 Show Posts
|
|
Pages: [1] 2 »
|
Currently chatting with Admin on Discord and resolving the issue(s). Great responsiveness and eagerness to resolve the bugs I have submitted, looking forward to working further with admin team, so far so good. Definitely a big plus for this exchange and its trust factor.  |
|
|
|
Hi, do you have a paid bug bounty program? I have a ridiculously serious vulnerability to report. Where do I go for the fastest possible contact with the admins. |
|
|
|
Being incompetent was a first sign that this project is not to be taken seriously. They have been called and didn't do anything about it? What are they waiting for? Until hackers took off all the money and then this blame those wallet holders? Glad I'm not into this shit coin, for those holders, I don't know if you can sell off, but expect for the worst here.
Holders should move their AFCASH now. They urgently need to evacuate. We should thank the OP for giving everyone here the heads up. This does not look good at all. If the project is not doing something despite advance warnings, this means there are two possibilities. That the project is indeed incompetent and should not be trusted, or the attack is coming from someone from the inside or has links from the inside. The attack appears to be given open doors. Open doors, not quite, it's just incompetent retards putting next to no effort into their website as it is a scam from the beginning, so why bother having a secure website when you don't plan on being around long enough to give a shit? They made roughly $317,000~ USD from this scam ICO (if the $1=1AFCASH) is the same price at the ICO as it is now (from what I can see on the backend). Look at this shit lol    That's the developer ^ |
|
|
|
I still have around 1000 AFCASH but I have already transferred it to my ERC20 Wallet and not the AFCASH wallet. is it still not safe for now if I move it back to the AFCASH wallet. if the application for Android what is also vulnerable to use. how much Price for this coin now?
Please. Do NOT do that. And I put money on the fact it was a planned exit scam from the beginning. The developers password for admin panel was 123456. |
|
|
|
|
Cryptocurrency Exchange /ICO Website Penetration Testing Services
We Deliver Professional and Top of the line penetration (hacking) services for your cryptocurrency exchange/website/business.
We assure you that our pen-testing services are of the highest quality and immensely thorough so that you can have as much peace of mind for your customers security and data. We have helped 50+ cryptocurrency exchanges, business owners & other cryptocurrency service providers fix thousands of security issues and vulnerabilities over the past 3 years.
Super affordable rates.
Prices are dependant on size of the website/exchange and will be provided upon contacting me with your URL in private. A super detailed and thorough report will be provided at the end of the pen-test with all vulnerabilities as well as help/guidance/consulting with helping your team secure all critical vulnerabilities. Anything considered critical or high risk will have Proof of Concept's attached to the report so you or your team can re-create the attacks yourselves.
This is to be considered a highly cost effective route than paying for individual bug bounty submissions from freelance ethical hackers, or running an outsourced bug bounty program on Bugcrowd or Hackerone.
OVERDELIVERY GUARANTEED for ALL SATISFIED CUSTOMERS!
Price: $500 per day. Depending on the size of the platform you have, discounts will be provided for platforms that require multi-day pen-testing. This is not to be considered a be-all-and-end-all pen-test, as if it is connected to the internet, it can be hacked... in saying this, I have in the past week selected 3 ICO's or Cryptocurrency exchanges and completed a 1-2 hour pen-test and gained root access to their databases, (and submitted to admins of platforms), or made threads calling specific platforms out with garbage security issue-handling for their customers. Don't be the next exchange to be called out on Bitcointalk.
I have submitted bugs/vulnerabilities for 15 different exchanges/platforms in the crypto niche over the past 11 months, as well as 4 of the top Deepweb marketplaces currently operating. I specialise in SQLi (considered one of the worst and most lethal attacks you could have happen to your customer driven business website/platform).
References provided in private.
Delivery: 1-3 days.
Accept BTC, ETH, Bank wire.
|
|
|
|
Hi guys, Back with more bad news it seems, (been exposing multiple exchanges recently being hacked and admins giving zero f*cks) Africunia [AFCASH] website was hacked back in May, and contact was made to the admins on Telegram (see screenshots) on May 31st~ and they were informed that their website was hacked and all databases were dumped, with root access gained. The admin responded with little to no care, with threats to finish off the conversation. It was my understanding the site was then taken down for "maintenance" AKA resolving the issue. I should have known better.   Fast forward 5+ months later, and their site is still as vulnerable as ever, with customers logging in as recently as 1-2 weeks ago to withdraw AFCASH. phpmyadmin mysql database user hash was cracked instantly and all database(s) are available for dumping.  This is a warning to anyone who uses https://www.africunia.com or who purchased in their ICO a while ago, change your passwords (especially if you re-use passwords) and so forth. I am going to submit this to https://haveibeenpwned.com/ so people have multiple chances to see their data was involved in a breach. Chat soon. |
|
|
|
Hi,
We have build the website from the ground up. CloudFlare helps us protect against DDoS attacks. The terms and service are similar that of ours so yes we it did took the same.
Yes, it helps you protect against DDoS and also sniffs everything it's happening in the customer <> website range, including their IP addresses and most likely addresses. Go to your website and check which SSL certificate are you using. Tip: "sni.cloudflaressl.com" 0% privacy and an plagiarized terms of use. Hmm... Don't worry we will fix all issues and remarks on this post. We are happy to hear that people help to point out to improve our service. Even if some are just llooking to hurt our cause. No one here is trying to hurt your cause, if anything I submitted a decent amount of serious vulnerabilities for FREE. So how is that hurting your cause? All anyone here is trying to do is keep people safe by warning them to steer clear of your clearly shady/scam, poor excuse for a crypto exchange. |
|
|
|
|
Their website is ridiculously vulnerable, use with absolute caution. Be ware of their claims for private funds, however large they claim to have when they can't even pay for bug submissions that can and will lead to their database being dumped lol
They use an outlook.com email address for support emails too.
|
|
|
|
It loads like forever.Opening this on chrome with having 25mbps of internet.  Most likely because they have CloudFlare's UAM (Under attack mode) enabled. Which is misconfigured (horribly) as it wasn't effective at all against any penetration test that was happening on their site hours ago. |
|
|
|
We hold private investors funds for larger transactions.
What does this mean? You mean you'll hold user funds if they transact with a huge amount? Are you using the same strategy as Coinswitch to get your rates and exchange the funds? For large transcations we hold a private reserve for such cases. We are implemented within multiple platforms where we also get our exchange rates from. We seek the best rate during any exchange made!  Care to respond to my earlier email? The first sign of trustworthiness (for me at least) in an exchange, is their responsiveness with security related issues and how they handle the process for bug submissions from start to finish. No one even responded to my submission (after the staff requested for me to send them over, whilst simultaneously informing me there is no paid bounty program in place...) - trust me, with how vulnerable your platform is, (WordPress  ) you're going to want to treat people like me who are submitting them, well, before some ass comes along and exploits them for their own financial gain. |
|
|
|
Hello everyone, We would like to introduce ourselves to the Bitcointalk community! We’re a new and upcoming instant crypto exchange named: SwapFast SwapFast aims for hassle-free crypto swaps. Our clients can exchange their coins without account registration or sharing their personal details. Fully anonymous, no KYC or AML and no data logs being stored. We offer 24/7 support and only charge a small commission fee of 0.5% to fund our platform. We now support over 50 coins like: BTC, ETH, XMR, XRP, BCH, ADA, BNB and will continue to grow the list of coins every day! Give our platform a shot and we’re happy to hear your opinion! Support: support@swapfast.ioWebsite link: https://swapfast.io/Trustpilot link: https://www.trustpilot.com/review/swapfast.io/Instagram: swapfast.io Do you have a paid bug bounty program? I'd like to submit a number of bugs/vulns. |
|
|
|
|
Can't say I am surprised with how they handled the news, essentially (I can only assume) Tim's response is implying I am hiding behind a fake account or something, (yet I gave him my work email to contact me on) and tried to downplay the seriousness of the fact their database and over 12,000 (of a purported 20,000) members details are leaked online. Tim also stated on Telegram to me that they used to use md5 hashing, and later changed to bcrypt after they "realised" a breach had happened in the past (yet they never informed their users of any such breach), yet 97% of the hashes in the leaked database are hashed with bcrypt, with the remaining 4% being md5. Many red flags here.
Users should always be informed of any breach. I'm going to submit this to haveibeenpwned.
|
|
|
|
Just saw your post and saw you alert Tim on Telegram so they should respond swiftly.
I have an account there, and so does Sy and others, the thing with these darknet market claims sometimes is that they just find a way to easily create hundreds of accounts (it's pretty easy on BCR because there's no KYC) and then sell that off as a database. You can be sure if hackers DID find a way in, they'd have emptied accounts already by now.
Still, worth checking out.
Also, anyone else having trouble with roulette? Can't spin. BJ works fine.
Just finished speaking with Tim, he will be responding here shortly regarding this. Thanks for anyone who helped point me into the right direction to contact admins! re: darknet market claims statement - whilst this can be true a lot of the time, this is 100% confirmed to be from bitcoinrush.io. Independently verified. |
|
|
|
I'm not sure if this is really the case or not but I wouldn't be surprised , not sure why Tim didn't say a word here or on telegram regarding that somebody on the telegram group just sent a message now regarding your thread so I guess we will be getting answers soon , if you want you can join Monsterbyte telegram group and find the admin there https://t.me/MonsterByteTelegramThanks will do that shortly. **Edit - just spoke to Tim, he said someone would be in touch with me shortly. |
|
|
|
Can the admins of this company please contact me ASAP as your site has been hacked and the database is for sale on the deepweb. I've attempted contact over emails in mid September and no one cares to respond. Also have a thread here - https://bitcointalk.org/index.php?topic=5195849.0 |
|
|
|
Hey guys, So aswell as being the Director of Marketing for a cryptocurrency exchange, I double as a pen-tester/infosec researcher, and recently came across a database being sold on the deepweb purporting to be from BitCoinRush.io. I obtained a copy and checked some of the logins against their website and to my surprise they worked. Albeit most of them were banned for suspicious activity, probably due to people logging in and attempting to rob the balances from IP's originating in different countries than where the user signed up from. I contacted the admins via email ( https://imgur.com/a/S9nTh3h ) to no avail. And apparently from what I can tell, they most likely know but haven't informed their users, which is a real piece of crap move considering how many people these days re-use passwords across many websites and is the number 1 attack happening against people these days. If you use this service please change your passwords immediately.
https://imgur.com/a/sAgn6Vh |
|
|
|
We’ll send your Bitcoin within 15 minutes of payment approval or your next transaction is Fee FREE!
Does this mean you'll send a transaction with enough fee so that it will get one confirmation within the next 15 minutes, or you'll send the tx with whatever fee it is within the next 15 minutes? As a customer, I'd love it if it's the first one. We guarantee that they will be sent within 15 minutes. Policy is that orders are sent instantly and we cannot control the speed at which transactions confirm on the blockchain - but we always add a network fee considered to allow confirmation within 1-3 blocks. |
|
|
|
And even worse than that, is he's not even processing normal withdrawals. The entire point of even having a bankroll is prevent shit like that from possibly being able to happen. And on that note ladies and gentlemen please allow me to remind you exactly how big that bankroll was in 2017 at the end of the ICO. The bankroll was supposed to be 50% of all ICO funds raised. The total ICO funds were over 1000 BTC, over 4500 ETH and over 850 LTC bringing in $6.5 million therefore the value of the bankroll was 50% of that amount at $3.25 million: over 500 BTC
over 2250 ETH
over 425 LTCWhy did serial scammer Dean Nolan use the bankroll funds to ensure he could meet the guarantee he made which was "guaranteed part of the buy-back rate" of $0.0928 per BKB? It is simple, he admitted he stole the 30 million BKB tokens that were supposed to be used for "ICO bounties, testing bounties, advisors, hiring, future marketing and development". He slipped in a later post writing: " I'm buying tokens back with my own profit, the 30 million tokens I keep from the ICO": https://bitcointalk.org/index.php?topic=4751127.msg44790903#msg44790903and https://bitcointalk.org/index.php?topic=1974926.msg20350022#msg20350022The guaranteed basic lowest minimum buy-back rate without any profit attached was $0.0928 and x30,000,000 BKB stolen tokens gives you the scale of the scam. A staggering $2.784 million of that $3.25 million bankroll theft went straight to the pockets of serial scammer Dean Nolan. All the other siphoning-off he did cannot be calculated entirely without an audit but this bankroll theft following on from the 30 million BKB token theft is the single most damning evidence of his scam and his greed. https://web.archive.org/web/20191024001737/https://bitcointalk.org/index.php?topic=1974926.msg20350022#msg20350022https://web.archive.org/web/20170903041628/https://betking.io/Wow, how so much changes in a year and a half.. I remember when I first started out pen-testing, I submitted a bunch of bugs to Dean, that I found whilst pentesting Betking.io website and he paid in BTC, generally within 24-48 hours of submission, and paid well too. Little does he know I was literally using his website to learn, monetary incentive definitely helps you learn fast. What a real piece of crap. What a shame. |
|
|
|
|
