I'm hoping that this system will increase post quality by:
 - Forcing people to post high-quality stuff in order to rank up. If you just post garbage, you will never get even 1 merit point, and you will therefore never be able to put links in your signature, etc.
 - Highlighting good posts with the "Merited by" line.

Wow, man, great article! You put lot of effort to write it. I see that you detailed probably all aspects related exchanges accounts hacking/phishing attempts. But so far I haven't saw fake accounts of exchanges being verified by Twitter. Do you have some examples?
These hackers/scammers are getting really smart and they always find new ideas how to scam people. But the main problem that many people just aren't careful enough, they aren't following even basic security advises. It seems that some people will learn only when they will be scammed..

Indeed, during my misspent youth, I made a huge, huge mistake. Enough silliness that I found myself locked into custody and brought temporarily placed in the "mousetrap" (souricière: possibly "n.f. (pol.): 'Baited trap' laid by the forces of law-and-order."). This was followed by an investigation of more than a year, which eventually ended in a trial.
I will not give too much detail about what I did wrong, just say it concerns payment systems on the Internet. I spent two years taking risks becoming larger, perhaps because it was an exciting side … whatever, I ended up getting arrested (in rather bizarre circumstances, noting that when I was arrested, I was just in a police station to file a complaint for something else). Anyway, I was released four days later and placed under "judicial review". Basically I did not have the right to leave France and I had to go regularly to the courthouse to speak to someone who was going to see if I lived in "the right way".
...
In the end, the trial was not concluded too bad for me (3 months suspended sentence disappearing after 5 years, and nothing in the criminal record).

Although I knew that 80,000 BTC were already missing from Mt. Gox when Jed McCaleb sold it to Mark Karpèles — McCaleb suggesting to Karpèles “maybe you don’t really need to worry about it” — hackers had already cleaned out Mt. Gox while McCaleb owned it. He had sold Karpèles an insolvent exchange.

Mark Karpeles is now hosting the forum's server.

I believe that this is how the attack was done: After the 2011 hack of the forum, the attacker inserted some backdoors. These were removed by Mark Karpelles in his post-hack code audit, but a short time later, the attacker used the password hashes he obtained from the database in order to take control of an admin account and insert the backdoors back in.

I'm sorry I led people to trust Mtgox.
I'm sorry I allowed Mtgox to use me in this way.
I'm sorry I ever made that video to help Mtgox.  
It seemed like the right thing at the time.

But I'm sick of people claiming I said Mtgox was was solvent!
I NEVER SAID THAT, EVER!
Liquidity != Solvency

I chose my words very carefully.
That is why I read them from my own script.
I said Mtgox had lots of LIQUIDITY 7 months ago when I made that video.
That was certainly true, but is completely different from saying that they were solvent.


Transcript:
I'm Roger Ver, long time Bitcoin advocate and investor.
Today I'm at the Mtgox world headquarters in Tokyo Japan.
I had a nice chat with MTGOX CEO, Mark Karpeles, about their current situation.
He showed me multiple bank statements, as well as letters from banks and lawyers.
I'm sure that all the current withdrawal problems at MTGOX are being caused by the traditional banking system, not because of a lack of liquidity at MTGOX.
The traditional banking partners that MTGOX needs to work with are not able to keep up with the demands of the growing Bitcoin economy.
The dozens of people that make up the MTGOX team are hard at work establishing additional banking partners, that eventually will make dealing with MTGOX easier for all their customers around the world.  For now,  I hope that everyone will continue working on Bitcoin projects that will help make the world a better place.

Roger Ver

post your death threats to Bitcointalk.org.  Fun for the whole family.

-bm

To whom it may concern,

 

This is a notice related to the bankruptcy proceedings of MTGOX Co., Ltd. (the Tokyo District Court 2014 (fu) no. 3830), which we are sending to you pursuant to the request from the Tokyo District Court.

 

On July 24, 2014, the Tokyo District Court 20th Civil Division issued an order to change the period for filing proofs of claims and the date for investigation of claims as follows (please refer to the attached file.).

Detailed information for the filing of proofs of claims, including the form of the filing document and the process of the filing will be disclosed through the website of MTGOX Co., Ltd. at a later date. Your patience would be very much appreciated.

MtGox bankruptsy documents (Japan & US)
https://www.mtgox.com/img/pdf/20140618_order.pdf

(Old Date)

Period for filing proofs of claims:     until November 28, 2014

Date for investigation of claims:       February 25, 2015 10:00am

(New Date)

Period for filing proofs of claims:     until May 29, 2015

Date for investigation of claims:       September 9, 2015 1:30pm

 

This email address (mtgox_trustee@noandt.com ) is used only for the purpose of sending messages, and we are unable to check and respond to any replies to this email address.

Since we plan to provide the information regarding the filing of proofs of claims and the bankruptcy proceedings by posting it on the website hosted by the bankruptcy trustee (http://www.mtgox.com/ ), please check this website.

 

Bankrupt MtGox Co., Ltd. Bankruptcy trustee Attorney-at-law Nobuaki Kobayashi

Homeland Security Investigations agent Jared Der-Yeghiayan testified on day 3 of the Silk Road hearing that he had actively pursued Mark Karpeles, the CEO of failed Bitcoin exchange Mt. Gox, as a suspect for the Dread Pirate Roberts

“While Mark Karpeles was terrible at following well-established web development practices, he did have the proficiency to run a website like Silk Road,” Emin Gün Sirer, Associate Professor of Computer Science at Cornell University

BTC-e .. was heavily reliant on criminals, including by not requiring users to validate their identity, obscuring and anonymizing transactions and source of funds, and by lacking any anti-money laundering processes. The indictment alleges BTC-e was operated to facilitate transactions for cybercriminals worldwide and received the criminal proceeds of numerous computer intrusions and hacking incidents, ransomware scams, identity theft schemes, corrupt public officials, and narcotics distribution rings.
Instead of acting to prevent money laundering, BTC-e and its operators embraced the pervasive criminal activity conducted at the exchange. Users openly and explicitly discussed criminal activity on BTC-e’s user chat.

Over time, the hacker regularly emptied out whatever coins they could spend using the compromised keys, and sent them to wallet(s) controlled by Vinnik. This went on for long periods, but also had breaks — a prominent second phase of thefts happened later in 2012 and 2013.
By mid 2013 when the funds spendable from the compromised keys had slowed to a near halt, the thief had taken out about 630,000 BTC from MtGox.
In addition, the shared keypool of the wallet.dat file lead to address reuse, which confused MtGox's systems into mistakenly interpreting some of the thief's spending as deposits, crediting multiple user accounts with large sums of BTC and causing MtGox's numbers to go further out of balance by about 40,000 BTC. The majority of these funds were hurriedly withdrawn by their recipients rather than being reported.
After the coins entered Vinnik's wallets, most were moved to BTC-e and presumably sold off or laundered (BTC-e money codes were a popular choice). In total some 300,000 BTC ended up on BTC-e, while other coins were deposited to other exchanges, including MtGox itself.
Some of the funds moved to BTC-e seem to have moved straight to internal storage rather than customer deposit addresses, hinting at a relationship between Vinnik and BTC-e.
The stolen MtGox coins were not the only stolen coins handled by Vinnik; coins stolen from Bitcoinica, Bitfloor and several other thefts from back in 2011 and 2012 were all laundered through the same wallets.
Moving coins back onto MtGox was what let us identify Vinnik, as the MtGox accounts he used could be linked to his online identity "WME". As WME, Vinnik had previously made a public outcry that coins had been confiscated from him (the coins in question coming from Bitcoinica).
There were other thefts and incidents explaining other missing funds from MtGox. More on that in later posts.

Karpeles said that running the bitcoin exchange, which started as a way to buy and sell “Magic: The Gathering” cards, was a “daily nightmare of dealing with banks, governments, people I never knew existed. Running Mt Gox was basically a constant race.”

“I would say it’s probably very close to like when you’re falling from a building,” Karpeles told BBC Radio 4’s “File On 4” show. “Obviously, the floor [was] getting close. It felt like I was about to die.”

Creditors of the Mt Gox bankruptcy proceedings. We’re coordinating legal action to stop more than $2,000,000,000 surplus from going to the people responsible for the exchange when it was hacked, and instead have it shared among creditors who were victims of crime.

Mt. Gox official says they may start paying back their creditors as soon as next year. They claimed the initial discovery of the missing/hacked 850,000 Bitcoin in the year 2014, Mt. Gox has found 200,000 Bitcoin of them.

At the time of the Mt. Gox hack event in 2014, Bitcoin price was $483 which has a value of $96.6 mln for 200,000 Bitcoin.
The recovered funds have been frozen in the Mt Gox bankruptcy estate for four years, The recovered 200,000 Bitcoin is now worth an estimated $1.2 Bln in Bitcoin
 (at 1BTC=$6,100) without its forks, Bitcoin Cash.
Quite impressive investment, huh?

this is the only part of this all that matters! the START of the sale was last year DURING THE RISE. and people keep on focusing on the drop part. they literary started selling when price was $4000+ and while they were selling price kept on going up and reached $10k then $20k and all that time they were selling a lot of coins!

here is how it looks like:

“I wouldn’t dare say that the person who architected the Titanic should never again architect another ship.”
“Mark fought and fell. And although he fell, his skills, experience and know-how unarguably continue to exist,”

Lol, this is just toooooo funny

Kobayashi sells some bitcoins, price drops 10%
Kobayashi moves some bitcoins, price drops 10%
Kobayashi says he won't sell any coin anymore, price drops 10%

We should really be careful if this guy tweets he will go to the toilet we might see a drop of 20%

I did not knew that this forum has faced 3 hacks in the past. This is really something to worry about as out information is also disclosed to the hackers. Was the forum able to catch any hacker in any of the cases above ?

I have a feeling--and I'm probably stating the obvious here--that a lot of hacked bitcointalk accounts have been sold outside of this forum, because I've seen numerous old-time accounts that suddenly woke up in October 2017, changed their writing style, and started posting in a typical bounty hunter fashion.  Shitposts in the Altcoin Discussion section, mostly.  I tagged a number of them one night after doing some "research" in that section.

This is definitely a good write up, OP.  I don't know much about hacking so I won't criticize the security of the site--but it would appear to be pretty lax.  But I'm sure a lot of that has to do with people not having strong passwords and so forth.  

Why CosbyCoin is not on the coinmarketcap? I have heard of it for the first time but want it already!

Is there any chance to hack bitcointalk forum again? But not type hack like above. What I mean is like some hacker will make an anonymous account which immediately has legendary rank or another else maybe? Or someone can manipulate merits system? If it comes to be true, I'm afraid they can't be detected. As we know too many accounts before merits system is implemented, only use their activity can rank up and earn free merit without getting sMerit. Though they earn sMerit the proof of merit summary will disappear after 120 days.

dude you forget that that's is 25 years apart and obviously, bitcoin's value has dramatically changed in only 9,10 years something, let alone "money"

This is very useful post and I hope it will help someone to prevent hack or get victim of phishing. It is true that is very hard sometime to recognize true from fake site, very often it is a very small and almost invisible difference which can be deceive even some more experienced users. Fortunately Google should start to ban all crypto related ads from this month, so it is realistic to expect that the number of such frauds will be much smaller.

However, hackers will probably find some other ways to target crypto users in an attempt to steal them their money. Last picture shows all steps which user should take to reduced risk to a minimum, but in my opinion language barrier is something that prevents many people from fully understanding that this problem exists. Something like this should be posted in sticky thread of all local boards (translated).

I bet my life on this that you were a scammer and a phisher before you can deny by i know 
Now after you made money you are trying to be an angel right? just wow! 

I was logged in when the 2013 one happened, just sat there thinking WTF is this? Then it just seemed quite funny. The 2015 one I wasn't using the forum at the time but it was the beginning of receiving phishing emails at the address exposed then.

I believe that this is how the attack was done: After the 2011 hack of the forum, the attacker inserted some backdoors. These were removed by Mark Karpelles in his post-hack code audit, but a short time later, the attacker used the password hashes he obtained from the database in order to take control of an admin account and insert the backdoors back in. (There is a flaw in stock SMF allowing you to login as someone using only their password hash. No bruteforcing is required. This was fixed on this forum when the password system was overhauled over a year ago.) The backdoors were in obscure locations, so they weren't noticed until I did a complete code audit yesterday.

Possibly they are related you are right that the 2015 one was certainly for malicious gain and the other two were more of a joke. I think that's because the 2015 actually gained access to the database where the others were injecting code.

Nice write up. Looks like we are overdue for another hack  

I'm not sure the Silk Road and the other things were related but interesting to know that they were around similar time frames at least.

My browser's been Cosjacked!

Hahaha this is pretty funny. Nothing about Bitcoin is safe these days.

Holy shit Cosby is everywhere!

Someone definitely put a huge effort into this. If all hackers were so funny.

EDIT: To disable the Cosby Hack use AdBlock and block "bitcointalk.org/Smileys/default/final.js"  -  Thanks ShadowOfHarbringer and TechCF <3

On September 3, an attacker used a 0-day exploit in SMF to gain administrative access to the forum. This went unnoticed until September 9, when he inserted some annoying JavaScript into all pages. The forum was at this point shut down.

The attacker was capable of running arbitrary PHP code, and he could have therefore copied all password hashes and read all personal messages. He also could have done all of the things that admins can normally do, such as editing/deleting/moving posts.

Passwords

It is not known for sure that the attacker copied any password hashes, but it should be assumed that he did.

SMF hashes passwords with SHA-1 and salts the hash with your (lowercase) username. This is unfortunately not an incredibly secure way of hashing passwords.

The password you used on the forum should be assumed to already be compromised if your password had:
- Less than 16 characters, numbers only
- Less than 12 characters, lowercase only
- Less than 11 characters, lowercase+numeric
- Less than 10 characters, lowercase+uppercase
- Less than 9 characters, lowercase+uppercase+numbers
- Less than 8 characters, all standard characters

If you have only 2-3 more characters than what I listed above, then you should assume that your password will be compromised at some point in the future.

No matter how strong your password was, it is a good idea to change your password here and wherever else you used it.

Database state

Backups exist of the previous database state, but it has been decided to continue with the latest state to avoid losing thousands of posts. If you notice that any posts are missing or changed, let me know.

Also, it's possible that the attacker took control of some accounts. If you are being impersonated, email me and I'll reset your password to its previous value.

More attack info

The attacker first paid for a donator account so he could change his displayed username. The displayed username field is not escaped properly, so he was able to inject SQL from there. He took over Satoshi's account, and from Satoshi's administrative interface he was able to inject arbitrary PHP code by modifying the style template.

The attacker probably used these user accounts, though his level of access would allow him to forge this data:
brad
EconomicOracle
Economic Oracle
SwimsuitPaul
BitcoinsInMyLoins

He probably used these IP addresses:
74.242.208.159
74.242.205.69
152.14.219.223
152.14.247.62
74.242.205.161
74.242.206.245
74.242.208.159
74.242.235.132
98.69.157.69
98.69.160.187
41.125.48.26
150.206.212.72

(Thanks to Mark Karpeles for finding most of this info.)

Change of hosting

Mark Karpeles is now hosting the forum's server. The forum is still owned by Sirius, as it has always been. There will be no policy changes.

Signed version of this message

Just hours after it played a supporting role in the takedown of the Silk Road drug empire, the Bitcointalk.org website suffered a hack that exposed users' personal messages, e-mails, and password data.

-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256

 Unfortunately, it was recently discovered that the Bitcoin Forum's server
 was compromised. It is currently believed that the attacker(s) *could* have
 accessed the database, but at this time it is unknown whether they actually did
 so. If they accessed the database, they would have had access to all
 personal messages, emails, and password hashes. To be safe, it is
 recommended that all Bitcoin Forum users consider any password used
 on the Bitcoin Forum in 2013 to be insecure: if you used this
 password on a different site, change it. When the Bitcoin Forum
 returns, change your password.

 Passwords on the Bitcoin Forum are hashed with 7500 rounds of
 sha256crypt. This is very strong. It may take years for
 reasonably-strong passwords to be cracked. Even so, it is best to
 assume that the attacker will be able to crack your passwords.

 The Bitcoin Forum will return within the next several days after a
 full investigation has been conducted and we are sure that this
 problem cannot recur.

 Check http://www.reddit.com/r/Bitcoin/ and #bitcoin on Freenode for
 more info as it develops.

 We apologize for the inconvenience.

 -----BEGIN PGP SIGNATURE-----

 iF4EAREIAAYFAlJNCE8ACgkQxlVWk9q1kecABgD9H5sbb0DopdLsODAmv6LWmIaW
 kgfyYTlh8GezYbYx7c8A/iTh0/DCwaXuNKK/qUWpewR/L6HEOuAqa/ML1D+K9mZc
 =1NYs
 -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Here's what we think happened:

8-14 hours ago, an attacker used a flaw in the forum's AnonymousSpeech registrar to change the forum's DNS to point to 108.162.197.161 (exact details unknown). Sirius noticed this 8 hours ago and immediately transferred bitcointalk.org to a different registrar. However, such changes take about 24 hours to propagate.

Because the HTTPS protocol is pretty terrible, this alone could have allowed the attacker to intercept and modify encrypted forum transmissions, allowing them to see passwords sent during login, authentication cookies, PMs, etc. Your password only could have been intercepted if you actually entered it while the forum was affected. I invalidated all security codes, so you're not at risk of having your account stolen if you logged in using the "remember me" feature without actually entering your password.

For the next ~20 hours, you should only log into the forum if you're quite sure that you're talking to the correct server. This can be done by adding '109.201.133.195 bitcointalk.org' to your hosts file (remember to remove it later!), or by using some browser plugin to ensure that you're talking to the server with TLS certificate SHA1 fingerprint of:
29:0E:CC:82:2B:3C:CE:0A:73:94:35:A0:26:15:EC:D3:EB:1F:46:6B

Simultaniously, the forum has been the target of a massive DDoS attack. These two events are probably related, though I'm not yet sure why an attacker would do both of these things at once.
-----BEGIN PGP SIGNATURE-----

On October 3, it was discovered that an attacker inserted some JavaScript into forum pages. The forum was shut down soon afterward so that the issue could be investigated carefully. After investigation, I determined that the attacker most likely had the ability to execute arbitrary PHP code. Therefore, the attacker probably could have accessed personal messages, email addresses, and password hashes, though it is unknown whether he actually did so.

Passwords were hashed very strongly. Each password is hashed with 7500 rounds of sha256crypt and a 12-byte random salt (per password). Each password would need to be individually attacked in order to retrieve the password. However, even fairly strong passwords may be crackable after a long period of time, and weak passwords (especially ones composed of only a few dictionary words) may still be cracked quickly, so it is recommended that you change your password here and anywhere else you used the password.

The attacker may have modified posts, PMs, signatures, and registered Bitcoin addresses. It isn't practical for me to check all of these things for everyone, so you should double-check your own stuff and report any irregularities to me.

How the attack was done

I believe that this is how the attack was done: After the 2011 hack of the forum, the attacker inserted some backdoors. These were removed by Mark Karpelles in his post-hack code audit, but a short time later, the attacker used the password hashes he obtained from the database in order to take control of an admin account and insert the backdoors back in. (There is a flaw in stock SMF allowing you to login as someone using only their password hash. No bruteforcing is required. This was fixed on this forum when the password system was overhauled over a year ago.) The backdoors were in obscure locations, so they weren't noticed until I did a complete code audit yesterday.

After I found the backdoors, I saw that someone (presumably the attacker) independently posted about his attack method with matching details. So it seems very likely that this was the attack method.

Because the backdoors were first planted in late 2011, the database could have been secretly accessed any time since then.

It was initially suspected by many that the attack was done by exploiting a flaw in SMF which allows you to upload any file to the user avatars directory, and then using a misconfiguration in nginx to execute this file as a PHP script. However, this attack method seems impossible if PHP's security.limit_extensions is set.

The future

The forum is now on a new server inside of a virtual machine with many extra security precautions which will hopefully provide some security in depth in case there are more exploits or backdoors. Also, I have disabled much SMF functionality to provide less attack surface. In particular, non-default themes are disabled for now.

I'd like to publish the forum's current code so that it can be carefully reviewed and the disabled features can be re-enabled. SMF 1.x's license prohibits publishing the code, though, so I will have to either upgrade to 2.x, get a special copyright exception from SMF, or do the auditing myself. During this investigation, a few security disadvantages to 2.x were brought to my attention, so I don't know whether I want to upgrade if I can help it. (1.x is still supported by SMF.)

Special thanks to these people for their assistance in dealing with this issue:
- warren
- Private Internet Access
- nerta
- Joshua Rogers
- chaoztc
- phantomcircuit
- jpcaissy
- bluepostit
- All others who helped

I received this email yesterday:

This is not very surprising/interesting, but I thought I'd mention that I received a subpoena for information related to Ross Ulbricht's alleged forum account altoid. I mostly just compiled some publicly-available information. The only non-public data I had to include were some deleted posts in the heroin store topic that were not written by DPR and probably won't be useful in the case.

You might be surprised to learn that this is the first subpoena I've received for the forum.

On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:
- Email address
- Password hash (see below)
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your secret answer
- Various settings

As such, you should change your password here and anywhere else you used that same password. You should disable your secret question and assume that the attacker now knows your answer to your secret question. You should prepare to receive phishing emails at your forum email address.

While nothing can ever be ruled out in these sorts of situations, I do not believe that the attacker was able to collect any personal messages or other sensitive data beyond what I listed above.

Passwords are hashed with 7500 rounds of sha256crypt. This is pretty good, but certainly not beyond attack. Note that even though SHA-256 is used here, sha256crypt is different enough from Bitcoin's SHA-256d PoW algorithm that Bitcoin mining ASICs almost certainly cannot be modified to crack forum passwords.

I will now go into detail about how well you can expect your password to fare against a determined attacker. However, regardless of how strong your password is, the only prudent course of action is for you to immediately change your password here and everywhere else you used it or a similar password.

The following table shows how long it will take on average for a rather powerful attacker to recover RANDOM passwords using current technology, depending on the password's alphabet and length. If your password is not completely random (ie. generated with the help of dice or a computer random number generator), then you should assume that your password is already broken.

It is not especially helpful to turn words into leetspeak or put stuff between words. If you have a password like "w0rd71Voc4b", then you should count that as just 2 words to be safe. In reality, your extra stuff will slow an attacker down, but the effect is probably much less than you'd think. Again, the times listed in the table only apply if the words were chosen at random from a word list. If the words are significant in any way, and especially if they form a grammatical sentence or are a quote from a book/webpage/article/etc., then you should consider your password to be broken.


Each password has its own 12-byte random salt, so it isn't possible to attack more than one password with the same work. If it takes someone 5 days to recover your password, that time will all have to be spent on your password. Therefore, it's likely that only weak passwords will be recovered en masse -- more complicated passwords will be recovered only in targeted attacks against certain people.

If your account is compromised due to this, email acctcomp15@theymos.e4ward.com from the email that was previously associated with your account.

For security reasons, I deleted all drafts. If you need a deleted draft, contact me soon and I can probably give it to you.

A few people might have broken avatars now. Just upload your avatar again to fix it.

Unproxyban fee processing isn't working right now. If you want to register and you can't, get someone to post in Meta for you and you'll be whitelisted.

Searching is temporarily disabled, though it won't be disabled for as long as last time because I improved the reindexing code.

If you changed your password in the short time when the forum was online a little over a day ago, the change didn't stick. You'll have to change it again.

How the compromise happened:

The attacker was able to acquire KVM access credentials for the server. The investigation into how this was possible is still ongoing, so I don't know everything, and I don't yet want to publish everything that I do know, but it seems almost certain that it was a problem on the ISP's end.

After he got KVM access, the attacker convinced the ISP NFOrce that he was me (using his KVM access as part of his evidence) and said that he had locked himself out of the server. So NFOrce reset the server's root password for him, giving him complete access to the server and bypassing most of our carefully-designed security measures. I originally assumed that the attacker gained access entirely via social engineering, but later investigation showed that this was probably only part of the overall attack. As far as I know, NFOrce's overall security practices are no worse than average.

To reduce downtime and avoid temporarily-broken features, I was originally going to stay in NFOrce's data center. However, some things made me suspicious and I moved everything elsewhere. That's where the extra day+ of downtime came from after a short period of uptime. No additional data was leaked.

The forum will pay up to 15 XAU (converted to BTC) for information about the attacker's real-world identity. Exact payment amounts will depend on the quality and usefulness of information as well as what information I've already acquired, but if for example you're the first person to contact me and your info allows me to successfully prosecute this person, then you will get the full 15 XAU. You need to actually convince me that your info is accurate -- just sending me someone's name is useless.

The attacker used the following IPs/email:
37.48.77.227
66.172.27.160
lopaz291@safe-mail.net

Ross William Ulbricht, legendary creator of the original darknet market The Silk Road, has been sentenced today in federal prison to Life in Prison.

Ulbricht became a hero to many in the darknet community, as well as the broader Bitcoin and libertarian movements, after his arrest in November 2013 revealed him to be the ‘Dread Pirate Roberts’, the pseudonymous creator and operator of the Silk Road. His arrest came after a months long investigation by multiple law enforcement departments in the United States.


https://darknetmarkets.org/news/silk-road-founder-ross-ulbricht-sentenced/

Of that number, a minority of 9%, or 44,869 users’ accounts used MD5 hashing with a unique salt for an added layer of security. LeakedSource was able to crack 68% of those users or 30,389 passwords in total.

Notably, the remaining 91% of user passwords were hashed with “sha256crypt”, a method of password storage that LeakedSource deemed as “far superior to nearly every website we’ve seen thus far.” That’s high praise, coming from a resource that reveals details of data breaches frequently, in a time where mega-breaches of hundreds of millions of users are commonplace.

The forum was also reachable under forum.bitcoin.org for some time before it moved to bitcointalk.org IIRC.
The "name" of the forum is actually "Bitcoin Forum", not "Bitcointalk" (see upper left corner of this page).

Also, it might be noteworthy that for some time, DDOSing this forum coincided with dumps on then dominant Bitcoin exchange MtGox. I.e., you could DDOS this forum, which in turn made the price of Bitcoin drop. Market manipulation wild Wild West

I have posted this thread on begginer & help section. I feel that much helpful for newbie. On the other hand I think this post should be also this board onScam Accusations.That's why I make quote here form my old post. Even we will not able to take any action, but we can aware about that.

I know this is an old thread but hopefully it will be revived! I wanted to take part in the waves airdrop, which looked pretty normal. I went on the Waves platform took screenshots sent them to the support people who verified everything. The next day I went to check my balance and it was all gone except for 0.0009
So I contacted the most likely scam artists support people at Waves and asked why that happened. They sent the usual bulxxxt reasons it could possibly happen and I got the horrible feeling that the whole thing is a scam and there was no hacker getting into my account info.
Instead the hackers were inside people, most likely the creepy guy who replied to all my messages within a minute, highly unusual for any busy real crypto exchange.

STAY AWAY FROM WAVES IT'S A DEFINITE SCAM AND RUN BY THE WAVES PEOPLE THEMSELVES. THEY SHOULD BE LOCKED UP BY TRUMP!!!!!

Be aware at what you are trading  on Tradesatoshi.com.
Few days ago i deposited xvg on tradesatosi.com. Xvg had a fork more then 2 weeks ago, other wallets on good exchanges like cryptopia updated the wallet in a matter of few days after the fork, and they blocked withdraws before the fork. Scam satoshi did not blocked the wallet deposit or withdraw, they write with small font wallet maintenance right after a big CAPITAL letter text where it says if you use other adress your coins are lost...
Anyway i try to contact them by support ticket, i got a vague answer that says just to wait. I contacted on discord and they say it is developer fault that did not update the wallet on theyr exchange... and after i insisted to do something and like me started to talk loud other about this issue they banned me.

Be aware if you use this exchange, i have been used him for a while but until now i did not have the badluck to deposit or withdraw a coin that is in maintenance.
God Help us when we will see an wallet updated by them.

hi ModDonnie,
My last access to Tradesatoshi was on 03/15/2018
from that date I never made and I have never authorized or opened this orders

hi ModDonnie,
My last access to Tradesatoshi was on 03/15/2018
from that date I never made and I have never authorized or opened this orders:
Id 5821686   XVG/LTC   Sell   520.29003177   0.00034000   0.00035380   5/16/2018 1:21 PM   false
Id 5821685   XVG/LTC   Sell   88.62820085   0.00034003   0.00006027   5/16/2018 1:21 PM   false
Id 5821684   XVG/LTC   Sell   1000.00000000   0.00035015   0.00070030   5/16/2018 1:21 PM   false
Id 5821683   XVG/LTC   Sell   600.00000000   0.00036010   0.00043212   5/16/2018 1:21 PM   false
Id 5821682   XVG/LTC   Sell   150.10000000   0.00037021   0.00011114   5/16/2018 1:21 PM   false
Id 5821681   XVG/LTC   Sell   168.14499609   0.00038100   0.00012813   5/16/2018 1:21 PM   false
Id 5821680   XVG/LTC   Sell   102.30555628   0.00038101   0.00007796   5/16/2018 1:21 PM   false
Id 5821668   HTML/LTC   Sell   6898.57810414   0.00000406   0.00005602   5/16/2018 1:18 PM   false
Id 5821667   HTML/LTC   Sell   3600.00000000   0.00000408   0.00002938   5/16/2018 1:18 PM   false
Id 5821655   BTCR/LTC   Sell   19835.38445855   0.00000107   0.00004245   5/16/2018 1:17 PM   false

Also I have never authorized the following Withdraw:

Id 335662   LTC   0.9937846 to LhWSgqGxXoThz2u9j7QZGzKnpvgzDeiMK6   5/16/2018 1:31 PM
in fact there are no emails confirming these operations!!!

I ask you to check what I have declared, and if it is true, I ask you the repayment of what was stolen from me...
this problem happened in coincidence with your ad on May 15 2018 ("We are experiencing some problems with our private API.We are working on it.")
Thanks

This is the reply of Tradesatoshi:
Sorry for that. Trade orders can be only handled by users. And for withdrawal we have only process withdrawal when user send request and also confirm withdrawal link by email.
We also aware all users that please enable 2fa for your account security.

Regards
MOD707

Is it normal?I Think too that Tradesatoshi is a SCAM!!!