dexX7
Legendary
Offline
Activity: 1106
Merit: 1024
|
|
January 08, 2014, 12:43:45 PM |
|
Really nice post! Liquid already came forward, but I still need to ask: Reviewing the wallet.dat file with strings discloses the phisher’s BTC wallet addresses. A team of 4-people: Liquid, Kaz, Abz, and Frosty. Why would a reasonable villain do such a thing in the first place? The exact role of the wallet is unknown to me, but I assume it's used as bait, to make users want to open the malicious password.txt.ink file. Using the attackers own wallet file for that seems very unlikely.. The malicious file is probably a wallet stealer and with some luck it might indeed be possible to extract some information about the attacker. Somehow this malware will phone home.
|
|
|
|
klenker
Member
Offline
Activity: 80
Merit: 10
Prospecting on the net, in a rundown old shack..
|
|
January 08, 2014, 02:29:37 PM |
|
Was the fist to get hacked now everyone thinks im the attacker. The name Liquid and the other names are my contacts in my wallet.
That frosty wallet is my brothers and he has forgotten his password so good luck getting into it lol.
Ooh ooh how many letters were in it, numbers, what did it start with, what was he looking at, does it contain words or rand.... ahhh nurts.. must be slightly annoying having 28k sitting there tho...
|
BTC: 1LJk6Ck83fqwoCzFB7KqHVkurhsFfuk9zv LTC: LP1LBMd4Cxth8uada3wF2kTZu8ub7LfyRH FTC: 6gsQ1WqzpEi8ioQ3irkhjVj8z7Wznos12C --
|
|
|
mightyMight
Member
Offline
Activity: 73
Merit: 10
|
|
January 09, 2014, 09:23:57 AM |
|
Can someone please upload the zip file? I would love to check it out! Thanks!!! Might
|
|
|
|
xanthar
Newbie
Offline
Activity: 1
Merit: 0
|
|
January 14, 2014, 09:55:11 AM |
|
Got the email to.
No doubt the password.txt contains malware ect. ect.
Tho the wallet.dat seemssomewhat legit???
By that i mean that i created a virtual machine on a third party device connected through a VPN. That contains nothing but the wallet.dat and a fresh copy of bitcoinqt. Loaded the wallet.dat and the 30 Btc´s are there.
Now correct me if i am wrong.... But the BTC´s seems to be there for tha taking? If ofcourse we could crack the password right?
Disregarding the malware and fake password.txt ect. it would be a fun project to see if we can do something with the coins??
|
|
|
|
bitcoinangel
Newbie
Offline
Activity: 36
Merit: 0
|
|
January 14, 2014, 10:09:52 AM |
|
same here
|
|
|
|
Oj0
Member
Offline
Activity: 100
Merit: 10
|
|
March 22, 2014, 02:33:10 PM |
|
Yep, I got the exact same thing. What site do we all have in common?
This one? Aside this, we can look at other potentials. Strike through those you're not registered on and we may find one in common. bc-casino.com bitcoinica.com bitfinex.com bitfunder.com bitmit.net bitratings.microhosting.com blockchain.info btc-play.com btcguild.com btclot.com btcmine.com bitvps.com coinworker.com dollar-trader.com eclipsemc.comgive-me-coins.com glbse.com inputs.io minethings.commtgox.com ozco.in pool-x.eu satoshisquared.com(I'm pretty sure I received a very similar email a good while ago, too. My memory's crap, though. No longer in email account. Probably deleted or marked as spam and it was automatically pruned.) I just got the same email, but mine was addressed to Steven. Someone else already crossed out give-me-coins, so I guess MtGox is the source of the mailing list?
|
|
|
|
Oj0
Member
Offline
Activity: 100
Merit: 10
|
|
March 22, 2014, 02:42:49 PM |
|
Wait, mine's slightly different: Hello Steven… I just did what you advised me to do but the problem remains the same : importing the private key is not working…. drives me nuts! Last time I checked blockchain.info https://blockchain.info/address/17yFutSCSuUkAWeqMCKRRcr8Go6t98YcoX there was still 30.28020001 BTC ! But no way my bitcoinqt client loads the key so I am stuck with those BTCs. Thanks for offering your help with this. Here is a doc with my private key and the password http://hobbymaster.com.hk/private/PrivateKey.doc If you need anything else let me know. If you can load the key please send the BTCs to 1DxFvJ6up9jXAZ9pkUmWVdiMTWvsjgB5Ea This would help me so much. Thanks Steven! I get a normal URL instead of a shortened [Suspicious link removed] link, and the URL is also different to the [Suspicious link removed] URL destination. I didn't get any attachments with the email, although I did download PrivateKey.doc on my phone (to be safe) and it wants to run a macro. It seems it's been changed up a bit.
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
March 22, 2014, 02:43:31 PM |
|
Scary. Disguised txt.
so does it actually look like a perfectly normal txt file?
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
Garryashas
Member
Offline
Activity: 72
Merit: 10
|
|
March 22, 2014, 02:44:08 PM |
|
For sure it's legit. I got the same email!
|
|
|
|
God
Member
Offline
Activity: 169
Merit: 10
|
|
March 23, 2014, 03:30:59 AM |
|
Awesome, I just got this mail too. Now I just need to unpack and run that file and I will have access to these coins Seriously though, they obviously email the mtgox customer base.
|
|
|
|
manoamano
|
|
March 23, 2014, 12:12:14 PM |
|
100% legit
|
|
|
|
Scamalert
|
|
July 17, 2014, 07:09:40 PM |
|
So was it a scam after all?
|
|
|
|
ezreal
Newbie
Offline
Activity: 42
Merit: 0
|
|
July 17, 2014, 07:44:45 PM |
|
the bitcoin amount just gives it away saying all red flags lol.
|
|
|
|
yunkie
Member
Offline
Activity: 83
Merit: 10
|
|
July 18, 2014, 05:32:00 PM |
|
So was it a scam after all?
of course it was to sum it up -.txt file is an .exe malware -.dat is a real file, no password --> no coins might try to crack it but it's almost impossible! It probably contain 0 coin lol
|
|
|
|
openyourmind
Member
Offline
Activity: 83
Merit: 10
|
|
July 18, 2014, 06:58:22 PM |
|
Be attentive to such emails. I wouldn't opened it
|
|
|
|
Mobius7
|
|
July 19, 2014, 08:38:11 AM |
|
So was it a scam after all?
of course it was to sum it up -.txt file is an .exe malware -.dat is a real file, no password --> no coins might try to crack it but it's almost impossible! It probably contain 0 coin lol Even if there really is some bitcoin in the wallet, you won't be able to brute-force the password as long as the password is good enough (say, 10 random characters with special characters).
|
|
|
|
Justin00
Legendary
Offline
Activity: 910
Merit: 1000
★YoBit.Net★ 350+ Coins Exchange & Dice
|
|
July 19, 2014, 11:00:11 AM |
|
Thanks for alerting us to this scamalert.... only 7 months to late :p So was it a scam after all?
|
|
|
|
confirmation120
|
|
July 20, 2014, 04:27:18 AM |
|
So was it a scam after all?
of course it was to sum it up -.txt file is an .exe malware -.dat is a real file, no password --> no coins might try to crack it but it's almost impossible! It probably contain 0 coin lol Even if there really is some bitcoin in the wallet, you won't be able to brute-force the password as long as the password is good enough (say, 10 random characters with special characters). I doubt that clicking on the link would direct you to a blockchain.info website, but rather it is likely a spoof of blockchain.info trying to get you to input your password.
|
|
|
|
Lorenzo
|
|
July 20, 2014, 05:27:03 AM |
|
I got this email too a while ago. Yep, I got the exact same thing. What site do we all have in common?
This one? Aside this, we can look at other potentials. Strike through those you're not registered on and we may find one in common. bc-casino.com bitcoinica.com bitfinex.com bitfunder.com bitmit.net bitratings.microhosting.com blockchain.info btc-play.com btcguild.com btclot.com btcmine.com bitvps.com coinworker.com dollar-trader.com eclipsemc.com give-me-coins.com glbse.com inputs.io minethings.com mtgox.com ozco.in pool-x.eu satoshisquared.com (I'm pretty sure I received a very similar email a good while ago, too. My memory's crap, though. No longer in email account. Probably deleted or marked as spam and it was automatically pruned.) Of those, I've only been registered at Blockchain.info and Mtgox.com. I'm almost certain it's either this forum or Mt. Gox. It could have been from Blockchain.info, but I doubt it.
|
|
|
|
forever21
|
|
July 20, 2014, 06:38:01 AM |
|
got the same email before but i didnt waste my time on it besides its obvious its not legit even if you said it looks like one
|
|
|
|
|