YACoin - Bitcoin Stealing Claim List (Facts only)

[mr_random]

I am deleting all messages in ALL CAPS bright red font. Nothing personal. Looking at you hdclover.

[1715636308]

1715636308

[1715636308]

1715636308

[GröBkAz]

Just Jr. Members lost ther BTC and they registed in this Forum just to post, that they lost some BTC. A bad  joke

[🏰 TradeFortress 🏰]

Looks like there's another report here: https://bitcointalk.org/index.php?topic=202122.msg2110421#msg2110421

I haven't being able to reproduce this (but my wallet is encrypted, hmm)

[TheSwede75]

Just Jr. Members lost ther BTC and they registed in this Forum just to post, that they lost some BTC. A bad  joke

Says the JR member? I'm not saying it's true or false, but I will say that its amazing so many people are willing to download a random 'wallet' and run whatever commands some random member tells them to with NO idea what it is they are doing.

[Mike Christ]

Just Jr. Members lost ther BTC and they registed in this Forum just to post, that they lost some BTC. A bad  joke

Says the JR member? I'm not saying it's true or false, but I will say that its amazing so many people are willing to download a random 'wallet' and run whatever commands some random member tells them to with NO idea what it is they are doing.

Ehh, not really amazing.  The herd mentality is really popular nowadays; why think, when you can be led?

[fenican]

I think all posts with ALL RED or special fonts are very suspicious and seem to be either FUD or hacked accounts.

Hopefully administrators can clean this up, delete all those posts, suspend any accounts that look hacked, and get any substantive posts into an official thread

[rbdrbd]

Just Jr. Members lost ther BTC and they registed in this Forum just to post, that they lost some BTC. A bad  joke

Says the JR member? I'm not saying it's true or false, but I will say that its amazing so many people are willing to download a random 'wallet' and run whatever commands some random member tells them to with NO idea what it is they are doing.

Ehh, not really amazing.  The herd mentality is really popular nowadays; why think, when you can be led?

I think it's more the profit motivator at play. Throw in the opportunity to make money, and much reason/caution goes out the window for most folks. It's all about getting there before the other guy. Not saying I don't suffer from this too, but I realize it. Can only mitigate it when you realize it.

[Goldmember]

I am deleting all messages in ALL CAPS bright red font. Nothing personal. Looking at you hdclover.

Thank you!

For what it is worth, I had no coins stolen. I used the original executable from the OP announcement, plus compile from source on linux. If (if!) this is true, I suspect it is one of the later binaries that came out.

[xibeijan]

FACT: YAC fear mongering is a testament to YAC's success.  They want it.

[skull88]

I installed the client and miner for YACoin on a windowscomputer to test it yesterday, the computer has several altcoin clients on it, there was still an old bitcoinwallet on that computer (unencrypted!) that had a very small amount of btc's in it. Not really enough to get worried about so I actually didn't bother much and didn't transfer them. Also a wallet with an even smaller amount of Litecoins in it is on that computer (also unencrypted), just checked and everything is still there and no suspicious activity is going on. I downloaded them from the mega link.

[LOG123]

I think all posts with ALL RED or special fonts are very suspicious and seem to be either FUD or hacked accounts.

Hopefully administrators can clean this up, delete all those posts, suspend any accounts that look hacked, and get any substantive posts into an official thread

There's nothing suspicious about this, jeez fenican.

[shaal]

I know i keep posting this but, can we get ONE screenshot of peoples bitcoin wallet with transactions going out?

[Mushoz]

One of the minerd.exe programs is infected, see here:




That's probably how some people's coin got stolen. This was the minerd.exe that was downloaded from the "virusscanner friendly" Minerd topic.

[mr_random]

Nice find Mushoz. Updating the OP.

[theking]

The only way to find out is to reverse the exe, forget about virus scans etc, these are 100% proof, also the fact that some people claim to be affected is also not much proof, its possible its either made up, or caused by another exe or attack too, plus if its caused by this exe, it may not be attacking everyone for various reasons.
Luckily the exe does not seem to be protected with a strong packer. Running a packet sniffer alone also may not show much. So if anyone has had a look through the source to start off with that can be helpful but we need someone experienced with reversing exes to check em out to be sure.

[theking]

Yea its seemed suspect to use themida in order to stop the original minerd.exe from showing up in virus scanners as themedia causes even more propblems for virus scanners and can be very hard to reverse too.

[cheapbit]

(the win32 binary downloaded soon after release)

tested under a VM for ~30minutes.
no read operation toward bitcoin wallet yet.
and no dns request to the suffix yet.

although the motivation to release yacoin is still highly suspicious.

[eule]

Even the normal minerd (for scrypt and sha256) gives an anti virus warning, have to whitelist the dir to start it...
So the windows compiled "new minerd for scrypt-jane" posted later could indeed have a trojan and most wouldn't notice as the program is already known to cause false positives.

[Mushoz]

Cannot show the whole list, as it won't fit my screen, but I've checked all entries, and the ONLY wallet.dat Yacoin accesses, is the one it's supposed to access (Yacoin's wallet.dat). I have NOT seen it access Bitcoin's wallet.dat

[cheapbit]

Cannot show the whole list, as it won't fit my screen, but I've checked all entries, and the ONLY wallet.dat Yacoin accesses, is the one it's supposed to access (Yacoin's wallet.dat). I have NOT seen it access Bitcoin's wallet.dat

http://i39.tinypic.com/4j9f7q.png

+1

although so all altcoin clients should first go to a vm