Escrow Partner got tricked

[Lutpin]

what the hell  http://prntscr.com/ab4q3y
id say that confirms someone got in my account here
why the hell would I set to ignore him ?
think I saw where to undo that yesterday  but I sure didn't set it

You can just click the "unignore" under his trust rating.
You will also find SebastianJu in this list: https://bitcointalk.org/index.php?action=profile;u=520313;sa=pmprefs
The user being ignored by your account in PM and messages, PMs being deleted, basic settings being changed without your knowledge,
face it, your account is compromised.

Next step for you should be finding out how your account was compromised. Go through a list of sites and pages you recently visited and check for malware on your PC. I'm still pretty certain you were phished by the member you were dealing with.

He would be the only one with a certain gain from this.

[1714749506]

1714749506

[1714749506]

1714749506

[1714749506]

1714749506

[1714749506]

1714749506

[amartin99]

I did not read all messages in this thread to be able to answer fast. amartin99 first asked me about a trade some days ago. I answered a bit late and he wrote that he already dealt with another user. Well in the meanwhile I already had sent out the escrow details and after hearing that I cleared the address.

Then the other trading partner got back and wanted the deal to happen. I asked amartin99 if he still wants to deal and he said yes. After negotiating the deal I sent a new escrow address. Though he sent to the old escrow address. I said it's fine, no problem should appear from that.

After a while I received a pm from him claiming that the trading partner had sent him the goods and that I should release the coins. After that I received a pm of the trading partner telling me his bitcoin address to release to.

Well, I released the coins of course since both parties were ok with it.

Now I received a pm of amartin99 that he got a pm from me that I released the coins even though he had not received anything. Well, first scare went over when I checked my inbox and found that exactly the same user amartin99 had send me the pm telling me to release the coins. I answered on his complain pm and found that only the trading partner received this answer because the forum told me that amartin99 has blocked me for receiving pm's from  me.

This sounds like a strange situation. I will read the thread now.

Of course admins and staff can check my pm's.

I scanned up my received PM's looking for the box where you gave the BTC address
you use code boxes to give them so they rather stand out
don't know how I could have made a mistake and sent to your older address but since that wasn't a problem (whatever)

I never sent that PM saying to release the funds but then again I also never set my account to ignore you
I have now found and removed that setting
I also changed my pass about 20 min ago
clearly someone else was accessing my account
the question is HOW
and what to do now
it's been many hours so I assume your send of the BTC has been confirmed

[The Sceptical Chymist]

in the end I have made 9-10 trades on this forum
gotten feedback for only one and lost $310
it's been a discouraging first week

Welcome to bitcointalk.  Do everything you can to protect yourself here, or else you'll end up losing everything. There are so many scammers on this forum it's unreal.

[Quickseller]

If what Seb says is true then he would not be at fault as it is his job to ensure that the terms of the trade are followed out and if the OP wants to release escrow prior to receiving the goods (or in this case fiat) that is his choice.

Unless Seb had previously agreed to only release escrow upon a signed message from the OP then there is no reason why he should be required to ask for one.

[Lutpin]

and what to do now

I'd do what xetsr proposed to do.

Next step for you should be finding out how your account was compromised. Go through a list of sites and pages you recently visited and check for malware on your PC. I'm still pretty certain you were phished by the member you were dealing with.

it's been many hours so I assume your send of the BTC has been confirmed

No need to asume, just check the blockchain, the outgoing transaction has 39 confirmations.
Those coins are gone for good.

[SebastianJu]

I reported all three pm's after checking that the User-ID of the buyer is the same in all PM's.

And I negrepped the scammer, which must be the seller then: https://bitcointalk.org/index.php?action=trust;u=561660

I already was wondering why the seller was a bit aggressive in wanting that deal to happen. Like "you wasted our time, sebastianju might negrep you" or so. It sounded scammy and since the trade already was done I asked the buyer if he wants to trade anyway. He wanted so the deal went through after I mentioned that the buyer only should proceed when he is aware of chargeback possibilities of PM. Well, it might be that PM is not chargebackable since the buyer wrote me so so I told him that I can't tell for sure and that he should inform himself and only proceed when he is aware that my protection ability only can go as far as the actual deal, it ends after I release the bitcoin.

Well, so far the deal was normal as buyer and seller were unique persons negotiating a deal. The real buyer sent the money and the hacker sent a fake email from buyers account.

I wonder how it happened that the account was compromised and it is a first for me that a hacker shares the account with a bitcointalk member. But thinking about how he wanted to deal I assume that he already had hacked the account at that time. Maybe he approached him because of that.


amartin99


Yes, the transaction is confirmed since some time already. :/ Though probably it would have gone through anyway.

I really would like to know how your account was compromised. The password of the forum should be sent encrypted with ssl, so even an VPN should not be able to read it. Must be more near your pc since it should not be the BCT-Server. Otherwise bigger victims would have been chosen.


Quickseller


The scammer wrote:

I received my PM escrow Please release BTC to ralobot.com.

Thank you.

[amartin99]

Ralobot.com never gave me any URL to visit that I can recall
and I don't see any in past PM's

I don't see how I could have been "fished"
I just did a quick search of my passwords and while this forums pass is used a couple other places  I have not been to either in a long time
and neither are something he would have thought to fake

I dono how he got into my account
but there is nothing more to be done here
I just need to find a way to guard against this risk

[xetsr]

Ralobot.com never gave me any URL to visit that I can recall
and I don't see any in past PM's

I don't see how I could have been "fished"
I just did a quick search of my passwords and while this forums pass is used a couple other places  I have not been to either in a long time
and neither are something he would have thought to fake

I dono how he got into my account
but there is nothing more to be done here
I just need to find a way to guard against this risk

Download anything lately? Dice bots, mining software and etc for example.

[amartin99]

Ralobot.com never gave me any URL to visit that I can recall
and I don't see any in past PM's

I don't see how I could have been "fished"
I just did a quick search of my passwords and while this forums pass is used a couple other places  I have not been to either in a long time
and neither are something he would have thought to fake

I dono how he got into my account
but there is nothing more to be done here
I just need to find a way to guard against this risk

Download anything lately? Dice bots, mining software and etc for example.

just this
https://codeload.github.com/jackjack-jj/pywallet/zip/master
it was sapost to help me clear out  my unconfirmed trades in BTC core
I looked at it but didn't use it
went with the altered icon route instead

well I got to get ready for work
maybe be back before going but got to get ready

[Lutpin]

I just need to find a way to guard against this risk

Including signed messages (like the escrow does it in PMs to you) in your PMs would be an idea.

[SebastianJu]

Ralobot.com never gave me any URL to visit that I can recall
and I don't see any in past PM's

I don't see how I could have been "fished"
I just did a quick search of my passwords and while this forums pass is used a couple other places  I have not been to either in a long time
and neither are something he would have thought to fake

I dono how he got into my account
but there is nothing more to be done here
I just need to find a way to guard against this risk

Well, one thing you should consider is not using the same password on different sites. That already lead to many damages.

Instead better use a password manager like keepass 2. You only need one really strong password you remember and don't user elsewhere. All other passwords can be get from that database and there is a plugin for firefox to fill out password information automatically.

Otherwise I would do a malware scan. But I wonder if he really compromised your pc or got your pass elsewhere and your pc is free.

Did you create the pass with a strange site?

[amartin99]

no I have some LONG passwords generated by robo forum
some times when im feeling lazy I copy that but leaving out a few letters so as to make it different
when I did a scan of my passwords I found that's where I did here
and used the same pass when joining a couple other things
these other 2 things are large unrelated companies
no way they where fishing sites

encrypting my pass sounds like a good idea

having the forum use SMS confirmation every time our IP changes would be better

[amartin99]

how do I encrypt my pass anyway ?

[mexxer-2]

So considering it was ralobot who received the funds and that the hacker had no selfish reason to not take the BTC for himself, should we tag him(Seems seb already did)?

[Lutpin]

So considering it was ralobot who received the funds and that the hacker had no selfish reason to not take the BTC for himself, should we tag him(Seems seb already did)?

xetsr aswell.
Interestingly, he got a negative feedback from ndnhc dating back several months about an unresolved scam accusation.

Should be tagged for selling carding methods. Follow the payivy link and you'll see what I'm talking about.

Agreed.

[xetsr]

So considering it was ralobot who received the funds and that the hacker had no selfish reason to not take the BTC for himself, should we tag him(Seems seb already did)?

Should be tagged for selling carding methods anyway. Follow the payivy link and you'll see what I'm talking about.

[Quickseller]

So considering it was ralobot who received the funds and that the hacker had no selfish reason to not take the BTC for himself, should we tag him(Seems seb already did)?

That is up to you, however it is really the OP's word against rainbot's.

If I were selling a physical coin to someone and I agree to send first, then my trading partner says the coin has not yet been received but sends me the BTC anyway I really cannot question that if I actually sent the coin (I would of course attempt to resolve the issue).

If rainbot wants to claim that he fulfilled his end of the trade then maybe he can provide some kind of tracking number.

Maybe the admins can look into the IP that was used when the PM to Seb was sent, this won't necessarily prove guilt but if the hacker was lazy then maybe he used the same IP.

[mexxer-2]

So considering it was ralobot who received the funds and that the hacker had no selfish reason to not take the BTC for himself, should we tag him(Seems seb already did)?

xetsr aswell.
Interestingly, he got a negative feedback from ndnhc dating back several months about an unresolved scam accusation.

Yeah I remember me and ndnhc discussing about that guy deleting any non-biased posts, and some other issues that I don't remember

So considering it was ralobot who received the funds and that the hacker had no selfish reason to not take the BTC for himself, should we tag him(Seems seb already did)?

Should be tagged for selling carding methods anyway. Follow the payivy link and you'll see what I'm talking about.

Will do , thanks.

If I were selling a physical coin to someone and I agree to send first, then my trading partner says the coin has not yet been received but sends me the BTC anyway I really cannot question that if I actually sent the coin (I would of course attempt to resolve the issue).

True, in that case a neg for GC carding and will PM him about this scam accusation, if a reply/public post is not received disputing the accusation, tags from other DT 2 members will be given. And well, getting a neg is not the end of the world if you can easily remove it later on

P.S: Also, what in the world is wrong with you and names? Every post/PM I know that you have posted, has at least one username spelled incorrectly  

Edit: Ah that kayenpal scammer

[Quickseller]

I am on my phone which is horrible with autocorrect plus it automatically zooms into the text field I am typing into so I can't compare what it was corrected to.

Right, if he is selling carded GC then a discussion about giving him a neg might be a moot point as long as it is clear they are carded. However I would not simply take the OPs word that he didn't send the PM in question....otherwise all someone would need to do to get someone negative trust is to setup a small deal with escrow then release escrow prior to receiving the goods.

[xetsr]

Edit: Ah that kayenpal scammer

Was wondering how long it would take for someone to notice  

Trust abuse accusations will be hard for this one.