Bitcoin Forum

A few days ago, my friend has lost 1.23BTC and 325LTC. after several days of investigation, we have found some important thing, and decide to publich our result.
My friend has an infinitecoin wallet at the same computer. When he found the thief has stolen BTC and LTC, then he quickly transfer infinitecoin to another wallet, but the transaction is unconfirmed. and a few days later, coins go back. and even more, he found he receive more infinitecoins (but don't happy, hacker can send coins to you, he should take back again). actually,  today, 13, Aug, 2014, hacker stole all of infinitecoins.
When we reinstall the OS again, and only run infinitecoin wallet, we can detect virus warning by tool. So, it's clear that the  infinitecoin wallet is malware, but my friend download from infinitecoin official website http://www.infinitecoin.com/ifc-wallet-download.
the result is:  thief is in the infinitecoin team. He/they have control inifitecoin, they can launch 51% attacking. they can unconfirm any inifitecoin transaction, they can transfer your inifitecoin to any wallet address.
the infinitecoin wallet has become the thief tool to steal password and BTC and LTC, and they even send some IFC to you to prevent you from removing the software.
http://www.3-coin.com/3-coin.com/wp-content/uploads/2014/08/ifc_loss_20140813_small.jpg
Though I have recomended the IFC, but now, it's dead. thief has gone into its team.
I hope other expert can seize the thief from infinte team, the hacker is thief, thief is very cheap.
from:https://bitcointalk.org/index.php?topic=737420.msg8332327#msg8332327

This seems to be something need to be looked at. Any blogpost about your full result/findings?

stopped reading at "infinitecoin wallet".

most of the alts are scam or maleware. just use bitcoin and litecoin and you are fine but thx for the info.

Thats why you should use a separate virtual system for each altcoin client you run

http://www.3-coin.com/2014-08-13/5732/

This is much better in terms of security. You can use vmware or a similar program and multiple images - or use an offline wallet. Many alt coins are scam or virus.

This is why all altcoins sources would be vetted properly by professionals.

I have all alt coins installed in Virtualbox except for mutidoge. I think it is probably the safest way to go at the moment. I also keep my BTC on my main pc in a watch only electrum wallet and sign transactions on a laptop that has never been connected to the net.

is electrum wallet is a distribution wallet?  main program is in PC, the send box is in laptop.

that does not mean a lick of shit.. i can post any source code i want and any binary i want.

and to the other guy about "i stopped reading at"
that is dumb IFC is fucking old school and not some random clone coin..
IFC has had a very large following and was the most popular coin in crypto besides Bitcoin last year.
that shows me you don't know anything about altcoins.. or at least older ones.

@OP
I will see what i can do to look into for you if you want..
I just got  new version of IDA hours ago actually and have plenty of tools for reversing Malware such as OllyDBG etc.
BUT i need you to upload the exact files from your wallet though so i can make sure they are the same as the servers files.
I don't think adding the Block chain and wallet data is needed so don't upload your "roaming folder"
and if you don't know what i mean by roaming folder let me know before you uploading anything.

So please .zip or .rar up the wallet .exe files and any .dll's it came with and upload them somewhere like a file locker service.
This is a quick and easy service for file hosting and you can remove the link after easy too..
www.datafilehost.com/ (http://www.datafilehost.com/)

I can't make any guarantees about finding anything but i do have a LOT of experience at finding Malware first on the internet all over the web including here.

putting all your altcoin wallets in a virtualbox will not do anything to protect you.
at least not with Sandboxie (Which is what i use specifically for testing files)
you see what will happen is when all these various wallets are launched they create a roaming coin folder..
and that will ALSO reside in your sandbox.
So think about it..
You run 1 sandbox and then run 5 wallets in it then all 5 wallets will have a wallet.dat file in the 1 sandbox
and if any one of the 5 wallet .exe's has a keylogger etc or other malware like a wallet stealer
it then has complete access to ALL your other wallet files to copy and upload to a remote destination.
In this case using a sandbox is probably making it easier actually than it is helping anything.

happened to my bro too, the pawncoin wallet had malware and he lost 7 btc. that's why i  stopped downloading new altcoin wallets

not seeing anything fishy with the windows wallet yet..

i have an old block chain still but no matter how many seed nodes i find none of them are working

new topic = https://bitcointalk.org/index.php?topic=356065.0
old = https://bitcointalk.org/index.php?topic=225891.msg3816575#msg3816575

i guess TECSHARE took over for fisheater at some point in the past..
not surprising TECHSHARE was always fanatical about IFC i recall back on Cryptsy chat and here.
i never see him around though so i dunno..
Also the IFC forums is bombed with spammers fro Viagra etc so it seems like no one is administrating it,
such as the guy i just mentioned who posted a non working seed node.

and no i did NOT look at the source code..


@OP
Please provide as much info as possible and files !

Also you should contact this guy ..he runs the coin !
TECSHARE =  https://bitcointalk.org/index.php?action=profile;u=15728

and since he has legendary status it should mean he is hanging around here 24/7 everyday LOL
Last Active:    Today at 07:17:38 PM

edit:
also i am curious do you have RPC allow ip in your conf file ?

OP vanished and i can't do anything with out more files and info..

and saying only using coins 3+ years old is not too helpful LOL

What harm can this do? Isn't this supposedly required... At least when you solo mine?


Okay... Now you really scaring the fuck out of me.

You gotta comprehensive list of approved coins? I need that link.

@freee101

you said: "the infinitecoin wallet has become the thief tool to steal password"

Means the wallet was encrypted?

+1 here.

I only have btc/ltc and Guldencoin(NLG) , I really just don't trust any other coins.

Infinitecoin is one of the older established minor alts. I would be very surprised if it turned out to contain malware.

You sure you download the right infinity coin wallet?

Considering some altcoins bring good advantages over bitcoin, I suggest to find a solution, not just erasing the problem.

I totally agree with you, and I'm happy your coin is being checked by experienced members before launch. The only problem I see is that dev of a new coin can send a clean version to checkers, but put a dirty one on its website, or change the clean one with a dirty one for a few hours.

first off a LOT of coins allow a wildcard value setting to be used in the conf for RPC ip address's
so this is a well known infamous vulnerability we Senior members here know.. some of us anyway ;)

and you don't get what i was saying and sorry i don't feel like spelling it out again..
there is no list of approved coins.. i just said if you stick all wallets in one VM your not protecting sweet fuck all
hell your making it easier for one rogue wallet to steal all your wallets LOL
try some common sense guys..

NONE have ever been checked before launch and Trojans with built in keyloggers have been posted here i seen it happen.
Some weed/dope coin was posted before and on the ANN topic the cloner posted an infected windows wallet
and many guys got hit and robbed such as the user "Magnet"

i have warned guys about this prob 30 or 40 times..
that hanging around here downloading every coin that comes along will bite them in the ass sooner or later.
NOBODY checks these things !

Occasionally AFTER a coin has been launched someone checks a wallet binary almost always just a windows exe pre-compiled
and this rarely happens and when it does it still means fuck all anyway
because source code and the binary uploaded do not have to match !
All you got to do is change the source code removing any bad parts and upload it then upload the bad wallet pre-compiled.. simple.

i have seen a well known coin do this on an update..
It was very clever because the coin had it's trust built up over months and the trap was sprung on the like 9th or 10th update LOL
And we know every guy in crypto is just going to ignore the alert of they get one hahaha

This highlights why people are fucking stupid cough cough SuperCoin LOL

EDIT:
You know when i signed up here this entire scene was drastically different than it is now !

What we have now is morons running rampant and mouthy brats.
When i signed up ALL wallets were compiled from source code
and if you even admitted to using a wallet precompiled you were mocked by everyone.

ohhhhhhh times change lol

shithole infested with loud mouthy brats and their scammers that groom them.
a dipshit farm ahahhah

Not that I need to remind you... But you're such an ass, asshole - but thanks for the intel :)

Anyhow.... I had no clue about the wildcard value; I'll look into to how I can mitigate, if it's possible? And I did get what you said asshole. Also I was inquiring about your personal list of approved coins.

what personal list of approved coins ? ..i never said i had one LOL
and what coins ? none !
Bitcoin that is it.

edit:
and the RPC exploit was reported to be the cause of the Jackpot coin from users months ago..
some guy went through the list of IP's connected to Jackpot coin and then attempted to connect to them until he found some wide open.
And i guess from there he stole millions of coins and then dumped them on an exchange (story on JPC ANN topic)
The coin JPC was updated to NOT support the wild card setting anymore but i have no idea how many out there do still support it.
I had always used a loopback address so i dunno if that is maybe safe instead ?

yes。 my friend has change password once, then BTC,LTC,IFC are all stolen.

Can you post an example of the RPC allow ip code we should look for in our conf file please? How should we change it to protect ourselves?

Whateva Spoetnik -

I didn't say you said you had a list; I give you credit because you gotta knack for picking out the shitcoins, that's all. But bump you... guess I'll just have to go thru your post history to find out which coins you call out. And to think I was going to vote you as the biggest retard here... not! :P

hi, if you are interesting in they, i have uploaded 2 files.

infintecoin-qt,  my friend didn't find the install rar file, but the infintecoin-qt.exe is available
http://www.datafilehost.com/d/3c4bde6c

infinitecoin-1.8.8-win32.rar   install package
http://www.datafilehost.com/d/5114ee42

well i am not sure if your trolling me or what but if your serious then sorry i am a bit confused by what you asked.
so maybe ask again but word it different ;)

to the other guy for the RPC command info.
Jackpot coin's last wallet update said this..

So what i have ALWAYS used was the following.. and i *think that is safe ?
rpcuser=usernamez
rpcpassword=passzzz'zzz
rpcallowip=127.0.0.1
rpcport=15372

i had no idea that people were using this..
rpcallowip = *

There is no need to specify the RPC data in a .conf file for ANY coin UNLESS you are solo mining.. otherwise get rid of it !

edit:
127.0.0.1 means connect to your own PC.. a so called Loopback address.

hmm thanks that is interesting because the 2 upload links you have here are NOT the same as what is on the official servers.
Your .exe match in both uploads but they are about 80kb's larger than the wallet for windows i downloaded the other day myself.
although the file names and version data match (Mine and yours)
i did not run your file yet but i hex compared it with the one i got from the official web site and i don't see anything bad with a quick look *yet.
Both seem to be a typical wallet for windows.. nothing looks out of the ordinary so far.

I need to know if your buddy had a conf file with the RPC allow ip sent to a wild card though.
and i can't do much of i can't get the block chain downloading.. i have looked around and all nodes i found failed to work for me.
If there was something bad in it chances are it would need to connect and if i can't get it synced i doubt any malware would work.. see what i mean ?

also i pm'd TECHSHARE last night to look at this topic.. did you contact him like i suggested ?

Oh and i hope what you posted was the exact files from your friends PC.. if you simply went and found them somewhere else that does not help.
A lot of Malware have an updater etc so you need the exact files your suspicious about.

Just because your friend was robbed does not mean the Infinitecoin client is to blame. Sorry but your friend doesn't have a clue what he is talking about clearly, and you don't seem to either. For future reference virus scanners often flag mining software and coin clients, that doesn't mean they are always malware. Additionally even if your client was infected it doesn't mean it was infected before you downloaded it. Also there are hashes posted on the website to allow you to check for yourself that the files are official before opening them. This is either a result of a couple of scared noobs that got robbed or an active slander campaign. You have provided ZERO evidence the infinitecoin client is to blame. Until that time I will not be wasting any more energy on this nonsense. Don't blame Infinitecoin for your inability to secure your PC.

I agree i seen no evidence of anything and in the files..
I also have not gotten any reply back about this no matter how many questions i asked
i barely got any answer at all.

I repeat i see no wrong doing with IFC coders and the files seem fine to me best i can tell..
although i have said over and over i can't get the block chain to start downloading from scratch or update my old one.
and i tried the node TECSHARE posted on the IFCforums and a couple posted here too.. nada LOL

I am runing my IFC wallet along BTC (10+) and LTC (100+). I believe they would have been a lot more interested on my coins then yours.

I am using IFC for more then 1 year and never found anything suspicious about it.

Since you started the topic, please provide evidence.

For other users not familiar with IFC : please consider the author of this topic did not post anything else just accusations that he is not willing to prove (maybe there are no proof at all, just dirt trown at random?!).

Best regards.

can you explain:
after my friend beding stolen coins, his infinitecoin wallet even receive some ininiftecoin,
but my friend transfer the inifintecoin to another wallet address, it's unconfirmed.
15, Aug,  all coins are stolen even password changed.
evidence is in post: http://www.3-coin.com/2014-08-13/5732/

don't say slander campaign, or  inability to secure your PC.  
can you secure your real wallet?
 you perhaps have been stolen by thief, i think a skillful thief can easily steal your money.
why? because you are not thief; but thief is a professional thief.
so, please keep polite, you feel you are too great to know a  poor skill knowledge.

in a clean OS, run ONLY infinitecoin wallet, i can found the security warning.
Isn't it a proof? are you noobs , or idiot?

the  code open source, but code is code, download file is download file.

evidence is in post :http://www.3-coin.com/2014-08-13/5732/

what evidence do you want?

Why should I be polite to you when you make accusations against my development team with zero evidence? You give no respect therefore you deserve none. Consider your error and maybe then maybe I will be more interested in helping you. Until then you are nothing more than a child knocking things over in my shop. Provide evidence, you make some very big accusations. Back them up with facts or retract your slanderous claims.

bter exchange is stolen, i event doubt the inifintecoin wallet is stealing tool.

what evidence do you want?

are you and TECSHARE the infinite wallet developer?

BTER was robbed, that doesnt mean they are stealing. You clearly have difficulty with understanding cause and effect. I supervise development for Infinitecoin. You have made accusations against our team member Andrew in another post: https://bitcointalk.org/index.php?topic=738964.0;all

This user does not even have access to the servers where the files are hosted. You need to restrain your accusations, neither Andrew nor Infinitecoin deserve this. Just because you are angry about being robbed does not mean you can just pick random people and organizations out of a hat to blame. If you are so confident this is true POST LINKS TO YOUR ALLEGED MALWARE. This is looking increasingly like more Chinese rumor campaigns to me. Unless you have evidence, kindly keep your accusations to yourself.

oh, it's your development team. can you guarantee every member isn't thief?
if yes. can you provide evidence?
i don't think it's easy to prove  every member is good. you are not police, inability to research everybody.

I have upload 2 files (infinitecoin-qt.exe and infinitecoin wallet 1.8.8), you can research them more than saying we have no responsibility.

1. infinitecoin transaction is unconfirmed, coins is only left in wallet to stolen by thief,  is it a problem of infinitecoin team ?

2. in a clean OS, run ONLY infinitecoin wallet, i can found the security warning. how could infinitecoin wallet prove itself being innocent?

3. if you want help something, please send me the detail information about andrew (IFC_China).

4. if you are core developer of infinitecoin team,  can you check the transaction information of iFaXqAxw7qenw8TLG9n314UejNX51QxdYn (block chain).

because you are the developer, i think you have  more responsibility to prove infinitecoin wallet is innocent.
but not just say, everything is good.
you should explain the  strange phenomenon in post http://www.3-coin.com/2014-08-13/5732/,
explain it's not cause of infinitecoin wallet , and why.

you say  infinitecoin wallet is good, i say  infinitecoin wallet has issues.
I have provided some facts, but you have only provide nothing and blame user being noobs.

I can list my evidence to all of the IFC fans. I don't say you are the thief, but I think thief is in the inifintecoin team.
above is my conclusion, below is my evidence list:

1. 4,Aug, my friend's BTC and LTC are stolen, but IFC is not stolen, hacker even send some IFCs to his wallet. my friend try to transfer all the coins to another wallet, but infinitecoin transaction is unconfirmed, coins is only left in wallet to stolen by thief on 15, Aug.

2. In a clean windows OS, I only run IFC wallet, and found security warning.

3. Bter is stolen, and Bter runs IFC exchange. I don't think Bter is noobs and inability to secure his PC.

4. why does IFC wallet 1.8.6 MANDATORY UPDATE ？

actually, i don't know what you talk about.
 conf file with the RPC allow ip

can you say details? my OS is XP, have not open RPC.
where is the  conf file?

Same thing i thought while reading..
Its not that hard to setup some win based virtual os on VMWARE.
Some people still take security too lightly

Why am I responsible for explaining how your friend was hacked? You are the one making claims here, I don't have to prove myself, you do. Individuals are perfectly capable of checking the open source Infinitecoin client for themselves, I don't have to prove anything. You have provided no facts, you have made assumptions. Provide actual evidence or remove your false accusations. I don't have anything to prove here, you do.


note, try adding these peers if you cant connect, some times it doesn't connect right away just let it run:

"addr" : "88.123.148.35:9321",
"addr" : "81.102.216.43:9321",
"addr" : "184.175.52.145:9321",
"addr" : "87.58.104.112:9321",

because you are one of the IFC wallet maker.
if you refuse to prove anything, IFC fans will suspect your team。

Um, no. I have a long standing reputation here. You do not. The software is open source and anyone can review it. Provide evidence of your claims or retract your accusations. Nothing you posted so far is evidence of anything except that your friend was robbed.

I haven't had a problem with the Windows Infinitecoin and malware and my machine is secured in every crevice it contains. The OP should be careful making baseless accusations accusing one wallet over another, when it is quite obvious that the cause for the malware was 99% likely to be caused by something else.

If you're going to accuse one coin or another, post up proof or GTFO. Crypto has suffered enough this year without people like you coming along and damaging it further. By all means call out coins doing wrong by people, but make sure you don't defame them in the process if you don't have the proof to back it up.

Why would Tecshare who came along and helped resurrect this coin from the dead deliberately infect people with malware? What is the point if it would only drive away interest thus driving down the price of the coin. If the point is to get people to use a coin, you don't generate interest by infecting users. There is no logic in the OP's argument other than trying to draw parallels between a friends computer being infected and having the Infinitecoin wallet installed.

No, don`t worry, we won`t ...

sorry, your response are disreputing yourself.
you think I'm making a scam accusations. but I have provide my conclusion and evidences.
for example, your car's tyre is lost when your are driving. you accuse car maker, list all your evidences. but car maker said, you have 0 evidence to prove it's my fault.
do you think car maker has no responsibility to clarify the cause.
do you think the customer have no right to accuse car maker?
I don't know what evidence you want, or you listen nothing, only want to say: I'm good, all is your fault.

can you guarantee IFC wallet has no problem?
can you guarantee all people's  IFC wallet has no problem, which is download from IFC official website.

can you guarantee Bter's coins stolen has no relationship with IFC wallet?
you evidence.

It doesn't. The OP of this thread either downloaded a wallet from a non-official source or he is a lying POS. He says the wallet came from the official site but that is out and out bullshit.

The wallet is 100% safe. Maybe the OP has rpcallowip=* in his conf. If he did that then he is an idiot.

BTW OP...

The simple fact that no other person with an IFC client on their computer is here backing you up speaks volumes. This coin has real issues to deal with and your bullshit is getting in the way.

Shut the fuck up and fix your own damn problem. IFC had nothing to do with it.

i never change  conf,  do you mean the default value is " rpcallowip=*",  the OS developer is idiot?

apple iCloud is stolen by fuck hacker.
the Apple company actively help FBI to investigate hacker.
but you do nothing to keep your respect.

I have found more clues about Andrew. he likes a spy.
For IFC wallet 1.8.6.
Do you (IFC team) require to UPDATE MANDATORY?  are the reasons :1. 51% attack warning; 2. transaction fee. ?

it seems not a MANDATORY reason.

I can sure my friend is attacked by  51% .  unconfirmed transaction,  transaction control by hacker.

I have no any IFC now,  and have no any problem to fix now.

can you guarantee Bter's coins stolen has no relationship with IFC wallet?

maybe bter's coins are stolen by IFC wallet. :-[  if so, why aren't they announce this.

because this will depreciate IFC price.

if you are bter, you will replace your IFC wallet stealthily, and keep IFC trade market still. and sell out all IFCs of yourself.

If you don't leave Andrew alone I am going to put up a bounty for your identity and dox you, then you can see how much fun it is. There is absolutely zero chance Andrew had access to the client code. Stop harassing our development team.