Update:New Trust lists created in the past week:
|
|
|
|
Yes i have posted BTC addresses from my original account but because the wallets became corrupted i deleted them I guess it's time for you to accept reality: you'll have to follow instructions in Recovering hacked/lost accounts, and if those guys decide they can't guarantee you're the original account owner, you won't get it back. Fact is his shitty foresight allowed Bitcointalk to be hacked and Mine and many thousands of users had our info compromised. So i should be nice about his weak security? As far as I know, only the encrypted password database was taken. That means only the weak passwords could be brute-forced, so it is indeed your own weak security that made it possible to hack the account. Can you be more polite next time ? Why? Are you offended on behalf of the guy who can smite OP? Maybe the internet and especially a forum that allows freedom of speech isn't for you.
If you don't like someone's posts, Ignore them. It's that simple. |
|
|
|
I tried it, and my browser instantly produced a mnemonic. That means the encryption is easy to brute force. Now compare WarpWallet: it takes a very long time to create a private key, which means the encryption is very difficult to brute force. If you do anything brain wallet related, at least make use of heavy encryption. Hello, that is why I recommend you to set enough length of nonce ( > 10000 ) to make it resistant to the brute force attack. That's just another thing you'd have to remember. You could accomplish the same by adding a few more random characters. But if the encryption itself is a million times heavier, it gets more secure without requiring the user to remember more data. With your system, the user needs to back up an email address or other ID, a password, one or more "additional phrases", and a nonce. The loss of any one of these results in loss of their seed phrase and their coins. How is this simpler than just backing up a 12 word seed phrase which was properly generated from dev/urandom? Good point. Also known as KISS. |
|
|
|
I haven't been keeping up with the recent news on this... So, we have another bitcoin mixer go out of business? Exit scam?
Has anyone managed to come up with a ballpark figure for the total amount they scammed? Given the nature of the scam, I think it's a lot of money. The multisig pool address has 12.7 BTC in it, somewhere around 350k USD, judging by how much they spent on their review campaign, the other campaign, the leftover in escrow, the website, the code, the design, and all that, it makes me doubt that they would settle with just 350k, also, it's almost sure that the 350k sure includes some of their own funds. Maybe it includes their own funds, maybe it didn't. The multisig address sent and received 1700 Bitcoin, including change sent back to itself. They could have withdrawn their own money already, and they could even have withdrawn customer money too. You'd have to check all 1169 transactions to see how much came from external deposits, but it still wouldn't tell you much. We may find out eventually if a large deposit was made, someone might come here and tell the story, also to anyone that might say "Oh it was obvious, I knew it" I'd call b.s on that, it was a "masterpiece", the guy/guys behind it were pretty intelligent, far more sophisticated than the average "send me your 1 BTC and get 2 BTC tomorrow". There were signs, but giving them the benefit of the doubt is better than tagging for something they may or may not do. I've been advertising and recommending this shit for months, in such a way that I'm practically part of this scam. And it's just feels awful.
It makes you question the integrity of the service you're currently carrying in your signature. Not enough members here seem to realize that whatever is in their signature reflects back to their own image here. It's always good to question the integrity before you advertise something.
What are the odds this guy started talking about his plans the day ChipMixer was seized?
There is another hypothesis, which is that the developer of the service has a relationship in one way or another with Tornado Cash. Both services are very similar in terms of name, design, logo and a lot of things. On 10 August 2022, Tornado Cash developer Alexey Pertsev[1] was arrested. Did you read that as 2023 instead of 2022? Otherwise, it doesn't make sense. |
|
|
|
They agreed to a 7 day delay. They couldn't withdraw from escrow to pull an exit scam. If they decided to leave those 40k, wouldn't that mean that people deposited more than that + what sig campaign members didn't withdraw? That would be my guess. But we can't know for sure how much was deposited by themselves, and how much came from customers. I am trying to figure out what we could have learned from this.
Shall a signature wearer not use the service he was advertising (namely: transfer any amount out of it asap because of NYKNYC)?
Shall a signature wearer use the service and be fully accountable, in a harsh way, for any losses? It starts by not advertising a service you don't trust. And if you do trust it, you can just use it. Why would you recommend others to use something you wouldn't trust with your own money? Maybe a new "standard" of a reputable escrow should be initiated for any sig campaign? This has obvious implications for anyone willing to start a new one for the associated cost. And also maybe for the escrow. That's up to each campaign, and between the campaign and it's participants. As long as people are willing to join, there's no reason for them to change anything. |
|
|
|
|
Why are you worrying about cached data? Let Bitcoin Core take care of it while it runs.
|
|
|
|
But I don't know why did they left $40k in escrow with minerjones. They agreed to a 7 day delay. They couldn't withdraw from escrow to pull an exit scam. |
|
|
|
I tried it, and my browser instantly produced a mnemonic. That means the encryption is easy to brute force. Now compare WarpWallet: it takes a very long time to create a private key, which means the encryption is very difficult to brute force. If you do anything brain wallet related, at least make use of heavy encryption. |
|
|
|
When people should have been suspecting Whirlwind to be scam is when they began anonymity mining or something with 12% APR. There were questions about it: Our goal is to grow the Anonymity Set to 10,000 deposits so until that is reached we will offer a reward to everyone using the service. Each month we will allocate 1BTC to distribute between all funded Notes proportionally to their balance. Payments will be made every day and you are free to withdraw your deposit anytime. If the amount allocated for rewards is 1BTC a month that means 1/30 = 0.0333BTC will be distributed every day.
If the multi-sig balance is 10BTC and you have a Note with a 1BTC balance you will automatically receive 10% of 0.0333BTC every day you keep your Note funded, which is 0.0033BTC a day. On second thought: this sounds a lot like the many "services" in the past that paid interest on Bitcoin deposits. Usually, that didn't end well. Are you sure you want to be associated with those? Do you have any example of a service that had an actual reason for offering a reward on Bitcoin deposits? The goal of this campaign is to grow the Anonymity Set I think their "anonymity set" (which means the total number of deposits) was around 400 at the time. So, by offering 12%, they only managed to get on average 1 deposit per day since then. Maybe most people recognize by now when something is "too good to be true" by now. At that rate, it's going to take 25 years to reach their goal (of 10000 deposits), which makes it clear things didn't go as they expected.
$40k in DAI This is from the review campaign, isnt it? Should this sum only be used to pay out the unpaid contributions from the Bounty campaign ~ or if someone used the mixing service and still waiting for the withdrawl? It wasn't very clear, but I'd say it was implied that it's okay to use the $40k to cover the risk of the anonymity mining. See these posts. The money in escrow was initially meant to cover the review campaign, but wasn't asked back. After that, whirlwindmoney agreed to add a 7 day delay if they ask the money back. Come to think of it: this delay could very well be the reason the money is still in escrow and this scenario was prevented. You're welcome  I don't see the problem here, it's money from ww, it shouldn't be a problem if it's used to cover the mess they made That makes sense. the unpaid promised interest (12%) The EU bank guarantee stops paying interest the moment a bank goes bankrupt, but you'd get interest until that happened. Considering it is at most a few percent, and considering how complicated it will be to calculate (and prove) the exact amounts, I'd say forget about the "interest". But I have no skin in this game. Can WWM manipulate notes data, such as changing balance to zero or creating fake notes and claiming part of the $40,000. Of course. They can create and sign any LoG they want. Or even make a real deposit through their own site, and use that deposit to claim the majority of the $40k. Or maybe they did already, there were a few larger deposits into the multisig addy lately. |
|
|
|
Downloading the 577GB blockchain on a late 2013 MacBook Pro is impossible. Even at 450Mbps internet, the processor slows down at 86% and never finished even 3 weeks later. Your internet speed doesn't matter here, the limitations are CPU, disk and RAM (dbcache). The hardware is old, but 10 years should still be doable. My laptop is old, but 16 GB RAM and SSD makes all the difference. "Error: Unsupported chainstate database format found. Please restart with -reindex-chainstate. This will rebuild the chainstate database." Did you also copy the chainstate directory? I've never had any problems when upgrading Bitcoin Core to a newer version, so it could be something went wrong with your copy. Redownloading the blockchain is not an option. Just a heads up: -reindex-chainstate is going to take a while too.
Are you sure you want to use Bitcoin Core if your computer has such a hard time with it? Electrum for instance is much lighter to run. |
|
|
|
I don't think Theymos minds all that much if he's called a cunt. I think I've slung that epithet at him once or twice myself (with a dose of love attached, of course). He's too high up there to take offense, know what I mean? It's one of the things I love about Bitcointalk: the freedom to say whatever you want, even about someone who can wipe your account off the board. OP has a sense of humor, I like it. |
|
|
|
If not I'll piss off for another few years. You (or at least otrkid70) posted 4 Bitcoin addresses in 2014 and 2015. You know the drill: dig up your private key, and sign a message. You should never delete a wallet. |
|
|
|
I don't know about you, but I think the whole idea of paying users in notes was kind of risky, in case they didn't work, and I guess now we see why; because they depend on the operator's presence to redeem. After the discussion about privacy for campaign participants, it made sense. There's a risk involved, but that's the same risk they advertised for others in their signature. It forced the campaign participants to "put their money where their mouth is". |
|
|
|
You allowed your computer to spend time with your wife?  I would never trust my computer to allow it such privileges! O M G! I'm the one with root access, so no worries there  do you also trust your freezer that much? My wife likes warmth, not cold. So no worries here either |
|
|
|
Withdrawal Log: <SIGNED MESSAGE>You used credit from your public Public Address wwLckQCopiVAVuENvCP2M8anGiGJRyitwFK on Mon Aug 14 2023 12:15:34 GMT+0000 (Coordinated Universal Time). The withdraw address(es) are the following: 1 - bc1qlgawn2pngyf89cpmy24qex7jlj548u6fwm6uzc which will receive 0.001 BTC 0 hours in the future. ; 2 - bc1qr9rrl034k6undwf09fh377grw7vtka5wpy4w5f which will receive 0.001 BTC 0 hours in the future. ; 3 - bc1q3unhr4da52lg8ddg86gmmleazgkws2zpl6w4zs which will receive 0.001 BTC 0 hours in the future. ; 4 - bc1qc3ssucykfsqfzaggsqeg5u7jkecp98re0wh08w which will receive 0.001 BTC 0 hours in the future. ; This message was signed using the letter signing address which can be found on our website or at /verification/letter_signing_address on the system's API.</SIGNED MESSAGE>
<SIGNING ADDRESS>1JmCabMgyVZ8zmgaV5JGH7BXe48buVaUUd</SIGNING ADDRESS>
<SIGNATURE>H4hJ6/jiU6BKyzqzIdPX4aItpMLJYL/kS+MjumOqThbSL8Z3nCvZWjOcjPS09fy3fEiG6GWPWNGsAC8/CVAuRFw=</SIGNATURE> This is all you need to prove you were scammed. I verified the signed message, and confirm the address belongs to the site: Signing Address: 1JmCabMgyVZ8zmgaV5JGH7BXe48buVaUUd Scam confirmed!My guess: they abandoned the project due to the lack of users, but kept it open for deposits. It's an exit scam by the book. Result was to let it continue as it is because they were not paying anyone any bitcoin but using the NOTES. Now that you mention it: Do signature campaigns that pay in "IOUs" even belong on the Services board? Or should they be moved to the Altcoin board? [1.] They had plan from the beginning to scam at some point. I think they were hoping to make big profits, and if something is profitable, there's no need to scam. We've seen it with casinos too: fake it, then either make it, or break it and walk away. |
|
|
|
Maybe it's something more personal... I'm a bit "anti" dots in filenames.  Dots are fine, they don't need escape characters on the command line. Spaces are already more annoying, dashes get worse (they're also used to add options to a command), but there are many worse things that aren't even on my keyboard. Linux basically allows any character except for the slash in file names, which can be a pain to deal with. You must really dislike the default .tar.gz compression names  |
|
|
|
LoyceV’s bot and Ninjastic’s do not have access to personal messages. If I could, there's a $50k bounty waiting: $50 000: If you can access any user's PMs arbitrarily, without any interaction from the user, and without any secret data such as user passwords. The site also use API to fetch data from the forum There is no API on Bitcointalk. |
|
|
|
Flag Supported. In retrospect, the biggest red flag should have been when they went from being very active to almost completely inactive on Bitcointalk. It looks like they lost interest because the site didn't gain the traction they hoped for. |
|
|
|
|
Prediction 2: $29,126.19 (the current price))
bech32 address: bc1qhc24xdzg58m066jc69v7cyg4kp33tlnsed49hk
|
|
|
|
|
Show Posts
