credentials somewhere.

3) But we believe it is unfair to go reporting that such an established and reputable app is a scam without any proof. Moreover we are trying to help him understand what happened the very same moment.

More will unfold later.

1) My money is lost and effort of years is lost and you only want to help me with words.

2) For the public, there are users installed this app they were stolen like me. Users in the Arabic language can confirm this page on Facebook:
https://www.facebook.com/groups/413865585473202/

3) It is fair and appropriate to warn the masses so that their money is not wasted like me.

4) If you are trustworthy and honest, prove it here to the masses in this forum and return my stolen money to me.

5) about point 2, what does that mean? Explain more
newbie
Activity: 20
Merit: 0
If I'm right the app permission only are to buy, sell and view balance.

It is clear as day that what the member is claiming is that the app pumped and dumped his balance using a low volume coin .
with access to a few accounts you can exactly steal their money without having to withdrawal, i have always warned against the use of trading bots and APIs for this exact reason.

Thanks for your important response
I do not understand
Is it possible to further clarify the idea of theft without the need to withdraw the balance
newbie
Activity: 33
Merit: 0
We are helping you identify what happened to your funds.
And yet you go to forums too.

For everyone concerned:
1) This individual is the only one had this issue out of hundreds of thousands of users. If there was an issue in the app, scammers would have used this vulnerablity multiple times. Why scam one person if you could scam all of the users. Just doesn't make sense.

[For full disclosure 2 of his mates also from the same African country reported this issue. Maybe it is the same person just with multiple reports, one in the app, one in email one in telegram, group. Anyway we are talking to all 3 of them in best faith trying to help.]

2) Preliminary investigation showed that this user has compromised his credentials somewhere.

3) But we believe it is unfair to go reporting that such an established and reputable app is a scam without any proof. Moreover we are trying to help him understand what happened the very same moment.

More will unfold later.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U
If I'm right the app permission only are to buy, sell and view balance.

It is clear as day that what the member is claiming is that the app pumped and dumped his balance using a low volume coin .
with access to a few accounts you can exactly steal their money without having to withdrawal, i have always warned against the use of trading bots and APIs for this exact reason.
newbie
Activity: 20
Merit: 0
Yes this is the application concerned with, and my phone is protected with kaspersky is and screen lock no one can access to my phone except me
asu
legendary
Activity: 1302
Merit: 1136
Hi, the operation of scam is not withrawals but it is buy at hight price then sell low, many orders with this way until no enath credit to trade
Api key that utilise in tab trader have all permission read trade and withdraw
Part from bittrex answer:
(This account shows that buy high sell low trades were made using your API keys. Please make sure to delete your API keys. Do you know what third party site had access to your keys?)

Never heard that app. Is this the app you're talking about?
https://play.google.com/store/apps/details?id=com.tabtrader.android

If I'm right the app permission only are to buy, sell and view balance. Have you thought about with someone else that has an access to your phone and messed things up in your account? Not to defend the app, but that's just a possible scenario, not to mention that this app has 500k downloads that should be aware.

Sorry to hear your loss.
newbie
Activity: 20
Merit: 0
Hi, the operation of scam is not withrawals but it is buy at hight price then sell low, many orders with this way until no enath credit to trade
Api key that utilise in tab trader have all permission read trade and withdraw
Part from bittrex answer:
(This account shows that buy high sell low trades were made using your API keys. Please make sure to delete your API keys. Do you know what third party site had access to your keys?)
legendary
Activity: 2170
Merit: 1789
I don't remember Tab trader or any similar apps have the withdrawal feature (even if they did, Bittrex would send you an e-mail isn't it?)?

What API permission did you give them?
asu
legendary
Activity: 1302
Merit: 1136
I only see a proof of pictures that contains the trade history, which is not enough to be consider a proof.

Would you enlighten us more on what really did happened and show some more solid proof.

Scam and thief program, I woke up this morning and found the balance of bittrex 0 usd, it was about 6000 dollars, and I found a large purchase and sale orders for $iris coin until the balance ended,
What do you mean to the bolded part? Do they took/withdrew your balance after trading it numerous times in IRIS or is it still there but converted as an IRIS coin?
newbie
Activity: 20
Merit: 0
Scam and thief program, I woke up this morning and found the balance of bittrex 0 usd, it was about 6000 dollars, and I found a large purchase and sale orders for $iris coin until the balance ended, (more than 80 orders in 2 hours without any notification from app) I know friends who were also stolen, DO NOT TRUST THIS APPLICATION, BE CAREFULL BE CAREFULL BE CAREFULL
https://drive.google.com/open?id=1LyfwE3z_e4s6lHGcFjT3Ggwrxd_QAxOX
Jump to: