|
paramind22
|
 |
January 06, 2023, 08:32:24 PM |
|
If you study frauds, there are often more than one person involved.
|
|
|
|
|
|
|
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
philipma1957
Legendary
 Offline
Activity: 4102
Merit: 7765
'The right to privacy matters'
|
|
January 06, 2023, 08:51:15 PM |
|
I have emailed admin@mmpool.org several times since 27 December 2022 and I have received no reply since then. The admin assured me in 2021 that the pool would remain operational and encouraged more mining. I rented mining rigs and found the majority of the blocks in 2021. Those rewards were paid out as promised. The admin encouraged more mining This year, I mined more and doubled down in the last quarter to try to find a block before the end of the year for this pool. It was a long and difficult round with low luck. It seemed to go on forever. I went in deeper. A block was found and I was elated to get some of the year-long investment back... or so I thought. We were robbed before the payout happened. The admin put the pool on hold for an audit and then dropped communications. I have been patient, but this is fraud. I don't have any other course of action: I will find the admin in person and continue the conversation. I emailed the admin to say exactly that message today. Still no reply. So, backing up to last year... On 27 December, I received this final message for 2022. At the time I agreed to keep it confidential while the admin worked out the details. But since I have had no reply, here are all the details of that final message. The typos and removed information was exactly as I received it. The facts don't match what actually happened since the alleged perpetrator talks about 2016 and 2017 and this all went down between December 2021 and December 2022. But anyway, here it is. I have been contacted by the person who took the pool funds today. They have provided proof that they accessed the server. They apparently gained access a long time ago, and waited for the opportunity to obtain the funds. Here's part of their communication:
===
The btc server was accesed first with user [removed}, I checked that wallet that was stored local and I see 0 transactions.
I copied that wallet and go away for months.
I keeped an eye on that public addreses from pool and I see no transactionas from 2016 or 2017 and I go away.
after some time I come back and check again that address and I see some coinbase transactions from some block mined.
I come back to that btc server and I tried to modified the pool config file but no admin privilege and I tried to got admin privilege with a linux kernel expl.
but was a btc server crash first time and then the root privilege escalation was succesful.
I put a new mining address and keep waiting months.
after a lot of time in a day I received a mining pool notification and bang the block mined.
==
They say the funds are "in a safe place" and asked my to email them back for details which I have done today. Please keep the specific details above confidential for now while I communicate with them. I'll let you know as soon as they reply, or within 24 hours if I haven't heard back.
Somebody please quote this post for me. I will apologize if I am so lucky to be wrong about this fraud ... or I will find the admin and discuss it in person. ctya (Calmer Than You Are ) I am sorry for the loss you suffered. Even if it is not fraud by the pool owner he still is liable for not securing the mining address correctly. You certainly would have a civil case against him if you find him. your loss is 6 x 16.8k = 100.8k or more I hope you can find him out and get restitution from him. |
|
|
|
o_solo_miner
Legendary
Offline
Activity: 2440
Merit: 1474
-> morgen, ist heute, schon gestern <-
|
|
January 08, 2023, 10:36:59 AM
Last edit: January 08, 2023, 10:51:22 AM by o_solo_miner |
|
There are NEWS on mmpool.org: 2023-01-07
On 2022-12-27 the pool received the following email: From: Woon Jin woonjin81 at proton dot me To: admin@mmpool.org admin at mmpool dot org Subject: mmpool info mined block this month Hi my friend My name is Woon Jin - Im security and pentesting enginer and I contact you to explain more about mmpool problems that appear this month First of all keep all your private keys in safe places!. First step for me was to give all credentials to conect to your btc server. The btc server was accesed first with user main, I checked that wallet that was stored local and I see 0 transactions. I copied that wallet and go away for months. I keeped an eye on that public addreses from pool and I see no transactionas from 2016 or 2017 and I go away. after some time I come back and check again that address and I see some coinbase transactions from some block mined. I come back to that btc server and I tried to modified the pool config file but no admin privilege and I tried to got admin privilege with a linux kernel expl. but was a btc server crash first time and then the root privilege escalation was succesful. I put a new mining address and keep waiting months. after a lot of time in a day I received a mining pool notification and bang the block mined. all founds are keeped in safe place. for more details mail me back I attached her the old privat key for your user main. don't forget to check all your devices about security issues and don't forget about ckpool secutiry issues. -----BEGIN OPENSSH PRIVATE KEY----- [redacted] -----END OPENSSH PRIVATE KEY----- Sent with [Proton Mail]( https://proton.me/) secure email. I confirmed that the private key was the key to SSH to the server. I replied requesting more information and return of the funds. On 2022-12-28 I received the following:
Hi friend admin Hard time here in Shangqui no job no salary and covid pandemic low money level for people here No more details I have keep you credentials in safe place update software Old software and webs have more bugs Firewall is good to be install update ckpool software netcat works well. Happy year admin Sent with Proton Mail secure email. I didn't reply to this email but received another on 2023-01-01: Hi admin No waste time audit source code https://bitbucket.org/ckolivas/ckpool/src/master/ old scripts expl no public avaiable solo.ckpool.or no firewall ssh open exp no work source no bug solo.ckpool.org has address 51.81.56.15 solo.ckpool.org has IPv6 address 2604:2dc0:100:240f::1 scan hostname: 51.81.56.15 51.81.56.15 : 22 : TXT : SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 51.81.56.15 : 80 : TXT : 51.81.56.15 : 22 : TXT : SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 51.81.56.15 : 80 : TXT : 51.81.56.15 : 443 : TXT : 51.81.56.15 : 443 : TXT : 51.81.56.15 : 3333 : TXT : 51.81.56.15 : 3333 : TXT : 51.81.56.15 : 4334 : TXT : 51.81.56.15 : 4334 : TXT : 51.81.56.15 : 8333 : TXT : 51.81.56.15 : 8333 : TXT : Sent with Proton Mail secure email. I have heard nothing from them since. I am updating the pool software to remove vulernabilities. Once that is done, the pool will be resumed. The bitcoins stolen by the attacker are not retrievable, if you have resources to track them down from the emails that would be useful. As a pool that shares the distribution of mined bitcoins to the users, so is the loss of mined bitcoins through attacks like this distributed. The block will be treated as unfound and the DGM reward system will treat it as if it had not been mined. This will mean the rewards will continue to be funded to miners in future blocks as the DGM system "catches up" for what looks like an unlucky mining period.
On 2022-01-07 I received an email from a pool user with an attempt to obtain information about the pool operator embedded in the email. I am doing my best at keeping the pool operational, and while I've been running it have been responsible for the distribution of many bitcoins. I appreciate all your patience and use of the pool. I hope we can continue to operate in a fair manner following this. to sad. I liked the payout sceme for the blockfinding miner. But now it's over! |
from the creator of CGMiner http://solo.ckpool.org for Solominers paused: passthrough for solo.ckpool.org => stratum+tcp://rfpool.org:3334 |
|
|
ctya
Member
Offline
Activity: 297
Merit: 30
|
|
January 08, 2023, 04:50:34 PM |
|
I am sorry for the loss you suffered.
Even if it is not fraud by the pool owner he still is liable for not securing the mining address correctly.
You certainly would have a civil case against him if you find him.
your loss is 6 x 16.8k = 100.8k or more I hope you can find him out and get restitution from him.
Thank you phillpma1957. I very much appreciate it. |
|
|
|
|
ctya
Member
Offline
Activity: 297
Merit: 30
|
|
January 08, 2023, 05:35:32 PM |
|
In case anyone was thinking about mining at mmpool.org: Do not mine at mmpool.org admin@mmpool has not replied to any of the several emails sent to him since 28 December 2022. admin@mmpool.org does not visit this forum (BTF) to read posts. If he did, we might see an email reply to a post or a news reply to a post that originated on BTF. Since he does not read this, and does not reply to email, we don't have any dialogue regarding pool operations. We only have vague posts with missing facts on the mmpool.org news web page after a HUGE ROBBERY BY AN UNKNOWN THIEF. By the way, I might have accepted the missing block scenario he describes in his news post. It might have been a way to move forward if this wasn't already full of lies and fraud. It might have resulted in a large payout to me. It is a shame that I wasn't asked if that was ok despite being owed so much and despite my several attempts by email to continue the conversation. If he had posted that here on BTF back at 16 December 2022, then we might still be mining right into his next fraud. Instead, I have found his location and let him know that location via email. Then he posted the latest news entry with more facts for you all. I'll hire an investigator and a lawyer in his english-speaking home country (far from Sweden!) to follow up on my behalf. He doesn't want to engage directly, so I now have to invest more to continue the conversation in person. In the best-case scenario, the admin is negligent and he has allowed a thief to steal the reward of the last round while also neglecting his community of miners. In the worst-case scenario, the admin is the thief. I won't mine at mmpool.org and you shouldn't either. |
|
|
|
|
|
paid2
|
|
January 09, 2023, 07:01:59 AM |
|
In case anyone was thinking about mining at mmpool.org: Do not mine at mmpool.org
admin@mmpool has not replied to any of the several emails sent to him since 28 December 2022.
By the way, I might have accepted the missing block scenario he describes in his news post.
It might have been a way to move forward if this wasn't already full of lies and fraud.
It might have resulted in a large payout to me.
It is a shame that I wasn't asked if that was ok despite being owed so much and despite my several attempts by email to continue the conversation.
If he had posted that here on BTF back at 16 December 2022, then we might still be mining right into his next fraud.
Instead, I have found his location and let him know that location via email.
Then he posted the latest news entry with more facts for you all.
I'll hire an investigator and a lawyer in his english-speaking home country (far from Sweden!) to follow up on my behalf.
He doesn't want to engage directly, so I now have to invest more to continue the conversation in person.
In the best-case scenario, the admin is negligent and he has allowed a thief to steal the reward of the last round while also neglecting his community of miners.
In the worst-case scenario, the admin is the thief.
I won't mine at mmpool.org and you shouldn't either.
I wish you the best for your researches. I hope you will find him
I am personnaly still thinking that mmpool is the thief. So easy no ? Steal 100K USD and post 2 emails without any proof on your own website, it doesn't look to be so complicated. Good reward for the efforts done, no ? An honest pool operator would not ignore his users emails, especially emails from the user who solved 90% of the last blocks. I agree with ctya, no one should point any hashrate to Mmpool, why should we trust him again ? We have NO PROOF that he is not telling us absolute bullshit on his news webpage. He is not able to give us security, and probably did a crazy exist scam. Why should we give him the opportunity to fuck us twice ? I really hate this lack of transparency from mmpool. He could do an exception to his "Bitcointalk boycott" and come here to explain us how he managed to have such vulnerabilities on his server when his hosts a BTC mining pool. Crazy |
|
|
|
ctya
Member
Offline
Activity: 297
Merit: 30
|
|
January 09, 2023, 05:41:12 PM |
|
I wish you the best for your researches. I hope you will find him
I am personnaly still thinking that mmpool is the thief. So easy no ? Steal 100K USD and post 2 emails without any proof on your own website, it doesn't look to be so complicated. Good reward for the efforts done, no ?
An honest pool operator would not ignore his users emails, especially emails from the user who solved 90% of the last blocks.
I agree with ctya, no one should point any hashrate to Mmpool, why should we trust him again ? We have NO PROOF that he is not telling us absolute bullshit on his news webpage. He is not able to give us security, and probably did a crazy exist scam. Why should we give him the opportunity to fuck us twice ?
I really hate this lack of transparency from mmpool. He could do an exception to his "Bitcointalk boycott" and come here to explain us how he managed to have such vulnerabilities on his server when his hosts a BTC mining pool.
Crazy
He should have already reported this theft to the Swedish police and the hosting ISP, 247. A backup of the server should have been frozen as forensic evidence. But we have seen no evidence that these common practices were followed. The admin will probably wipe out the server with some pool rebuild next and claim that all evidence of the intrusion was lost. It's not just a lack of transparency. It is negligence and fraud. |
|
|
|
|
|
Sledge0001
|
|
January 09, 2023, 06:48:40 PM |
|
He should have already reported this theft to the Swedish police and the hosting ISP, 247. A backup of the server should have been frozen as forensic evidence.
But we have seen no evidence that these common practices were followed.
The admin will probably wipe out the server with some pool rebuild next and claim that all evidence of the intrusion was lost.
It's not just a lack of transparency. It is negligence and fraud.
First step is that the server should have immediately been unplugged and taken offline, air gapped and NOT backed up. Police contacted as this was occurring would be the next logical step. A backup of the server could trigger some a script to help clean the hacker(s) tracks. That's going under the assumption that there was a hack. In any event the lack of clear communications from Admin is concerning but I wouldn't say we should jump to fraud just yet. We all have to unfortunately sit back now and let the investigation run its course.... If it was a hack, then I hope they get caught, are forced to return every dime and then fry the scumbag. If it was an Admin exit strategy, then the same. |
|
|
|
|
ctya
Member
Offline
Activity: 297
Merit: 30
|
|
January 11, 2023, 04:03:14 AM |
|
We all have to unfortunately sit back now and let the investigation run its course....
If it was a hack, then I hope they get caught, are forced to return every dime and then fry the scumbag. If it was an Admin exit strategy, then the same.
...Pool Admin to me via email I'm currently travelling with limited internet access, it's unfortunate timing for the pool issues happening around Christmas/New Year period. It has been difficult coordinating and reaching people.
I have contacted Proton Mail and have not yet received a response.
Communication with authorities is ongoing. It would help to have contact details for the main people affected to pass on to them. Do you have any I can provide?
I am still attempting to communicate with the person who accessed the server.
The server is still available for analysis.
I'm am just as affected as you are and would like to get resolution for the issue. While this is haopening the plan is to fix the issues and get the server running again.
so. very. scammy. |
|
|
|
|
|
paramind22
|
|
January 11, 2023, 03:34:54 PM |
|
This incident should be better known to the community and law enforcement. What if the pool operator isn't doing this? Maybe someone can write a press release. There are free press release services out there.
|
|
|
|
ctya
Member
Offline
Activity: 297
Merit: 30
|
|
January 12, 2023, 05:48:58 PM |
|
This incident should be better known to the community and law enforcement. What if the pool operator isn't doing this? Maybe someone can write a press release. There are free press release services out there.
http://mmpool.org/ MMPool is just a static news page today. The rest of the site links serve the same news page. The bitcoin node is offiline since about Jan 12, 2023 01:30 AM UTC https://bitnodes.io/nodes/193.29.105.150-8333/MMPool News 2023-01-12
The pool server is down while it is being rebuilt. This status page exists to keep up to date with progress. Investigation is continuing towards tracking down who infiltrated the server. A forensic examination of the server is underway. For any questions please email admin (at) mmpool.org. I encourage any pool user affected by this to email and get in touch. Any other communications medium other than that account does not represent the pool. Any help or advice appreciated.
|
|
|
|
|
bigdaddymccarron
Member
Offline
Activity: 71
Merit: 16
|
|
January 13, 2023, 04:04:11 PM |
|
This incident should be better known to the community and law enforcement. What if the pool operator isn't doing this? Maybe someone can write a press release. There are free press release services out there.
http://mmpool.org/ MMPool is just a static news page today. The rest of the site links serve the same news page. The bitcoin node is offiline since about Jan 12, 2023 01:30 AM UTC https://bitnodes.io/nodes/193.29.105.150-8333/MMPool News 2023-01-12
The pool server is down while it is being rebuilt. This status page exists to keep up to date with progress. Investigation is continuing towards tracking down who infiltrated the server. A forensic examination of the server is underway. For any questions please email admin (at) mmpool.org. I encourage any pool user affected by this to email and get in touch. Any other communications medium other than that account does not represent the pool. Any help or advice appreciated.
I lost a very small amount, around 0.007 btc, but it still pisses me off because to maintain that little bit of coin over the last year cost a metric shit ton of power and money! I truly feel for ctya and completely understand his anger! |
|
|
|
|
philipma1957
Legendary
Offline
Activity: 4102
Merit: 7765
'The right to privacy matters'
|
|
January 13, 2023, 04:16:24 PM |
|
This incident should be better known to the community and law enforcement. What if the pool operator isn't doing this? Maybe someone can write a press release. There are free press release services out there.
http://mmpool.org/ MMPool is just a static news page today. The rest of the site links serve the same news page. The bitcoin node is offiline since about Jan 12, 2023 01:30 AM UTC https://bitnodes.io/nodes/193.29.105.150-8333/MMPool News 2023-01-12
The pool server is down while it is being rebuilt. This status page exists to keep up to date with progress. Investigation is continuing towards tracking down who infiltrated the server. A forensic examination of the server is underway. For any questions please email admin (at) mmpool.org. I encourage any pool user affected by this to email and get in touch. Any other communications medium other than that account does not represent the pool. Any help or advice appreciated.
I lost a very small amount, around 0.007 btc, but it still pisses me off because to maintain that little bit of coin over the last year cost a metric shit ton of power and money! I truly feel for ctya and completely understand his anger! Very sad. I mined here for 8 years. I collected a lot of BTC over time. I think I lost 0.01 btc on this block I can live with it. But it is sad whether it was the pool owner or a hacker it is sad. Now coins are going up so it hurts even more. |
|
|
|
|
|
NotFuzzyWarm
Legendary
Offline
Activity: 3612
Merit: 2506
Evil beware: We have waffles!
|
|
February 01, 2023, 02:16:11 PM |
|
However, the above pool is an altcoin pool, so I'd suggest people avoid it, as is normal for people in this part of the forum.
The shameless self advertising for that work-in-progress algo switching pool was deleted by the mods.  |
|
|
|
o_solo_miner
Legendary
Offline
Activity: 2440
Merit: 1474
-> morgen, ist heute, schon gestern <-
|
|
February 01, 2023, 03:52:11 PM |
|
It can of course also be found at the mmpool website.
and here it is: News
2023-01-31
After much consideration it has been decided not to resume the pool operation. There is too much risk involved in operating bitcoin services. While an attacker only needs to succeed once, the pool must succeed in defending every time. There is no upside for this risk for a low volume pool such as this. The pool has operated the last few years successfully and while blocks have been few, it has always operated honestly. It's unfortunate the actions of one person ends things in this way. Payouts to all users will be done over the next two weeks for any outstanding balances automatically. An update will be posted here when that is complete.
Investigation will continue in finding the person who stole the funds. Based on logs, emails with the attacker, and recent additional hacking attempts, it looks likely the attacker was a pool user. I again ask that you return the funds so it can be passed on to the pool users, before you are found. No action will be taken if this happens. For all enquiries I can be reached at admin (at) mmpool.org. Funds can be returned to bc1qxaaymhtsvtwg3a5shf370h72kqs68cwale5pxj. Donations to help with the wrap up of the pool also accepted to that address, and they will be used to pay out to users that had their block contribution stolen by the attacker.
no neeed to go anywhere else, Bitcointalk.org |
from the creator of CGMiner http://solo.ckpool.org for Solominers paused: passthrough for solo.ckpool.org => stratum+tcp://rfpool.org:3334 |
|
|
philipma1957
Legendary
Offline
Activity: 4102
Merit: 7765
'The right to privacy matters'
|
|
February 01, 2023, 04:01:53 PM |
|
He says he is going to pay out.
|
|
|
|
|
paid2
|
|
February 01, 2023, 04:06:03 PM |
|
He says he is going to pay out.
As I understood ; he is asking for donations and for the hacker to send back the funds. I think he will pay the coins from previous blocks (before the hack) to the people who didn't withdraw no ? |
|
|
|
|
paid2
|
|
February 12, 2023, 09:57:51 PM |
|
From my side mmpool's website is down...
|
|
|
|
willi9974
Legendary
Offline
Activity: 3416
Merit: 2655
Escrow Service
|
|
February 13, 2023, 06:23:30 AM |
|
From my side mmpool's website is down...
I think the pool is down, but the news website is working from my view (I can open the news page) |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
