Bitcoin Forum
November 02, 2024, 09:49:30 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Heads-up on the hacker WhiteHx Master / psykachu who stole 5.5 BTC  (Read 817 times)
dicecoin.io (OP)
Full Member
***
Offline Offline

Activity: 182
Merit: 100



View Profile
July 23, 2015, 06:28:45 AM
 #1

We encountered the hacker attack last week. The user has stolen approx. 5.5 BTC from our hot wallet. No problem for other users but we suffered a bit. The vulnerability was located and fixed quickly. Next day we got the email (posting the copy of it at the bottom) from someone who named himself WhiteHx Master. He said that he's the whitehat hacker, so he'll return everything that he got or keep it for showing us the bug. We've chosen the first option - get the stolen back, however favoring his efforts with one BTC he could keep. As the result never heard about him anymore.

Possibly it's a matter of time, so we're, looking forward, WhiteHx Master.

Meanwhile we would like to warn the community about this person. Moreover he has Bitcointalk account, associated with his wallet:
email: masterwhitehx@hotmail.com
bitcointalk: https://bitcointalk.org/index.php?topic=996260.msg11715038#msg11715038
username: psykachu
wallet: 15awDZEBVoJ4S5dheZLwByvNFsZFEqZF8A




The email we got from the hacker:
Hello, as i can see, you finally noticed that i exploited your website... you took more than 24h lol

Don't worry, I'm not the bad guy ^^, I'm here to help you.

So, basically i found a exploit in your website, and as you can see i was able to get a high amount of BTC using it.
On really I was able to rape all your HotWallet ^^, and not only BTC, but Dogecoin and LTC too, but i didn't because that's was not my objective, I'm not a stealer, just got a big random amount to warn you that this exploit is really real, big and works.

So... i can give you 2 options from here...
1 - I can just give you back all BTC i got from your website.
No support. ( haha, i don't prefer this option on really, actually this is my job (exploit hunter, whitehat), so please consider it...
2 - You can allow me to stay with BTC that i got from your website ( i think i deserve it, for my honestly and begin a good people) + Tips (Optional, if you think i deserve it ^^)

I can detail you how i did it and answer some question if you would like. Also i can help you to fix it, make some test to check if still exploitable,
Also, if eventually you got a problem with another third party exploit, i can help you fixing it or reproducing it, i'm profissional in this area ^^ , just email me with the problem and i can see what i can do to help.

Don't know if you understand... but I was able to take all your hotwallet (until you notice that (arround 24h lol) and i worked only 1-2h to get what i took), if i'm a bad guy (blackhat) i would really did it with all your hot wallet and run away ^^, also i'm offering the refund of all money i took case you want it back, if you consider i don't deserve it.. so when you choosing the option, please consider it. =D

I survive because most part of admin let me stay with the bounty, because they recognize my work, half of them still give me extra tips for it... doing this way i'll always be a good guy and stay happy with it...
Well, just consider that if i don't helped you now, or didn't alert you about this exploit... one day maybe a BlackHat (bad guy ^^) could really steal and run away forever, with all your pocket, who knows, using this same exploit haha, like i had the opportunity. And case you let the money with me... for you is just like a hacker had stoled it as it happened ^^, but like i said, i'm not a stealer and you can choose the option 1.

My address for tips: 15awDZEBVoJ4S5dheZLwByvNFsZFEqZF8A[/b]

Notes: Actually i can't give website names for privacy questions, but my Jobs finished is:
Alot of minor exploit, in average admins gave me extra tips (arround 0.1 - 1 BTC)
Alot of website like yours using same exploit, in average admins gave me extra tips (arround 2-10BTC)

Do you remember Hufflepuff on PrimeDice, the guy who stole 2000 BTC? (not me lol, he's the bad guy D, i found two other big website with the same vulnerability (before Stunna reveal what Hufflepuff did ^^, hehe now, i know Hufflepuff did same exploit that i had discovered a long time ago, after Stunna reveal how he exploited), beside raping like Hufflepuff did, i gave them same offer i gave you, and they paid me near (exploited value 80 BTC each) as reward.
Who know what could happen with this two website if Hufflepuff have find it before me? ^^
And Who know what can happen with your website if someone find it before me? ^^
Please, give you answer soon.

Regards,
WhiteHx Master
Bardman
Hero Member
*****
Offline Offline

Activity: 952
Merit: 516



View Profile
July 23, 2015, 10:30:26 AM
 #2

So what is this scam accusation for exactly? He basically encounters bugs, glitches or exploits sites for money if so you wish to, i don't see him as a scammer.

  █
 ▐ █  
  █
 ▐ █  


▄████████████████████▄
██████▀░░░░░░░░███████
████▀░░░▄████▄░░░░████
███░░▄█▀▀░░░░▀▀██░░███
██░░░█▌░██████░░██░░██
██░░█▌░████████░▐█░░██
██░░█▌░████████░▐█░░██
██░░█▌░███████████░░██
██░░░█▌░░█████▌░▐█░▐██
███░░▀█▌░░█▀░░▄██▀░▐██
████▄░░▀██████████████
██████▄░░░░███████████
▀████████████████████


▄████████████████████▄
██████████████████████
██████████░░██████████
█████████░░░░█████████
████████░░░░░░████████
███████░░░▐▌░░░███████
██████░░░░██░░░░██████
█████░░░░████░░░░█████
████░░░░██████░░░░████
███░░░░░░░░░░░░░░░░███
██░░░░░░░░░░░░░░░░░░██
██████████████████████
▀████████████████████

.a.


░░██████████████████████████████████████░░
██████████████████████████████████████████
██████████████████████████████████████████
██████████████████████████████████████████
████████████░░░░░░░░░░░░░░░░░░░░██████████
██████████░█████████████████████░█████████
█████████░████░░░░░░░░░░░░░░░░███░████████
████████░███░█████████████████░████░██████
██████░███░░███░░░░░░░░░░░░░████░███░░████
█████░███░████░█████████████░████░████░███
███░░███░████░░██████████████░████░████░██
████░░███░░████░███████████░░████░████░███
██████░░███░░███░░████████░████░████░█████
████████░████░░███░░████░████░████░███████
█████████░░████░████░███████░████░████████
███████████░░███░░███░░████████░██████████
█████████████░████░████░█████░████████████
███████████████░████░░███░░███████████████
█████████████████░████░███████████████████
██████████████████░░███░░█████████████████
████████████████████░░████████████████████
█████████████████████░████████████████████
██████████████████████████████████████████
██████████████████████████████████████████
░░██████████████████████████████████████


▄████████████████████▄
█████████████████▀░░██
██████████▀░███▀░░░░██
█████████▀░░██░░░░░░██
███████▀░░░░█░░░░░░░██
██████▀░░░░░▒░░░░░░░██
█████▀░░░░░░▒░░░░░░░██
████▀░░░░░░░▒░░░░░░░██
████░░░░░░░░▒░░░░░░░██
███▀░░░░░░░░▒░░░░░░░██
██▀░░░░░░░░░▒░░░░░░░██
██░░░░░░░░░░▒░░░░░░░██
▀████████████████████


▄████████████▀███████▄
████▀▀▀▀▀▀▀▀▀░▀▀▀▀▀▀▀█
████░░██░░░░█░░░████░█
███░░█░░░░██░░░░░░░░░█
██░░░░░░░░░░███░░░░░██
█████████░░░██░░░█████
████████░░░█░░░░██████
███████░░░░░░░░░██████
██████░░░░░░█░░███████
█████░░░░░███░░███████
████░░░░░███░░░███████
██████░░░░░░░░░███████
▀████████████████████
Mitchell
Staff
Legendary
*
Offline Offline

Activity: 4102
Merit: 2299


Verified awesomeness ✔


View Profile WWW
July 23, 2015, 10:42:55 AM
 #3

Here is an archived page, in case psykachu deletes that posts. I've also left the guy negative feedback for now. Pretty stupid to use an address that you have posted before.

So what is this scam accusation for exactly? He basically encounters bugs, glitches or exploits sites for money if so you wish to, i don't see him as a scammer.
He stole money from a website and didn't return it (even though he said he would). This makes him a scammer IMO.

.
Duelbits
            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|█▀▀▀▀▀█▄▄▄
       ▀████▄▄
         ██████▄
▄▄▄▄▄▄▄▄█▀    ▀▀█
████████▄        █
█████████▄        █
██████████▄     ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀       ████
   █          ███
   █          █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀
.
                 NEW!                  
SPORTS BETTING 
|||
[ Đ ][ Ł ]
AVAILABLE NOW

Advertisements are not endorsed by me.
Bardman
Hero Member
*****
Offline Offline

Activity: 952
Merit: 516



View Profile
July 23, 2015, 12:09:10 PM
 #4

Here is an archived page, in case psykachu deletes that posts. I've also left the guy negative feedback for now. Pretty stupid to use an address that you have posted before.

So what is this scam accusation for exactly? He basically encounters bugs, glitches or exploits sites for money if so you wish to, i don't see him as a scammer.
He stole money from a website and didn't return it (even though he said he would). This makes him a scammer IMO.

Oh... I actually thought they picked the first option AND he returned all the btc but 1, now i see that he actually did not. So yeah, he is some sort of a scammer, more like a stealer. OP should try to talk to him here.

  █
 ▐ █  
  █
 ▐ █  


▄████████████████████▄
██████▀░░░░░░░░███████
████▀░░░▄████▄░░░░████
███░░▄█▀▀░░░░▀▀██░░███
██░░░█▌░██████░░██░░██
██░░█▌░████████░▐█░░██
██░░█▌░████████░▐█░░██
██░░█▌░███████████░░██
██░░░█▌░░█████▌░▐█░▐██
███░░▀█▌░░█▀░░▄██▀░▐██
████▄░░▀██████████████
██████▄░░░░███████████
▀████████████████████


▄████████████████████▄
██████████████████████
██████████░░██████████
█████████░░░░█████████
████████░░░░░░████████
███████░░░▐▌░░░███████
██████░░░░██░░░░██████
█████░░░░████░░░░█████
████░░░░██████░░░░████
███░░░░░░░░░░░░░░░░███
██░░░░░░░░░░░░░░░░░░██
██████████████████████
▀████████████████████

.a.


░░██████████████████████████████████████░░
██████████████████████████████████████████
██████████████████████████████████████████
██████████████████████████████████████████
████████████░░░░░░░░░░░░░░░░░░░░██████████
██████████░█████████████████████░█████████
█████████░████░░░░░░░░░░░░░░░░███░████████
████████░███░█████████████████░████░██████
██████░███░░███░░░░░░░░░░░░░████░███░░████
█████░███░████░█████████████░████░████░███
███░░███░████░░██████████████░████░████░██
████░░███░░████░███████████░░████░████░███
██████░░███░░███░░████████░████░████░█████
████████░████░░███░░████░████░████░███████
█████████░░████░████░███████░████░████████
███████████░░███░░███░░████████░██████████
█████████████░████░████░█████░████████████
███████████████░████░░███░░███████████████
█████████████████░████░███████████████████
██████████████████░░███░░█████████████████
████████████████████░░████████████████████
█████████████████████░████████████████████
██████████████████████████████████████████
██████████████████████████████████████████
░░██████████████████████████████████████


▄████████████████████▄
█████████████████▀░░██
██████████▀░███▀░░░░██
█████████▀░░██░░░░░░██
███████▀░░░░█░░░░░░░██
██████▀░░░░░▒░░░░░░░██
█████▀░░░░░░▒░░░░░░░██
████▀░░░░░░░▒░░░░░░░██
████░░░░░░░░▒░░░░░░░██
███▀░░░░░░░░▒░░░░░░░██
██▀░░░░░░░░░▒░░░░░░░██
██░░░░░░░░░░▒░░░░░░░██
▀████████████████████


▄████████████▀███████▄
████▀▀▀▀▀▀▀▀▀░▀▀▀▀▀▀▀█
████░░██░░░░█░░░████░█
███░░█░░░░██░░░░░░░░░█
██░░░░░░░░░░███░░░░░██
█████████░░░██░░░█████
████████░░░█░░░░██████
███████░░░░░░░░░██████
██████░░░░░░█░░███████
█████░░░░░███░░███████
████░░░░░███░░░███████
██████░░░░░░░░░███████
▀████████████████████
subSTRATA
Legendary
*
Offline Offline

Activity: 1288
Merit: 1043


:^)


View Profile
July 23, 2015, 01:24:39 PM
 #5

Here is an archived page, in case psykachu deletes that posts. I've also left the guy negative feedback for now. Pretty stupid to use an address that you have posted before.

So what is this scam accusation for exactly? He basically encounters bugs, glitches or exploits sites for money if so you wish to, i don't see him as a scammer.
He stole money from a website and didn't return it (even though he said he would). This makes him a scammer IMO.

exactly, if hes really a whitehat hacker as he claims to be, he should have notified the site beforehand that he would be performing an exploit on the site.

theres nothing here. message me if you want to put something here.
dicecoin.io (OP)
Full Member
***
Offline Offline

Activity: 182
Merit: 100



View Profile
July 28, 2015, 10:33:36 AM
 #6

5 days passed, the conclusions are:

1) Stuna never paid him 80 BTC so WhiteHx Master / psykachu is the liar.
2) We haven't got any reply from him, so he's clearly the stealer.
3) He have -2 Trust on his profile here, so community warned.
BitcoinDistributor
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250


View Profile
July 28, 2015, 01:26:05 PM
 #7

Most likely he thought he could exploit you for more (the idiot thinking that hey maybe they'll tip me more to know how I did it).

Doubt he ever planned to return the $, just wanted more. Typical scammer.

I'm a lover not a hater. I'm a scam buster misunderstood. However, this forum is full of haters which is why you see my trust. They can't handle my success so they try to stop me...BUT NO ONE STOPS MY SUCCESS! ....Find Quickseller annoying? Click the "ignore" button below his name! You're welcome!
khash4u
Member
**
Offline Offline

Activity: 97
Merit: 10


View Profile
July 28, 2015, 01:53:24 PM
 #8

So what is this scam accusation for exactly? He basically encounters bugs, glitches or exploits sites for money if so you wish to, i don't see him as a scammer.


He is still trying to get money out of them by exploiting a vulnerability on their network. If he was genuine and wanted to do a good deed he would of contacted them directly with the problem and solution rather then try to blackmail them with extortion of trading on their weakness for quick profit.




Join Binance Exchange today with instant trading on all major crypto tokens 0.1% Trade Fee.
24h Withdrawal Limit:2BTC for unverified accounts  /  Verified accounts  24h Withdrawal Limit:100BTC
BINANCE Worlds largest Exchange
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!