Bitcoin Forum

Economy => Scam Accusations => Topic started by: mocacinno on November 27, 2018, 06:51:43 AM



Title: [potential scam] cryptrave.com
Post by: mocacinno on November 27, 2018, 06:51:43 AM
What happened: I had a death in the family and wasn't paying as much attention as i usually do... I received a free no-deposit bonus from cryptrave.com. I played with their bonus and won >$1000. Everything looked and feeled pretty legit. When i tried to cash out, i was faced with an error message telling me i had to play their game before i could withdraw. Since i already played their game, i contacted support. The support guy insisted that i had to install a chrome extension and join a cashback scheme with my myetherwallet or blockchain wallet using this extension before i was eligible to withdraw. Eventough i wasn't paying attention due to the personal drama i was having, I did have the reflex to create a brand new wallet and not opening an existing (funded) one. In the end, the support guy basically said that i would only be able to withdraw my winnings IF i installed their fishy chrome extension AND logged in to myetherwallet or a blockchain wallet that was funded with at least 0.32 ETH...

Scammers Profile Link: All posts made by any account about this service have been deleted: https://cse.google.com/cse?cx=016660200577587308545%3Aesf40ml9aag&ie=UTF-8&q=cryptrave.com&sa=Google+search#gsc.tab=0&gsc.q=cryptrave.com&gsc.page=1

Reference Link: https://cse.google.com/cse?cx=016660200577587308545%3Aesf40ml9aag&ie=UTF-8&q=cryptrave.com&sa=Google+search#gsc.tab=0&gsc.q=cryptrave.com&gsc.page=1
Amount Scammed: none (hopefully, i still have to dig trough the plugin's sourcecode), they did try to steal 0.32 ETH if i'm correct in my assumption
Payment Method: no deposit bonus, tried to withdraw ETH
Proof of Payment: none
PM/Chat Logs: I'll edit this post and add them
Additional Notes: I urge everybody to use their due diligence and not install any chrome plugins when visiting their wallets... I'm actually a bit afraid right now, since i haven't read trough the plugin's sourcecode, so i don't know if it would have been able to steal other passwords to. At this time, i'd urge anybody to stay away from cryptrave.com untill the sourcecode of the plugin has been vetted

https://i.imgur.com/dNj7mup.png
https://i.imgur.com/4V17Jdn.png
https://i.imgur.com/GI1tRsE.png
https://i.imgur.com/AqWF2rd.png
https://i.imgur.com/06RxzCl.png
https://i.imgur.com/qZ0T3Uc.png

EDIT: when quickly scanning the sourcecode of the plugin the potential scammer tried to make me run, i found following line:
t = [];
t.BTC = "16EegrNMdZ9Rxku6Za5neEFjMW57wkQr1S", t.ETH = "0x03b70dc31abf9cf6c1cf80bfeeb322e8d3dbb4ca", t.ETC = "0x4F53C9882Ba87d2D7c525dF2aEF2540EFB6e32e5", t.BCH = "1PCh7w6LdcEv1sWd5wtvkELHcWe5HumUi3", t.LTC = "LRPChoyN8qLWENjo1dUjk2bESZjE7bQ6sP";

I can only assume i found the scammer's wallet addresses...

https://www.walletexplorer.com/wallet/116e47ec6fed4e50/addresses

https://etherscan.io/address/0x03b70dc31abf9cf6c1cf80bfeeb322e8d3dbb4ca#comments


Title: Re: [potential scam] cryptrave.com
Post by: r34tr783tr78 on November 28, 2018, 07:16:58 PM
Couldnt you do a scan to check if their plug-in has some kind of trojan or another type of malware? That would be a major evidence of scam.


Title: Re: [potential scam] cryptrave.com
Post by: jackg on November 28, 2018, 09:48:11 PM
It has now been proven: https://bitcointalk.org/index.php?topic=5077276.msg48306521#msg48306521


Title: Re: [potential scam] cryptrave.com
Post by: mocacinno on November 29, 2018, 06:47:25 AM
It has now been proven: https://bitcointalk.org/index.php?topic=5077276.msg48306521#msg48306521

Thanks for pointing me towards that thread :)
I've just filled in an abuse report, but in order to rate that extension, it seems i would need to re-install it before i can review it...

I'm always running chrome portable, and i've completely deleted all packages belonging to the "infected" chrome installation and re-downloaded a clean chrome portable package...

I'm actually wondering wether or not a chrome extension would ever be able to actually read and write data from/to the actual filesystem (and not just the "jail" created by chrome)... If an extension can only function within chrome, deleting chrome and resetting all passwords that were saved in chrome would suffice. If an extension has r/w access to the filesystem, i'd actually have to empty out all wallets on my system, reset all passwords in my keepass and format my complete harddisk... A daunting task to say the least..

I was actually able to download the plugin's sourcecode in case somebody is interested/willing to see what it actually does


Title: Re: [potential scam] cryptrave.com
Post by: jackg on November 29, 2018, 09:54:13 AM
I’ll take the source, it’ll be interesting to look at on my train journey today.

Also, I think plugins can gain access to downloads so there’s a chance it could go in on that route if it  doesn’t directly have a chance to go down that route.

Have you considered switching to Firefox? It’s one of the things that makes me hate the ledger nano s, that it used to use chrome (I know the device is quite secure but... chrome?)

Electrum did a much better task at making the software interface for it imo.


Title: Re: [potential scam] cryptrave.com
Post by: mocacinno on November 29, 2018, 12:33:24 PM
I’ll take the source, it’ll be interesting to look at on my train journey today.

Also, I think plugins can gain access to downloads so there’s a chance it could go in on that route if it  doesn’t directly have a chance to go down that route.

Have you considered switching to Firefox? It’s one of the things that makes me hate the ledger nano s, that it used to use chrome (I know the device is quite secure but... chrome?)

Electrum did a much better task at making the software interface for it imo.

I've sent you a PM, i didn't want to post a link to a scam plugin out in the open... If somebody else wants the sourcecode, let me know and i'll send it to you in a PM :)

As for the security... Yeah, i'd probably have to switch to firefox sooner or later... I'm using chrome because i do own a ledger and a trezor, and both have apps that run as a chrom(e)(ium) plugin, plus chrome always has a recent version available @ portableapps...