Bitcoin Forum
December 15, 2017, 12:52:13 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  

Warning: You are in the Gambling section. You are likely to eventually lose any money that you gamble/"invest". Additionally, moderators do not remove likely scams. You must use your own brain: caveat emptor. Do not gamble more than you can afford to lose.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 ... 180 »
  Print  
Author Topic: btc-arbs.com - Update: dead HYIP, Refund progress: BTC-arbs still doing refunds  (Read 254175 times)
Slipknot79
Hero Member
*****
Offline Offline

Activity: 588



View Profile
April 10, 2014, 08:51:02 PM
 #441

i got a response from Adam (administrator)

he's asked which btc address i've sent it to , will keep you posted.


Yea meanwhile my deposit has been credited. oO

I ve sent another one, will report oO But i dont expect a fast credit coz night starts here in CE.

                    ▄███▄
                  ▄███████▄
                ▄███████████▄
              ▄███████████▀███▄
            ▄███████████▀███████▄
          ▄███████████▀███████████▄
        ▄███████████▀   ▀███████████▄
      ▄███████████▀       ▀███████████▄
    ▄████▄██████▀           ▀███████████▄
  ▄████████▄██▀               ▀███████████▄
  ███████████▄                 ▀██████████
   ▀███████████▄             ▄████▀██████▀
     ▀███████████▄         ▄████████▀██▀
       ▀███████████▄     ▄███████████▀
         ▀███████████▄ ▄███████████▀
           ▀█████████▄███████████▀
             ▀█████▄███████████▀
               ▀█▄███████████▀
                 ▀█████████▀
                   ▀█████▀
Globitex






1
..Linking Digital Currency to Global Trade..







Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513342333
Hero Member
*
Offline Offline

Posts: 1513342333

View Profile Personal Message (Offline)

Ignore
1513342333
Reply with quote  #2

1513342333
Report to moderator
guncoin_support
Full Member
***
Offline Offline

Activity: 158



View Profile WWW
April 10, 2014, 09:19:00 PM
 #442

Hey all, FYI, I was trying out the btc-arbs site for the past month or so and yesterday my account got wiped out as well.  Luckily I only had 0.45 BTC in the account, but it is now all gone.

BE CAREFUL USING THIS SITE AND READ ALL THE RECENT REPORTS OF STOLEN BTC FROM BTC-ARBS VIA GOOGLE SEARCH

dyask
Hero Member
*****
Offline Offline

Activity: 658


View Profile
April 10, 2014, 11:27:15 PM
 #443

That page says "btc-arbs.com IS VULNERABLE. " ?

No it is fine.  That test can give a false positive when load is high.
What are you talking about? It gives part of the memory as proof :s


Just to be clear: anyone using BTC-arbs last few days should be very careful. An attacker can steal user's cookies/password as long as btc-arbs.com has this OpenSSL vulnerability. I recommend to not use this site until this vulnerability is fixed.

And well, obviously I recommend to not use them at all since months already but yeh. Will be perfect end for ponzi too "ah shit, got hacked".

What?  Now you are just spreading FUD!  
Why? With this vulnerability attackers can get ~64KB of random data from the memory, and an attacker can keep doing this to get more memory data. In the memory data there can be sessions IDs of users so the attacker can take over their session and for example do a BTC withdrawal. This is widely documented already, for example: https://www.mattslifebytes.com/?p=533 , https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/ , etc. and the scripts for it are pretty easy to find too.

Do you really enjoy people losing their money or something? I am just trying to warn people for a serious security vulnerability :\

Where is your proof that BTC-arbs is open to this vulnerability?    The test site used early in this thread cleared the site.   This is only a problem with unpatched openSSL 1.01.   In the meantime you are just whipping up the fear you have been trying since the beginning of this thread.   
TheAwer
Jr. Member
*
Offline Offline

Activity: 42


View Profile
April 10, 2014, 11:45:54 PM
 #444

That page says "btc-arbs.com IS VULNERABLE. " ?

No it is fine.  That test can give a false positive when load is high.
What are you talking about? It gives part of the memory as proof :s


Just to be clear: anyone using BTC-arbs last few days should be very careful. An attacker can steal user's cookies/password as long as btc-arbs.com has this OpenSSL vulnerability. I recommend to not use this site until this vulnerability is fixed.

And well, obviously I recommend to not use them at all since months already but yeh. Will be perfect end for ponzi too "ah shit, got hacked".

What?  Now you are just spreading FUD!  
Why? With this vulnerability attackers can get ~64KB of random data from the memory, and an attacker can keep doing this to get more memory data. In the memory data there can be sessions IDs of users so the attacker can take over their session and for example do a BTC withdrawal. This is widely documented already, for example: https://www.mattslifebytes.com/?p=533 , https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/ , etc. and the scripts for it are pretty easy to find too.

Do you really enjoy people losing their money or something? I am just trying to warn people for a serious security vulnerability :\

Where is your proof that BTC-arbs is open to this vulnerability?    The test site used early in this thread cleared the site.   This is only a problem with unpatched openSSL 1.01.   In the meantime you are just whipping up the fear you have been trying since the beginning of this thread.   


Heartbleed could end up having a HUGE IMPACT on the internet.  And it's not just 1.01, it's 1.01-1.01f.  This has been around for about two years, and it could have been exploited during that whole time.  64kb of data times many requests can get you a lot of info. 

If you don't know anything about Heartbleed, you should read about it at http://heartbleed.com/.  The worst case scenario is not hackers just stealing usernames and passwords, but acquiring the encryption keys and being able to read ALL the traffic between the server and users (including in the past) and being able to impersonate the server at will. 

I checked BTC Arbs on http://filippo.io/Heartbleed/ and with Chromebleed Checker at the time of my post about it, and they both said it was vulnerable.  Rechecking now says that it's okay, so BTC Arbs must have fixed it.  Although BTC Arbs mentioned Heartbleed in the reports, they didn't say anything about their own vulnerability.  They are just reminding everyone about 2FA (isn't that vulnerable to Heartbleed anyway?). 

It doesn't look like they revoked the certificate, so they haven't gone that far in patching the vulnerability.

Contract game: XBTcontracts
dyask
Hero Member
*****
Offline Offline

Activity: 658


View Profile
April 11, 2014, 12:26:19 AM
 #445

That page says "btc-arbs.com IS VULNERABLE. " ?

No it is fine.  That test can give a false positive when load is high.
What are you talking about? It gives part of the memory as proof :s


Just to be clear: anyone using BTC-arbs last few days should be very careful. An attacker can steal user's cookies/password as long as btc-arbs.com has this OpenSSL vulnerability. I recommend to not use this site until this vulnerability is fixed.

And well, obviously I recommend to not use them at all since months already but yeh. Will be perfect end for ponzi too "ah shit, got hacked".

What?  Now you are just spreading FUD!  
Why? With this vulnerability attackers can get ~64KB of random data from the memory, and an attacker can keep doing this to get more memory data. In the memory data there can be sessions IDs of users so the attacker can take over their session and for example do a BTC withdrawal. This is widely documented already, for example: https://www.mattslifebytes.com/?p=533 , https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/ , etc. and the scripts for it are pretty easy to find too.

Do you really enjoy people losing their money or something? I am just trying to warn people for a serious security vulnerability :\

Where is your proof that BTC-arbs is open to this vulnerability?    The test site used early in this thread cleared the site.   This is only a problem with unpatched openSSL 1.01.   In the meantime you are just whipping up the fear you have been trying since the beginning of this thread.   


Heartbleed could end up having a HUGE IMPACT on the internet.  And it's not just 1.01, it's 1.01-1.01f.  This has been around for about two years, and it could have been exploited during that whole time.  64kb of data times many requests can get you a lot of info. 

If you don't know anything about Heartbleed, you should read about it at http://heartbleed.com/.  The worst case scenario is not hackers just stealing usernames and passwords, but acquiring the encryption keys and being able to read ALL the traffic between the server and users (including in the past) and being able to impersonate the server at will. 

I checked BTC Arbs on http://filippo.io/Heartbleed/ and with Chromebleed Checker at the time of my post about it, and they both said it was vulnerable.  Rechecking now says that it's okay, so BTC Arbs must have fixed it.  Although BTC Arbs mentioned Heartbleed in the reports, they didn't say anything about their own vulnerability.  They are just reminding everyone about 2FA (isn't that vulnerable to Heartbleed anyway?). 

It doesn't look like they revoked the certificate, so they haven't gone that far in patching the vulnerability.

You don't even know if they had any version of openSSL 1.01 ... most sites don't.   The test pages I tried said they weren't vulnerable.   Link was through coinbase and on this thread.   Tried both places.   
dyask
Hero Member
*****
Offline Offline

Activity: 658


View Profile
April 11, 2014, 12:31:38 AM
 #446

I did finally find a test that points out there could be an issue.   https://lastpass.com/heartbleed/?h=btc-arbs.com    Recommended that you don't change your password until it is patched.   

TheAwer
Jr. Member
*
Offline Offline

Activity: 42


View Profile
April 11, 2014, 02:47:16 AM
 #447

I did finally find a test that points out there could be an issue.   https://lastpass.com/heartbleed/?h=btc-arbs.com    Recommended that you don't change your password until it is patched.    
Glad to hear that you found that.  Now you see that we're not just "whipping up the fear".  Cheesy

You don't even know if they had any version of openSSL 1.01 ... most sites don't.
I think I read that 59% of sites use OpenSSL, but I don't know about 1.01.  I hope that it hasn't been exploited this whole time.

EDIT: according to Wikipedia, 17% of secure servers are/were vulnerable.  That's a lot.

Contract game: XBTcontracts
dyask
Hero Member
*****
Offline Offline

Activity: 658


View Profile
April 11, 2014, 04:24:15 AM
 #448

I did finally find a test that points out there could be an issue.   https://lastpass.com/heartbleed/?h=btc-arbs.com    Recommended that you don't change your password until it is patched.    
Glad to hear that you found that.  Now you see that we're not just "whipping up the fear".  Cheesy

There was FUD postings without any proof.   Even the link I found isn't a 100% sure.   However, now that the risk is there I won't log in for a few days.    Give things time to be patched, just in case.    I don't have enough there that I can't let it ride a week or two.   
 
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1540


DiceSites.com owner


View Profile WWW
April 11, 2014, 06:47:36 AM
 #449

So better have people their money stolen then warn them? What is wrong with you really? How can you blame me for warning people not to login as long as they have this vulnerability?

Sure, you disagree with me about it being a ponzi. But this is completely unrelated to that.

I have tried http://filippo.io/Heartbleed/ on btc-arbs.com like 50 times and around 35 times it showed "vulnerable", around 5 times "time-out error" and 10 times "it's safe". If you actually have read the FAQ on that website, you will see that "false negatives" are much more common than "false positives". Better yet, "false positives" is almost impossible because you can actually see a part of the memory on that website. So therefor they were vulnerable and my warning was 100% good no fucking FUD. Actually only right now http://filippo.io/Heartbleed/ returns "seems fixed" all the time, so I actually think it's fixed right now.

vach
Full Member
***
Offline Offline

Activity: 237

Java Jedi


View Profile WWW
April 11, 2014, 07:16:45 AM
 #450

I'm using BTC-arbs for few days... After reading this thread i'm 90% sure its a ponzi.

Except all those arguments i've read here I can add.

I've withdrawed all funds from First account to see if Second account really gives any profit at all by referall program, and guess what? it didnt?

Also here is my suggestion to get actual proof that previous users are paid with new users funds...

We can share all our account public keys with dates that we used to transfer funds to btcarbs, to someone here we trust (and who can actually detect if any funds were sent from any of these accounts to any of those accounts), if its legit (I personally beleave its not) then we will see rare transwers between those accounts (it will be more random picture) but otherwise we will have older accounts getting incomming transactions from newer ones... And it doesent change a thing if they use a mixer or something if we have addresses we can find any connection between them using blockchain...

As many people here share thair <publicKey, date> pairs than more obvious will be result.
This information will be only available to that one person we thrust...

I'm expecting your opinions on this suggestion if you please...
Rannasha
Hero Member
*****
Offline Offline

Activity: 728


View Profile
April 11, 2014, 07:19:14 AM
 #451

Also here is my suggestion to get actual proof that previous users are paid with new users funds...

We can share all our account public keys with dates that we used to transfer funds to btcarbs, to someone here we trust (and who can actually detect if any funds were sent from any of these accounts to any of those accounts), if its legit (I personally beleave its not) then we will see rare transwers between those accounts (it will be more random picture) but otherwise we will have older accounts getting incomming transactions from newer ones... And it doesent change a thing if they use a mixer or something if we have addresses we can find any connection between them using blockchain...

As many people here share thair <publicKey, date> pairs than more obvious will be result.
This information will be only available to that one person we thrust...

I'm expecting your opinions on this suggestion if you please...

This is trivial to avoid for a savvy Ponzi operator. Simply move all deposited funds to an exchange and withdraw funds from the exchange to pay for customer withdrawals. Not only does this make the exchange operate as a mixer, it also fits the coverstory.
pletharoe
Sr. Member
****
Offline Offline

Activity: 278


View Profile
April 11, 2014, 07:54:15 AM
 #452

I anyone else having trouble logging in?

I am currently unable to log into my account.  When I did the "forgot password" procedure, it said that my email address wasn't even registered!  I have 2FA and until now no problems.
dyask
Hero Member
*****
Offline Offline

Activity: 658


View Profile
April 11, 2014, 10:24:54 AM
 #453

So better have people their money stolen then warn them? What is wrong with you really? How can you blame me for warning people not to login as long as they have this vulnerability?

Sure, you disagree with me about it being a ponzi. But this is completely unrelated to that.

I have tried http://filippo.io/Heartbleed/ on btc-arbs.com like 50 times and around 35 times it showed "vulnerable", around 5 times "time-out error" and 10 times "it's safe". If you actually have read the FAQ on that website, you will see that "false negatives" are much more common than "false positives". Better yet, "false positives" is almost impossible because you can actually see a part of the memory on that website. So therefor they were vulnerable and my warning was 100% good no fucking FUD. Actually only right now http://filippo.io/Heartbleed/ returns "seems fixed" all the time, so I actually think it's fixed right now.

Now you start providing some details.   Anyway, I agree that you were correct about this concern.   
calamar182
Jr. Member
*
Offline Offline

Activity: 42


View Profile
April 11, 2014, 11:06:29 AM
 #454

Guys this is confusing, let's make it easy


1 Who didn't receive his withdrawal?

2 Who didn't receive his funds when he trasnfered money to btc arbs account? (Neutral LTC and Slipknot do you receive your funds in btc arbs now?)

3 Who got wipped his btc arbs account suddenly? (Kriptokings do you solve your issues now? Guncoinsupport it is true your story?)

4 Who can't login in btc arbs account? (Pletharoe can you login now?)


I fucking annoyed about rumors of friends and stuff like that, it is real or not? at the moment there are no real evidence that this site is scam

I WANT REAL EVIDENCES!

howzar
Hero Member
*****
Offline Offline

Activity: 574


View Profile
April 11, 2014, 11:10:37 AM
 #455

Guys this is confusing, let's make it easy


1 Who didn't receive his withdrawal?

2 Who didn't receive his funds when he trasnfered money to btc arbs account? (Neutral LTC and Slipknot do you receive your funds in btc arbs now?)

3 Who got wipped his btc arbs account suddenly? (Kriptokings do you solve your issues now? Guncoinsupport it is true your story?)

4 Who can't login in btc arbs account? (Pletharoe can you login now?)


I fucking annoyed about rumors of friends and stuff like that, it is real or not? at the moment there are no real evidence that this site is scam

I WANT REAL EVIDENCES!

My withdrawal of 0.05 is yet to arrive in my wallet
pletharoe
Sr. Member
****
Offline Offline

Activity: 278


View Profile
April 11, 2014, 11:17:26 AM
 #456



4 Who can't login in btc arbs account? (Pletharoe can you login now?)


I fucking annoyed about rumors of friends and stuff like that, it is real or not? at the moment there are no real evidence that this site is scam

I WANT REAL EVIDENCES!
[/quote]

I still can't log in.  When I enter my email in the "Forgot password" page it says "An error has occurred: Sorry we could not find this email in our database".
calamar182
Jr. Member
*
Offline Offline

Activity: 42


View Profile
April 11, 2014, 11:20:24 AM
 #457



4 Who can't login in btc arbs account? (Pletharoe can you login now?)


I fucking annoyed about rumors of friends and stuff like that, it is real or not? at the moment there are no real evidence that this site is scam

I WANT REAL EVIDENCES!

I still can't log in.  When I enter my email in the "Forgot password" page it says "An error has occurred: Sorry we could not find this email in our database".
[/quote]


You don't have to write your e mail when you login, you have to use your nickname

You never gonna receive the forgotten password because the e mail notifications is not working

Have you ever login before the first registration dude? I think you never login in this web at the moment, and I supose you don't have funds inside

calamar182
Jr. Member
*
Offline Offline

Activity: 42


View Profile
April 11, 2014, 11:26:57 AM
 #458

Guys this is confusing, let's make it easy


1 Who didn't receive his withdrawal?

2 Who didn't receive his funds when he trasnfered money to btc arbs account? (Neutral LTC and Slipknot do you receive your funds in btc arbs now?)

3 Who got wipped his btc arbs account suddenly? (Kriptokings do you solve your issues now? Guncoinsupport it is true your story?)

4 Who can't login in btc arbs account? (Pletharoe can you login now?)


I fucking annoyed about rumors of friends and stuff like that, it is real or not? at the moment there are no real evidence that this site is scam

I WANT REAL EVIDENCES!

My withdrawal of 0.05 is yet to arrive in my wallet


How much time are you waiting to arrive?

I supose that don't arrive yet because you have to wait 1 week or more

AT THE MOMENT ONLY FAKE RUMORS

cesmak
Legendary
*
Offline Offline

Activity: 863



View Profile
April 11, 2014, 12:41:52 PM
 #459

Seems not perfect but yesterday, the test, score an F today a C so there are substantial progress in security...

https://www.ssllabs.com/ssltest/analyze.html?d=btc-arbs.com

Cheers !

KryptoKings
Hero Member
*****
Offline Offline

Activity: 532



View Profile
April 11, 2014, 12:46:22 PM
 #460

Guys this is confusing, let's make it easy


1 Who didn't receive his withdrawal?

2 Who didn't receive his funds when he trasnfered money to btc arbs account? (Neutral LTC and Slipknot do you receive your funds in btc arbs now?)

3 Who got wipped his btc arbs account suddenly? (Kriptokings do you solve your issues now? Guncoinsupport it is true your story?)

4 Who can't login in btc arbs account? (Pletharoe can you login now?)


I fucking annoyed about rumors of friends and stuff like that, it is real or not? at the moment there are no real evidence that this site is scam

I WANT REAL EVIDENCES!

My withdrawal of 0.05 is yet to arrive in my wallet


How much time are you waiting to arrive?

I supose that don't arrive yet because you have to wait 1 week or more

AT THE MOMENT ONLY FAKE RUMORS

1. what as left in my account I have not received. yet in less than 4 hours they released my btc to a hacker
and
3. for some weird reason they left .46 btc in my account. Support gave me all these lame reasons not taking any responsibility for there security saying they do not need to send me an email because if my account is hacked then so will my email??? They said they have no security issues and website is perfectly secure. They stated my computer has a 0 day virus and it was hacked but when all this went down my computer wasn't even on. It was 3am my time when all this went down. I really hoped they were moving funds around and accidentally moved mine but I guess I am scammed out of my btc.

I am willing the bet right now they suffered some big loses yesterday or kept funds themselves....

I am very curious to know who has received withdraws since yesterday.


UPDATE - as of this morning I can't get into my account. This is getting better by the day!!! I am going to ask a few fellow youtubers to post this story on there show.




                      ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
                     ▄█████████████████████▄
                  ▄███████████████████████████▄
                 ▄█████████████████████████████▄
               ▄█████████████████████████████████▄
              ▄████████████████████████████████████▄
           ▄██████████████████████████████████████████▄
        ▄████████████████████████████████████████████████▄
     ▄█████████████████████▀▀▀▀▀▀▀▀▀▀▀██████████████████████▄
  ▄████████████████████▀▀▀             ▀▀▀█████████████████████▄
████████████████████▀▀                     ▀▀█████████████████████
                          ▄▄▄▄▄▄▄▄▄▄▄▄▄      
                       ███████████████████
                    █████████████████████████
                  █████████████████████████████
                 ███████████████████████████████
                ███████████           ███████████
               ██████████               ██████████
               ████████                   ████████
               ████████                   ████████



              ██████████████████████████████████████
              ██████████████████████████████████████
              ██████████████████████████████████████
              ██████████████████████████████████████
.
.



.
The 1st Algorithmic
.
Crypto-asset Manager
.



.
ANN         Slack          Twitter
Bounty    Reddit        Telegram

Medium  Facebook
.



ICO PRE-SALE
█████████████████████████████████████████████████████████
10 October
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 ... 180 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!