Bitcoin Forum
January 16, 2019, 07:18:19 PM *
News: The copper membership price will increase by about 300% around Friday.
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 »
  Print  
Author Topic: [ANN] | freshmarket.co.in - Closed. Refunds till 10/02/14  (Read 41510 times)
Sanokil76
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
February 04, 2014, 11:21:02 PM
 #481

7000 nyan= 4LTC ... Lost great Angry
1547666299
Hero Member
*
Offline Offline

Posts: 1547666299

View Profile Personal Message (Offline)

Ignore
1547666299
Reply with quote  #2

1547666299
Report to moderator
1547666299
Hero Member
*
Offline Offline

Posts: 1547666299

View Profile Personal Message (Offline)

Ignore
1547666299
Reply with quote  #2

1547666299
Report to moderator
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
braxx
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


View Profile
February 05, 2014, 01:01:34 AM
 #482

have you made a deposit earlier to the same adress...
on the site states: "From time to time your wallet addresses may change"

did you checked that?

post as soon as possible to the dev your transaction ID
Sanokil76
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
February 05, 2014, 01:08:12 AM
 #483

I've deposit doge before and all well done. But there are a problem with my first dosit nyancoin...
60 confirmations on my local wallet, and anythinf on freshmarket...
surfer43
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250



View Profile
February 05, 2014, 01:13:17 AM
 #484

don't believe us? see for yourself
My thoughts have been maybe they renamed legit files to this? Huh
I'm pretty sure now those files are the closed source trading engine. OpenEx named the files obscurely so it would be difficult to copy their setup. freshmarket is either run by r3wt or freshmarket was sold the trading engine by r3wt.
Hello again. You should clearly read op-post. It is written there - we use part of openex trade engine. It's not just named openex, it's kinda OPENsource (without deposits, withdraws, trade, but still open ). So it's not a secret, and it's clearly written at the start post of this thread.
the trade engine, deposits and table optimization scripts are closed source and not included.
I don't follow. You can clearly see, that i said about trade engine.
This page (with blue screen) was just an analogue of 404-page of our site with a little fun. It is not connected with trade engine, obviously.
oh lol.  Cheesy
It is very confusing though.  Smiley

   
████████
██████████████
█████████████████
███████████████████
████████████████▌▐████
██████████████
███████████
█████████▒▒
███████████
████████
██████████
██████████████
█████████████████▐█████
████████████████▌▐████
████████████████████
██████████████████
███████████████
████████
|
The ProFish online marketplace & tournaments
Twitter ⋄❖⋄ Telegram ⋄❖⋄ Facebook ⋄❖⋄ Instagram

|
listed on MERCATOX
═⟹  Community  ⟸═
def_ender
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 05, 2014, 04:58:16 AM
 #485

You might have had it reported already.. but..

I filled out the forgot password form correctly, when I clicked the button I got this message.

"Fatal error attempting mail, contact your server administrator"

Thought you would like to know Wink
Try mailing to support@freshmarket.co.in
def_ender
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 05, 2014, 05:11:17 AM
 #486

I've sent 7.000 nyancoin on my deposit adress but after 24 hours, no coins on freshmarket. A real shit...
Can you provide us transaction id of your deposit?
def_ender
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 05, 2014, 05:23:08 AM
 #487

Gonna go to work now, so couldn't answer for an hour. Don't panic  Grin

Also, we have made new security system. For your own safiness - please enable email confirmation and change your password into something more safe. Thanks!
def_ender
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 05, 2014, 06:25:48 AM
 #488

This moment when your work ip adress was banned on your own website  Grin
Waitin for admins return (~2.5 hours), he can unban me  Grin
Never thought it can happen  Grin Opened session expires if it stays without action, and if you press "refresh" you will have ACCESS DENIED page. 15 DENIED pages = ipban.
Sorry for waiting guys, it's really force-major to me  Grin
7rue
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
February 05, 2014, 07:57:44 AM
 #489

Site is down for me since about 3 minutes.
rze
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
February 05, 2014, 08:04:25 AM
 #490

Site is down for me since about 3 minutes.
++
def_ender
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 05, 2014, 08:04:55 AM
 #491

I'm really sorry to say this, but it seems that our security system wasn't enough.
Just now i received a message from someone that he has hacked our exchange, and if we want to stop this, we have to pay 10 BTC. Obviously, we are not going to pay our users' money, and we temporarily closed the exchange. We have made an secutity audit to see what's missing, and found ~1200 LTC stolen (nearly 40% of all LTC),  nearly ~50% of LEAFcoins, and ~20% NYANcoins. All other currencies remained nearly unchanged.
Just now we deciding what refund can we make (dev team has nearly 200 LTC on their own, and i can give up some too). We will make a message after we have an agreement. We will 100% refund all other (not-leaf, nyan or LTC) currencies, and try to refund as much ltc as we can.
As i see, it was sql-injection, but it doesn't helped him much - all passwords are stored as hashed ones. So he just brute-forced all low-security passwords to steal their money. So if you haven't got email auth - it is possible that your account was just jacked.

I also have possible ideas about openex malware in source code, but without proofs i can't do anything.
tsjaar
Full Member
***
Offline Offline

Activity: 135
Merit: 100


View Profile
February 05, 2014, 08:39:20 AM
 #492

I'm really sorry to say this, but it seems that our security system wasn't enough.
Just now i received a message from someone that he has hacked our exchange, and if we want to stop this, we have to pay 10 BTC. Obviously, we are not going to pay our users' money, and we temporarily closed the exchange. We have made an secutity audit to see what's missing, and found ~1200 LTC stolen (nearly 40% of all LTC),  nearly ~50% of LEAFcoins, and ~20% NYANcoins. All other currencies remained nearly unchanged.
Just now we deciding what refund can we make (dev team has nearly 200 LTC on their own, and i can give up some too). We will make a message after we have an agreement. We will 100% refund all other (not-leaf, nyan or LTC) currencies, and try to refund as much ltc as we can.
As i see, it was sql-injection, but it doesn't helped him much - all passwords are stored as hashed ones. So he just brute-forced all low-security passwords to steal their money. So if you haven't got email auth - it is possible that your account was just jacked.

I also have possible ideas about openex malware in source code, but without proofs i can't do anything.

Whoot, what a big shit that is. Good luck fixing the exchange! Please keep us informed!

WARNING HIGH SPEED - UTC - Ultracoin
meade16
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
February 05, 2014, 08:48:00 AM
 #493

So all those people lost their money! If you don't have the knowledge to secure an exchange then WTF are you running one for?
def_ender
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 05, 2014, 08:55:09 AM
 #494

So all those people lost their money! If you don't have the knowledge to secure an exchange then WTF are you running one for?
Before starting the exchange we ordered external secutiry audit. It haven't found any issues in out security.
SSH is made with certificate, nor password, so it's impossible to compromise it (and if it is possible, i don't even know what is secure in internet).

In a few hours we will open support mail, to which you have to send email FROM EMAIL YOU USED ON REGISTRATION your account name, your approximate balances, and adresses to which we should send you coins.

I am completely transparent. Here is the file with our balances until the shut down:http://rghost.ru/52214474
As you see, we are missing 1700 ltc from 3000, and we have transferred ~700 LTC to our cryptsy wallet for safety. So summary lack is nearly ~1000/3000. We still think about what we can do.
rze
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
February 05, 2014, 09:28:06 AM
 #495

Litecoins from my address were sent here http://ltc.block-explorer.com/address/LTGURgLGtSD76LP2f9rrGCnFDVLtiTZG5x
r3wt
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


always the student, never the master.


View Profile
February 05, 2014, 09:33:59 AM
 #496

I'm really sorry to say this, but it seems that our security system wasn't enough.
Just now i received a message from someone that he has hacked our exchange, and if we want to stop this, we have to pay 10 BTC. Obviously, we are not going to pay our users' money, and we temporarily closed the exchange. We have made an secutity audit to see what's missing, and found ~1200 LTC stolen (nearly 40% of all LTC),  nearly ~50% of LEAFcoins, and ~20% NYANcoins. All other currencies remained nearly unchanged.
Just now we deciding what refund can we make (dev team has nearly 200 LTC on their own, and i can give up some too). We will make a message after we have an agreement. We will 100% refund all other (not-leaf, nyan or LTC) currencies, and try to refund as much ltc as we can.
As i see, it was sql-injection, but it doesn't helped him much - all passwords are stored as hashed ones. So he just brute-forced all low-security passwords to steal their money. So if you haven't got email auth - it is possible that your account was just jacked.

I also have possible ideas about openex malware in source code, but without proofs i can't do anything.

i told you to upgrade to our latest code, you wouldn't listen.

also there is not malware in the source. you clearly have no idea what you are talking about, and its not sql injection either, unless its something arbirtrary you and your "devs" added to your source.Now before you try and blame me, i want you to open our github readme and read the very first sentence, aloud to yourself.
"THIS IS BETA SOFTWARE. USE AT YOUR OWN RISK"

It was never our intension for a handful of greedy people to clone our repo and start up fly by night exchanges, but hey they did and now you are paying the price for it. you need to check auth.log to make sure it wasn't ssh. or chech your mysql configuration. its possible you had mysql listening on something other than localhost and they bruteforced your db.

finally check your ufw configuration or whatever other firewall you use.

other than that the only possible entry for sql injection was newticket.php, and you said you fixed it when i tweeted you about it. in the end, it is very likely the attacker was simply bruteforcing accounts then draining the accounts. similar thing was happening at openex, probably same hacker, so we reacted by upping the security.

i think i even mentioned to you about the need to tighten down bruteforce protection on all the forms. this is the risk you run cloning my repo while we are still in beta. this is the exact reason openex doesn't allow withdrawals without admin approval, and ip bans on 3 strikes on all forms where  apassword is required. it is imperative to stay ahead of the game, and cloning my repo in beta is the equivalent of jumping off a cliff with a backpack.

the point is, not that you are stupid. but this is a cat and mouse game and you cna't be running one of these things if you are prepared to fight with the hackers to defend your site. they are smart and if they cna't find a crack to exploit, they will make one.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
def_ender
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 05, 2014, 09:34:42 AM
 #497

I'm really sorry to say this, but it seems that our security system wasn't enough.
Just now i received a message from someone that he has hacked our exchange, and if we want to stop this, we have to pay 10 BTC. Obviously, we are not going to pay our users' money, and we temporarily closed the exchange. We have made an secutity audit to see what's missing, and found ~1200 LTC stolen (nearly 40% of all LTC),  nearly ~50% of LEAFcoins, and ~20% NYANcoins. All other currencies remained nearly unchanged.
Just now we deciding what refund can we make (dev team has nearly 200 LTC on their own, and i can give up some too). We will make a message after we have an agreement. We will 100% refund all other (not-leaf, nyan or LTC) currencies, and try to refund as much ltc as we can.
As i see, it was sql-injection, but it doesn't helped him much - all passwords are stored as hashed ones. So he just brute-forced all low-security passwords to steal their money. So if you haven't got email auth - it is possible that your account was just jacked.

I also have possible ideas about openex malware in source code, but without proofs i can't do anything.

[  Posting from hacked up account of bitcointalk. I hope that the owner does not object and it will not edit declaration. Someone, to if you please, repost this. ]

Thus, to us it is necessary to establish the record directly on this before history it goes out of control. People must know, when exchange became the victim of theft, and when exchange itself it stole coins.

I am the hacker, who sent communication. I took less than 200 LTC. I am confident, that no one yet stole 1000 LTC, if this was not in the last hour. How I can be so confident?  Freshmarket it did not have somewhere closely to 1200 LTC until only pair of hours back. Their maximum balance LTC was 260 LTC before I began consuming them. The only time, when it obtained more than 1000 LTC was in the pair of hours back, because some player added 1000+ LTC.

So that I think that def_ender saw the possibility to require the hacker it stole all his coins, when hacker did not steal that it is much. In reality, def_ender, possibly, planned this during several days. You do see, def_ender was known about 5 days that the site was completely broken up. I stole 50 LTC from his account of administrator first. He understood in 12 hours and changed his password. By that time I stole 100 LTC. I assumed that he will be closed exchange, because he clearly could see what occurs. But this did not make. So that I stole 100 additional LTC during the next several days. Entire time of def_ender message to bitcointalk about how there were 1 or 2 accounts, which lost 0,4 LTC or 0,8 LTC. He knew always that 200 LTC disappeared, including 50 LTC of his own!

Thus, once he saw the enormous player: 1000+ LTC, he used possibility in order to require that hackers they stole. This is what I think.

def_ender, if I make mistakes, this is easy for you in order to prove. You said that 1200 LTC it composed 40% of the sum total. This means that you must have 1800 LTC to the left. I speak, you never had it.  If you are actual, place reference to your LTC address, which has, the 1800 of balance. Do transaction on 1,337 to prove this your account. I bet, you will not be able.

The proof that this is I: defender buddha55 d_def@bk.ru
I bet, you will not be able.
Hello again. Just now we have  > 2000 LTC on my cryptsy account, and i can prove it easily. It is halfly exchange money, and partially (~500 ltc) my own or devteam money. So where should i post 1.337 to prove it? I don't get it.
def_ender
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 05, 2014, 09:37:02 AM
 #498

Yes, it's maindev cryptsy account, where money was securely stored. As i said, ~500 of it was mine or maindev ones, which was withdrawn from our exchange, and >2000 of it is exchange amount.
r0b1nuk
Full Member
***
Offline Offline

Activity: 153
Merit: 100


View Profile
February 05, 2014, 09:38:54 AM
 #499

i had a few withdrawls that spent all day yesterday as pending. is this why they havent come through

Bitrated user: r0b1nuk.
def_ender
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
February 05, 2014, 09:39:10 AM
 #500

Also, if it was really you, what was the hack you used? You don't lose anything now - exchange is closing, so you wouldn't be able to steal anything.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 »
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!