Bitcoin Forum
July 21, 2024, 12:16:15 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
  Print  
Author Topic: Warning: Yacoin has a Bitcoin wallet stealer in it.  (Read 2865 times)
Aahzman (OP)
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500


Your *what* is itchy?


View Profile
May 11, 2013, 01:00:00 PM
 #1

After hearing reports of Yacoin wallet stealers, I decided to investigate my Wireshack logs. My computer has made a connection to 31.170.164.138 which is netne.net, and it's a HTTP post.

My wallet is encrypted, however be careful if you have downloaded Yacoin.

xibeijan
Legendary
*
Offline Offline

Activity: 1232
Merit: 1001


View Profile
May 11, 2013, 01:02:41 PM
 #2

Your YAC p2p software will be making tons of connections to tons of random peers in the network.  What's so special about netne.net?

I suspect either FUD OR someone broke into server hosting the binaries and put a backdoor binary in.

YAC Devs--- You need to investigate and make official response and get clean binaries uploaded.

Let's see some action to these claims.

Notable projects 2019: Semux, Dero, Wagerr, BEAM
Aahzman (OP)
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500


Your *what* is itchy?


View Profile
May 11, 2013, 01:03:23 PM
 #3

That's true, however it should not be making a connection to a free web host that does not allow shell access, nor access my Bitcoin wallet.dat file.

Mushoz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Bitbuy


View Profile WWW
May 11, 2013, 01:04:39 PM
 #4

That's true, however it should not be making a connection to a free web host that does not allow shell access, nor access my Bitcoin wallet.dat file.

Can you please give me a SHA-1 or MD5 hash of the infected .exe? Would like to check if I'm using the same one.

www.bitbuy.nl - Koop eenvoudig, snel en goedkoop bitcoins bij Bitbuy!
hdclover
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 501


www.bitcoin.org


View Profile
May 11, 2013, 01:05:08 PM
 #5

when u all realized it , its all too LATE !!!!

Blah blah
Aahzman (OP)
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500


Your *what* is itchy?


View Profile
May 11, 2013, 01:05:21 PM
 #6

That's true, however it should not be making a connection to a free web host that does not allow shell access, nor access my Bitcoin wallet.dat file.

Can you please give me a SHA-1 or MD5 hash of the infected .exe? Would like to check if I'm using the same one.
Will do, 1 sec

I have actually deleted it, I downloaded it from mega

Boxman90
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
May 11, 2013, 01:09:38 PM
 #7

FUD until proper proof. Stop making 1000 topics.

LTC: LKKy4eDWyVtSrQAJy7Qmmz61RaFY91D9yC   BTC: 18fzdnCkuUNthCD8hM36UBGopFa9ij78gG
cwfabc
Full Member
***
Offline Offline

Activity: 141
Merit: 100


View Profile
May 11, 2013, 01:13:48 PM
 #8

realy?
bennybong
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 11, 2013, 01:16:24 PM
Last edit: May 11, 2013, 01:56:37 PM by bennybong
 #9

[MY ACCOUNT WAS COMPROMISED PLEASE IGNORE]
rbdrbd
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250



View Profile
May 11, 2013, 01:17:59 PM
 #10

I just ran wireshark on the yacoin client I downloaded a few hours after launch. I do not see any connections made to that IP on startup, while running, or on shutdown. Fiddler also shows nothing.

IF this is true, perhaps the file could have been compromised at a later date?
GröBkAz
Hero Member
*****
Offline Offline

Activity: 854
Merit: 500



View Profile
May 11, 2013, 01:18:09 PM
 #11

Just anti YAC propaganda from a hand full people. Where is the proof?
bit2124
Member
**
Offline Offline

Activity: 73
Merit: 10



View Profile
May 11, 2013, 03:38:10 PM
 #12

what is the MD5 of your client, or where is the screenshot
SaltySpitoon
Legendary
*
Offline Offline

Activity: 2590
Merit: 2156


Welcome to the SaltySpitoon, how Tough are ya?


View Profile
June 22, 2013, 03:55:58 AM
 #13

If anyone has any hard evidence of a wallet stealer in the Yacoin client, please let me know via pm, or something of the sorts. I've seen this rumor going around for weeks if not months now, and so far everything has been inconclusive. I'm not saying it does or doesn't, I'm just saying that I've seen this sort of thread more than a few times, and have been unable to figure out if its some sort of ongoing joke, or if it is real.
forsetifox
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250



View Profile
June 22, 2013, 04:31:46 AM
 #14

I've run 3 different Yacoin clients and I scan everything with Virustotal or Metascan.

Nothing has been taken from me.
HotSwap
Hero Member
*****
Offline Offline

Activity: 806
Merit: 1000


COINMIXER.NET


View Profile
June 22, 2013, 04:36:59 AM
 #15

This has all been said before about a month ago. It was some random one put up on mega. Just download from Yacoin.org and your fine.

High Volume, Secure Bitcoin Mixer: https://CoinMixer.net
HotSwap
Hero Member
*****
Offline Offline

Activity: 806
Merit: 1000


COINMIXER.NET


View Profile
June 22, 2013, 02:57:19 PM
 #16

This has all been said before about a month ago. It was some random one put up on mega. Just download from Yacoin.org and your fine.

A link on MEGA kinda was the official link for a while and I guess someone took advantage of that at that time just to make the download look bad.

I believe this as well.

High Volume, Secure Bitcoin Mixer: https://CoinMixer.net
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!