Pages:
Author

Topic: [WARNING] Sol Noctis Bull Coin Keys Compromised / Scam - page 2. (Read 4120 times)

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I sent MJ a PM about this but since he asked I figure others might need it too.
I don't have a Sol Noctis Bull to test / check so I am using the information from the post about it.

THERE MAY BE SECURITY RISKS HERE SO MOVE YOUR COINS ASAP.

Step 1: Open up a web browser and 2 private tabs.

Step 1a: In tab #1 go to https://appdevtools.com/base58-encoder-decoder
Step 1b: In tab #2 to https://www.bitaddress.org

Step 2: DISCONNECT FROM THE INTERNET

Step 3: Verify that you are offline

Step 4: Verify offline again. Or not, it's your money.

Step 5: On the https://appdevtools.com/base58-encoder-decoder tab click on decode and treat output as HEX and put in the info from the coin
You can see it gives the same info as MJ quoted above. (Converts EdLEZieDbChBMHJp858568iYuhcKWQNBWbBKeQMuckc9 to ca76964390a3d7b99f0451a0a95a55a2098f9700cf6b0a2369a76b311d60427a)



Step 6: Go to the bitaddress.org tab and click on Wallet Details and put in the output HEX (ca76964390a3d7b99f0451a0a95a55a2098f9700cf6b0a2369a76b311d60427a) where it says enter private key and then click view details. You should get the same info and the private key for 13NgxJBSk2bwWd2W4cr4XQqNNQTmyoCM4a



NOTE I DID NOT TEST THIS WITH ANYTHING OTHER THEN WHAT WAS PRESENTED BY cwil BACK IN 2020
So if the info he gave was wrong then I just followed and got the same wrong answer. If anyone can verify that it works for them then others would have a somewhat simple way of getting their funds off of these things.

-Dave
legendary
Activity: 3206
Merit: 3596
EdLEZieDbChBMHJp858568iYuhcKWQNBWbBKeQMuckc9 is represented as ca76964390a3d7b99f0451a0a95a55a2098f9700cf6b0a2369a76b311d60427a in hex, and this is the private key for 13NgxJBSk2bwWd2W4cr4XQqNNQTmyoCM4a.

It looks like Sol Noctis took a private key in hex format and converted it to base58 without any of the necessary preprocessing to generate a WIF-encoded key. The 0x80 mainnet flag is not prepended, nor is the 0x01 flag to denote a compressed public key appended. Lastly the checksum is missing.

Some quick/dirty code follows to generate a proper WIF-encoded key from what you received:

Code:
const crypto = require('crypto');
const bs58 = require('bs58');
let sha256 = crypto.createHash('sha256');

let privkey = bs58.decode('EdLEZieDbChBMHJp858568iYuhcKWQNBWbBKeQMuckc9').toString('hex');
console.log(privkey);
privkey = '80' + privkey + '01';
console.log(privkey);
let hash = sha256.update(Buffer.from(privkey, 'hex')).digest('hex');
console.log(hash);
sha256 = crypto.createHash('sha256');
let hash2 = sha256.update(Buffer.from(hash, 'hex')).digest('hex');
console.log(hash2);
let checksum = hash2.slice(0, 8);
console.log(checksum);
privkey += checksum;
console.log(privkey);
let encoded = bs58.encode(Buffer.from(privkey, 'hex'));
console.log(encoded);

I've swept the key, please provide an address to which you'd like to receive your funds.

Can someone help.. I have 3 of these and do not know how to run this code.
Please PM me if you can help Smiley

full member
Activity: 868
Merit: 178
Satoshi loves sleazy bitcoin too - Ordinals
Anybody have any with holograms intact for sale?? Man those are beautiful coins and holos. Looking for a bull and an eagle -  not too worried about the load value myself or being able to redeem it as the value is small... I just love the design
copper member
Activity: 1075
Merit: 442
With several thousand of these coins out there. I think any issues with compromised or swept coins is small and an isolated incident. But this is what happens when a corporation tries to capitalize on the popularity of bitcoin without fully understanding how to do it. Thats why their new coin it is only funded with 42 cents. Too bad because the eagle and bull are some of the best looking coins out there. If they could figure out the funding they could of had a great business. No issues with my coins, still funded, no issues as of now.
newbie
Activity: 4
Merit: 0
Hi,

Im owning one of those Bulls too. Watching that Thread for a long time, was there any reaction from TWC yet?
legendary
Activity: 2282
Merit: 3014
FYI.. I posed the question about why they might have generated the keys the way they did in the Bitcoin Technical Support board- https://bitcointalksearch.org/topic/key-generation-question-5354705
legendary
Activity: 2282
Merit: 3014
EdLEZieDbChBMHJp858568iYuhcKWQNBWbBKeQMuckc9 is represented as ca76964390a3d7b99f0451a0a95a55a2098f9700cf6b0a2369a76b311d60427a in hex, and this is the private key for 13NgxJBSk2bwWd2W4cr4XQqNNQTmyoCM4a.

It looks like Sol Noctis took a private key in hex format and converted it to base58 without any of the necessary preprocessing to generate a WIF-encoded key. The 0x80 mainnet flag is not prepended, nor is the 0x01 flag to denote a compressed public key appended. Lastly the checksum is missing.

Some quick/dirty code follows to generate a proper WIF-encoded key from what you received:

Code:
const crypto = require('crypto');
const bs58 = require('bs58');
let sha256 = crypto.createHash('sha256');

let privkey = bs58.decode('EdLEZieDbChBMHJp858568iYuhcKWQNBWbBKeQMuckc9').toString('hex');
console.log(privkey);
privkey = '80' + privkey + '01';
console.log(privkey);
let hash = sha256.update(Buffer.from(privkey, 'hex')).digest('hex');
console.log(hash);
sha256 = crypto.createHash('sha256');
let hash2 = sha256.update(Buffer.from(hash, 'hex')).digest('hex');
console.log(hash2);
let checksum = hash2.slice(0, 8);
console.log(checksum);
privkey += checksum;
console.log(privkey);
let encoded = bs58.encode(Buffer.from(privkey, 'hex'));
console.log(encoded);

I've swept the key, please provide an address to which you'd like to receive your funds.

Sats asked this before and I'm wondering the same....why would they make the keys this way? I don't understand a lick of any of this stuff cwil posted, but it seems very odd.. is there anything shady with this setup, or just a lazy/dumb way of doing it?  If it confused a Mr Robot like Ghost, then I imagine those who don't know where to ask these questions may never redeem these things.  I wonder if people have been reaching out to TWC asking for help, and what type of help is being provided.  

TWC not providing a response still to this day about any of this is shady and is a piss poor way to service a serious issue with your customers.  I wouldn't buy a dollar for a penny from these guys and hope no one else here gives them any business after all of this.  I wrote this earlier in the thread but will again..TWC was running raffles on instagram at one point for these..I commented something like "why are you still running these with the compromised key issue ongoing".  Deleted my comment..didn't respond or message me with even a simple  "we understand your concerns but".  Then a buddy commented and they removed the post. Shady!

I would consider these bulls sitting ducks.  Maybe the key generation was made the way it was to confuse people to a point where they hoped to prevent as few sweeps as possible..as the average buyer of these who would try to redeem are likely people who know dick about btc/collectibles and wont have a clue what to do or who to ask and likely just give up or say "i'll deal with it later, it's not that much btc atm anyhow" ( kinda like how CryptoScratchCards and HyperionGold did ) while they make sure they sell all of their inventory and then they pull the rug?  We've seen this kinda shit before, and if the company who generated the keys for the bulls is different than the eagles..then there is certainly no track record of trust..nor do we have a clue who generated them right?  TWC is also NOT liable for any of the coins they don't sell directly let's not forget...and if you run a quick google search for the coin, there was a lot of retailers..
newbie
Activity: 2
Merit: 0
Omg! Very appreciated!
I’m very new to the crypto but I was able to sweep it now! This whole process is amazing 🤩
full member
Activity: 626
Merit: 200
Gula membunuhmu.
Hi, I’m having the same issue with my binary bull coin.
Have you found out how to redeem it?

Solved, Please You can try solved by cwil :
EdLEZieDbChBMHJp858568iYuhcKWQNBWbBKeQMuckc9 is represented as ca76964390a3d7b99f0451a0a95a55a2098f9700cf6b0a2369a76b311d60427a in hex, and this is the private key for 13NgxJBSk2bwWd2W4cr4XQqNNQTmyoCM4a.

It looks like Sol Noctis took a private key in hex format and converted it to base58 without any of the necessary preprocessing to generate a WIF-encoded key. The 0x80 mainnet flag is not prepended, nor is the 0x01 flag to denote a compressed public key appended. Lastly the checksum is missing.

Some quick/dirty code follows to generate a proper WIF-encoded key from what you received:

Code:
...


*Note : Please never share your private key, or please ignore those people have PM you for solve that.
newbie
Activity: 2
Merit: 0
I received the coin in the mail yesterday and took some pictures a few moments ago. I don't receive newspapers, but let me know what other hoops I can jump through to prove this Bull coin is a scam.

https://i.imgur.com/11wRUNU.jpg
https://i.imgur.com/h7M6wr7.jpg
https://i.imgur.com/lanLrXL.jpg[/img[img]https://i.imgur.com/lanLrXL.jpg
https://i.imgur.com/bxCvY2d.jpg
https://i.imgur.com/hJeO3JE.jpg

Hi, I’m having the same issue with my binary bull coin.
Have you found out how to redeem it?
member
Activity: 151
Merit: 30
I’m confused at what you’re saying..you have coins where the funds where also swept? No they could not be fakes like those as fakes don’t actually have a hologram/ keys.

It looks like the 0.001 that was put back on the coin I originally purchased has now been swept on January 7th: https://www.blockchain.com/btc/address/1Lh975rtt1RwDJ1SHGX8mn1iHwe7kaVfMQ

I don't know if the coin is back with Lesbian Cow or still with TWC, but I'm more curious now with this new event.

Lesbian Cow on mobile here, the coin is not with me, it was shipped back to TWC some time ago.
sr. member
Activity: 285
Merit: 262
I'm having a difficult time figuring out why someone could not purchase a loaded coin, peel it, clean it, and apply a new forged hologram with a fake private key. If done well, it would look like the fault of the coin creator, and I think that conclusion is likely where most of us in this thread are leaning.

I'm just trying to think this through, but if I were to want to steal the bitcoin value from loaded physicals, first I think I'd choose a common but high value coin. Something like the brass 1 BTC Casascius might be a good starting point. I could probably imitate the hologram design maybe with a high resolution scan or commission someone to do this. Custom security holograms seem to be readily available on various websites. I would not sweep the private keys, but rather provide incorrect keys for empty wallets in case someone does peel.

This topic is a bit uncomfortable for me as I don't want my holdings devalued in case it becomes apparent that forgeries are more common than we think. It's probably uncomfortable for a lot of us. I can't really think of a great way to deal with this, other than maybe one of the experts starting an authentication service. Escrow services probably wouldn't catch this assuming the holograms are high quality and applied well. I'm not sure grading companies would be able to catch this either, and they don't guarantee loaded value anyway.

At the moment I think this is a risk with which I am personally comfortable, but it has its limits. I would seriously consider peeling some of my multiple bitcoin coins if we start approaching $100k.
hero member
Activity: 796
Merit: 519

I’m confused at what you’re saying..you have coins where the funds where also swept? No they could not be fakes like those as fakes don’t actually have a hologram/ keys.

No. What I'm saying is, is it possible that his coin could have been a really good fake, with the added hologram of course.
legendary
Activity: 2282
Merit: 3014
Swept funds and the subsequent returned funded amounts have now both been moved. Within days of each other.

Original address: https://www.blockchain.com/btc/address/1Lh975rtt1RwDJ1SHGX8mn1iHwe7kaVfMQ

Swept funds: https://www.blockchain.com/btc/address/16HvqDCxg3QxYHuugHGJ7jwqCScxfnVTgS



LC, Can Sol Notis confirm this was in fact their funding Address?: https://www.blockchain.com/btc/address/15CaqvrWhxaAgYRM2y2wRwTTtrbf5rqY84

Is it possible they could be fakes, similar to the these...



I’m confused at what you’re saying..you have coins where the funds where also swept? No they could not be fakes like those as fakes don’t actually have a hologram/ keys.
hero member
Activity: 796
Merit: 519
Swept funds and the subsequent returned funded amounts have now both been moved. Within days of each other.

Original address: https://www.blockchain.com/btc/address/1Lh975rtt1RwDJ1SHGX8mn1iHwe7kaVfMQ

Swept funds: https://www.blockchain.com/btc/address/16HvqDCxg3QxYHuugHGJ7jwqCScxfnVTgS



LC, Can Sol Notis confirm this was in fact their funding Address?: https://www.blockchain.com/btc/address/15CaqvrWhxaAgYRM2y2wRwTTtrbf5rqY84

Is it possible they could be fakes, similar to the these...

legendary
Activity: 3052
Merit: 1755
I don't keep track of the public keys of the coins after I sell them nor who I sent what.

I cannot imagine a scenario where snarfbag is trying to pull a ruse here.   I believe their description of the events on their side.

I have not heard of any other cases of funds moving from these coins.  SatoshiLite's suggestion of the private key being mistakenly placed under the hologram of a different coin would make a lot of sense if it wasn't for the funds being returned.

If someone on the maker's side had retained all the private keys I don't understand why they would just redeem one coin and not do them all.  Why risk getting exposed to sweep one coin with a few extra bucks on it?

Very confusing scenario and difficult to figure out what possibly happened.

I still have around 15 of these, checked recently and all still funded with original funding. 

copper member
Activity: 100
Merit: 18
LC, is the chain of custody for this coin confirmed to be  Maker -> LC -> Snarf -> Dad?

Or is the coin in question from the ebay seller? The thread doesn't really confirm it came from you. Also, I could not find ebay seller that OP posted, powercoin_it.  However, powercoin_italy does exist and sells many coins...

If the chain of custody is confirmed, then there are only two possibilities imo. 1. Op is lying for some odd/no reason/sabotage. For the record I do not think this is the case. But I am curious to hear how Snarf came to learn the coin was swept a few weeks earlier?


I ordered 1 Bull coin from powercoin_italy (www.powercoin.it) on eBay and 2 from Lesbian Cow. The eBay coin shipped out of the Netherlands. I did not keep track of which coin is which when they arrived and I kept all 3 together. I gifted one to my dad for Christmas and I loaded the extra BTC. Later on, I was talking to him about how he could put more on it when I checked the address and saw it was swept. I keep all my coin addresses in a spreadsheet with this Bull coin included.

I'd like to know how I'm lying considering the hologram is intact. Are you saying I am the first person in the world to somehow successfully forge a physical crypto hologram, and that it is so good that the original coin maker can't tell the difference? Or are you saying I got my hand on blanks and holograms during the manufacturing process even though I live in the US and have zero ties to European coin makers? I'll kindly ask you take off your conspiracy hat and think rationally about who made these private keys, and how easy would it be to keep them all in a digital wallet "just in case".
hero member
Activity: 796
Merit: 519
LC, is the chain of custody for this coin confirmed to be  Maker -> LC -> Snarf -> Dad?

Or is the coin in question from the ebay seller? The thread doesn't really confirm it came from you. Also, I could not find ebay seller that OP posted, powercoin_it.  However, powercoin_italy does exist and sells many coins...

Also, where did you buy these coins?

My Binary Eagle I bought in Nov 2017 from an eBay seller. I bought a Binary Bull in October on eBay from powercoin_it as a pre-order and it was shipped in Nov 2019. I bought 2 more Binary Bulls from Lesbian Cow on the forum here on Nov 2019.



SatoshiLite brought up an interesting point with the possibility of mismatched/swapped keys & holos by accident by the manufacturer. However, if that were in fact the case, then why send back the original load amount? If you peel a coin and find extra sats that aren't supposed to be there do you send anything back to that address? Me thinking no. ESPECIALLY if the address you just swept DOES NOT MATCH what is printed on your coin!! This is a severe red flag and cannot be understated.

The theory could obviously be tested by peeling the coin that LC sent back to maker and sweeping that key to see what comes of it. Still doesn't explain why the original load amount was sent back tho.

If the chain of custody is confirmed, then there are only two possibilities imo. 1. Op is lying for some odd/no reason/sabotage. For the record I do not think this is the case. But I am curious to hear how Snarf came to learn the coin was swept a few weeks earlier?

2. Manufacturing process is flawed.
I learned that the hologram and assembly was done by "another firm" but that is all I know.  
In which case, they are all compromised. Otherwise it would be quite the coincidence that the one coin that was compromised was also the one coin that had additional btc loaded onto it. Unlikley. I also find it rather convenient that compromised keys came equipped with a private key puzzle that needed solving, making it harder to redeem by normies like myself. (awesome work cwil). Is it possible to find out why the keys were generated as such?

Btw, the swept funds have still not moved... https://www.blockchain.com/btc/address/16HvqDCxg3QxYHuugHGJ7jwqCScxfnVTgS








legendary
Activity: 3052
Merit: 1755
Bump,
Did we get any update on this coin ?

The most recent email I received from TWC on this matter was 08 December 2020.  I had emailed "Were you ever able to determine how the funds from this coin were swept?"

They replied:

"My colleagues checked each address we received from clients and dealers, and all of them are OK. So we are still looking for the answer from the supplier how it happened. I'll keep you updated."

legendary
Activity: 2114
Merit: 1693
C.D.P.E.M
Bump,
Did we get any update on this coin ?
Pages:
Jump to: