BTCrow.com Escrow Service Fraud

[956Vette]

Thank you in advance for your help bitcointalk.org community!

I am new to bitcoin and had hoped to receive a release of payment into my wallet (via coinbase). BTCrow.com facilitated a website sale with their escrow service. Unfortunately, as I understand, during the escrow process the seller (myself) provides the desired btc address to be paid. In the end of the inspection period + 7 business day wait period (for 'security'), btcrow automatically deposited (without any verification/notification until too late) into an unknown wallet (which they claim has been encrypted/etc & provided by myself):1N8FbnAWjegbUPzFJhnYQx7ECN5V3ec12m
https://blockchain.info/address/1N8FbnAWjegbUPzFJhnYQx7ECN5V3ec12m

1N8FbnAWjegbUPzFJhnYQx7ECN5V3ec12m is not my wallet address, nor is it ANY wallet associated with Coinbase (the only company I have used to create a wallet in 2015). My newbie eye/analysis appears to indicate all funds are long gone.

BTCrow support shares with me that they will fully cooperate with law enforcement and I should contact Police had I be a scam victim. What action should I take?

Best regards,
-956Vette

[1715266517]

1715266517

[1715266517]

1715266517

[BTCrow]

Dear customer,

I do not understand how it happened but that address appear from the beginning in your transaction:



Our payment: https://blockchain.info/tx/6c90aa749b6364fb18941166bee880c75ee3c9d05eba738099bd9cd7423c540e

It could be that you added the wrong address, or some kind f scam with spuffed emails and a spuffed website. We need all our mails with the header to find the problem if any of them is spoofed. When the transaction expires the payment was released. You contacted us twice last week and knew that the payment would automatically be released after that time.

We keep logs of IPs and can collaborate with the police to resolve this situation.

Regards,

BTCROW

[956Vette]

Thank you BTCrow for responding in public and your further courtesy and understanding so far in private. Would you mind offering a rational for concealing the receiver BTC address throughout the escrow process? Perhaps during the inspection period the seller may wish to be reminded of the btc address expected to receive a $20k+ payment?
The IP address provided by BTCrow claims the fraudulent wallet address originates from a European address? 87.226.2.124 is far away from Texas, USA. Is this correct?

Rest assured I will look for and fwd any/all spoofed emails & that I was in full control & saw with my eyes (pardon not knowing to capture a screenshot...if that sort of tech exists during submission...) confirmation of my email + wallet address.

[956Vette]

Dear customer,
You contacted us twice last week and knew that the payment would automatically be released after that time.

Regards,

BTCROW

How exactly did I know that the payment would automatically be released to a fraudulent address? Never once did you or btcrow.com offer up the specific address details to confirm with me. Folks should know that the info disappears & is concealed and/or encrypted on your side after submission via btcrow early on within the process...only to be noticed if/when it's too late.
Fyi, zero spuffed emails are within my inbox.

[DLS123]

This seems highly suspect on BTCRows part.  Are you saying you just send money to an address without ever sending an email to the person to verify the address is correct or their address to begin with? 

How do we know BTCrow isn't directing funds to their own addresses?

[956Vette]

This seems highly suspect on BTCRows part.  Are you saying you just send money to an address without ever sending an email to the person to verify the address is correct or their address to begin with? 

How do we know BTCrow isn't directing funds to their own addresses?

This is exactly their protocol. Absolute nonsense. BTCrow, I created this topic and alerted you so that you may help others...care to do so?

[BTCrow]

This seems highly suspect on BTCRows part.  Are you saying you just send money to an address without ever sending an email to the person to verify the address is correct or their address to begin with? 

How do we know BTCrow isn't directing funds to their own addresses?

This is exactly their protocol. Absolute nonsense. BTCrow, I created this topic and alerted you so that you may help others...care to do so?

In each transaction the user sets and confirms the payment address when confirming the transaction and email, at the beginning of each transaction.  When the payment is released is sent to that address without further confirmations because it was confirmed at the beginning.

Many users use our platform every month, even with larger transactions and is the first time something like this happens. I do not know if it is an error copying the wrong address or you have been the victim of some kind of scam but we have only done our part and paid to the address listed on the transaction.


Regards,

BTCROW.

[DLS123]

This seems highly suspect on BTCRows part.  Are you saying you just send money to an address without ever sending an email to the person to verify the address is correct or their address to begin with?  

How do we know BTCrow isn't directing funds to their own addresses?

This is exactly their protocol. Absolute nonsense. BTCrow, I created this topic and alerted you so that you may help others...care to do so?

In each transaction the user sets and confirms the payment address when confirming the transaction and email, at the beginning of each transaction.  When the payment is released is sent to that address without further confirmations because it was confirmed at the beginning.

Many users use our platform every month, even with larger transactions and is the first time something like this happens. I do not know if it is an error copying the wrong address or you have been the victim of some kind of scam but we have only done our part and paid to the address listed on the transaction.


Regards,

BTCROW.

1 time is one too many. Your attitude seems very nonchalant about the whole matter.

You don't seem to be offering up any information as to what could have possibly happened.  If he initiated the escrow and entered in his address, it should have been locked in correct?  Can the receiving address be changed at any point by a malicious party?  Or once an address is placed in, it can't be changed?

I would like to hear what kind of scam would allow an escrow transaction already in motion, to be redirected to a new address?

Also you don't send an email confirming the address used in the escrow once initiated?  That doesn't make sense.  When a user initiates the escrow an email should be sent stating their correct deposit address. If not, how can we verify you aren't selectively scamming people?

[BTCrow]

1 time is one too many. Your attitude seems very nonchalant about the whole matter.

You don't seem to be offering up any information as to what could have possibly happened.  If he initiated the escrow and entered in his address, it should have been locked in correct?  Can the receiving address be changed at any point by a malicious party?  Or once an address is placed in, it can't be changed?

I would like to hear what kind of scam would allow an escrow transaction already in motion, to be redirected to a new address?

Also you don't send an email confirming the address used in the escrow once initiated?  That doesn't make sense.  When a user initiates the escrow an email should be sent stating their correct deposit address. If not, how can we verify you aren't selectively scamming people?

About your final insinuations, this never happened before, since 2011 never. All "problems" that can be found about us are occasional delays during network problems with the stress test or malleability.

Scammers have tried numerous types of fraud with spoofed emails and phishing addresses, all alerts on our website have a reason for being there are 4 or 5 attempts of scam every week. I already requested all our emails with respective headers to try to find out what happened. But in my opinion this time seems more likely that somehow the customer entered a wrong address copied from somewhere.

Probably is necessary to verify the address before release payment to avoid these situations (we work on it), but this was not something predictable, in four years has never happened.

We have all logs and everything has a demonstrable record, and we have informed to the customer that we can cooperate with any investigation by the authorities of his country and provide them all the data that require. I think we are providing all possible help, and I'm sorry if you do not feel the same.


Regards,

BTCROW

[TYPEcoin]

Why you don't try to resolve this problem more faster if you say you are not a scam user?
This will affect your business very bad because this thread is read by to many time
Anyway,I will follow this thread until the end.

[956Vette]

About your final insinuations, this never happened before, since 2011 never. All "problems" that can be found about us are occasional delays during network problems with the stress test or malleability.

Scammers have tried numerous types of fraud with spoofed emails and phishing addresses, all alerts on our website have a reason for being there are 4 or 5 attempts of scam every week. I already requested all our emails with respective headers to try to find out what happened. But in my opinion this time seems more likely that somehow the customer entered a wrong address copied from somewhere.

Probably is necessary to verify the address before release payment to avoid these situations (we work on it), but this was not something predictable, in four years has never happened.

We have all logs and everything has a demonstrable record, and we have informed to the customer that we can cooperate with any investigation by the authorities of his country and provide them all the data that require. I think we are providing all possible help, and I'm sorry if you do not feel the same.

Regards,
BTCROW

Thank you for your continued support and astounding high degree of confidence in your system. I should mention to the onlookers BTCrow disregarded or didn't care to respond to multiple inquires in private earlier in the week. Thanks again to the bitcoin community here for provided such a valuable resource.

All emails have been forwarded to BTCrow.

How doubtful is it that I visited Coinbase via a spoofed email & went through multiple verification processes only to have copied and pasted a fraudulent bitcoin wallet address?

If you are a company that's victim to so many scam attempts per week...it is amazing that you have so few verification steps.... Maybe it's worth reiterating to the folks...BTCrow NEVER verifies the release of payment address to the seller & encrypts/conceals until the end.

Thank you for admitting fault in your process & your consideration going forward that you'll be wise to verify the address before release of payment to avoid these devastating situations.

I expect all logs to be provided to me via email (& feel free to publish IP addresses here) and to be provided with your legal address/contact information for law enforcement & attorney.

[jaydipmodhwadia]

956Vette, I feel like you have been scammed hard by BTCRow....
I feel like you should get law enforcement on them and sue them if need be...
Well, BTCRow, can you please send the information that has been requested onto public chat? This Includes all BTC addresses without them being cleared of course.

[elbill]

I used btcrow with large amounts without problems a few weeks ago, be sure to not have a RAT (remote administration tool) on your computer, it could be a problem of that kind.

[BTCrow]

956Vette, I've already sent the information requested by private, we have a privacy policy but you are free to publish your own information.
Some of the headers of your received emails are spuffed emails. It can be a "man in the middle" attack between you and us. As I recommended initially go to the police.

I was skeptical for several reasons:

- There were 4 previous transactions with different amounts, in one of them the IP of buyer and seller were the same.
- The buyer never replied to any of our emails.
- After initiated the inspection period the buyer has the option to release the payment, but he never release the payment.
- You contact us three times about this and I told you two times that request the of release payment (a option in the seller panel), but you preferred to wait until the transaction expire.

And finally the payment is released but strangely you do not receive it. For me it was very rare. But after seeing the emails spuffed undoubtedly some kind of scam has occurred and will do everything possible to help you find the culprit.

[956Vette]

956Vette, I feel like you have been scammed hard by BTCRow....

I do feel as though I have been scammed hard, at least in large part by BTCrow.

After forwarding all emails to BTCrow support they share with me that I have been victim to their front page fraud. However, being the receiver/seller...the warning imho falls short & highlights the failure of BTCrow's service.

Please remember, we NEVER send the escrow's payment address via email. If you receive a bitcoin address via email is being victim of a scam with a spoofed email address.

If I may reiterate, all of their highly publicized frauds w/ regards to their business could have been eliminated had they reach the escrow payment receiver & provide payment address.

BTCrow states I was victim of a scam with a spoofed email address because I failed to discern:

All our emails are:
"Received: from server.btcrow.com"
or
"Received: from a2i559.smtp2go.com"

You received few spuffed emails "from s2.btcrow.com"

Allow me to provide off the cuff comments with regards to their security warnings:

Security Precautions:
To protect your escrow funds we require that you take the following precautions:
    Do NOT send bitcoins to a bitcoin address you received via email
    Check the URL domain is btcrow.com
    Check the automated emails are from a btcrow.com address
    You must verify your email address and the escrow details on btcrow.com for each transaction
    We do not send the escrow's payment address via email
    If the confirmation email goes to your SPAM or Junk folder it's most likely a spoofed email
    Always confirm your transaction exists on our website, and ALL details are correct
    Contact us immediately if you have any suspicions

• Do NOT send bitcoins to a bitcoin address you received via email

Not an applicable warning as I hoped to receive a release of payment.

• Check the URL domain is btcrow.com

Being the party which chose BTCrow for the escrow service, my feelings are that I was perfectly able to traffic BTCrow.com's secure website without issue.

• Check the automated emails are from a btcrow.com address

This bullet point sure does get quickly glossed over by BTCrow....

• You must verify your email address and the escrow details on btcrow.com for each transaction

Easy enough. How about the company which is receiving 1.5% of the cut handle their share of the verification of email address and escrow details?!

• We do not send the escrow's payment address via email

How you justify hiding the release of escrow payment address from view is baffling, distasteful and ripe for fraud/abuse.

• If the confirmation email goes to your SPAM or Junk folder it's most likely a spoofed email

Not once did gmail send your spoofed (or spuffed as you say) emails to SPAM/Junk folder, fyi.

• Always confirm your transaction exists on our website, and ALL details are correct

Always did confirm transaction existed on BTCrow.com, however ALL details are not transparent. Again, how dare your company conceal the release of payment address information...how are you trying to protect/fool?

• Contact us immediately if you have any suspicions

Consistent communication is what you received from my end. Allow me to sum up BTCrow's support and fill in some gaps had any party wish to use this company. While using BTCrow escrow, I learned the 1 day inspection period would not be followed by an immediate release of payment. Support shares a 7 day security period is followed by the inspection period (had the buyer not take the initiative to go out to their way to release the payment). Further, 7 day security period is later defined/clarified by BTCrow support as 7 business day period....
Perhaps during, or better yet, before the inspection & security period, BTCrow should take notice of an IP log consisting of half use from Texas & the other traffic from Amsterdam?
IP Log:
87.226.2.122
176.126.252.12
87.226.2.122
99.99.185.213
87.226.2.122
99.99.185.213
87.226.2.122
99.99.185.213

[956Vette]

956Vette, I've already sent the information requested by private, we have a privacy policy but you are free to publish your own information.
Some of the headers of your received emails are spuffed emails. It can be a "man in the middle" attack between you and us. As I recommended initially go to the police.

I was skeptical for several reasons:

- There were 4 previous transactions with different amounts, in one of them the IP of buyer and seller were the same.
- The buyer never replied to any of our emails.
- After initiated the inspection period the buyer has the option to release the payment, but he never release the payment.
- You contact us three times about this and I told you two times that request the of release payment (a option in the seller panel), but you preferred to wait until the transaction expire.

And finally the payment is released but strangely you do not receive it. For me it was very rare. But after seeing the emails spuffed undoubtedly some kind of scam has occurred and will do everything possible to help you find the culprit.

Thanks again for your cooperation BTCrow.

It's painfully obvious BTCrow protects themselves, ensuring they receive payments & disregards the security of their customers.

Allow my rebuttal for your skepticisms:
- There were 4 previous transactions with different amounts, in one of them the IP of buyer and seller were the same.
I recall only 1 previous transaction which was indeed for a different amount. Living in USA, I made a deal with an international buyer in USD. The deal was for 23k (USD) which was agreed upon in the beginning of Oct 2015. At the time, that translated to roughly 100 btc. Buyer needed a couple weeks to gather funds and then more time to acquire bitcoins. Early in Nov, when bitcoin value spiked, and rapidly dropped, receiving 48 coins was not welcomed and therefor I initiated a new transaction which the buyer agreed upon, totaling ~59 btc.
- The buyer never replied to any of our emails.
Did you require the buyer to reply to your emails? I also do not enjoy talking to this buyer and preferred doing business as passively/peacefully as possible.
- After initiated the inspection period the buyer has the option to release the payment, but he never release the payment.
I had given the buyer plenty of time & as I grew impatient I did make a special request for him to release payment. By the time he replied, the payment had been released to the fraudulent address.
- You contact us three times about this and I told you two times that request the of release payment (a option in the seller panel), but you preferred to wait until the transaction expire.
Some degree of arrogance you have to make such an assumption. What, were you in a rush to pay the fraudulent wallet? I do not understand 90% of your skepticism, but thanks for sharing - truly enlightening information from BTCrow!

[TYPEcoin]

Do you think!?maybe the buyer is the same person
I'm just saying because is very weard what I just read
Sorry for you.

[BitcoinBud44]

Wow.
Nearly a $30,000 loss...
Dude, I feel for you.

Go to the police.

[keystroke]

I was contacted about this thread by our mutual friend DP. Can you paste email headers of the supposedly spoofed emails? We can see if they were spoofed or not. Of course they could have made them appear spoofed to engage in this fraud.

[956Vette]

Thank you very much, appreciate the clarity as I have been curious how a subdomain from btcrow (s2.btcrow) equates to a spoofed email/address.

Email #1) Please confirm transaction
Delivered-To: m********c@gmail.com
Received: by 10.194.134.66 with SMTP id pi2csp246460wjb;
        Sat, 7 Nov 2015 06:07:49 -0800 (PST)
X-Received: by 10.28.133.133 with SMTP id h127mr16713029wmd.41.1446905269821;
        Sat, 07 Nov 2015 06:07:49 -0800 (PST)
Return-Path: <admin@s2.btcrow.com>
Received: from s2.btcrow.com ([5.134.117.43])
        by mx.google.com with ESMTPS id uz5si6579998wjc.199.2015.11.07.06.07.49
        for <m********c@gmail.com>
        (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
        Sat, 07 Nov 2015 06:07:49 -0800 (PST)
Received-SPF: neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of admin@s2.btcrow.com) client-ip=5.134.117.43;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of admin@s2.btcrow.com) smtp.mailfrom=admin@s2.btcrow.com;
       dkim=temperror (no key for signature) header.i=@btcrow.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=btcrow.com; s=mail;
   h=Date:Message-Id:Reply-To:From:Content-type:MIME-Version:Subject:To; bh=oSgjeZxnH8emju5vkrpa969ANgF0uT2poQPs7vBqYvU=;
   b=bqpdiVWIFv6bpNdUOUfP/xYsSs2m9sIyvjUA+mceu+sRYxKjtp7bHSJNBFo1N8c/ahaDeSQdPydtFGRuMpa4h4I8KbZdOgE6gKdFX/WEnX5wzqi7oG4HetqE4Ut7Yx8uDQyZAzaaBImy+AcV/ue8t3Yn8c7NeHtlJsuxShWD1/I=;
Received: from admin by s2.btcrow.com with local (Exim 4.80)
   (envelope-from <admin@s2.btcrow.com>)
   id 1Zv48k-0001pc-23; Sat, 07 Nov 2015 09:06:46 -0500
To: m********c@gmail.com
Subject: Please confirm transaction #JLdhofwi4E563e05376f1e2
X-PHP-Originating-Script: 1000:functions.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: BTCrow.com<noreply@btcrow.com>
Reply-To: support@btcrow.com
X-Mailer: PHP/5.4.41-0+deb7u1
Message-Id: <E1Zv48k-0001pc-23@s2.btcrow.com>
Date: Sat, 07 Nov 2015 09:06:46 -0500

---

Email #2) Payment Received
Delivered-To: m********c@gmail.com
Received: by 10.194.134.66 with SMTP id pi2csp1281408wjb;
        Mon, 9 Nov 2015 08:31:05 -0800 (PST)
X-Received: by 10.28.16.203 with SMTP id 194mr28935765wmq.55.1447086665479;
        Mon, 09 Nov 2015 08:31:05 -0800 (PST)
Return-Path: <admin@s2.btcrow.com>
Received: from s2.btcrow.com ([5.134.117.43])
        by mx.google.com with ESMTPS id u8si19143549wja.11.2015.11.09.08.31.05
        for <m********c@gmail.com>
        (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
        Mon, 09 Nov 2015 08:31:05 -0800 (PST)
Received-SPF: neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of admin@s2.btcrow.com) client-ip=5.134.117.43;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of admin@s2.btcrow.com) smtp.mailfrom=admin@s2.btcrow.com;
       dkim=temperror (no key for signature) header.i=@btcrow.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=btcrow.com; s=mail;
   h=Date:Message-Id:Reply-To:From:Content-type:MIME-Version:Subject:To; bh=p/D8Vsdp6CJfm3ZqoUCUDqJIwKHDiYebsdLWG/5WJAs=;
   b=qOmf5WNbrBrJArCmUDoxoLa4+6+G0PR0oWM2Ti4qpm54r2ACsjQqoQ4DfZL5pSd12fYlaWyvWmJyNqkRAHmrONTvvSEFxQKWM2pyFVf0vOiTQhYbh/0hYe/5Xp5EsQHVhM2Wo+uC2dUxBhhuBS3GZaxvphjIAYp+P9MoI8Hawdw=;
Received: from admin by s2.btcrow.com with local (Exim 4.80)
   (envelope-from <admin@s2.btcrow.com>)
   id 1ZvpKT-0003a2-Ih; Mon, 09 Nov 2015 11:30:01 -0500
To: m********c@gmail.com
Subject: BTCrow Transaction - Payment Received
X-PHP-Originating-Script: 1000:functions.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: BTCrow.com<noreply@btcrow.com>
Reply-To: support@btcrow.com
X-Mailer: PHP/5.4.41-0+deb7u1
Message-Id: <E1ZvpKT-0003a2-Ih@s2.btcrow.com>
Date: Mon, 09 Nov 2015 11:30:01 -0500

---

Email #3) Item(s) Sent
Delivered-To: m********c@gmail.com
Received: by 10.194.82.65 with SMTP id g1csp725947wjy;
        Wed, 11 Nov 2015 05:37:47 -0800 (PST)
X-Received: by 10.194.184.7 with SMTP id eq7mr10210720wjc.26.1447249067420;
        Wed, 11 Nov 2015 05:37:47 -0800 (PST)
Return-Path: <admin@s2.btcrow.com>
Received: from s2.btcrow.com ([5.134.117.43])
        by mx.google.com with ESMTPS id m134si12576512wmd.84.2015.11.11.05.37.47
        for <m********c@gmail.com>
        (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
        Wed, 11 Nov 2015 05:37:47 -0800 (PST)
Received-SPF: neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of admin@s2.btcrow.com) client-ip=5.134.117.43;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of admin@s2.btcrow.com) smtp.mailfrom=admin@s2.btcrow.com;
       dkim=temperror (no key for signature) header.i=@btcrow.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=btcrow.com; s=mail;
   h=Date:Message-Id:Reply-To:From:Content-type:MIME-Version:Subject:To; bh=WIAaNewrELU1UVcg10meMm302ZfGK8n1waZ0XUrQyhE=;
   b=soaFtkL98eZLBarsFryG+Wc8CFG8knnUMJbet2g+BoOGPxNvZzd5dlbU87nTGhHXR87Vz2VONLGJ38TPy37w0tkC3iMOXFapjiH1jf0SwRg2oBJ/RtO7ctj+9/zBQJ0Z7fKlDbKM/kVfkn+Um6mwy52krBMD29aUNoi+TYQC2lk=;
Received: from admin by s2.btcrow.com with local (Exim 4.80)
   (envelope-from <admin@s2.btcrow.com>)
   id 1ZwVZq-0006YF-CO; Wed, 11 Nov 2015 08:36:42 -0500
To: m********c@gmail.com
Subject: Item(s) Sent - Transaction #JLdhofwi4E563e05376f1e2
X-PHP-Originating-Script: 1000:functions.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: BTCrow.com<noreply@btcrow.com>
Reply-To: support@btcrow.com
X-Mailer: PHP/5.4.41-0+deb7u1
Message-Id: <E1ZwVZq-0006YF-CO@s2.btcrow.com>
Date: Wed, 11 Nov 2015 08:36:42 -0500

---

Email #4) Item(s) Received
Delivered-To: m********c@gmail.com
Received: by 10.194.82.65 with SMTP id g1csp783389wjy;
        Wed, 11 Nov 2015 07:31:57 -0800 (PST)
X-Received: by 10.28.11.207 with SMTP id 198mr38691064wml.47.1447255917015;
        Wed, 11 Nov 2015 07:31:57 -0800 (PST)
Return-Path: <admin@s2.btcrow.com>
Received: from s2.btcrow.com ([5.134.117.43])
        by mx.google.com with ESMTPS id cm4si12276047wjb.78.2015.11.11.07.31.56
        for <m********c@gmail.com>
        (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
        Wed, 11 Nov 2015 07:31:56 -0800 (PST)
Received-SPF: neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of admin@s2.btcrow.com) client-ip=5.134.117.43;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 5.134.117.43 is neither permitted nor denied by best guess record for domain of admin@s2.btcrow.com) smtp.mailfrom=admin@s2.btcrow.com;
       dkim=temperror (no key for signature) header.i=@btcrow.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=btcrow.com; s=mail;
   h=Date:Message-Id:Reply-To:From:Content-type:MIME-Version:Subject:To; bh=fnRvQWnXwd5j2ghFrxzr48uwS3UB/PJeo11gogcEdqo=;
   b=fWVMXX7YgBx610QQhR52lgJdruPJToc26ok1iAGsohIiRwsTsDjciDlbKbI0f1cylZoeOyUTipejWiwjLVK3ujca8zdHw8auTjmJHdvNZTuXzPQZEwFJF4vtUB7UisIsfL6oDVszzsqR9ytoxdTZrWQ8EgmQn5MhirERHaPzoDk=;
Received: from admin by s2.btcrow.com with local (Exim 4.80)
   (envelope-from <admin@s2.btcrow.com>)
   id 1ZwXMI-0000Ik-JD; Wed, 11 Nov 2015 10:30:50 -0500
To: m********c@gmail.com
Subject: Item(s) Received - Transaction #JLdhofwi4E563e05376f1e2
X-PHP-Originating-Script: 1000:functions.php
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: BTCrow.com<noreply@btcrow.com>
Reply-To: support@btcrow.com
X-Mailer: PHP/5.4.41-0+deb7u1
Message-Id: <E1ZwXMI-0000Ik-JD@s2.btcrow.com>
Date: Wed, 11 Nov 2015 10:30:50 -0500

---

Email #5) Funds released
Delivered-To: m********c@gmail.com
Received: by 10.194.82.65 with SMTP id g1csp1961217wjy;
        Sun, 22 Nov 2015 22:09:47 -0800 (PST)
X-Received: by 10.68.162.193 with SMTP id yc1mr28778151pbb.148.1448258987816;
        Sun, 22 Nov 2015 22:09:47 -0800 (PST)
Return-Path: <support@btcrow.com>
Received: from a2i559.smtp2go.com (a2i559.smtp2go.com. [103.47.206.47])
        by mx.google.com with ESMTPS id b69si17141613pfd.30.2015.11.22.22.09.46
        for <m********c@gmail.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 22 Nov 2015 22:09:47 -0800 (PST)
Received-SPF: neutral (google.com: 103.47.206.47 is neither permitted nor denied by domain of support@btcrow.com) client-ip=103.47.206.47;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 103.47.206.47 is neither permitted nor denied by domain of support@btcrow.com) smtp.mailfrom=support@btcrow.com;
       dkim=pass header.i=@smtpcorp.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
   d=smtpcorp.com; s=a0-2; h=Feedback-ID:X-Smtpcorp-Track:Date:Message-ID:
   Subject:From:To; bh=sOwQYQhFQoAZ5OMPxm63XNji2FH5UA9efNyQgc8d9IA=; b=jNWCKZDMp
   P5o9hpzb4ITomHD7vuJvlFQY7RoWfuVG46nAKjScK8v5tTbg1BnWrHc4XgZCbF3DWtcxyBAE4DyQl
   ApEecKAc41yM4tzrY/0Gx9ptjoTQ8MwAF+xGlxV5WN2F5VJhhcbx7vGsKirXnu4rxLxX76DfDZaQz
   woAVLtnvUqSXy5NalOejHnuDNbewbZb+znCsf0teLIC+IbKjOHreZd6HVLQ9bt1OODkC0iTFMfQy4
   0BvGET2D/cq6R6A+cyc8Sw5Cm26aoudQIc89ZuhGfDgY0sl/gFw0Jh5SyCD4uQCnRctFICxyFaB2Y
   V1iYC0527223X0qC4KlXhw8kQ==;
To: m********c@gmail.com
From: BTCrow <support@btcrow.com>
Subject: Funds released for btcrow.com transaction #JLdhofwi4E563e05376f1e2
 [Transaction Expired]
Message-ID: <5652AD84.3080207@btcrow.com>
Date: Mon, 23 Nov 2015 06:09:08 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Smtpcorp-Track: 1a0kJq4pkR2QK5.lr2nuuP1q
Feedback-ID: 175870m:175870aw3Cd9W:175870sR_HtFR_JQ:SMTPCORP
X-Report-Abuse: Please forward a copy of this message, including all
 headers, to <abuse@smtp2go.com>

[keystroke]

Do you know which email is that one that is supposedly spoofed?

[keystroke]

Did you see the new message which pops up when you go to their site?

[keystroke]

It looks like it came from a webmail program iRedMail, running on a VPS in Alicante, Spain.

X-PHP-Originating-Script: 1000:functions.php

The IP of that machine is 5.134.117.43. This is the hosting provider, http://lowendbox.com/tag/ginernet-com/

[956Vette]

Did you see the new message which pops up when you go to their site?

Thank you key!

IMPORTANT
Please remember, we NEVER send the escrow's payment address via email. If you receive a bitcoin address via email is being victim of a scam with a spoofed email address.

Unsure this message from BTCrow is new or helpful, hopefully they will update & amend their protocol asap. It is clear they still only worry about the receipt of payments to them & place no priority to see the payout reaches a legitimate address. Further, the frauds/hackers are privy to their bogus service which fails to safeguard funds and are able to take full advantage. Indeed BTCrow is either a selective scammer and/or utterly incompetent.

[keystroke]

Maybe you want to contact the hosting provider and ask them who owns 5.134.117.43 at the moment. The host takes bitcoin though so it might be hard to trace. They also do CC, PayPal, and wire transfer.

[956Vette]

So long BTCrow, good luck with your plan to scam another party via your website/'business' sale!

Thank you for being a lying scumbag & making off with undeserved/stolen btc!
View BTCrow support deceiving their customer when ask where the payment was/went. They claim the receiver address was stored encrypted via email: http://imgur.com/X3rBbyj

and clearly the selective scammers have full access to payout address they choose to withhold within their admin:
https://i.imgur.com/puzErTr.jpg

Thanks also for ducking legal and attorney contact you piece of work.

NOBODY purchase BTCrow.com the SCAM Escrow Fraud

[TYPEcoin]

Totally not surprised at all. This site was sold 2-3 times since its inception.

The owner prior to the guy that just scammed you was selling the site for $1300 in December 2014.

The new owner just made a 20k + profit by scamming you, and who knows how many others. Not a bad gig. Now he will sell the site and the next owner will continue to selectively scam.

There is no NEW OWNER,is the fucking same. 

[Fortify]

Just because a website uses the word escrow, doesn't make them trustworthy, why would anyone send such sums to random strangers on the internet? Looks like they played you for a fool and used insider knowledge to manipulate your funds into their wallet. Probably not hard to find whoever is behind BTCrow, but they are probably on holiday right now spending your money. Karma will come back to get them but the police will help too.

[956Vette]

NOBODY purchase BTCrow the SCAM Escrow Fraud

Again, gfy BTCrow & thank you for your disservice to the community. Real class act you are to advertise your 59btc scam against me a top your commissions spreadsheet to prospective buyers: http://imgur.com/NMNbitB

Shame on the buyer who has interest in buying BTCrow (particularly as they claim someone is bidding upwards of 1300btc)!

[956Vette]

About 5 years back, BTCrow was purchased by:
                             
William Hulskamp - from Australia                   
biometrics74[at]gmail.com 

He sent me an email before telling me his name is Paul, so I don't think he resold the website and this is the guy who scammed everyone.

here's the body of email:
==================================================================

Hi,

Could you provide a little more info on this site. Do you have any
aggregated statistics for escrow transactions e.g.

Number of transactions (per month, since started ...)
Average transaction value

Also what are the hosting requirements? e.g. Windows, Linux ...
development platform(s) (php, perl ...), database (mysql?), and third
party software requirements. Also could it run on shared hosting?

Kind Regards,

Paul


and the full headers:

============================================================

Received: by 10.236.80.66 with SMTP id j42mr3784528yhe.98.1316067618616;
        Wed, 14 Sep 2011 23:20:18 -0700 (PDT)
Received: from [10.66.32.101] (s044E.static.pacific.net.au [61.8.19.78])
        by mx.google.com with ESMTPS id k12sm12984312anc.19.2011.09.14.23.20.15
        (version=SSLv3 cipher=OTHER);
        Wed, 14 Sep 2011 23:20:17 -0700 (PDT)
Message-ID: <4E71990A.20403@gmail.com>
Date: Thu, 15 Sep 2011 16:19:54 +1000
From: bios <biometrics74

• gmail.com>

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: netxxxxxxe@hush.com
Subject: Flippa Auction - btcrow.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit