|
Title: [ANN] Potential Premine SCAM coins: RainbowCoin Evercoin Post by: micryon on May 04, 2014, 06:55:50 AM Hey guys.. in the wake of the Asiacoin mega-scam. We've been doing some forensics on the code to understand the premine scam.. my full analysis is listed here:
https://bitcointalk.org/index.php?topic=566870.msg6535095#msg6535095 This code was also found in SHACoin, which had the exact same premine SCAM that was exposed a week earlier. cruncher on IRC had a great suggestion to search all of github for a particular string that was associated with the obfuscating premine. The segment of code resides in the RPC call, that seeks to intercept the amount of coin by returning a modulo version of it. The result of that search is here: "https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code" (https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code) As you can see the string shows up in a bunch of other places (including the AsiaCoinFix repo i pushed up for the forensics exercise). The following hits to coins were identified: EverCoin - never heard of this RainbowCoin - recently launched ShaCoin - known premine scam ccc/qbcc - ?? BeeCoin - ? QuarkBar - premine scam found, patched Now it may be the case that some devs accidentally forked a code repo unknowingly.. or the coin has already found the issue and patched it, or maybe this isn't even the original location of the code.. I didn't check the actual blockchain itself to verify. This is just from a github search using the "obfuscation code".. But if this code is deployed even without knowing.. it really ought to be patched up anyhow. Up to everyone's own due diligence to check their own coins now.. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: honghaisea on May 04, 2014, 07:00:00 AM QuarkBar is a scam coin? Are you sure?
Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: micryon on May 04, 2014, 07:00:38 AM QuarkBar is a scam coin? Are you sure? No I am not sure.. that's why I said potential. The "malicious" code exists in that code base on github.. that's all we know. If someone can verify and get back to this we can certainly eliminate it as a candidate. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: TTM on May 04, 2014, 07:00:57 AM Quarkbar's original dev also gone. Now community took over this coin, but i don't know whether or not that community know about this premine. You should put a warning on their thread.
Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: Jonesd on May 04, 2014, 07:16:59 AM Quarkbar's original dev also gone. Now community took over this coin, but i don't know whether or not that community know about this premine. You should put a warning on their thread. We're looking into this. We were not aware of this at all. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: TTM on May 04, 2014, 07:21:54 AM micryon, thanks for your effort, i have a small question.
If scammer publish clean source code to github but he compile clients with malicious codes included, then how can we know ? Few people will take that 'clean' source and compile for themself, but this will cause conflict with those clients compiled by dev, right ? Then how can we know if that case happen ? I'm just asking because i think in future, those scammers will find a more sophisticated way to scam. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: Obfuscode on May 04, 2014, 07:23:46 AM QuarkBar Community dev here. Thanks for the post!
We're looking at the code and going to patch it out asap. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: micryon on May 04, 2014, 07:26:37 AM If scammer publish clean source code to github but he compile clients with malicious codes included, then how can we know ? Few people will take that 'clean' source and compile for themself, but this will cause conflict with those clients compiled by dev, right ? Then how can we know if that case happen ? I'm just asking because i think in future, those scammers will find a more sophisticated way to scam. Afaik, there's no way to know what's in the compiled binary they distribute, unless you compile it yourself.. and/or they release a sig'd build (which .. apparently no one does). However, you are correct that if the key areas of the code do not match up. Things like Checking transactions, Accepting block hashes.. rewards, etc. Then those clients will not connect with each other. The key to all this is 3rd party exchanges and pools. By in large they are all 100% Linux, and must build from source.. so if you can't connect to them (accept blocks).. then you know that there's something different with your client. All coins require those ecosystem infrastructure, which has to be built from source... This is the reason that the perpetrators of these scams do actually have to release the source, that is basically the same as the compiled binary.. They can do a few things like RPC call diffs, remove seed addresses, or inject trojans in the compiled binaries tho.. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: YoyodyneSystems on May 04, 2014, 07:39:00 AM Excellent work. I am so lucky I pulled out of AC when it started to drop like a rock. I think it's really bad news for crypto and alt coins that AC managed to happen. It probably took some people out permanently. I think the burden should be on the Exchanges to catch these things. It's 100% their responsibility I would say. They make the money off them and list them as fair products. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: k!lowatts on May 04, 2014, 07:53:02 AM could you please check the latest coin? capitalcoin that just announce its existance.
Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: micryon on May 04, 2014, 08:05:22 AM could you please check the latest coin? capitalcoin that just announce its existance. Sorry you are going to have to check yourself, source is not posted on github.. 30 mb download taking an hour to get that source in .rar format.. (that in itself is a little suspicious tho..) Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: micryon on May 04, 2014, 08:06:21 AM The real question is what is the solution to this - simply removing the code doesn't really fix anything, it just makes the problem more obvious - but the deed is already done, the coins are already on the chain in wallets someplace. Maybe not dumped yet, maybe partially, maybe half your stash you bought well after launch is illegitimate coin - there's no way to know. How do you possibly escape this stigma without moving to an entirely fresh blockchain? You can't just roll back, remove block 1, and then go back to normal. Yes you're right .. fixing premine situation is very difficult.. I'm just giving people a heads up, is all .. no solutions here unfortunately... :( Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: Obfuscode on May 04, 2014, 08:28:46 AM QuarkBar Community Dev here again.
We fixed the upstream code and hardforked the chain effective immediately. Thank you the reporting //Edit: We're doing the maths to check if and how many scam-coins have been created so far Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: Jonesd on May 04, 2014, 08:37:32 AM QuarkBar Community Dev here again. We fixed the upstream code and hardforked the chain effective immediately. Thank you the reporting //Edit: We're doing the maths to check if and how many scam-coins have been created so far Allcoin will freeze the market, so in this insecure situation, we can prevent a bit of panic. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: Jonesd on May 04, 2014, 09:09:53 AM Quarkbar will hardfork after block 215847 immediately (version 70003). New code at https://github.com/QuarkBar/DGWv2 (https://github.com/QuarkBar/DGWv2) New windows wallet: http://logicoin.info/Quarkbar-QT.zip (http://logicoin.info/Quarkbar-QT.zip) Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: uvt9 on May 04, 2014, 09:33:50 AM The real question is what is the solution to this - simply removing the code doesn't really fix anything, it just makes the problem more obvious - but the deed is already done, the coins are already on the chain in wallets someplace. Maybe not dumped yet, maybe partially, maybe half your stash you bought well after launch is illegitimate coin - there's no way to know. How do you possibly escape this stigma without moving to an entirely fresh blockchain? You can't just roll back, remove block 1, and then go back to normal. Yes you're right .. fixing premine situation is very difficult.. I'm just giving people a heads up, is all .. no solutions here unfortunately... :( Hi there, I want to compile clients from source from now on, where should i look for a good guide on how to do it ? I have very limited programming skill, i occasionally deal with PHP and HTML only. many thanks :) Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: micryon on May 04, 2014, 09:37:19 AM Hi there, I want to compile clients from source from now on, where should i look for a good guide on how to do it ? I have very limited programming skill, i occasionally deal with PHP and HTML only. It is kind of a bitch to do.. but here's the guide: https://bitcointalk.org/index.php?topic=149479.0 Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: dygus on May 04, 2014, 10:08:46 AM Hey guys.. in the wake of the Asiacoin mega-scam. We've been doing some forensics on the code to understand the premine scam.. my full analysis is listed here: https://bitcointalk.org/index.php?topic=566870.msg6535095#msg6535095 This code was also found in SHACoin, which had the exact same premine SCAM that was exposed a week earlier. cruncher on IRC had a great suggestion to search all of github for a particular string that was associated with the obfuscating premine. The segment of code resides in the RPC call, that seeks to intercept the amount of coin by returning a modulo version of it. The result of that search is here: "https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code" (https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code) As you can see the string shows up in a bunch of other places (including the AsiaCoinFix repo i pushed up for the forensics exercise). The following hits to coins were identified: EverCoin - never heard of this RainbowCoin - recently launched BeeCoin QuarkBar - fixed code ShaCoin - known premine scam ccc/qbcc - ?? Now it may be the case that some devs accidentally forked a code repo unknowingly.. or the coin has already found the issue and patched it, or maybe this isn't even the original location of the code.. I didn't check the actual blockchain itself to verify. This is just from a github search using the "obfuscation code".. But if this code is deployed even without knowing.. it really ought to be patched up anyhow. Up to everyone's own due diligence to check their own coins now.. Bee coin isn't scam there is new dev and he's changing algo from POW to X11 POS, you should read befor telling shits. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: soopy452000 on May 04, 2014, 10:24:22 AM Hey guys.. in the wake of the Asiacoin mega-scam. We've been doing some forensics on the code to understand the premine scam.. my full analysis is listed here: https://bitcointalk.org/index.php?topic=566870.msg6535095#msg6535095 This code was also found in SHACoin, which had the exact same premine SCAM that was exposed a week earlier. cruncher on IRC had a great suggestion to search all of github for a particular string that was associated with the obfuscating premine. The segment of code resides in the RPC call, that seeks to intercept the amount of coin by returning a modulo version of it. The result of that search is here: "https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code" (https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code) As you can see the string shows up in a bunch of other places (including the AsiaCoinFix repo i pushed up for the forensics exercise). The following hits to coins were identified: EverCoin - never heard of this RainbowCoin - recently launched BeeCoin QuarkBar - fixed code ShaCoin - known premine scam ccc/qbcc - ?? Now it may be the case that some devs accidentally forked a code repo unknowingly.. or the coin has already found the issue and patched it, or maybe this isn't even the original location of the code.. I didn't check the actual blockchain itself to verify. This is just from a github search using the "obfuscation code".. But if this code is deployed even without knowing.. it really ought to be patched up anyhow. Up to everyone's own due diligence to check their own coins now.. Bee coin isn't scam there is new dev and he's changing algo from POW to X11 POS, you should read befor telling shits. There are alot of changes coming with Bee , better hold it for now. I'm the new Dev working on Bee and will update as needed. For the moment Bee is in a transition phase to X11 with POS so I believe you can assume we are on the safe side. ~SoopY~ Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: platorin on May 04, 2014, 10:28:15 AM Stay away from all the coins you are not sure of. That is around 99% of that alt-xxxx!
Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: micryon on May 04, 2014, 10:35:40 AM There are alot of changes coming with Bee , better hold it for now. I'm the new Dev working on Bee and will update as needed. For the moment Bee is in a transition phase to X11 with POS so I believe you can assume we are on the safe side. yeah it may be nothing.. but just giving you guys a heads up.. might want to patch that code, regardless tho, it's just .. wrong :) Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: Jonesd on May 04, 2014, 10:41:39 AM There are alot of changes coming with Bee , better hold it for now. I'm the new Dev working on Bee and will update as needed. For the moment Bee is in a transition phase to X11 with POS so I believe you can assume we are on the safe side. yeah it may be nothing.. but just giving you guys a heads up.. might want to patch that code, regardless tho, it's just .. wrong :) Quarkbar is patched, but we will have to look into the total amount of coins. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: Jonesd on May 04, 2014, 11:07:18 AM POLL I'm trying to get an idea of the total amount of Quarkbar coins held by bitcointalk users. Please PM me the amount and vote in this topic: https://bitcointalk.org/index.php?topic=595204.new#new (https://bitcointalk.org/index.php?topic=595204.new#new) Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: defaced on May 04, 2014, 12:04:15 PM Only use coins that fork trusted repos or.. this.
Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: YarkoL on May 04, 2014, 12:43:58 PM The ValueFromAmountWithFee function in itself is innocuous.
It seems to return the value of transaction in case that the tx fee exceeds the maximum. To see where it is used to hide premine, I searched for line Code: ValueFromAmountWithFee(pindexBest->nMoneySupply) The results are here https://github.com/search?q=ValueFromAmountWithFee%28pindexBest-%3EnMoneySupply%29&type=Code&ref=searchresults The first coin to pull the scam is SHACoin followed (knowingly or not) by Evercoin RainbowCoin Asiacoin xxxcoin This clears Beecoin and Quarkbar of suspicion. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: Jonesd on May 04, 2014, 01:06:14 PM The ValueFromAmountWithFee function in itself is innocuous. It seems to return the value of transaction in case that the tx fee exceeds the maximum. To see where it is used to hide premine, I searched for line Code: ValueFromAmountWithFee(pindexBest->nMoneySupply) The results are here https://github.com/search?q=ValueFromAmountWithFee%28pindexBest-%3EnMoneySupply%29&type=Code&ref=searchresults The first coin to pull the scam is SHACoin followed (knowingly or not) by Evercoin RainbowCoin Asiacoin xxxcoin This clears Beecoin and Quarkbar of suspicion. That is great news! :) Thanks! Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: tuaris on May 04, 2014, 01:34:50 PM The ValueFromAmountWithFee function in itself is innocuous. It seems to return the value of transaction in case that the tx fee exceeds the maximum. To see where it is used to hide premine, I searched for line Code: ValueFromAmountWithFee(pindexBest->nMoneySupply) The results are here https://github.com/search?q=ValueFromAmountWithFee%28pindexBest-%3EnMoneySupply%29&type=Code&ref=searchresults The first coin to pull the scam is SHACoin followed (knowingly or not) by Evercoin RainbowCoin Asiacoin xxxcoin This clears Beecoin and Quarkbar of suspicion. Just an FYI, the Rainbowcoin on that list is not the same one as the SHA256 one (https://github.com/Rainbowcoin/Rainbowcoin). Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: NetScr1be on May 04, 2014, 02:30:32 PM Dygus could you please link to the source of your information?
Also how does changing algorithm now affect the blocks (that may have been) pre-mined? The OP isn't claiming BeeCoin is a scam just pointing out a potential vulnerability. Don't shoot the messenger because you don't like the news they bring. If you want to help Beecoin make sure the dev sees this tread. Disclaimer: I own a small amount of of Beecoin (<50K) that I acquired while researching mining. Thanks Bee coin isn't scam there is new dev and he's changing algo from POW to X11 POS, you should read befor telling shits. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: SiNeReiNZzz on May 04, 2014, 06:33:23 PM Dygus could you please link to the source of your information? Also how does changing algorithm now affect the blocks (that may have been) pre-mined? The OP isn't claiming BeeCoin is a scam just pointing out a potential vulnerability. Don't shoot the messenger because you don't like the news they bring. If you want to help Beecoin make sure the dev sees this tread. Disclaimer: I own a small amount of of Beecoin (<50K) that I acquired while researching mining. Thanks Bee coin isn't scam there is new dev and he's changing algo from POW to X11 POS, you should read befor telling shits. right! Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: ouchmefoot on May 04, 2014, 08:16:17 PM Love QB, glad it was cleared
Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: Jonesd on May 04, 2014, 08:53:26 PM Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: micryon on May 04, 2014, 09:01:03 PM I can confirm that Quickbar and Beecoin does NOT have the other markers of the premine hiding (that exists in main.h and main.cpp). So it was probably is nothing. Though that code fragment still seems incorrect and should be patched even if harmless. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: Jonesd on May 04, 2014, 09:04:21 PM I can confirm that Quickbar and Beecoin does NOT have the other markers of the premine hiding (that exists in main.h and main.cpp). So it was probably is nothing. Though that code fragment still seems incorrect and should be patched even if harmless. You've done great work on this, btw. Impressive that you found it! Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Quarkbar Beecoin Evercoin Post by: hacintosh on May 04, 2014, 11:56:48 PM Dygus could you please link to the source of your information? Also how does changing algorithm now affect the blocks (that may have been) pre-mined? The OP isn't claiming BeeCoin is a scam just pointing out a potential vulnerability. Don't shoot the messenger because you don't like the news they bring. If you want to help Beecoin make sure the dev sees this tread. Disclaimer: I own a small amount of of Beecoin (<50K) that I acquired while researching mining. Thanks Bee coin isn't scam there is new dev and he's changing algo from POW to X11 POS, you should read befor telling shits. Beecoin's resurrection plan is on the move for quite some time. Check it out here: https://bitcointalk.org/index.php?topic=559876.0;all (https://bitcointalk.org/index.php?topic=559876.0;all) Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Evercoin Post by: micryon on May 24, 2014, 11:48:59 PM so ... i guess some of these did turn out to be scams?
Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Evercoin Post by: HunterS on May 24, 2014, 11:50:39 PM rainbowcoin is no premine scam i mined that from the very first block.u need to stop making false accusations and do some research .u are a complete moron
Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Evercoin Post by: YarkoL on May 25, 2014, 12:00:48 AM rainbowcoin is no premine scam i mined that from the very first block.u need to stop making false accusations and do some research .u are a complete moron There are at least two coins of the same name. LGBT isn't the one with hidden premine. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Evercoin Post by: micryon on May 25, 2014, 12:09:25 AM Hmm just found out that Quarkbar did indeed have a premine.. found 20 days after i posted this.
Do your own due diligence people, this is just from a github search with scam code.. you make your own decisions. Title: Re: [ANN] Potential Premine SCAM coins: RainbowCoin Evercoin Post by: Jonesd on May 25, 2014, 12:08:03 PM Hmm just found out that Quarkbar did indeed have a premine.. found 20 days after i posted this. Do your own due diligence people, this is just from a github search with scam code.. you make your own decisions. We managed to get rid of 98% of the malicious Quarkbar coins luckily and were able to freeze his trading account at an exchange. :) |