Pages:
Author

Topic: YaCoin Investigation (Read 5381 times)

hero member
Activity: 924
Merit: 501
May 11, 2013, 12:37:23 PM
#32
This thread is proving to be interesting:

https://bitcointalksearch.org/topic/m.2112517
member
Activity: 70
Merit: 10
May 11, 2013, 12:30:42 PM
#31
ehh why would you suspect minerd..
sr. member
Activity: 336
Merit: 250
♫ the AM bear who cares ♫
May 11, 2013, 12:29:47 PM
#30
Something to make perfectly clear:

There is absolutely no reason to suspect anything other than minerd at this point (and the evidence so far is fleeting). Yacoind is fine.
sr. member
Activity: 280
Merit: 250
May 11, 2013, 12:26:22 PM
#29
It is not exactlt FUD! See here https://bitcointalksearch.org/topic/m.2109275 that bugger Limitless did it!
WOW dude you clearly have some kind of agenda against Limitless, you wont listen to anything anybody is telling you about the thread, Limitless started the thread with a link to a well know github repo not compiled binaries, other people posed binaries in the thread, in what universe is the OP responsible for what random people do on the internet.
full member
Activity: 153
Merit: 100
...
hero member
Activity: 924
Merit: 501
May 11, 2013, 12:00:59 PM
#27
why are there two threads?
https://bitcointalksearch.org/topic/yacoin-bitcoin-stealing-claim-list-facts-only-202089

should not both OPS work together to make one post?  or lock one sticky the other?

stop all the fud.
sr. member
Activity: 364
Merit: 264
May 11, 2013, 12:00:37 PM
#26
if i was a betting man, i'd put my money on the oversized "antivirus free" minerd.

Betting on irony?

Themida ("protection software") is used intentionally as a code obfuscator, preventing detailed analysis of the binaries. Hence, the suspicion.
legendary
Activity: 1358
Merit: 1002
May 11, 2013, 11:56:49 AM
#25
nocompare / Jr. Member / Posts: 14 / yacoin developers are a bunch of crooks, steals 900 BTC
https://blockchain.info/address/1RPrtamTACe1TcqkX2FmWVtRzmQJ6CfRx

I am quitting bitcoin.. Lost bitcoin in bitcoin 24.. lost bitcoin in blockbet.. NOW SOMEONE HACK MY WALLET

He lost BTC on bitcoin-24? Strange... I got my BTC(20.50) from Bitcoin-24 less than 24 hours after having requested them when he reopened the exchange to allow withdrawals.
Not buying a word of what that dude says.
sr. member
Activity: 325
Merit: 250
May 11, 2013, 11:42:36 AM
#24
I can confirm "cpuminer-scrypt-jane-win32.zip (modified minerd to mine yacoin on multiple computer)" does not talk to the given host below, at least not within the first 30 minutes.  Ran it with wireshark and  a filter of ip.dst == 31.170.160.169

host bitcoin-ticker.netne.net
bitcoin-ticker.netne.net has address 31.170.160.169
bitcoin-ticker.netne.net mail is handled by 0 mx.000webhost.com.
legendary
Activity: 1232
Merit: 1001
May 11, 2013, 11:35:37 AM
#23
THIS IS NOT REAL.  Not one legitimate person has shown any proof. I've looked at every host file, data source, etc.. and there is nothing malicious about the YAC files from when they were released.  If you downloaded from somewhere else than that might be different.  The original links are perfectly fine.  STOP LYING.

+1, only 1 screenshot was posted and that only showed that there was 'something' detected. No one has given any screenshots of transactions out of any of there wallets.

I think this was just a well orchestrated FUD against YAK


Round 1: +10 for YAC   and....  -1000 for FUD dudes

Obviously YAC is causing a stir and people desperately want in--- Just mine it foo!  Mine them Yacs!

I'm still waiting for an online merchant please start accepting so I can buy some stuff?

Someone should send https://cookies4coins.net/ an email, eh?
member
Activity: 101
Merit: 10
May 11, 2013, 11:28:37 AM
#22
Looking at the transactions on the blockchain, I noticed all of the addresses that sent bitcoin to 1RPrtamTACe1TcqkX2FmWVtRzmQJ6CfRx received funds right before they were "stolen". Ofc, I haven't checked all of them, but will check a few more to be sure.
legendary
Activity: 2772
Merit: 1028
Duelbits.com
May 11, 2013, 11:27:27 AM
#21
Not really well orchestrated... it was very amateurish and included 2-3 guys at most.. some of those accounts are operated by same person, they used perfectly same style and had same english level.

And even whole idea was amateurish, you can't do that on forum filled with lot of geeks. It can last for half an hour but that's nowhere near enough to fulfill your plans.
member
Activity: 112
Merit: 10
May 11, 2013, 11:21:07 AM
#20
THIS IS NOT REAL.  Not one legitimate person has shown any proof. I've looked at every host file, data source, etc.. and there is nothing malicious about the YAC files from when they were released.  If you downloaded from somewhere else than that might be different.  The original links are perfectly fine.  STOP LYING.

+1, only 1 screenshot was posted and that only showed that there was 'something' detected. No one has given any screenshots of transactions out of any of there wallets.

I think this was just a well orchestrated FUD against YAK
sr. member
Activity: 280
Merit: 250
Vantacor
May 11, 2013, 11:12:20 AM
#19
THIS IS NOT REAL.  Not one legitimate person has shown any proof. I've looked at every host file, data source, etc.. and there is nothing malicious about the YAC files from when they were released.  If you downloaded from somewhere else than that might be different.  The original links are perfectly fine.  STOP LYING.
member
Activity: 61
Merit: 10
May 11, 2013, 10:52:54 AM
#18
maybe antivirus friendly minerd
newbie
Activity: 28
Merit: 0
May 11, 2013, 10:24:10 AM
#17
if i was a betting man, i'd put my money on the oversized "antivirus free" minerd.

Betting on irony?

betting on the minerd that is more than doubled in size.
newbie
Activity: 53
Merit: 0
May 11, 2013, 10:22:17 AM
#16
For what it is worth:

from this page:  https://bitcointalksearch.org/topic/yacoin-windows-7-x64-ssse3-and-avx-support-x86-miner-201027
this link: https://mega.co.nz/#!pUMBkbbY!cMJYcFqPCMr1idZBr30VsFw0tLY7y63J0N4RVNYMUBc


$ sum *.exe
03133   350 minerd_scrypt_jane_x64_avx.exe
45517   351 minerd_scrypt_jane_x64_ssse3.exe

$ md5sum *.exe
9e8878a529978dcbc943e93ccb65aa33 *minerd_scrypt_jane_x64_avx.exe
1b5a6331149a462e15498909c1462754 *minerd_scrypt_jane_x64_ssse3.exe


run as:

./minerd_scrypt_jane_x64_avx.exe -a scrypt-jane -o http://mineyac2.dontmine.me:8080 -O myuser



made only these connections over the course of 8 hours.
  TCP    192.168.1.27:57598     54.215.7.83:8080       ESTABLISHED
  TCP    192.168.1.27:57599     54.215.7.83:8080       ESTABLISHED

stat(2) appears to not show any of bitcoin, litecoin, terracoin wallets touched
(as in stat'ing continuously from another process in case of touch'ing back)


Shrill claims from either side are pretty useless.

Compiling from source increases the comfort factor, but it is no guarantee unless you read and
understand all the code first. To do that you have to be both capable and (a priori) interested enough.




full member
Activity: 141
Merit: 100
May 11, 2013, 10:16:36 AM
#15
Site bitcoin-ticker.netne.net has been redirected to 127.0.0.1 in my hosts list.

I would suggest doing that, then backing every wallet in your system and transferring to a new wallet if you believe you have been compromised. Common sense.

And yes having an unencrypted bitcoin wallet (or any wallet) with substantial funds is stupid. Double facepalm worthy.

Could you please tell me how I go about redirecting a url to my localhost?
sr. member
Activity: 252
Merit: 250
May 11, 2013, 10:16:20 AM
#14
Totally uninterested in whether it happened or not. The problem here is 10.000 morons downloading pre-compiled code and running it without the developers having a shred of credibility. Even if it's fine THIS time it's bound to happen very soon considering all you have to do is announce a new 'coin' and post a link and BAM, you got 10k people installing your virus and thanking you for it.
Completely agree with you here.  I have been having the same thought for the past few days.
legendary
Activity: 1008
Merit: 1000
May 11, 2013, 10:16:08 AM
#13
if i was a betting man, i'd put my money on the oversized "antivirus free" minerd.

Betting on irony?
Pages:
Jump to: