Those are really high amounts. Amounts one would normally think an IPO collected them. It might well be that an IPO at bitfunder was successful and someone took the bitcoins out to order the hardware. Though the question is... when ukyo now really would need to have 6000BTC in the weexchange wallet... how can this be. Are these big withdraws maybe legit and the loss of bitcoins was happening through many small transactions?
A theory... that was found as wrong now... was that ukyo misconfigured the wallet. So that change bitcoins didnt went to a new change address but instead went to user deposit addresses from other users. That way it was a deposit to weexchange and the user had more money. In fact the wallet then had lost bitcoins. And a user had more bitcoins he could withdraw that he didnt deposit.
Unfortunately it turned out the theory wasnt correct but its a unique idea so i wanted to post it so maybe someone gets an idea for new investigations. Maybe faulty stats so that ukyo didnt see that coins in fact are vanishing.
Only as a sidenote...
Topic: Weexchange/Bitfunder User Deposit Addresses. Where are the coins "gone"? - page 2. (Read 6468 times)
February 11, 2014, 04:01:28 PM
February 11, 2014, 02:13:15 PM
What are the e-mail addresses you are looking for? I have a partial list of the leaked HF addresses and can cross-check for my portion. In the thread cited above, you'll also see others who received other parts of the HF customer list. Mine is of addresses beginning with GAR and ending in JER.
Cheers for the reply perezoso
Maybe try your luck with dhenson, then?
I now have the email addresses of customers from [email protected] through [email protected]
If you have a different list (outside of this range), please forward it to me via PM.
I will construct a properly addressed email and warn all of the customers about their leaked email and to be on the lookout for possible phishing attempts.
If you have a different list (outside of this range), please forward it to me via PM.
I will construct a properly addressed email and warn all of the customers about their leaked email and to be on the lookout for possible phishing attempts.
Digging more, I found out that at least one of the outputs ending up in 19ENd address belongs to
https://bitcointalksearch.org/user/transisto-4532
https://bitcointalksearch.org/topic/m.2380742
And apparently, Transisto was also into hashfast at that time...
Disclaimer, I'm a share holder.
IMO, Having a few large investors is always a good thing in the sense that those are willing to go to greater length, spend lot more and can sometime provide the missing expertise to make sure things get done.
Hashfast initial prices are public, do your own maths. With the price drop of bitcoin IceDrill's share equivalent is now much better, with hosting included !
Hashrate/$ is about 1/4 that of BFL @ ~1/10 the power consumption. (These devices will be mining cost effectively for much longer)
On top of that IceDrill/HashFast will be saving a lot of money by not having to deal with shipping and customer service.
I've researched the track record of ever actor involved and I have a hard time seeing how this could fail.
IMO, Having a few large investors is always a good thing in the sense that those are willing to go to greater length, spend lot more and can sometime provide the missing expertise to make sure things get done.
Hashfast initial prices are public, do your own maths. With the price drop of bitcoin IceDrill's share equivalent is now much better, with hosting included !
Hashrate/$ is about 1/4 that of BFL @ ~1/10 the power consumption. (These devices will be mining cost effectively for much longer)
On top of that IceDrill/HashFast will be saving a lot of money by not having to deal with shipping and customer service.
I've researched the track record of ever actor involved and I have a hard time seeing how this could fail.
So I doubt the 19ENd address is a bitpay one, but maybe we can ask Transisto if he'd agree to share details about this transaction?
https://blockchain.info/tx/2094d50b32791a778555835c62552e9e2f82fa4c75e159438c1c73eedc99d74a
EDIT: I sent a PM to Transisto.
February 11, 2014, 11:40:51 AM
What are the e-mail addresses you are looking for? I have a partial list of the leaked HF addresses and can cross-check for my portion. In the thread cited above, you'll also see others who received other parts of the HF customer list. Mine is of addresses beginning with GAR and ending in JER.
Hmm... someone compiled a folder with lots of dox of Ukyo. I don't have it bookmarked, though. Maybe we're lucky and the address starts with "jon" or "jmontroll", that would be easy to find. But GAR to JER isn't the hot one probably.
Thanks for your quick response!
February 11, 2014, 11:32:22 AM
Even more peculiar, is that the 5863 sent from Weex to this 19ENd address was sent back explicitely to (supposedly) Hashfast.
If you look at the 13,000 tx, they output exactly 5863 as one of the inputs, and all other inputs are nice round numbers coming from the same address.
Why not just output the 13,000 one-shot?
This tx had to be handcrafted, right?
If you look at the 13,000 tx, they output exactly 5863 as one of the inputs, and all other inputs are nice round numbers coming from the same address.
Why not just output the 13,000 one-shot?
This tx had to be handcrafted, right?
Well, it doesn't look like a standard bitcoind installation. It could be handcrafted, or some other non-standard wallet.
What we don't know yet, is whether this is already part of BitPay's infrastructure, or a private wallet (e.g. a group buy).
I'm currently trying to gather information about these and other intermediate wallets.
February 11, 2014, 11:20:52 AM
What are the e-mail addresses you are looking for? I have a partial list of the leaked HF addresses and can cross-check for my portion. In the thread cited above, you'll also see others who received other parts of the HF customer list. Mine is of addresses beginning with GAR and ending in JER.
February 11, 2014, 09:48:49 AM
It it possible that the 13,000 was from a mining IPO?
Then used to pay for hashfast equipment?
Then used to pay for hashfast equipment?
February 11, 2014, 08:28:25 AM
Quote from: CoinDesk, concerning HashFast
What’s more, the company has reportedly antagonized customers further by failing to protect their email addresses in a mailout sent on 27th December. DeCastro admitted:
“Customer emails addresses were accidentally put in the ‘To’ field rather than the ‘Bcc’ field.”
“Only customers received these emails, no other customer-specific information was included. We took immediate and decisive corrective action to put measures in place to ensure that this will not happen again.”
“Customer emails addresses were accidentally put in the ‘To’ field rather than the ‘Bcc’ field.”
“Only customers received these emails, no other customer-specific information was included. We took immediate and decisive corrective action to put measures in place to ensure that this will not happen again.”
This looks interesting; does anyone have a record of these email addresses?
I'd like to check whether this list includes Ukyo...
You might wanna shoot a PM to https://bitcointalksearch.org/user/perezoso-148670
As he suggested someone could compile the 5 lists that leaked:
https://bitcointalksearch.org/topic/m.4177783
Even more peculiar, is that the 5863 sent from Weex to this 19ENd address was sent back explicitely to (supposedly) Hashfast.
If you look at the 13,000 tx, they output exactly 5863 as one of the inputs, and all other inputs are nice round numbers coming from the same address.
Why not just output the 13,000 one-shot?
This tx had to be handcrafted, right?
February 11, 2014, 06:28:42 AM
Quote from: CoinDesk, concerning HashFast
What’s more, the company has reportedly antagonized customers further by failing to protect their email addresses in a mailout sent on 27th December. DeCastro admitted:
“Customer emails addresses were accidentally put in the ‘To’ field rather than the ‘Bcc’ field.”
“Only customers received these emails, no other customer-specific information was included. We took immediate and decisive corrective action to put measures in place to ensure that this will not happen again.”
“Customer emails addresses were accidentally put in the ‘To’ field rather than the ‘Bcc’ field.”
“Only customers received these emails, no other customer-specific information was included. We took immediate and decisive corrective action to put measures in place to ensure that this will not happen again.”
This looks interesting; does anyone have a record of these email addresses?
I'd like to check whether this list includes Ukyo...
February 11, 2014, 05:26:39 AM
The 19ENd address (where half Weex coins went in august) exchanged a lot of coins with 17hCi8apMUkzzLLJgUwfXxRJuykuo5Lcur
7,000 here, for example:
https://blockchain.info/tx/b2889b6e0dea50082e3dd1783dca8fdcbd83957755c612332dc55c8da7c7443b
13,000 here:
https://blockchain.info/tx/88704e47ea9efb730fbfd456f43f856fdd0dc063f0a132bd27fc99c49f4fec32
Googling for this 17hCi8 address...
https://bitcointalksearch.org/topic/m.3879697
7,000 here, for example:
https://blockchain.info/tx/b2889b6e0dea50082e3dd1783dca8fdcbd83957755c612332dc55c8da7c7443b
13,000 here:
https://blockchain.info/tx/88704e47ea9efb730fbfd456f43f856fdd0dc063f0a132bd27fc99c49f4fec32
Googling for this 17hCi8 address...
https://bitcointalksearch.org/topic/m.3879697
Also here: http://www.reddit.com/r/Bitcoin/comments/1uj7ow/asic_manufacturer_hashfast_faces_legal_action/
February 11, 2014, 03:58:29 AM
The 19ENd address (where half Weex coins went in august) exchanged a lot of coins with 17hCi8apMUkzzLLJgUwfXxRJuykuo5Lcur
7,000 here, for example:
https://blockchain.info/tx/b2889b6e0dea50082e3dd1783dca8fdcbd83957755c612332dc55c8da7c7443b
13,000 here:
https://blockchain.info/tx/88704e47ea9efb730fbfd456f43f856fdd0dc063f0a132bd27fc99c49f4fec32
Googling for this 17hCi8 address...
https://bitcointalksearch.org/topic/m.3879697
7,000 here, for example:
https://blockchain.info/tx/b2889b6e0dea50082e3dd1783dca8fdcbd83957755c612332dc55c8da7c7443b
13,000 here:
https://blockchain.info/tx/88704e47ea9efb730fbfd456f43f856fdd0dc063f0a132bd27fc99c49f4fec32
Googling for this 17hCi8 address...
https://bitcointalksearch.org/topic/m.3879697
February 09, 2014, 08:03:14 AM
What do you think is that other address? Is it connected to a business, IPO or something?
February 09, 2014, 06:15:12 AM
Given this assumption, one can get a list of most of WeExchange's addresses and transactions from only one single address.
The list isn't complete though, because transactions also have a change address which belongs to the sending wallet. The WeExchange wallet places this change address at an unusual output index, so I didn't include it in the list to avoid fan-out into other wallets.
The list isn't complete though, because transactions also have a change address which belongs to the sending wallet. The WeExchange wallet places this change address at an unusual output index, so I didn't include it in the list to avoid fan-out into other wallets.
I adapted to that issue about unusual output indexes.
So, finally, I could compile a list of WeExchange's addresses and transactions which is somewhat complete:
Addresses, Part 1: http://pastebin.com/yGEtnAAY
Addresses, Part 2: http://pastebin.com/JVSL6zjN
Transactions, 2011-10-17 to 2013-03-31: http://pastebin.com/QkFVY7fH
Transactions, 2013-03-31 to 2013-05-19: http://pastebin.com/1SE7YVTt
Transactions, 2013-05-19 to 2013-06-15: http://pastebin.com/T9TLKVtw
Transactions, 2013-06-15 to 2013-07-11: http://pastebin.com/rV3q46Lg
Transactions, 2013-07-11 to 2013-07-29: http://pastebin.com/eqWxDbCu
Transactions, 2013-07-29 to 2013-08-18: http://pastebin.com/sAnebk2a
Transactions, 2013-08-18 to 2013-09-12: http://pastebin.com/r2KkybqV
Transactions, 2013-09-12 to 2013-10-09: http://pastebin.com/SnGfhxXn
Transactions, 2013-10-09 to 2014-01-31: http://pastebin.com/P0tG2gJZ
The transactions' list comes with four columns:
- the timestamp of the block containing this transaction
- the transaction id itself
- the credit or debit that this transaction did to the set of addresses I found
- the sum of the previous column of all transactions up to this one
...it looks like this address received more than one big withdrawal from WeExchange:
19ENdxtYNwdsFbaEF2web7FywgQHdsNCGt
That's all that I could find out for now. Further investigation would concentrate on who owns these addresses, and where did the coins go next...
19ENdxtYNwdsFbaEF2web7FywgQHdsNCGt
That's all that I could find out for now. Further investigation would concentrate on who owns these addresses, and where did the coins go next...
I kept my promise and analysed this wallet in the same way I analysed the WeExchange wallet. Here's the results:
Addresses: http://pastebin.com/57M05y8q
Transactions: http://pastebin.com/Vu7b1ib7
Although this wallet has way less addresses than the WeExchange wallet, it handled more bitcoins, for example:
Code:
2013-08-10_01:24:36 7e45d4ad00670fcfb51beffbf6ae54413dbf026988fd52a351f4ccce97478e8f 0.25421784 4380.57643731
2013-08-11_10:40:03 fcfd4e06e9a6b877d43a18da3fdd3aa8a2c4f4d2e7fbfdbad7c1b0979756bab2 5863.00000000 10243.57643731
2013-08-11_19:11:51 00ce11e4f9e1091317294b652b8d6c663607323654b1d64a4292bcb7143d86df 1000.00000000 11243.57643731
2013-08-11_20:30:06 2094d50b32791a778555835c62552e9e2f82fa4c75e159438c1c73eedc99d74a 4313.00000000 15556.57643731
2013-08-11_20:35:51 1e3198fd649c8d67d197bb754a344790c5d4c22fbdd45753f7d2afbb66f0dc6e 1100.00000000 16656.57643731
2013-08-11_21:26:33 d9e9356faa1f66ade70a2baa7f1f587ac23e54613953c760c254dd63d96f0372 913.00000000 17569.57643731
2013-08-11_23:30:07 699c39794a780ca6d26526b19ebb780d0e5a2f3ca4e0f51920290cf1070ddc51 -500.00000000 17069.57643731
2013-08-12_07:54:55 9202badc41c380e2e7e39ae184172931653484085e77172aaeb6790bd689bce5 -1.00000000 17068.57643731
2013-08-12_10:16:27 88704e47ea9efb730fbfd456f43f856fdd0dc063f0a132bd27fc99c49f4fec32 -12999.00000000 4069.57643731
2013-08-12_14:05:28 90cb96d95424c6cfd186ea6ad50ff3c9775d8c9d721d228af67019cbdb3814e2 1500.00000000 5569.57643731
2013-08-12_14:06:43 ab90fa83efd38abeeeeae7170d701edcdec8928f8a220d50dfa4f66fffc0d5ee 0.46932299 5570.04576030
2013-08-12_14:30:13 41d4ff6585eeb82075d6bf5b037c409f905073eb65fc16102bd5d4dcc6dae363 1000.00000000 6570.04576030
2013-08-12_15:04:11 ae2b08e28101877f167774c0d0aa32df1b4aae58a5ae11752e88467679299997 500.00000000 7070.04576030
2013-08-14_17:18:22 7014297f814c65e2a7f94e631a8bcee6a0e5f8e548b3d0228c7973f967d1ca34 104.86445000 7174.91021030
2013-08-14_19:27:22 facc0d324f4089b21ceaed2fe76f0f3e48de92ed2565d11e1c9812fea6ae1721 176.08838444 7350.99859474
2013-08-16_12:09:07 c2b53e82438dab737b1c961666457e50ce599d2752ff3eeb0b23112ca998c852 2.10844606 7353.10704080
2013-08-16_12:15:27 527c87999e31f905d5c080c3f7956308c0bc3e0a3c30126e3886451afe288f1b -2.90000000 7350.20704080
2013-08-16_15:23:03 6067707fad6e8c3caad44bae41c0aaca585b78372fd6009338e7e3d2411dbc3d 0.21206826 7350.41910906
2013-08-18_23:17:43 f5035f5f5857a68df5957acc6436dcc220577b3438c487ff0d3016dc7d9259eb -20.00000000 7330.41910906
2013-08-19_14:21:29 e2e33c7451832ee0114e8a4fd4e5abb88b4e0215a0f9af4bf03792beb4678892 0.38399153 7330.80310059
2013-08-19_17:55:56 b2889b6e0dea50082e3dd1783dca8fdcbd83957755c612332dc55c8da7c7443b -7000.00000000 330.80310059
2013-08-21_13:10:56 a351524ae383e3454c32c4687069bbc6dca49917a4cf279c9641d5ff77db08ae 61.30095000 392.10405059
One of this transactions comes from WeExchange; quoting from the WeExchange wallet:
Code:
2013-08-11_10:10:39 4165bfe5ba036afdb29aa87bc4113da411d840a93b7a3ca6409d46f9695edfcd 5.00000000 11094.97351450
2013-08-11_10:40:03 fcfd4e06e9a6b877d43a18da3fdd3aa8a2c4f4d2e7fbfdbad7c1b0979756bab2 -5863.00000000 5231.97351450
2013-08-11_11:02:40 4c79aa8897bf165a33ac115aa86d08356bc5fd6ff75c45623c48e5517a2da6cb 0.10000000 5232.07351450
This means that on 11th of August 2013, more than half of WeExchange's funds were transferred into some other wallet, where they became intermixed with funds that probably did not origin from WeExchange.
The transactions' list has been intentionally presented in a way that allows everyone with a web browser to examine it.
So, everyone feel free to skim it for suspicious activity and post your findings. I just did the start.
Donations for my continued efforts go to 1PaEvsKNTDxhz4kg8rL1samkbgF65P9NMF. Thanks!
February 07, 2014, 04:29:09 PM
Since its interesting for this investigation... here a try to collect the dates involving everything with weexchange/bitfunder. Might give a hint to things that happened:
WeexChange Timeline:
* bitfunder closed for us-residents and verification needed 7/8.10.2013
* weexchange withdraw problems started. Bitcoin-d crashing. Result: Withdraws remain "processing" / "Could not connect to 2nd stage server" Error message. Withdraws occassionally worked but the error appeared more often. Started at 17.10.2013
* inputs.io got "hacked" 24.10.2013
* bitfunder closing 4.11.2013
* ukyo claims he still does manual withdraws from weexchange funds though its probably the last time 12.11.2013
* legal issue (Problem 2) started at the time manual withdraws stopped? 12.11.2013
* ukyo removed ability to send funds to bitfunder 16.11.2013
* weexchange claim portal opened on 17.12.2013
* neobee stepped in
WeexChange Timeline:
* bitfunder closed for us-residents and verification needed 7/8.10.2013
* weexchange withdraw problems started. Bitcoin-d crashing. Result: Withdraws remain "processing" / "Could not connect to 2nd stage server" Error message. Withdraws occassionally worked but the error appeared more often. Started at 17.10.2013
* inputs.io got "hacked" 24.10.2013
* bitfunder closing 4.11.2013
* ukyo claims he still does manual withdraws from weexchange funds though its probably the last time 12.11.2013
* legal issue (Problem 2) started at the time manual withdraws stopped? 12.11.2013
* ukyo removed ability to send funds to bitfunder 16.11.2013
* weexchange claim portal opened on 17.12.2013
* neobee stepped in
February 07, 2014, 02:43:47 PM
There are enormous chunks of bitcoin moving around if you follow the transactions from that address.
Maybe we can try and find a link between these addresses and those used by the claim portal.
Maybe we can try and find a link between these addresses and those used by the claim portal.
February 06, 2014, 02:20:20 PM
I think ukyo has never done one single withdraw manually. Ukyo has lied as he said he does withdraws manually.
I tell You what Uyko did:
He lost 94% of our Coins. Afterwards he transfered the rest of the coins to the claim portal to withdraw weex users 6% of their coins.
I tell You what Uyko did:
He lost 94% of our Coins. Afterwards he transfered the rest of the coins to the claim portal to withdraw weex users 6% of their coins.
I remember users that were paid at the time he claimed he does manual withdraws. Though he never claimed that he stopped it. That became only clear because no one received coins anymore.
Im relatively sure that nearly all coins were gone at some point and the remaining 300BTC he paid out might be deposits from users. Though of course you cant be sure about that.
Thanks for the investigation klabaki... i donated a bit to your address. I dont have a big clue about how these investigations are done so thanks for it.
February 06, 2014, 10:34:11 AM
I think ukyo has never done one single withdraw manually. Ukyo has lied as he said he does withdraws manually.
In the period where Ukyo claimed to do manual withdrawals, some people reported that their stuck withdrawals went through. February 06, 2014, 07:08:50 AM
1P7tdTzWhpYoV87L4v4gZwhd6mAnT7fiD4
Thanks. That was my entry point.
Technologies like CoinJoin aren't yet implemented in standard Bitcoin clients.
Therefore, one can safely assume that all transactions signed by WeExchange's addresses are signed exclusively by WeExchange's addresses.
Given this assumption, one can get a list of most of WeExchange's addresses and transactions from only one single address.
The list isn't complete though, because transactions also have a change address which belongs to the sending wallet. The WeExchange wallet places this change address at an unusual output index, so I didn't include it in the list to avoid fan-out into other wallets.
Using the above quoted address as entry point, one will get these addresses:
http://pastebin.com/LZJPeiRM
...and these transactions:
http://pastebin.com/As66ecst
http://pastebin.com/XgsTaiaL
Now, let's sum up the total amount on all of these addresses over time:
http://postimg.org/image/wvq6x2rsl/
...zooming into early October 2013:
http://postimg.org/image/n693ky4m5/
Firstly, I was surprised seeing the first transactions as early as October 2011 - I didn't know that WeExchange existed at that time.
Secondly, I expected the biggest drop to be in mid-November 2013. However, it was early October 2013.
I filtered the list of transactions to find the big one from 3rd of October:
8a77d88fcc9ef418ec97cb2c332efd1378f21aa90188d3000a8c2e4e89f467cb
...it looks like this address received more than one big withdrawal from WeExchange:
19ENdxtYNwdsFbaEF2web7FywgQHdsNCGt
Other addresses receiving big withdrawals from WeExchange include:
115KrBsBGXvW3saUtmY6seXpXysvgd44BS
1D8zFb9jJvmdxwNmuS1TBGh1sfcqUMyRzf
That's all that I could find out for now. Further investigation would concentrate on who owns these addresses, and where did the coins go next...
Donations for my efforts go to 1PaEvsKNTDxhz4kg8rL1samkbgF65P9NMF. Thanks!
February 06, 2014, 03:44:25 AM
Does this prove that Ukyo acted fraudulently? He obviously had access to the wallet to make withdrawals and he used my funds to pay out another user?
Not really because ukyo claimed some time that he can do withdraws manually. This stopped then though. So this withdraw might be from a time when the manual withdraws still were possible.
Of course you are in a special situation. The coins you deposited belonged to you and ukyo only had them in escrow. Its a shares wallet of course but normally those coins would be attached to you and werent owned be weexchange. So at a possible court case you might claim that he gave your coins to others to solve weexchange debts. Strictly spoken coins that were deposited and users bought shares with it wouldnt belong to them anymore. But coins that werent used to buy anything would still belong to someone.
Of course that only would help you as long as there is a chance to get the coins back.
I think ukyo has never done one single withdraw manually. Ukyo has lied as he said he does withdraws manually.
I tell You what Uyko did:
He lost 94% of our Coins. Afterwards he transfered the rest of the coins to the claim portal to withdraw weex users 6% of their coins.
February 03, 2014, 12:21:38 PM
The user got back to me and he confirmed that the payment were his 6% from the claim portal...
February 02, 2014, 06:32:51 PM
Ok it looks like the 17th Dec was the day the claim portal opened
https://bitcointalksearch.org/topic/m.4006582
I'm so happy my BTC was used to reimburse users.....
https://bitcointalksearch.org/topic/m.4006582
I'm so happy my BTC was used to reimburse users.....
Jump to: