Bitcoin Forum
November 02, 2024, 08:10:43 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
  Print  
Author Topic: Local Scammer Stealing from Businesses  (Read 698 times)
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
December 26, 2016, 09:33:17 AM
 #1

We have a Bitcoin set back here in central Florida.  There is a couple of guys that are scamming local businesses.  One of our clients that we do website work for asked us if we could fix their "Bitcoin Payment Kiosk".  They said they were not getting their funds and that the support for the guys that set it up could not be reached.  After some poking, we figured out the trick.

1. Scammer walks into to private local businesses and offers a free service to set up the business to accept Bitcoins.  They are offering the service free and a cheap tablet as a payment station.  We initially thought it was simply a scam of sending to coins to their own address or having backdoor access to the Bitcoin wallet of the merchant. But these guys went way out of their way to steal.

2. The Bitcoin kiosk is using a forked blockchain that is only there for them and the merchants.  In other words, these TX's don't go to the standard accepted Bitcoin network, but rather to a isolated, private blockchain.  They use this network to explain and demonstrate the service to the merchant, install everything and leave.

3. The scam, another part of their scam team then pays for merchandise using this private network.  Then, this is not entirely clear as to the method, but after leaving with the merchandise, the TX is then either canceled or simply never confirms.  I guess that the network will only have a few active nodes going at the moment of the sale and that gives the merchant one to two confirms.  Then, they are somehow kicking the TX back later.  It can be done and a few different ways.  So, the scammers really do not steal money, they are stealing the merchandise.

I think it is a long winded system to steal shit.  I do not condone stealing, but I am simply saying it would be easier to simply keep the merchants bitcoin wallet password and steal that way, clean and simple.  ORRRRR, be legal and charge a small transaction fee for the service, crazy idea.  All merchant accounts could pay to an individual bitcoin address that the never see, the "bitcoin business" accepts the funds and sends them to the merchants own wallet minus 1% or whatever. 
pawel7777
Legendary
*
Offline Offline

Activity: 2618
Merit: 1639



View Profile WWW
December 26, 2016, 01:27:50 PM
 #2

Thanks for sharing. That's really a crafty way of scamming, but I doubt they could pull more than $1k out of one merchant.

...
I think it is a long winded system to steal shit.  I do not condone stealing, but I am simply saying it would be easier to simply keep the merchants bitcoin wallet password and steal that way, clean and simple. 

Nah, they invested their time and money (free tablets etc) so they want to have quick and guaranteed return. What if no one pays with bitcoins in a long time, or what if they only have small value transactions (few bucks each) and merchant wants to withdraw/convert to fiat immediately? That won't work.

What's funny, since they've created their own cryptocurrency, and if they were to use similar, misleading name (ie "Bitcoim", or "Bitcon" etc) they potentially could get away with it even if caught. They could just claim that they were just promoting their own crypto and merchant simply misunderstood them etc.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
December 26, 2016, 02:06:33 PM
 #3

Thanks for sharing. That's really a crafty way of scamming, but I doubt they could pull more than $1k out of one merchant.

...
I think it is a long winded system to steal shit.  I do not condone stealing, but I am simply saying it would be easier to simply keep the merchants bitcoin wallet password and steal that way, clean and simple.

Nah, they invested their time and money (free tablets etc) so they want to have quick and guaranteed return. What if no one pays with bitcoins in a long time, or what if they only have small value transactions (few bucks each) and merchant wants to withdraw/convert to fiat immediately? That won't work.

What's funny, since they've created their own cryptocurrency, and if they were to use similar, misleading name (ie "Bitcoim", or "Bitcon" etc) they potentially could get away with it even if caught. They could just claim that they were just promoting their own crypto and merchant simply misunderstood them etc.

from the files i personally saw, they were using the name "bitcoin" and the acro "btc", so they have to keep everything within an isolated network, like using a windows host file to point facebook.com to your own server.  i guess that is the only way that they can have absolute control over everything.  i have never tried and would have to think long and hard on the method, but you should be able to highly manipulate your own crypto or a personal fork

as for the tablets, we have made a few mass purchases for kiosk events and you can get the price as low as $15 per tablet for a very limited tablet, buying at least 100 of them.  worst case scenario, they drop the tablets on ebay or craigslist for a profit


oh yeah, and if the merchant is that uninformed with technology, they may be used to an old fashioned credit card processor and be convinced that the bitcoins would be paid to them once per month, that gives the scammer an entire month to pile up the coins
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
December 26, 2016, 03:01:53 PM
 #4

I have been puzzling this scam since i saw the code and we are all overthinking it.  here's the easy way and the merchant will be with you longer before catching on.

1. Fork Bitcoin to a local PC, disconnect from the internet, compile and pretty much change nothing in the code, it is sort of like having your own testnet.

2. Within a small network of five to six old PC's, install your forked daemon/wallets and all that good stuff.

3. Your merchant Kiosk is now set up to connect to YOUR small network.  I believe that changing the merkle in your initial compile should keep your forked code from even trying to hit Bitcoin at large, otherwise careful network flow control will work.  

4. The scammer "buyer" buys from the business paying with his BTC address from your forked network.

Now, I was unsure here how to kick that TX off the chain easily, but that is not needed.  Your private forked Bitcoin clone is rolling in BTC by now, why??? Because it has been mining.  The blockchain started at 1 for the fake network, the block reward was 50 BTC per block if I remember correctly.  Several TX's within your 6 PC network should provide a nice lump of 100-1000 fake network BTC and those can be paid to the merchants.  it will all appear normal until real customers mention never seeing their payment leave their wallet(real BTC) or some other confusion.

Hell, you could even work a pre-mine into the forked Bitcoin.  Not sure if this is the scammers method, but it is the easiest I can evolve.

EDIT: If the fake BTC network ever does try to merge with the existing blockchain, even that is not much of an issue, the fork will just be ignored and not get any confirms from the real blockchain, but your private blockchain will provide a nice 5 confirms.  Plus, before compiling the ruleset can be altered.
Xester
Hero Member
*****
Offline Offline

Activity: 994
Merit: 544



View Profile
December 26, 2016, 03:12:56 PM
 #5

Private individuals without a registered company is something that is fishy. So to avoid scams we must get our services to a qualified service provider who has already made a name in the market, even though its costly but its the best thing to do to get a quality services. Cheap services or free are to be suspected as something wrong with them since scammers are everywhere, so the best thing is to rely on trusted companies that gives or provides such services.
eternalgloom
Legendary
*
Offline Offline

Activity: 1792
Merit: 1283



View Profile WWW
December 26, 2016, 03:39:34 PM
 #6

If you think about the amount of time and preparation it must of taken them to set up a system like that, you just have to wonder if it's worth it for them.

Do you know anything about other shops that have fallen victim to this? What kind of items were they selling?
I can't imagine it being worth it if the stolen goods were all valued below, say 1000 dollar. Plus you've got all the hassle of reselling those items.

I also assume that now that you're on to them, it's fairly easy to make sure potential victims (other shops) are warned.

Another thing, how long has the shop in question been using this system?

morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
December 27, 2016, 08:21:25 AM
 #7

Private individuals without a registered company is something that is fishy. So to avoid scams we must get our services to a qualified service provider who has already made a name in the market, even though its costly but its the best thing to do to get a quality services. Cheap services or free are to be suspected as something wrong with them since scammers are everywhere, so the best thing is to rely on trusted companies that gives or provides such services.


i agree, problem is that a business license is easy to get and cheap in most USA states.  as for reputation and trust, they claimed to the last client that they have over 100 clients, but if you are going to steal, then lying is probably morally ok for you, lol.  but, at least for payment processing most companies are "free", pp, applepay and the rest.  the initial service has no fee, however each individual TX is charged a percent fee and that is the model these guys are portraying.
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
December 27, 2016, 08:25:55 AM
 #8

If you think about the amount of time and preparation it must of taken them to set up a system like that, you just have to wonder if it's worth it for them.

Do you know anything about other shops that have fallen victim to this? What kind of items were they selling?
I can't imagine it being worth it if the stolen goods were all valued below, say 1000 dollar. Plus you've got all the hassle of reselling those items.

I also assume that now that you're on to them, it's fairly easy to make sure potential victims (other shops) are warned.

Another thing, how long has the shop in question been using this system?

ok, taking each question one at a time.

1. I have found two businesses that have the kiosks installed.

2. One is a collectors shop, comic books, sports cards and such.  Some of those can have a quick high value, but should be easily traced.

3. I am going to put out a few warnings, but first I have placed a local craigslist ad stating that i own a small tax prep service and need Bitcoin payment processing.  I am hoping to video record an entire meeting with these guys.  Once that either happens or doesn't, then the video will be online as a solid warning.

4. Both shops are less than thirty days on the system and that is why they were not so much suspecting fraud, but looking for tech service.
AppleBTC
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 27, 2016, 08:58:38 AM
 #9

So the best way is to take the free tablet from the scammer and tell them, my customers don't use Bitcoins and told them the tablet is gone while the shop owner keeps it Smiley
pawel7777
Legendary
*
Offline Offline

Activity: 2618
Merit: 1639



View Profile WWW
December 27, 2016, 11:00:46 AM
 #10

...
3. I am going to put out a few warnings, but first I have placed a local craigslist ad stating that i own a small tax prep service and need Bitcoin payment processing.  I am hoping to video record an entire meeting with these guys.  Once that either happens or doesn't, then the video will be online as a solid warning.

You're not going to lure them in with that. Do you think they will bother to set up a scam to extort tax prep service? You need to have (or claim to have) a physical store selling physical (preferably high value) goods, because that's what they're after.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
eternalgloom
Legendary
*
Offline Offline

Activity: 1792
Merit: 1283



View Profile WWW
December 27, 2016, 02:13:10 PM
 #11

If you think about the amount of time and preparation it must of taken them to set up a system like that, you just have to wonder if it's worth it for them.

Do you know anything about other shops that have fallen victim to this? What kind of items were they selling?
I can't imagine it being worth it if the stolen goods were all valued below, say 1000 dollar. Plus you've got all the hassle of reselling those items.

I also assume that now that you're on to them, it's fairly easy to make sure potential victims (other shops) are warned.

Another thing, how long has the shop in question been using this system?

ok, taking each question one at a time.

1. I have found two businesses that have the kiosks installed.

2. One is a collectors shop, comic books, sports cards and such.  Some of those can have a quick high value, but should be easily traced.

3. I am going to put out a few warnings, but first I have placed a local craigslist ad stating that i own a small tax prep service and need Bitcoin payment processing.  I am hoping to video record an entire meeting with these guys.  Once that either happens or doesn't, then the video will be online as a solid warning.

4. Both shops are less than thirty days on the system and that is why they were not so much suspecting fraud, but looking for tech service.
That's actually pretty good news, that the scam hasn't been running that long. Makes me think that the way the scammers set up this system was unnecessarily complicated for very little profit.

I assume that all shops that were affected were also somewhat close together, so in addition to to posting this on craigslist, maybe it would be useful to post a flyer in a couple of the shops that were affected, should help with getting a bit more exposure. 

Joel_Jantsen
Legendary
*
Offline Offline

Activity: 2016
Merit: 1323

Get your game girl


View Profile
December 27, 2016, 02:57:35 PM
 #12

The scammers should be put behind the bars soon.This will give bitcoin a bad name for sure.Imagine if a Merchant A knows about the scam,he would simply avoid the entire bitcoin system.Moreover,he would not advise other Merchants to use bitcoins.Overall,a bad impression on bitcoins.Can you track the scammers somehow ?
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
December 27, 2016, 04:11:45 PM
 #13

The scammers should be put behind the bars soon.This will give bitcoin a bad name for sure.Imagine if a Merchant A knows about the scam,he would simply avoid the entire bitcoin system.Moreover,he would not advise other Merchants to use bitcoins.Overall,a bad impression on bitcoins.Can you track the scammers somehow ?

ripping one of the tablets apart code wise and looking into the IP address that the software points to....i will find them through one avenue or another
Joel_Jantsen
Legendary
*
Offline Offline

Activity: 2016
Merit: 1323

Get your game girl


View Profile
December 27, 2016, 04:17:06 PM
 #14

ripping one of the tablets apart code wise and looking into the IP address that the software points to....i will find them through one avenue or another
I'm sure they tablets would be ordered from China.Makes it difficult to link anywhere.Ip addresses,yes but don't you think they will be smart able to use dynamic ip's or VPN's in general ?
If the shop had CCTV camera,you can share the video with the cops.Will make things easier on your side.
morantis (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 503



View Profile
December 28, 2016, 12:32:11 AM
 #15

ripping one of the tablets apart code wise and looking into the IP address that the software points to....i will find them through one avenue or another
I'm sure they tablets would be ordered from China.Makes it difficult to link anywhere.Ip addresses,yes but don't you think they will be smart able to use dynamic ip's or VPN's in general ?
If the shop had CCTV camera,you can share the video with the cops.Will make things easier on your side.

they are dealing on a net10 basis i believe and that means that until day 45 passes without payment to a merchant they are clean.  after that, it is a toss up whether any legal action will produce a decent effect around here.  I grew up in cleveland and have six years of cyber security investigation under my belt from the military/government, lol, that means you can't hide and a baseball will likely solve any confusion about reparations.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!