[XMR] Monero - A secure, private, untraceable cryptocurrency

[Its About Sharing]

I heard there is a fake mymonero site. The fake site URL ends with .co instead of .com

Maybe you accidentally logged into the fake site and they got your password?

Oh shit... it's still online and looks totally legit. I hope you didn't get scammed Birr...  

Edit - scour your browser history asap!

You can send him messages I bet. I doubt he has it automated. What ever you type in as a mnemonic he will read it.

I saw the warning about mymonero.co as soon as it was posted on these forums.  I've used mymonero.com several times since then.  I never went to mymonero.co.  Whoever got into my account, it was somebody else.
The last two or three times that I used mymonero.com, it wasn't syncing.  It would say your account is 10 blocks (or whatever) behind.  Then the number of blocks behind stated by the error message would increase gradually..  So in effect it was frozen. Something was probably interfering with my connection to mymonero.com, preventing communication.  That could be what made it look like the blockchain wasn't syncing.  If there was a man-in-the-middle attack, maybe that would explain the lack of a connection, I don't know.
It would be good to figure out what happened, if not for my sake then to prevent it happening to others.
Fluffypony said in his response to my support email that the server has not been compromised. I don't think I can ask or expect him to spend much time on this.  Maybe there are people with some expertise here who are more interested.

Really Sorry for your loss Birr. I hope the thieves get to see this - and I'm sure they read these boards, dare I say post.
I would be very careful on your computer. I am not a security expert but if they got in through the VPN that would mean they got to your computer I think.
Data is not passed between your computer and Mymonero, I think that is all client side. I would use another computer and have an expert look at your current system.
There is a chance you have a keylogger or clipboard logger on your machine I would think but ask the experts.

[Anon136]

I heard there is a fake mymonero site. The fake site URL ends with .co instead of .com

Maybe you accidentally logged into the fake site and they got your password?

Oh shit... it's still online and looks totally legit. I hope you didn't get scammed Birr...  

Edit - scour your browser history asap!

You can send him messages I bet. I doubt he has it automated. What ever you type in as a mnemonic he will read it.

I saw the warning about mymonero.co as soon as it was posted on these forums.  I've used mymonero.com several times since then.  I never went to mymonero.co.  Whoever got into my account, it was somebody else.
The last two or three times that I used mymonero.com, it wasn't syncing.  It would say your account is 10 blocks (or whatever) behind.  Then the number of blocks behind stated by the error message would increase gradually..  So in effect it was frozen. Something was probably interfering with my connection to mymonero.com, preventing communication.  That could be what made it look like the blockchain wasn't syncing.  If there was a man-in-the-middle attack, maybe that would explain the lack of a connection, I don't know.
It would be good to figure out what happened, if not for my sake then to prevent it happening to others.
Fluffypony said in his response to my support email that the server has not been compromised. I don't think I can ask or expect him to spend much time on this.  Maybe there are people with some expertise here who are more interested.

Really Sorry for your loss Birr. I hope the thieves get to see this - and I'm sure they read these boards, dare I say post.
I would be very careful on your computer. I am not a security expert but if they got in through the VPN that would mean they got to your computer I think.
Data is not passed between your computer and Mymonero, I think that is all client side. I would use another computer and have an expert look at your current system.
There is a chance you have a keylogger or clipboard logger on your machine I would think but ask the experts.

I still think occams razor says it was some sort of phishing attack not a rootkit on his computer.

[Drhiggins]

Every time I looked at mymonero I kept saying I've seen this image before but from where?

https://mymonero.com/#/  Not the fake scam site.

http://www.stargazercastiron.com/  Great cast iron skillet if you are into cooking with one by the way.  I had ordered one of these several months ago and  kept getting that "why does this look familiar" feeling when I would log into mymonero.  Finally this morning the synaptic pathways linked up and I knew why.  Scammers are smart and will do anything to get over on someone or steal, but they can all rot in hell as far as I'm concerned.  


Sorry to hear the bad news birr. It sucks man, I've been a victim of thief's before I can empathize. For what it might be worth I will say a little prayer for you.  What goes around comes around and these assh*^$ will get what is coming to them.  

Maybe Fluffypony could put a warning up on the home page to check the URL before logging in. 

[fluffypony]

Every time I looked at mymonero I kept saying I've seen this image before but from where?

https://mymonero.com/#/  Not the fake scam site.

http://www.stargazercastiron.com/  Great cast iron skillet if you are into cooking with one by the way.  I had ordered one of these several months ago and  kept getting that "why does this look familiar" feeling when I would log into mymonero.  Finally this morning the synaptic pathways linked up and I knew why.  Scammers are smart and will do anything to get over on someone or steal, but they can all rot in hell as far as I'm concerned.  

lol I had no idea, it was just a stock image that looked cool:)

Sorry to hear the bad news birr. It sucks man, I've been a victim of thief's before I can empathize. For what it might be worth I will say a little prayer for you.  What goes around comes around and these assh*^$ will get what is coming to them.

Agreed - it's seriously upsetting and damaging both for the victim, and for me as the site operator. I can only hope that other people take heed and move their funds into cold storage, the web wallet is just for convenience / playing around / smaller amounts.

Maybe Fluffypony could put a warning up on the home page to check the URL before logging in. 

Did that the minute I found out about the fake site:

It unfortunately doesn't help if people visit the .co first:/

[pa]

Every time I looked at mymonero I kept saying I've seen this image before but from where?

https://mymonero.com/#/  Not the fake scam site.

http://www.stargazercastiron.com/  Great cast iron skillet if you are into cooking with one by the way.  I had ordered one of these several months ago and  kept getting that "why does this look familiar" feeling when I would log into mymonero.  Finally this morning the synaptic pathways linked up and I knew why.  Scammers are smart and will do anything to get over on someone or steal, but they can all rot in hell as far as I'm concerned.  

lol I had no idea, it was just a stock image that looked cool:)

Sorry to hear the bad news birr. It sucks man, I've been a victim of thief's before I can empathize. For what it might be worth I will say a little prayer for you.  What goes around comes around and these assh*^$ will get what is coming to them.

Agreed - it's seriously upsetting and damaging both for the victim, and for me as the site operator. I can only hope that other people take heed and move their funds into cold storage, the web wallet is just for convenience / playing around / smaller amounts.

Maybe Fluffypony could put a warning up on the home page to check the URL before logging in. 

Did that the minute I found out about the fake site:

It unfortunately doesn't help if people visit the .co first:/

My bank had me choose one image (out of several dozen) and thereafter displays that image on the login screen, giving me confidence that it is really my bank's website I'm logging into. Would something like that work with MyMonero? Also, of course, two-factor authentication would be fantastic. I think Trezor now can be used as a login token.

[fluffypony]

My bank had me choose one image (out of several dozen) and thereafter displays that image on the login screen, giving me confidence that it is really my bank's website I'm logging into. Would something like that work with MyMonero? Also, of course, two-factor authentication would be fantastic. I think Trezor now can be used as a login token.

Anything we add can be incorporated on an impersonator site, especially something trivial like that.

2FA is good and well, but either it needs to be a token that is used to encrypt the spend key (ie. you lose access to your 2FA device there's no recovery), or I have to be custodial (ie. store the spend key so you can recover it). Given MyMonero's use-case neither of those options are desirable to me. A form of 2FA is on the cards for development, but we have other urgent priorities like RingCT compatibility, so it's hard to balance everything.

[Drhiggins]

My bank had me choose one image (out of several dozen) and thereafter displays that image on the login screen, giving me confidence that it is really my bank's website I'm logging into. Would something like that work with MyMonero? Also, of course, two-factor authentication would be fantastic. I think Trezor now can be used as a login token.

Anything we add can be incorporated on an impersonator site, especially something trivial like that.

2FA is good and well, but either it needs to be a token that is used to encrypt the spend key (ie. you lose access to your 2FA device there's no recovery), or I have to be custodial (ie. store the spend key so you can recover it). Given MyMonero's use-case neither of those options are desirable to me. A form of 2FA is on the cards for development, but we have other urgent priorities like RingCT compatibility, so it's hard to balance everything.

With the recent rise in Monero price we are going to see more security probes on the network and attacks.  Best security practices should be taken by everyone.  Overall still excited about the future of Monero.  Lots of good things still to come.  Good community here and I love that folks are quick to point out security concerns.

If I was a security expert I'd build a page of all scams and best security practices for Monero community.    

[ibuyltc]

Hello.  I am using the Monero-Core GUI (Pre-Alpha? version) on linux.  I have bitmonerod still syncing in the background but the GUI says its Disconnected.  Is this expected until it catches up?

[Arux]

Hello.  I am using the Monero-Core GUI (Pre-Alpha? version) on linux.  I have bitmonerod still syncing in the background but the GUI says its Disconnected.  Is this expected until it catches up?

Last time i tried (one or two months ago) the gui was able to connect on the testnet but not on the real network.
i don't known if real network is available for now.

useful instructions for testnet here: https://moneroexamples.github.io/private-testnet/

[Anon136]

Given MyMonero's use-case neither of those options are desirable to me.

Monero will always be like this. It will always be "harder" than it's competition. When an exchange gets hacked no one is going to fork freeze the hackers funds and bail you out. If your monero gets stolen no police are going to be able to track down the perpetrator. Tighter security practices will yeild less security. It's a simple narrative. With great power comes great responsibility. If you want the power (and I for one do) be prepared to put in a little more effort to attain it.

Not really telling you this FP. I know you know all of this. Your comment just inspired me to write this for other people.

[jeewaka]

My bank had me choose one image (out of several dozen) and thereafter displays that image on the login screen, giving me confidence that it is really my bank's website I'm logging into. Would something like that work with MyMonero? Also, of course, two-factor authentication would be fantastic. I think Trezor now can be used as a login token.

Anything we add can be incorporated on an impersonator site, especially something trivial like that.

2FA is good and well, but either it needs to be a token that is used to encrypt the spend key (ie. you lose access to your 2FA device there's no recovery), or I have to be custodial (ie. store the spend key so you can recover it). Given MyMonero's use-case neither of those options are desirable to me. A form of 2FA is on the cards for development, but we have other urgent priorities like RingCT compatibility, so it's hard to balance everything.

Have everybody who see's scam sites like this reported at least https://www.google.com/safebrowsing/report_badware/
I already did my part

[Hueristic]

It doesn't support anonymity on the protocol level so you can do the same thing in Bitcoin. On top of that there was a huge pre-mine instamine

FIFY. Truth in scamming is important.

And that's not even what bothers me the most, it's the fact he lied to us all and we shut off our miners for the second relaunch that never happened! People forget.

[pönde]

I just made a 5xmr test transfer from wallet a to wallet b. I am using the Monero simplewallet.

Wallet a had before the transfer 500xmr and now wallet b has received the 5xmr.

Before the transfer the wallet a was

Balance: 500.000000000000, unlocked balance: 500.000000000000, including unlocked dust: 0.020000000000

After the transfer the wallet a has

Balance: 494.980000000000, unlocked balance: 490.000000000000, including unlocked dust: 0.020000000000

The wallet b is after transfer

Balance: 5.000000000000, unlocked balance: 0.000000000000, including unlocked dust: 0.000000000000

Which is fine.

But the wallet a. Balance is just fine. 500xmr minus 5xmr minus 0.02xmr fee is 494.98xmr.

But what is this unlocked balance 490xmr? Why 10xmr less?

That dust has been there already. I do not know why. But what is that unlocked balance? How it is now 10xmr less?

[pa]

I just made a 5xmr test transfer from wallet a to wallet b. I am using the Monero simplewallet.

Wallet a had before the transfer 500xmr and now wallet b has received the 5xmr.

Before the transfer the wallet a was

Balance: 500.000000000000, unlocked balance: 500.000000000000, including unlocked dust: 0.020000000000

After the transfer the wallet a has

Balance: 494.980000000000, unlocked balance: 490.000000000000, including unlocked dust: 0.020000000000

The wallet b is after transfer

Balance: 5.000000000000, unlocked balance: 0.000000000000, including unlocked dust: 0.000000000000

Which is fine.

But the wallet a. Balance is just fine. 500xmr minus 0.02xmr fee is 494.98xmr.

But what is this unlocked balance 490xmr? Why 10xmr less?

That dust has been there already. I do not know why. But what is that unlocked balance? How it is now 10xmr less?

I don't know the precise explanation, but if you wait a little while, your full balance will be unlocked.

[pönde]

Ok.

Now the wallet a is

Balance: 494.980000000000, unlocked balance: 494.980000000000, including unlocked dust: 0.020000000000

The unlocked balance is something that just comes after for some reason.

[myagui]

That dust has been there already. I do not know why. But what is that unlocked balance? How it is now 10xmr less?

Transaction change that is returning to wallet a once it reaches enough confirmations.

[ibuyltc]

Hello.  I am using the Monero-Core GUI (Pre-Alpha? version) on linux.  I have bitmonerod still syncing in the background but the GUI says its Disconnected.  Is this expected until it catches up?

Last time i tried (one or two months ago) the gui was able to connect on the testnet but not on the real network.
i don't known if real network is available for now.

useful instructions for testnet here: https://moneroexamples.github.io/private-testnet/

Thanks, thought it had some mainnet functionality.. guess not.

[harmani21]

Monero exposed!!!!

Alphabay admins cashing out monero drops , btc drops!!

[owlcatz]

Monero exposed!!!!

Alphabay admins cashing out monero drops , btc drops!!

Lol. Right. You keep saying this, but no proof. 

Carry on... Just another day in XMR

[ibuyltc]

Monero exposed!!!!

Alphabay admins cashing out monero drops , btc drops!!

I am confused.  Is this the final chapter of your exposé of Monero?