Bitcoin Forum
November 05, 2024, 03:48:25 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: 22000 USD SCAM because of Phishing and Bank Transfer Chargeback  (Read 29995 times)
jimmy2k (OP)
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
July 06, 2013, 02:30:02 PM
 #1

Hello Everyone,

I was scammed last week for a fiat amount of 22k USD! I sold BTC on a p2p exchange accepting german bank transfer and it  took not long time for getting the first offer of a smaller number of around 30 BTC. As I know that fraud is a big topic by trading on #bitcoin-otc I tried to get as much informations I could get from the buyer! He told me that he is buying BTC for his german clients from whom he provided the phone numbers so that I could talk to them to be sure, which I did immediately! After I felt more comfortable with the trade I agreed and received the amount for the first 30 BTC very quickly on even the same day! I released the escrow and was looking forward to the next deal with him! This time he wanted to buy around 80 BTC. After calling the number of his client I agreed to make the trade and the day after I received the amount on my bank account. This time to be even safer I phoned the bank to authorize the transfer to be safe because of potential chargebacks! The employee told me that I can be safe and that no chargebacks are possible after I see the money on my bank account. ( I even have a proof of this statement, because I recorded the phone call). After this I was even more comfortable and was ready for the next trade with around the same volume of 80 BTC. I asked him then to please provide me a proof of payment, so that I can be sure that I will receive the money on the next day! After that a really strange thing happened! He sent me the login data for his clients online banking account and told me I should just log in and check for a proof! This was completely suspicious to me and I immediately decided to go to the police the next day... Then everything changed...

Next morning I woke up and received directly a phone call from my bank that my account was frozen because I am accused of phishing! The buyer of the first trade accused me and claimed the money back, which was then charged back immediately without my agreement!

After that I immediately accused the internet user for phishing to save me for upcoming accusations because of the other two trades, which were from separate accounts each!

To make the story short... Yesterday my concerns were confirmed that every bank transaction was made from phished bank accounts and I now have to send the whole money back that I ever received from trading with this user... The problem for me is now, that the bitcoins except for the first trade are already released and it will be very difficult for me to get them back! The german police is taking care of this case and their cybercrime specialists are trying their best to get the BTC back. The officer himself said that they have had BTC crimes more and more often in the last times and knows therefore a bit about the technical details of btc and theory.

There are some informations we could already gather from the user like ip addresses and mail account, but I think maybe the most valuable information so far are are btc transactions of my the stolen BTC.
They are
https://blockchain.info/tx/d707d1eb7e97a9132314d895f0f80116f70085e6c4e2b2be34d09fadb20da07c
and
https://blockchain.info/tx/b42c6075bdba2dc6f3f05e14fb9d454672e4931c5c3eff40ca6b59a6756f9735

When you check this, you can immediately see that the two amounts of 28 BTC and 86 BTC lead both to this address: https://blockchain.info/address/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM

I thought about doing some network monitoring and analyse the graph afterwards like it has been done already on this blog article:
http://anonymity-in-bitcoin.blogspot.de/2011/07/bitcoin-is-not-anonymous.html

Maybe there can be some important information extracted from this kind of perspective. Also I thought about asking the exchanges for checking their btc address databases whether they have a registered user using this btc addy!

Since 22k of USD is much money for me I will do everything to get them back and I am willing to give 1 BTC to everyone providing me any concrete information about the identity behind any of the BTC addresses given above!

Thank you for reading this and eventually trying to help me in this case!

Note: I did not provide the nick name of the user because he was registered new on the p2p exchange and is not known here! I also did not provide the name of the p2p exchange to not harm them in any case! If you are interested in a proof of the accusation documents or any more concrete details, just let me know! I cant provide these informations in public because its sensible data! Thanks for understanding this!


Greetings,
jimmy2k
DiamondCardz
Legendary
*
Offline Offline

Activity: 1134
Merit: 1118



View Profile WWW
July 06, 2013, 08:54:06 PM
 #2

providing me any concrete information about the identity behind any of the BTC addresses given above!

Alright, I'll try my best to help.

We can see that today, a transaction from address https://blockchain.info/address/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM was sent.

The transaction hash of this being https://blockchain.info/tx/b862db08c3de4dd86ffdafa74cee00c2db6412ed76826f219928bc4d509e2929

There were 3 input addresses, so it's incredibly likely that these 3 input addresses are all owned by the same person. So we have:

https://blockchain.info/address/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM
https://blockchain.info/address/18AUfktKwRV1rKDLXvZJnHmF2uurreU6u2
https://blockchain.info/address/1EHPZVsQvHxb65o9CepWdPHEuVnWthSuGK

https://coinbase.com/network/addresses/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM
https://coinbase.com/network/addresses/18AUfktKwRV1rKDLXvZJnHmF2uurreU6u2
https://coinbase.com/network/addresses/1EHPZVsQvHxb65o9CepWdPHEuVnWthSuGK

We need to turn some stones. Find any services that have encountered these addresses. And more importantly, if they have any good contact info.

I will contact a few services and respond with their replies.

Hope I helped.

BA Computer Science, University of Oxford
Dissertation was about threat modelling on distributed ledgers.
escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
July 06, 2013, 08:57:04 PM
 #3

Don't accept Germany and some other countries online bank transfer,most banks their don't have 2factor authentication.
DiamondCardz
Legendary
*
Offline Offline

Activity: 1134
Merit: 1118



View Profile WWW
July 06, 2013, 09:06:00 PM
 #4

I've PM'd the following people:

Owner of BTC.sx
Owner of inputs.io
Owner of BTCJam
Owner of PicoStocks

...about the given addresses.

I'm trying to do what I can to help. Smiley

BA Computer Science, University of Oxford
Dissertation was about threat modelling on distributed ledgers.
jimmy2k (OP)
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
July 06, 2013, 10:13:44 PM
 #5

thank you DiamondCardz for putting so much effort on this! As I said, If there is one specific detail telling us anything about his real identity I wont hesitate sending you 1 BTC!

Greetings,
jimmy2k
ninjaboon
Legendary
*
Offline Offline

Activity: 2128
Merit: 1002



View Profile WWW
July 07, 2013, 01:41:01 AM
 #6

thank you DiamondCardz for putting so much effort on this! As I said, If there is one specific detail telling us anything about his real identity I wont hesitate sending you 1 BTC!

Greetings,
jimmy2k

@jimmy2k - sorry about your loss. I have also lost about USD600++ this week to a scammer : https://bitcointalk.org/index.php?topic=85430.msg2650185#msg2650185

Did the scammers email you ?
If yes, then there will be an originating IP address in those emails.

redtwitz
Full Member
***
Offline Offline

Activity: 231
Merit: 100


View Profile
July 07, 2013, 03:44:12 AM
 #7

Did the scammers email you ?
If yes, then there will be an originating IP address in those emails.

Sometimes. It depends entirely on the server the email was sent from.
CurbsideProphet
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


View Profile
July 07, 2013, 06:06:10 AM
 #8

How did you lose $22,000?  The amount of Bitcoin lost doesn't come close to that figure at current rates.  Did they pay you significantly higher than the current spot rate?  Are you counting the rest of your cash that was frozen in the account?

1ProphetnvP8ju2SxxRvVvyzCtTXDgLPJV
DiamondCardz
Legendary
*
Offline Offline

Activity: 1134
Merit: 1118



View Profile WWW
July 07, 2013, 08:35:26 AM
 #9

thank you DiamondCardz for putting so much effort on this! As I said, If there is one specific detail telling us anything about his real identity I wont hesitate sending you 1 BTC!

Greetings,
jimmy2k

I'm awaiting a PM reply from the 4 people I PM'd. Will post if any info comes up, if no info comes up, then we need to go deeper. (no pun intended)

BA Computer Science, University of Oxford
Dissertation was about threat modelling on distributed ledgers.
DiamondCardz
Legendary
*
Offline Offline

Activity: 1134
Merit: 1118



View Profile WWW
July 07, 2013, 08:36:56 AM
 #10

thank you DiamondCardz for putting so much effort on this! As I said, If there is one specific detail telling us anything about his real identity I wont hesitate sending you 1 BTC!

Greetings,
jimmy2k

@jimmy2k - sorry about your loss. I have also lost about USD600++ this week to a scammer : https://bitcointalk.org/index.php?topic=85430.msg2650185#msg2650185

Did the scammers email you ?
If yes, then there will be an originating IP address in those emails.


If you do have an email from the scammers, please give us access to the email or post their IP ASAP so we can look it up and attempt to dox the scammer.

BA Computer Science, University of Oxford
Dissertation was about threat modelling on distributed ledgers.
DiamondCardz
Legendary
*
Offline Offline

Activity: 1134
Merit: 1118



View Profile WWW
July 07, 2013, 12:05:41 PM
 #11

These addresses seem to have never touched PicoStocks.

https://picostocks.com/users/find/?query=1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM

However, we know the critical address is 1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM - we just need to find out who owns it.

BA Computer Science, University of Oxford
Dissertation was about threat modelling on distributed ledgers.
Rawted
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile
July 07, 2013, 12:20:09 PM
 #12

Transactions were relayed by IP 88.198.111.188

https://www.google.com/search?q=1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM&rlz=1C1AVSI_enUS460US460&oq=1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM&aqs=chrome.0.57.688477j0&sourceid=chrome&ie=UTF-8#q=1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM&safe=off&rlz=1C1AVSI_enUS460US460&ei=81rZUZG9DYfy9gSS84CoDA&start=170&sa=N&filter=0&bav=on.2,or.r_cp.r_qf.&bvm=bv.48705608,d.eWU&fp=2d51c5bfc01f1cdf&biw=1920&bih=961

http://blockchain.info/ip-address/88.198.111.188

http://bgp.he.net/ip/88.198.111.188

You should try contacting the host/ISP

Quote
person:         Hetzner Online AG - Virtualisierung
address:        Hetzner Online AG - Virtualisierung
address:        Stuttgarter Str. 1
address:        91710 Gunzenhausen
address:        GERMANY
phone:          +499831610061
fax-no:         +499831610062

worldinacoin
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500



View Profile
July 07, 2013, 12:39:52 PM
 #13

I think your bank should not just give false accusations against you but instead try to help you recover the money, try to talk to their senior management or at least the VP of the branch you are using.
DiamondCardz
Legendary
*
Offline Offline

Activity: 1134
Merit: 1118



View Profile WWW
July 07, 2013, 12:57:27 PM
 #14

Transactions were relayed by IP 88.198.111.188

Omfg.

When will wanna-be scripties understand that the IP that relayed a transaction can have NO CONNECTION to the transaction at all?

BA Computer Science, University of Oxford
Dissertation was about threat modelling on distributed ledgers.
BitcoinBarrel
Legendary
*
Offline Offline

Activity: 2021
Merit: 1030


Fill Your Barrel with Bitcoins!


View Profile WWW
July 07, 2013, 01:57:38 PM
 #15

If I read correctly, he lost cash payments for 30 btc + 80 btc + 80 btc = ~190 btc



        ▄▄▄▄▄▄▄▄▄▄
     ▄██████████████▄
   ▄█████████████████▌
  ▐███████████████████▌
 ▄█████████████████████▄
 ███████████████████████
▐███████████████████████
▐███████████████████████
▐███████████████████████
▐███████████████████████
 ██████████████████████▀
 ▀████████████████████▀
  ▀██████████████████
    ▀▀████████████▀▀
.
.....
.....
.....
.....
.....
.....





escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
July 07, 2013, 02:10:23 PM
 #16

I agreed and received the amount for the first 30 BTC very quickly on even the same day! I released the escrow

The problem for me is now, that the bitcoins except for the first trade are already released

When you check this, you can immediately see that the two amounts of 28 BTC and 86 BTC lead both to this address: https://blockchain.info/address/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM

So exactly how much did you lose here?  30 BTC, 28 BTC, 86 BTC?

Since you did not release the other escrows you should get all that BTC back, right?

So it appears your total loss is less than $3,000 USD, right?  A lot or money but not $22,000.

Looks like you didn't read thread properly, He said 30, then 80 then 80.
and escrow was released. He lost 22k because his bank account got freezed.


BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
July 07, 2013, 03:08:07 PM
 #17

Looks like you didn't read thread properly, He said 30, then 80 then 80.
and escrow was released. He lost 22k because his bank account got freezed.
You are right I did not read this thread carefully enough.  Yes, he is out whatever BTC he released from escrow and should get back whatever BTC he has not released from escrow.  Carry on.
 

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
July 07, 2013, 03:12:58 PM
 #18

The employee told me that I can be safe and that no chargebacks are possible after I see the money on my bank account.

I can clear this up for you.  What the employee meant was:

The employee told me that I can be safe and that no chargebacks are possible after I see the money on my bank account except in cases of fraud.

He just left that last part out.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Rawted
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile
July 07, 2013, 06:02:04 PM
 #19

Transactions were relayed by IP 88.198.111.188

Omfg.

When will wanna-be scripties understand that the IP that relayed a transaction can have NO CONNECTION to the transaction at all?
Hence why i showed the route to that particular ISP, and suggested he contact them.
DiamondCardz
Legendary
*
Offline Offline

Activity: 1134
Merit: 1118



View Profile WWW
July 07, 2013, 06:03:27 PM
 #20

Transactions were relayed by IP 88.198.111.188

Omfg.

When will wanna-be scripties understand that the IP that relayed a transaction can have NO CONNECTION to the transaction at all?
Hence why i showed the route to that particular ISP, and suggested he contact them.

And what are they going to do about it? They have no connection to the transaction, they could be different countries, THEY CAN'T HELP HIM.

BA Computer Science, University of Oxford
Dissertation was about threat modelling on distributed ledgers.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!