Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: Theft incident happened on bit-u.com @ DigitalOcean  (Read 6187 times)

0 Members and 1 Guest are viewing this topic.

Offline marketp2p

  • Full Member
  • ***
  • Posts: 71
    • View Profile
Theft incident happened on bit-u.com @ DigitalOcean
« on: November 24, 2013, 06:46:11 PM »

Update #1: Silfax has come forward with updated information (see below). Currently it's my personal opinion that he may not be the one who stole other people's money, but he does bear the responsibility of using sloppy implementation and lack of good security practice.

Update #2: Silfax has restored the site and customers are able to withdraw 58% of the balance before the theft incident. Page down for more details.

What happened:

On Nov 23, 2013, bit-u.com went offline. A few hours later Silfax claimed his exchange bit-u.com (previously Coingrounds.com) was hacked, BTCs were moved to a different address by an unknown user, PTSs was not mentioned. He also claimed some one got access to the (DigitalOcean) hosting account  and deleted the VPS instance after stealing the money.

  Since he made the claim on bit-u.com chat box, he hasn't been in any contact with his customers, leaving all victims holding the bag. 

Scammers Profile Link:
  http://bitsharestalk.org/index.php?action=profile;u=283
He also claimed:  I'm /r/Silfax on reddit, moderator of /r/Jobs4Bitcoins, and pretty well known over there, as well as coder for a couple big group buys.
  http://bitsharestalk.org/index.php?topic=356.msg2802#msg2802

Reference Link:
  http://bitsharestalk.org/index.php?topic=353.60
  http://bitsharestalk.org/index.php?topic=356.60

Amount Scammed: Estimated >50 BTC

Payment Method: Bitcoin, ProtoShares

Proof of Payment: Many forum members can provide their payment transaction links.

PM/Chat Logs:
   http://bitsharestalk.org/index.php?topic=356.msg10353#msg10353

Additional Notes:
  Silfax hasn't made any contact with exchange customers for almost 24 hours after he last appeared in the chat, nor did he provide any evidence to support his claim, no trust should be given to him, bit-u.com, coingrounds.com, or possibly DigitalOcean VPS hosting.
 
I'll update this thread when more information is available. Feel free to add your claim or evidence.

Edit: added time and fixed typos.
« Last Edit: November 26, 2013, 12:20:54 AM by marketp2p »

Offline marketp2p

  • Full Member
  • ***
  • Posts: 71
    • View Profile
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #1 on: November 24, 2013, 06:52:57 PM »
He once mentioned that if he's confident that his "partners" were the perpetrators, he would release their info, which he hasn't done so.
« Last Edit: November 24, 2013, 07:07:35 PM by marketp2p »

Offline bytemaster

Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #2 on: November 24, 2013, 06:55:28 PM »
We know his parter, whom he had disagreements over the use of coingrounds domain, had access to the Digital Ocean account password.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline pc

  • Hero Member
  • *****
  • Posts: 1273
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BTS: cyrano
  • Witness: cyrano
  • Payrate: 100%
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #3 on: November 24, 2013, 07:38:01 PM »
He posted this in the bit-u.com chatbox earlier today:
Quote
(18:04) Silfax: I'm still here, just trying to figure out as much as possible before releasing a statement.
Please vote for my BitShares witness "cyrano" and for my STEEM witness "cyrano.witness"!
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline alexkravets

  • Full Member
  • ***
  • Posts: 81
    • View Profile
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #4 on: November 24, 2013, 07:45:20 PM »
Moral of the story ? Never hold any IOUs
Get in buy or sell get out


Sent from my iPhone using Tapatalk

Offline Silfax

  • Full Member
  • ***
  • Posts: 67
    • View Profile
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #5 on: November 24, 2013, 08:17:48 PM »
Okay, so I still don't have all the details, but I can still provide a bit more info.

Our digital ocean VPS that was hosting the wallets got deleted randomly, and the billing information was removed, etc.

Also, the BTC wallet transferred its contents out, but not from the application, seems that someone got access to the VM itself.

Access logs on the digitalocean account show that someone logged in from a Norway IP (that's not a TOR node), and a similar IP on the same subnet logged into the VM itself.

No idea who this was.

My 'partner' was the only person with the password to this DO account, so either it was him, or his personal computer had a targeted key logger of some sort?

It's all so odd - I've asked digital ocean for more info/logs, but they haven't gotten back yet.

Maybe it was a disgruntled DO employee that saw bitcoin related traffic coming from the VM?

The PTS wasn't touched, so I still have access to that, and will return it to its owners; I'm thinking most likely to make it most fair that I  convert everyone's balances to PTS, and then reimburse everyone as best I can with what's left.

38 BTC were taken, I traced the payments, and they are now here: https://blockchain.info/address/1AKvP3NUmJQsfWXkTg6ZczURatKgAb2Cua
and here:
https://blockchain.info/address/16Z6e2qaxg84Kunk1wdT3pr94YJa2pSafR

The address that they went through is this one: https://blockchain.info/address/14wQsMaKWAmTHrEMKamnzCJxaewnFWP7Tg

which also made a small payment (.01) the same day to this address: https://blockchain.info/address/15MJUSKnkbX3cprXfjNwAWsssTG59SXnvd
which looks like someone's personal address, as it's been receiving and sending payments since February. If anyone can shed any light on that, please be my guest.

The IPs that logged into the server were: 109.201.154.210, and .205, maybe a VPN, maybe someone's actual IP? I looked at the computer there, and apparently there is a Bitcoin node. If anyone feels like playing detective/hacker, please be my guest.

I'm of course incredibly sorry that this happened, and not that it does much good at this point, but it was clearly signposted that this was a beta.

If I learn more from DigitalOcean (which I should, because they are at the center of this problem) then I'll post back here.
« Last Edit: November 26, 2013, 08:08:58 AM by Silfax »

Offline bytemaster

Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #6 on: November 24, 2013, 08:23:08 PM »
Okay, so I still don't have all the details, but I can provide a bit more info.

Our digital ocean VPS that was hosting the wallets got deleted randomly, and the billing information was removed, etc.

Also, the BTC wallet transferred its contents out, but not from the application, seems that someone got access to the VM itself.

Access logs on the digitalocean account show that someone logged in from a Norway IP (that's not a TOR node), and a similar IP on the same subnet logged into the VM itself.

No idea who this was.

My 'partner' was the only person with the password to this DO account, so either it was him, or his personal computer had a targeted key logger of some sort?

It's all so odd - I've asked digital ocean for more info/logs, but they haven't gotten back yet.

Maybe it was a disgruntled DO employee that saw bitcoin related traffic coming from the VM?

The PTS wasn't touched, so I still have access to that, and will return it to its owners; I'm thinking most likely to make it most fair that I  convert everyone's balances to PTS, and then reimburse everyone as best I can with what's left.

38 BTC were taken, I traced the payments, and they are now here: https://blockchain.info/address/1AKvP3NUmJQsfWXkTg6ZczURatKgAb2Cua
and here:
https://blockchain.info/address/16Z6e2qaxg84Kunk1wdT3pr94YJa2pSafR

The address that they went through is this one: https://blockchain.info/address/14wQsMaKWAmTHrEMKamnzCJxaewnFWP7Tg

which also made a small payment (.01) the same day to this address: https://blockchain.info/address/15MJUSKnkbX3cprXfjNwAWsssTG59SXnvd
which looks like someone's personal address, as it's been receiving and sending payments since February. If anyone can shed any light on that, please be my guest.

The IPs that logged into the server were: 109.201.154.210, and .205, maybe a VPN, maybe someone's actual IP? I looked at the computer there, and apparently there is a Bitcoin node. If anyone feels like playing detective/hacker, please be my guest.

I'm of course incredibly sorry that this happened, and not that it does much good at this point, but it was clearly signposted that this was a beta.

If I learn more from DigitalOcean (which I should, because they are at the center of this problem) then I'll post back here.

Thanks for the update.   At what price point will you convert PTS into BTC? 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Silfax

  • Full Member
  • ***
  • Posts: 67
    • View Profile
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #7 on: November 24, 2013, 08:29:32 PM »
Have yet to decide - presumably something based on the going exchange rate?

Offline liquiddrool

  • Jr. Member
  • **
  • Posts: 25
    • View Profile
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #8 on: November 24, 2013, 08:30:11 PM »
It sounds like some cryptocurrency nub was the culprit because they only cleaned out the BTC and not PTS.  Anyone with half an idea of what they were doing would have gotten it all.  This supports the theory of a DO employee doing it.
« Last Edit: November 24, 2013, 08:33:17 PM by liquiddrool »

Offline yago

  • Full Member
  • ***
  • Posts: 188
    • View Profile
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #9 on: November 24, 2013, 08:44:20 PM »
Access logs on the digitalocean account show that someone logged in from a Norway IP (that's not a TOR node), and a similar IP on the same subnet logged into the VM itself.

The IPs that logged into the server were: 109.201.154.210, and .205, maybe a VPN, maybe someone's actual IP? I looked at the computer there, and apparently there is a Bitcoin node. If anyone feels like playing detective/hacker, please be my guest.

These IPs are seems that are from some USA Netherlands VPN, not Norway. Edit: Strange, geoiplookup db says Norway but after doing a mtr I think that the machine is on Netherlands.

Code: [Select]
% Information related to '109.201.154.128 - 109.201.154.255'

% Abuse contact for '109.201.154.128 - 109.201.154.255' is '[email protected]'

inetnum:        109.201.154.128 - 109.201.154.255
netname:        LONDON_TRUST_MEDIA
descr:          VPN services from Private Internet Access
org:            ORG-PIA17-RIPE
country:        NL
admin-c:        LTMR1-RIPE
tech-c:         LTMR1-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-NFORCE
mnt-lower:      MNT-NFORCE
mnt-routes:     MNT-NFORCE
source:         RIPE # Filtered

organisation:   ORG-PIA17-RIPE
org-name:       London Trust Media, Inc.
org-type:       Other
address:        2885 Sanford Ave SW
address:        Suite 20138, Grandville, MI 49418
address:        USA
abuse-mailbox:  [email protected]
remarks:        Phone: +1-855-ANON-VPN
mnt-ref:        MNT-NFORCE
mnt-by:         MNT-NFORCE
source:         RIPE # Filtered

role:           London Trust Media - Representative
address:        2885 Sanford Ave SW
address:        Suite 20138, Grandville, MI 49418
address:        USA
remarks:        +1-855-ANON-VPN
org:            ORG-PIA17-RIPE
nic-hdl:        LTMR1-RIPE
abuse-mailbox:  [email protected]
mnt-by:         MNT-NFORCE
source:         RIPE # Filtered

% Information related to '109.201.128.0/19AS43350'

route:          109.201.128.0/19
descr:          NFOrce Entertainment BV - 109.201.128.0/19 route
origin:         AS43350
mnt-by:         MNT-NFORCE
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.70.1 (WHOIS4)
« Last Edit: November 24, 2013, 09:19:18 PM by yago »
http://bitsharestalk.org/donate.html  <---- Donate to the BitShares Forum ----> PforumPLfVQXTi4QpQqKwoChXHkoHcxGuA

Offline Silfax

  • Full Member
  • ***
  • Posts: 67
    • View Profile
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #10 on: November 24, 2013, 09:04:56 PM »
Do you think emailing [email protected] could help?

Offline yago

  • Full Member
  • ***
  • Posts: 188
    • View Profile
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #11 on: November 24, 2013, 09:10:16 PM »
Do you think emailing [email protected] could help?

I dont think so, but you dont lose anything by trying. Maybe a mail to [email protected] and [email protected] with CC to [email protected] and [email protected]

I guess that if you start a legal process, a judge could require the VPN logs stored by privateinternetaccess.com (if any)
« Last Edit: November 24, 2013, 09:20:08 PM by yago »
http://bitsharestalk.org/donate.html  <---- Donate to the BitShares Forum ----> PforumPLfVQXTi4QpQqKwoChXHkoHcxGuA

Offline TwoKoolFourSkewl

  • Full Member
  • ***
  • Posts: 52
  • Easy as One, Too, Three...
    • View Profile
    • RippleGiveaway.com
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #12 on: November 25, 2013, 01:34:09 AM »
The PTS wasn't touched, so I still have access to that, and will return it to its owners; I'm thinking most likely to make it most fair that I  convert everyone's balances to PTS, and then reimburse everyone as best I can with what's left.

NO, this doesn't sound fair!  What would be fair is if you accepted responsibility and paid back all of your customers in FULL.

I expect a full 100% reimbursement of the 106 pts that I had on your exchange.  You can send my 106 pts to PqNMYYkjagWKaxShxpX4ussz7mkmcu7mpN.  I expect them to be there within 24 hours.

You can't just claim BETA and absolve yourself of all responsibility.
« Last Edit: November 25, 2013, 01:36:22 AM by TwoKoolFourSkewl »
RippleGiveaway.com - Home of the Ripple Faucet!

Offline TwoKoolFourSkewl

  • Full Member
  • ***
  • Posts: 52
  • Easy as One, Too, Three...
    • View Profile
    • RippleGiveaway.com
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #13 on: November 25, 2013, 01:49:43 AM »
Silfax,

Your customers are not YOUR insurance company.  We are NOT liable for your errors and we should NOT be held responsible to pay back your customers.  This is YOUR responsibility.  You were more than eager to take OUR money for commissions and fees and now it seems you're even more eager to have us PAY for your mistakes.  YOU NEED TO FULLY REIMBURSE EVERYONE OUT OF YOUR OWN POCKET IF NECESSARY.

Do we look like the Federal Government?  WE DO NOT GIVE BAILOUTS!

The protoshares that you still have BELONG TO THOSE WHO HELD PROTOSHARE BALANCES with you and need to be given back in full.  The bitcoin that you lost belongs to those customers who held bitcoin balances with you.  You need to pay back protoshares with protoshares and bitcoin with bitcoin.
« Last Edit: November 25, 2013, 01:58:37 AM by TwoKoolFourSkewl »
RippleGiveaway.com - Home of the Ripple Faucet!

Offline marketp2p

  • Full Member
  • ***
  • Posts: 71
    • View Profile
Re: Potential Scammers: Silfax, bit-u.com, Coingrounds.com, DigitalOcean
« Reply #14 on: November 25, 2013, 02:09:58 AM »
As one of the biggest loser in this theft, I won't be happy about it, but I can accept a 60% recovery rate as long as there's evidence to support what you've claimed.

@TwoKoolFourSkewl: I agree that customer is not the insurance company, you deserve the right for requesting a full refund.

But to be fair he mostly relied on the donations to make any money, and you need to give him some credit for the courage and honesty coming back facing the customers.

 

Google+