https://bitcoinvanitygen.com - not samr7 vanitygen

[MoparMiningLLC]

I am not sure where to post this - I used vanitygen to generate 21 different addresses which I funded, one I used and the rest were created, printed as a QR code and put on pokerchips for my children and grandchildren - the private addresses were never loaded to any program or stored/saved anywhere.

the above statement is false - I thought the vanitygen program was used, we set it up, we tested it but in the end the other person involved opted for a shorter/faster route which also ended up being compromised.

these are my 21 addresses that were emptied this morning:
1HEDDiESypk51VUd8FqBdaA7zZ4GVJK4wo
1ASHLeEYu71xk6sc9qweZG5UL5QsceXwhY   
1Eddiej8mqC2c8z3uW62c9k2ZygKsZeUF1   
1KaiLaQTwA5qtAhdH8Xz4VqPKa3gCesfLg   
1iSAiAhHae53SVt5rvEKDAMhqRKZ9eqRU
1xaNDerXNpPFtncFGX4mbaZW7At4RCxfp
1CaLebuQ5FcyVHTNUaAx1v5sLhww7DDURa
1MjLEonmFpFkE6gUjmN29aXh8zVYELfQBk
1Eric2r8vDD28BSN5c8PeyfiGiBazfnHGa
1JaicenJbkqL4rStxMd2UyHFU36BuJG4uW
1JuLianYMWXrQL1ucnCRtjTNJx7j49Pc19
1Maya2mzYFjwPGM7qsc9aCPGgn1LgYyr5c
1MissyTZW59BEvH2eP2j3VhW7JoSSMKDi4
1MindiBf4hWBUvemnMi8h3E444zdjGTbkm
1DaynarrwzjFR6bEvsLPPtoPS2a7UeNzNW
1ViCTorNnXuSmQb4twDC1CJSVtz8o73Er
1ZoeyUnsMqHfKH4zQ37R86ThzmPKz9Qyc
1HannabxvdhmBeJV2JX7Kc1DcS6V7sxoBN
1MaisyHCcQx5DQd3p5fBT8iYBdXTPLmBq9
1MoparCzLLgVhFjLMo9iS4a8qeEMpF3EeJ

if I look at the transactions, it is apparent that my addresses are not the only ones affected - I would highly recommend anyone using a vanity address, to move the funds asap.

[1714962345]

1714962345

[1714962345]

1714962345

[philipma1957]

How did you make addresses,
 off line?


1HEDDiESypk51VUd8FqBdaA7zZ4GVJK4wo  this one is missing 0.001

[MoparMiningLLC]

some of the stolen funds are sitting here:

https://www.blockchain.com/btc/address/1MtcJqcg9UAU6FrMdYf1P5n4VNzcA1Y6Tm

[jackg]

Did you generate them offline or online? And how were they stored? In a passworded file/printed?

These are going to be helpful in determining if it was a malicious binary or if it was potentially an external piece of malware harvesting the information. Also were any generated using a public key additive?

[philipma1957]

I see they got the moparaddress

https://www.blockchain.com/btc/address/1MoparCzLLgVhFjLMo9iS4a8qeEMpF3EeJ

I am trying to figure out if vanitygen is at fault

or some clever fishing is the issue.

I did this one  off line

and I erased the hard drive after I copied the keys.


1956jUdYPFwiBSzt9AECdWj3KE4WV7taiM

https://bitcointalk.org/index.php?action=profile;u=166799

[MoparMiningLLC]

offline - private keys were not stored, they were generated, printed and applied to pokerchips, which are still secured and in my possession. I kept no back up of the keys as I have the chips and planned on having them until I handed them to my children and grandchildren.

i dont know what you mean by "public key additive"

[philipma1957]

offline - private keys were not stored, they were generated, printed and applied to pokerchips, which are still secured and in my possession. I kept no back up of the keys as I have the chips and planned on having them until I handed them to my children and grandchildren.

did you erase the pc hdd once you recorded the info?

if you did then something is really bad.

if you kept the hdd and operated  software on it.

then a clever malware is on the hdd.

If the pc had no wifi
and was air gapped offline making the keys and you copy them.

the only ways it can be stolen are:

 the pc was not offline and a clever way to do hidden wifi was on that pc.
when you put the pc back online a way to find the keys was on the pc.

how did you record the keys?
did you import them?
where did you import them to?

[BrewMaster]

this may be obvious but are you sure you are using the real vanitygen project[1] and not some random fake .exe that you found on google search?
your case could simply be like those who keep downloading fake electrum wallets and lose their funds thinking the issues is with electrum.

[1] this is their topic: https://bitcointalk.org/index.php?topic=25804.0 which also has a PGP signature that you should have verified after downloading and before generating those keys.
did you verify sig or compile yourself? could you post the hash of the file you have?

[MoparMiningLLC]

this may be obvious but are you sure you are using the real vanitygen project[1] and not some random fake .exe that you found on google search?
your case could simply be like those who keep downloading fake electrum wallets and lose their funds thinking the issues is with electrum.

[1] this is their topic: https://bitcointalk.org/index.php?topic=25804.0 which also has a PGP signature that you should have verified after downloading and before generating those keys.
did you verify sig or compile yourself? could you post the hash of the file you have?

the pc used to generate the keys was running vanitygen but is a pc that has never been online. The pc is at a shop shared by myself and 2 others.

I am trying to sort out all the details - the creation of the keys was a joint effort with myself and a friend - he also uses the program.

I downloaded the vanitygen from here https://github.com/samr7/vanitygen installed it on the laptop via usb. My friend at the shop would run the program and print them out. I would pick them up when I was next at the shop.

I do not think this is anything done by him or anyone at the shop - as there are literally hundreds of addresses affected so others must have been using the same program - as I look at the inputs and many of them are easily identifiable as vanity addresses.

Also, let me also clarify - this affects nothing I have ever done or sold to anyone --- these are my personal addresses.

I am on my way to the shop now to see if he can add any further details. I literally got up, took the grandson to school, sat down at my pc with a cup of coffee and saw the transactions hit in electrum. by the time I checked all the addresses they were all empty.

I could not peel/sweep the chips fast enough. Every one I peeled to check was already empty.

I will get the hash when I get to the shop and bring it back here in a bit.

[MoparMiningLLC]

ok.....

I have to digest this --- and I had to leave the shop rather quickly before I killed the motherfucker.

I had downloaded the vanitygen program and installed on pc and we ran a few while i was in the shop that day. some take longer than others - some were fast some took a while.

well my "friend/coworker" agreed that if i supplied him the names, he would run the program, copy/paste the addresses/keys and print them so I can pick them up when I come in (I go in like once a week) he also wanted to use the program so he could 3d print things with vanity addresses and provide keys to customers - he runs a 3d printing business.

sooooo - I walk in and tell him what happened - asking if for any reason he put the pc online, even temporarily - he says no. Then he tells me he has to tell me something...

he said the program was taking too long on longer vanity addresses, so apparently in his genius thought process, he looked for other ways to generate addresses, and he came upon

https://bitcoinvanitygen.com/  

and he stated he has been generating the addresses from there vs the vanitygen program on the laptop. He did not think to tell me as it the "outcome is the same".

I told him he owes me $500 and he better call any/all customers and see how many lost their funds and that he needs to have all his stuff out of the shop by the end of the week.

I have been sitting in my car for about 5 minutes still too pissed off to drive.

I spoke with minerjones who pointed out that years ago he had issues with the same site. https://bitcointalk.org/index.php?topic=1476782.0 apparently this is a known issue.

so to summarize (I will edit my OP) this has nothing to do with the vanitygen by samr7  - and is strictly tied to https://bitcoinvanitygen.com/  website --- which explains how it involves so many other addresses not just the ones I used.

so, I repeat this is not related to the vanitygen by samr7

the issue here is a complete breakdown of an agreed upon process - and complete disregard for my funds/funds of my children and grandchildren -well, and the funds of his customers.

I did create/use 2 from the program - for my parents. I will be in contact later today to have them check the funds - I did not save their public addresses so I cannot check them myself.


IF ANYONE ELSE HERE USES THAT WEBSITE I SUGGEST YOU TAKE YOUR FUNDS OFF THE ADDRESS IF THEY ARE NOT ALREADY TAKEN AND DO NOT USE IT ANY FURTHER

[philipma1957]

Well the good news is it was only 500 of your dollars.

The bad news is you lost a friend and a trusted person turned out to be not so trusted.

Still 500 is not too bad of a loss. I am hoping it stays under $1000 in total.

Just think if the "thief website" waited and btc mooned the loss could have been 5 or 10k

[MoparMiningLLC]

Well the good news is it was only 500 of your dollars.

The bad news is you lost a friend and a trusted person turned out to be not so trusted.

Still 500 is not too bad of a loss. I am hoping it stays under $1000 in total.

Just think if the "thief website" waited and btc mooned the loss could have been 5 or 10k

well according to minerjones post from years back he lost 3 btc to the site.

and i count hundreds of addresses possibly affected by this and thats just the transactions that i can see because they involve my addresses.

[Agrawas]

I hope these scammers rot in hell, can never understand what these people get from stealing other's money and especially this website who has been know to do this over and over again..

[BitcoinGirl.Club]

You scared me for few minutes until I read the clarification and the move from your dickhead friend.  Good to know that the damage was not much for you. In minerjones's case I think the 3 btc did not worth much at that time. But it's sad to know that possibly few thousands of bitcoin users were already affected by it.

May be we can report this bitcoinvanitygen.com site and take it down. I never heard of this hosting service provider. It's ovh.com, I am trying to figure out how to talk to them about it and file a complaint using the reference of this topic.

[jackg]

i dont know what you mean by "public key additive"

Vanity gen has an online option that allows you to get someone else to generate the key buy adding a certain key onto it and giving them the public part of the key (while you have the private) so all they know is your address and having part of the private key (when the numbers are 128bit-256bit it's more secure than it sounds)...

If you haven't found one, I could make a batch script that produces addresses in bulk and post it publicly on the forum (I've probably done it before but it's a simple 3 minute task)...

[LoyceMobile]

This scammer has been promoting that site in his signature for years: https://bitcointalk.org/index.php?action=profile;u=303026

He mostly promotes it on boards that don't show his negative feedback. Feel free to tag him more though.

[BitcoinGirl.Club]

This scammer has been promoting that site in his signature for years: https://bitcointalk.org/index.php?action=profile;u=303026

He mostly promotes it on boards that don't show his negative feedback. Feel free to tag him more though.

I tagged them.

I could not report the site to the hosting service provider. It's asking me to create an account and I am not in a mood to create one. Will anyone do the reporting and keep us undated? I may find some times later if no one does this.
This domain needs to be off from the cloud.

[TryNinja]

I could not report the site to the hosting service provider. It's asking me to create an account and I am not in a mood to create one. Will anyone do the reporting and keep us undated? I may find some times later if no one does this.
This domain needs to be off from the cloud.

I did report them (and suggested MoparMining to do the same) on Google's safebrowsing page. They are more focused on phishing websites, but I think there is a chance they block the website: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

I also just reported them to OVH: https://www.ovh.pt/abuse/

[MoparMiningLLC]

I could not report the site to the hosting service provider. It's asking me to create an account and I am not in a mood to create one. Will anyone do the reporting and keep us undated? I may find some times later if no one does this.
This domain needs to be off from the cloud.

I did report them (and suggested MoparMining to do the same) on Google's safebrowsing page. They are more focused on phishing websites, but I think there is a chance they block the website: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

I also just reported them to OVH: https://www.ovh.pt/abuse/

Ty - I wonder how many of the affected are on here.

[icopress]

Well MoparMiningLLC, I sympathize with you, but I want to ask you, is your friend a bitcointalk member? I was reading the conversation on Discord and following the conversation on this thread, and it occurred to me that your friend's behavior might be even more unacceptable than you think.

What is the likelihood that he emptied addresses in his favor and told you that he used bitcoinvanitygen.com ^{(knowing about the theft precedents)}