Bitcoin Forum
May 24, 2022, 03:19:27 AM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [27] 28 29 30 31 »
  Print  
Author Topic: ♻️ CRYPTOMIXER.IO — FAST, SECURE and RELIABLE BITCOIN MIXER (Since 2016) ⭐⭐⭐⭐⭐  (Read 43111 times)
LoyceV
Legendary
*
Offline Offline

Activity: 2590
Merit: 10972


Thick-Skinned Gang Leader and Golden Feather


View Profile WWW
April 25, 2021, 11:45:02 AM
 #521

I got this answer:
Quote
Hello. The Letter of Guarantee you provided is signed with different address. Your letter signed by 1CrypMix3194qKbmZBeM2TRxgBu1gorrB4. Our public address 1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM was created back in 2016 and has never changed.
If their server was hacked, they have to give us our money. This is FRAUD!!!!!!!!
If the server is hacked, obviously the attacker can change the signing address as mentioned on the site. That makes it difficult to know with certainty which is the official signing address. At this moment, cryptomixns23scr.onion/faq.html shows 1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM, and was confirmed in this unedited post:
What you can do to make sure that the Letter of Guarantee has been generated not by third side besides checking the signature is to check the signing address provided in the Letter of Guarantee on the blockchain explorer. Our original signing address has been generated back in 2016 and has 32 pages of donation transactions on about 40 BTC in total and has never changed:

https://www.blockchain.com/btc/address/1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM
This address (1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM) was posted in this topic in 2016 by several users.
I'll leave neutral feedback with this information.

The cryptomixer.io and cryptomixns23scr.onion domains are registered back in 2016 and have never changed!

Stay vigilant!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
CRYPTOMIXER_LOST_MONEY
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
April 25, 2021, 03:48:18 PM
 #522

Lost 0.607 BTC still no refund! I think the site is scamming unfortunately.
CryptoMixer.io
Full Member
***
Offline Offline

Activity: 259
Merit: 112

Ever used CryptoMixer? Leave your feedback ↓


View Profile WWW
April 27, 2021, 02:11:21 AM
Last edit: April 27, 2021, 06:10:50 AM by CryptoMixer.io
Merited by LoyceV (6), Rath_ (2)
 #523

SECURITY REPORT

We were investigating issues where users reported the wrong signing address on our website. All of this users reported that they were on our website and their connection was secured by the fake SSL-certificate. All incidents were grouped by dates March 16-17 and April 19-20. The Letters of Guarantee of this users had the same fake signing addresses listed below:

  • 1CrypMixUKiXduy6J42nEzm4Z9CpJuXptS (March 16-17)
  • 1CrypMix3194qKbmZBeM2TRxgBu1gorrB4 (April 19-20)

While the original signing address was generated back in 2016 and has never changed:

  • 1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM (bookmark this very address if you are reading this)

To make it clear:
 
  • our servers were not hacked or compromised;
  • the operations of our customers did not fall into third hands;
  • this attack affected only those users who have got the fake signing address.

To understand what have happen to this users and how to avoid it for yourself, kindly read further.

Background

The Internet is a global network in enabling any connected host, identified by its unique IP address, to talk to any other, anywhere in the world. This is achieved by passing data from one router to another, repeatedly moving each packet closer to its destination. To do this, each router must be regularly supplied with up-to-date routing tables. At the global level, individual IP addresses are grouped together into "prefixes".

These prefixes are originated, or owned by an autonomous systems (AS) - groups of networks that operate under a single external routing policy.  For example, Sprint, Verizon, and AT&T each are an AS. Border Gateway Protocol (BGP) is the standard routing protocol used to exchange information about IP routing between autonomous systems.

Each AS uses BGP to advertise prefixes that it can deliver traffic to. For example, if the network prefix 192.0.2.0/24 , then that AS will advertise to its provider(s) and/or peer(s) that it can deliver any traffic destined for 192.0.2.0/24.

The problem is, by default the BGP protocol is designed to trust all route announcements sent by peers, and only few ISPs rigorously enforce checks on BGP sessions through security extensions available for BGP, and third-party route DB resources.

What is BGP hijacking?

BGP hijacking can occur deliberately or by accident in one of several ways:

  • An AS announces that it originates a prefix that it does not actually originate.
  • An AS announces a more specific prefix than what may be announced by the true originating AS.
  • An AS announces that it can route traffic to the hijacked AS through a shorter route than is already available, regardless of whether or not the route actually exists.

Common to these ways is their disruption of the normal routing of the network: packets end up being forwarded towards the wrong part of the network and then are found at the mercy of the offending AS. When an AS announces a route to IP prefixes that it does not actually control, this announcement, can spread and be added to routing tables in BGP routers across the Internet. It would be like claiming territory if there were no local government to verify and enforce property deeds.

Typically ISPs filter BGP traffic, allowing BGP advertisements from their downstream networks to contain only valid IP space. However, a history of hijacking incidents shows this is not always the case. There have been many examples of deliberate BGP hijacking:


What happened to our users?

During our investigation, we have found out that on the dates corresponding to the incidents one of the AS was broadcasting to BGP the fake route for our servers network and that route was used by some of ISPs (you can click diagrams for details).  


This way attackers rerouted HTTP-traffic to their servers, deceived the verification system of the global Certification Authority (CA) lettercrypt.org and issued a fake Domain Validation (DV) certificate, and were able to send the victims HTTPS-traffic to their servers either.  

It may seem surprising that the operator of a large network or group of networks, many of which are ISPs, would brazenly undertake such malicious activity. But considering that by some counts there are now over 80,000 autonomous systems globally, it is not surprising that some would be untrustworthy.

How to defend yourself?

Because BGP is built on the assumption that interconnected networks are telling the truth about which IP addresses they own, BGP hijacking is nearly impossible to stop at one moment. Though security extensions such as Resource Public Key Infrastructure (RPKI) are available for BGP, are still not widely deployed and adoption will takes time. It is very important to understand that the clear Internet infrastructure is dramatically insecure. You can face it both in cryptocurrency and the fiat worlds.

What you can do to make sure that the Letter of Guarantee has been generated not by third side, besides bookmarking our signing address and checking the signature, is to check the signing address provided in the Letter of Guarantee on the blockchain explorer. Our original signing address has been generated back in 2016 and has 32 pages of donation transactions on about 40 BTC in total and has never changed:


You will easily see if it is the freshly new generated address of scammers, like this one:


What will happen to victims of this incident?

We value our customers and their trust very high and do not want to leave them as victims in this situation. During coming days we will contact affected users and offer them an option to compensate the lost funds. We are aimed to provide the compensation till the end of this month. If you haven't contacted me or support@cryptomixer.io yet, get in touch and provide the LOG on your operation.

More info


CryptoKnight32
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
April 27, 2021, 01:11:51 PM
 #524

SECURITY REPORT

We were investigating issues where users reported the wrong signing address on our website. All of this users reported that they were on our website and their connection was secured by the fake SSL-certificate. All incidents were grouped by dates March 16-17 and April 19-20. The Letters of Guarantee of this users had the same fake signing addresses listed below:

  • 1CrypMixUKiXduy6J42nEzm4Z9CpJuXptS (March 16-17)
  • 1CrypMix3194qKbmZBeM2TRxgBu1gorrB4 (April 19-20)

While the original signing address was generated back in 2016 and has never changed:

  • 1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM (bookmark this very address if you are reading this)

To make it clear:
 
  • our servers were not hacked or compromised;
  • the operations of our customers did not fall into third hands;
  • this attack affected only those users who have got the fake signing address.

To understand what have happen to this users and how to avoid it for yourself, kindly read further.

Background

The Internet is a global network in enabling any connected host, identified by its unique IP address, to talk to any other, anywhere in the world. This is achieved by passing data from one router to another, repeatedly moving each packet closer to its destination. To do this, each router must be regularly supplied with up-to-date routing tables. At the global level, individual IP addresses are grouped together into "prefixes".

These prefixes are originated, or owned by an autonomous systems (AS) - groups of networks that operate under a single external routing policy.  For example, Sprint, Verizon, and AT&T each are an AS. Border Gateway Protocol (BGP) is the standard routing protocol used to exchange information about IP routing between autonomous systems.

Each AS uses BGP to advertise prefixes that it can deliver traffic to. For example, if the network prefix 192.0.2.0/24 , then that AS will advertise to its provider(s) and/or peer(s) that it can deliver any traffic destined for 192.0.2.0/24.

The problem is, by default the BGP protocol is designed to trust all route announcements sent by peers, and only few ISPs rigorously enforce checks on BGP sessions through security extensions available for BGP, and third-party route DB resources.

What is BGP hijacking?

BGP hijacking can occur deliberately or by accident in one of several ways:

  • An AS announces that it originates a prefix that it does not actually originate.
  • An AS announces a more specific prefix than what may be announced by the true originating AS.
  • An AS announces that it can route traffic to the hijacked AS through a shorter route than is already available, regardless of whether or not the route actually exists.

Common to these ways is their disruption of the normal routing of the network: packets end up being forwarded towards the wrong part of the network and then are found at the mercy of the offending AS. When an AS announces a route to IP prefixes that it does not actually control, this announcement, can spread and be added to routing tables in BGP routers across the Internet. It would be like claiming territory if there were no local government to verify and enforce property deeds.

Typically ISPs filter BGP traffic, allowing BGP advertisements from their downstream networks to contain only valid IP space. However, a history of hijacking incidents shows this is not always the case. There have been many examples of deliberate BGP hijacking:


What happened to our users?

During our investigation, we have found out that on the dates corresponding to the incidents one of the AS was broadcasting to BGP the fake route for our servers network and that route was used by some of ISPs (you can click diagrams for details).  


This way attackers rerouted HTTP-traffic to their servers, deceived the verification system of the global Certification Authority (CA) lettercrypt.org and issued a fake Domain Validation (DV) certificate, and were able to send the victims HTTPS-traffic to their servers either.  

It may seem surprising that the operator of a large network or group of networks, many of which are ISPs, would brazenly undertake such malicious activity. But considering that by some counts there are now over 80,000 autonomous systems globally, it is not surprising that some would be untrustworthy.

How to defend yourself?

Because BGP is built on the assumption that interconnected networks are telling the truth about which IP addresses they own, BGP hijacking is nearly impossible to stop at one moment. Though security extensions such as Resource Public Key Infrastructure (RPKI) are available for BGP, are still not widely deployed and adoption will takes time. It is very important to understand that the clear Internet infrastructure is dramatically insecure. You can face it both in cryptocurrency and the fiat worlds.

What you can do to make sure that the Letter of Guarantee has been generated not by third side, besides bookmarking our signing address and checking the signature, is to check the signing address provided in the Letter of Guarantee on the blockchain explorer. Our original signing address has been generated back in 2016 and has 32 pages of donation transactions on about 40 BTC in total and has never changed:


You will easily see if it is the freshly new generated address of scammers, like this one:


What will happen to victims of this incident?

We value our customers and their trust very high and do not want to leave them as victims in this situation. During coming days we will contact affected users and offer them an option to compensate the lost funds. We are aimed to provide the compensation till the end of this month. If you haven't contacted me or support@cryptomixer.io yet, get in touch and provide the LOG on your operation.

More info




seems like an over explained excuse version of 'our server got hacked' and now he is just trying to cover his ass....

if these guys can magically re route traffic for IP address, why they did it to some site like cryptomixer.io instead of coinbase, blockchain.com, binance..... anyway.. i hope they will actually refund and this is not just a cover to scam more... seems fishy.
LoyceV
Legendary
*
Offline Offline

Activity: 2590
Merit: 10972


Thick-Skinned Gang Leader and Golden Feather


View Profile WWW
April 27, 2021, 01:33:26 PM
 #525

we will contact affected users and offer them an option to compensate the lost funds.
Have you considered the possibility the attacker can claim to be a victim too? All they need is to sign a transaction from their own fake 1CrypMix address.

if these guys can magically re route traffic for IP address, why they did it to some site like cryptomixer.io instead of coinbase, blockchain.com, binance.....
This possibility worries me a lot more!

benesiaxd
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
April 28, 2021, 03:51:42 AM
 #526

Did you get a refund??

This is an update of lost money issue

Finally, the investigation of the lost money is over. Today i received a positive reply from CryptoMixer.io. This is the reply
Hello,

We have finished our investigation. Thank you for provided information and your patience. Could you kindly confirm that you still have access to the source address of your transaction XXXXXXXXXXXXXX ?





Seems like i soon will have my money back  Smiley  Smiley  Smiley


Thank you, CryptoMixer!



jeffi447
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
April 28, 2021, 08:08:51 AM
 #527

Update: He wrote me on Monday., i confirmed the address. Currently i have still no refund.
I will keep you updated.
benesiaxd
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
April 28, 2021, 02:03:52 PM
 #528

I have been 100% refunded!


I will remove all my negative previous posts about CryptoMxier.io in this forum.

The next time someone comes up with this company, I want to tell him something like this.

There is no company like this one.


VERY THANK YOU
jeffi447
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
April 28, 2021, 04:47:07 PM
 #529

100% refunded! I will remove all my negative previous posts about CryptoMxier.io in this forum. Thank you CryptoMixer.io
kiikii09
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
April 29, 2021, 08:14:02 AM
 #530

I've received a 100% refund. Deleted all my comments above.

A note for everyone mixing in the future, always double check the signing address before mixing.
CryptoMixer.io
Full Member
***
Offline Offline

Activity: 259
Merit: 112

Ever used CryptoMixer? Leave your feedback ↓


View Profile WWW
May 01, 2021, 06:17:05 AM
Last edit: May 06, 2021, 01:10:45 PM by CryptoMixer.io
 #531

SECURITY REPORT

We were investigating issues where users reported the wrong signing address on our website. All of this users reported that they were on our website and their connection was secured by the fake SSL-certificate. All incidents were grouped by dates March 16-17 and April 19-20. The Letters of Guarantee of this users had the same fake signing addresses listed below:

  • 1CrypMixUKiXduy6J42nEzm4Z9CpJuXptS (March 16-17)
  • 1CrypMix3194qKbmZBeM2TRxgBu1gorrB4 (April 19-20)

While the original signing address was generated back in 2016 and has never changed:

  • 1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM (bookmark this very address if you are reading this)

To make it clear:
 
  • our servers were not hacked or compromised;
  • the operations of our customers did not fall into third hands;
  • this attack affected only those users who have got the fake signing address.

To understand what have happen to this users and how to avoid it for yourself, kindly read further.

Background

The Internet is a global network in enabling any connected host, identified by its unique IP address, to talk to any other, anywhere in the world. This is achieved by passing data from one router to another, repeatedly moving each packet closer to its destination. To do this, each router must be regularly supplied with up-to-date routing tables. At the global level, individual IP addresses are grouped together into "prefixes".

These prefixes are originated, or owned by an autonomous systems (AS) - groups of networks that operate under a single external routing policy.  For example, Sprint, Verizon, and AT&T each are an AS. Border Gateway Protocol (BGP) is the standard routing protocol used to exchange information about IP routing between autonomous systems.

Each AS uses BGP to advertise prefixes that it can deliver traffic to. For example, if the network prefix 192.0.2.0/24 , then that AS will advertise to its provider(s) and/or peer(s) that it can deliver any traffic destined for 192.0.2.0/24.

The problem is, by default the BGP protocol is designed to trust all route announcements sent by peers, and only few ISPs rigorously enforce checks on BGP sessions through security extensions available for BGP, and third-party route DB resources.

What is BGP hijacking?

BGP hijacking can occur deliberately or by accident in one of several ways:

  • An AS announces that it originates a prefix that it does not actually originate.
  • An AS announces a more specific prefix than what may be announced by the true originating AS.
  • An AS announces that it can route traffic to the hijacked AS through a shorter route than is already available, regardless of whether or not the route actually exists.

Common to these ways is their disruption of the normal routing of the network: packets end up being forwarded towards the wrong part of the network and then are found at the mercy of the offending AS. When an AS announces a route to IP prefixes that it does not actually control, this announcement, can spread and be added to routing tables in BGP routers across the Internet. It would be like claiming territory if there were no local government to verify and enforce property deeds.

Typically ISPs filter BGP traffic, allowing BGP advertisements from their downstream networks to contain only valid IP space. However, a history of hijacking incidents shows this is not always the case. There have been many examples of deliberate BGP hijacking:


What happened to our users?

During our investigation, we have found out that on the dates corresponding to the incidents one of the AS was broadcasting to BGP the fake route for our servers network and that route was used by some of ISPs (you can click diagrams for details).  


This way attackers rerouted HTTP-traffic to their servers, deceived the verification system of the global Certification Authority (CA) lettercrypt.org and issued a fake Domain Validation (DV) certificate, and were able to send the victims HTTPS-traffic to their servers either.  

It may seem surprising that the operator of a large network or group of networks, many of which are ISPs, would brazenly undertake such malicious activity. But considering that by some counts there are now over 80,000 autonomous systems globally, it is not surprising that some would be untrustworthy.

How to defend yourself?

Because BGP is built on the assumption that interconnected networks are telling the truth about which IP addresses they own, BGP hijacking is nearly impossible to stop at one moment. Though security extensions such as Resource Public Key Infrastructure (RPKI) are available for BGP, are still not widely deployed and adoption will takes time. It is very important to understand that the clear Internet infrastructure is dramatically insecure. You can face it both in cryptocurrency and the fiat worlds.

What you can do to make sure that the Letter of Guarantee has been generated not by third side, besides bookmarking our signing address and checking the signature, is to check the signing address provided in the Letter of Guarantee on the blockchain explorer. Our original signing address has been generated back in 2016 and has 32 pages of donation transactions on about 40 BTC in total and has never changed:


You will easily see if it is the freshly new generated address of scammers, like this one:


What will happen to victims of this incident?

We value our customers and their trust very high and do not want to leave them as victims in this situation. During coming days we will contact affected users and offer them an option to compensate the lost funds. We are aimed to provide the compensation till the end of this month. If you haven't contacted me or support@cryptomixer.io yet, get in touch and provide the LOG on your operation.

More info




OFFICIAL UPDATE

Further update on this issue.

Currently, we have compensated everyone who provided verifiable proof of a transaction. This process was complicated by the fact that different people applied for refunds with the same Letters of Guarantee, some of them were falsified, while others did not have letters - in all such cases, we had to make compensation only to the original source of the transaction. Kindly note, this payments are not a refund of the funds that we have received - but our voluntary compensation to the victims of this incident, so we ask you to understand the precautions that we apply with understanding.
[/quote]
CRYPTOMIXER_LOST_MONEY
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
May 03, 2021, 01:57:47 PM
 #532

received a full refund of over 60,000 USD. This website can be trusted!
MiMvictim
Newbie
*
Offline Offline

Activity: 20
Merit: 1


View Profile
May 08, 2021, 11:39:48 AM
Merited by Ratimov (1)
 #533

Still waiting for my refund of 5 digits, got compensated peanuts compared to my real issue.
Like stated earlier i’ve already lost $8k that i CAN NEVER GET back because of the missing letter of guarantee
And on top of that they’re saying my letter is not valid like wtf you can clearly see you’ve compensated me the other transaction ON THE SAME ADRESS
How do you expect me to solve this its not my fault its not like its my website, how can you put your customer of years and years through such pain!

I am absolutely in shock as the realisation of me having lost over 30k now is settling in.

@CryptoMixer.io - Please please please help me out im literally begging you  Cry
LoyceV
Legendary
*
Offline Offline

Activity: 2590
Merit: 10972


Thick-Skinned Gang Leader and Golden Feather


View Profile WWW
May 08, 2021, 11:43:24 AM
 #534

And on top of that they’re saying my letter is not valid like wtf you can clearly see you’ve compensated me the other transaction ON THE SAME ADRESS
The Letter of Guarantee contains a signed message, right? Have you verified it by yourself?

MiMvictim
Newbie
*
Offline Offline

Activity: 20
Merit: 1


View Profile
May 08, 2021, 12:04:46 PM
 #535

And on top of that they’re saying my letter is not valid like wtf you can clearly see you’ve compensated me the other transaction ON THE SAME ADRESS
The Letter of Guarantee contains a signed message, right? Have you verified it by yourself?

Yes bro via; https://tools.bitcoin.com/verify-message/
And it is valid but yet they say yes we need more proof can you sign msg with ur wallet that u sent the money from in february.
——————————————————————————————————————————————————————————
LoyceV
Legendary
*
Offline Offline

Activity: 2590
Merit: 10972


Thick-Skinned Gang Leader and Golden Feather


View Profile WWW
May 08, 2021, 12:38:39 PM
 #536

And it is valid but yet they say yes we need more proof can you sign msg with ur wallet that u sent the money from in february.
That's not a bad thing, considering the fact that you've shared the signed message online to verify it (instead of using your own wallet), and multiple claims have been made from the same Letter of Guarantee:
different people applied for refunds with the same Letters of Guarantee

Batcomq
Newbie
*
Offline Offline

Activity: 29
Merit: 7


View Profile
May 09, 2021, 09:40:43 AM
 #537

You should use your own wallet to verify the signed message.

How can I verify it using my wallet?
Batcomq
Newbie
*
Offline Offline

Activity: 29
Merit: 7


View Profile
May 09, 2021, 09:47:25 AM
 #538

Be careful don't send anything for now. Seems cryptomixr got hacked again. Now they are showing an unofficial signature wallet 1CrypMixAFEt56Mqts2sFnTF1RPCwE1BXk

@cryptomixr can you confirm if this are your new wallet?
LoyceV
Legendary
*
Offline Offline

Activity: 2590
Merit: 10972


Thick-Skinned Gang Leader and Golden Feather


View Profile WWW
May 09, 2021, 09:47:49 AM
 #539

You should use your own wallet to verify the signed message.
How can I verify it using my wallet?
Electrum: click Tools > Sign/verify Message
Bitcoin Core: click File > Verify message

Be careful don't send anything for now. Seems cryptomixr got hacked again. Now they are showing an unofficial signature wallet 1CrypMixAFEt56Mqts2sFnTF1RPCwE1BXk
I just checked https://cryptomixer.io/ and http://cryptomixns23scr.onion/: both sign the LoG from this address: 1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM.

Quote
@cryptomixr can you confirm if this are your new wallet?
Of course it's not their address! Signing addresses shouldn't change!

MiMvictim
Newbie
*
Offline Offline

Activity: 20
Merit: 1


View Profile
May 10, 2021, 12:11:45 AM
 #540

And it is valid but yet they say yes we need more proof can you sign msg with ur wallet that u sent the money from in february.
That's not a bad thing, considering the fact that you've shared the signed message online to verify it (instead of using your own wallet), and multiple claims have been made from the same Letter of Guarantee:
different people applied for refunds with the same Letters of Guarantee

Please dont jump to conclusions already, i have not shared my message online!
I have only spoken with the support @ CryptoMixer.io and that’s all i can say about this matter.

I’m yet to receive an answer from their relevant department............
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [27] 28 29 30 31 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!