[ANN] Potential Premine SCAM coins: RainbowCoin Evercoin

[micryon]

Hey guys.. in the wake of the Asiacoin mega-scam.  We've been doing some forensics on the code to understand the premine scam.. my full analysis is listed here:

https://bitcointalk.org/index.php?topic=566870.msg6535095#msg6535095

This code was also found in SHACoin, which had the exact same premine SCAM that was exposed a week earlier.

cruncher on IRC had a great suggestion to search all of github for a particular string that was associated with the obfuscating premine.

The segment of code resides in the RPC call, that seeks to intercept the amount of coin by returning a modulo version of it.

The result of that search is here: "https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code"

As you can see the string shows up in a bunch of other places (including the AsiaCoinFix repo i pushed up for the forensics exercise).

The following hits to coins were identified:
  EverCoin - never heard of this
  RainbowCoin - recently launched
  ShaCoin - known premine scam
  ccc/qbcc - ??
  BeeCoin - ?
  QuarkBar - premine scam found,  patched



Now it may be the case that some devs accidentally forked a code repo unknowingly.. or the coin has already found the issue and patched it, or maybe this isn't even the original location of the code..

I didn't check the actual blockchain itself to verify.  This is just from a github search using the "obfuscation code"..  But if this code is deployed even without knowing.. it really ought to be patched up anyhow.

Up to everyone's own due diligence to check their own coins now..

[honghaisea]

QuarkBar is a scam coin? Are you sure?

[micryon]

QuarkBar is a scam coin? Are you sure?

No I am not sure.. that's why I said potential.  The "malicious" code exists in that code base on github.. that's all we know.

If someone can verify and get back to this we can certainly eliminate it as a candidate.

[TTM]

Quarkbar's original dev also gone. Now community took over this coin, but i don't know whether or not that community know about this premine. You should put a warning on their thread.

[Jonesd]

Quarkbar's original dev also gone. Now community took over this coin, but i don't know whether or not that community know about this premine. You should put a warning on their thread.

We're looking into this. We were not aware of this at all.

[TTM]

micryon, thanks for your effort, i have a small question.

If scammer publish clean source code to github but he compile clients with malicious codes included, then how can we know ? Few people will take that 'clean' source and compile for themself, but this will cause conflict with those clients compiled by dev, right ? Then how can we know if that case happen ?

I'm just asking because i think in future, those scammers will find a more sophisticated way to scam.

[Obfuscode]

QuarkBar Community dev here. Thanks for the post!
We're looking at the code and going to patch it out asap.

[micryon]

If scammer publish clean source code to github but he compile clients with malicious codes included, then how can we know ? Few people will take that 'clean' source and compile for themself, but this will cause conflict with those clients compiled by dev, right ? Then how can we know if that case happen ?

I'm just asking because i think in future, those scammers will find a more sophisticated way to scam.

Afaik, there's no way to know what's in the compiled binary they distribute, unless you compile it yourself.. and/or they release a sig'd build (which .. apparently no one does).

However, you are correct that if the key areas of the code do not match up.  Things like Checking transactions, Accepting block hashes.. rewards, etc.  Then those clients will not connect with each other.

The key to all this is 3rd party exchanges and pools.  By in large they are all 100% Linux, and must build from source.. so if you can't connect to them (accept blocks).. then you know that there's something different with your client.  

All coins require those ecosystem infrastructure, which has to be built from source...


This is the reason that the perpetrators of these scams do actually have to release the source, that is basically the same as the compiled binary.. They can do a few things like RPC call diffs, remove seed addresses, or inject trojans in the compiled binaries tho..

[YoyodyneSystems]

Excellent work. I am so lucky I pulled out of AC when it started to drop like a rock. I think it's really bad news for crypto
and alt coins that AC managed to happen. It probably took some people out permanently.

I think the burden should be on the Exchanges to catch these things.
It's 100% their responsibility I would say. They make the money off them and list them as fair products.

[k!lowatts]

could you please check the latest coin? capitalcoin that just announce its existance.

[micryon]

could you please check the latest coin? capitalcoin that just announce its existance.

Sorry you are going to have to check yourself, source is not posted on github.. 30 mb download taking an hour to get that source in .rar format.. (that in itself is a little suspicious tho..)

[micryon]

The real question is what is the solution to this - simply removing the code doesn't really fix anything, it just makes the problem more obvious - but the deed is already done, the coins are already on the chain in wallets someplace. Maybe not dumped yet, maybe partially, maybe half your stash you bought well after launch is illegitimate coin - there's no way to know. How do you possibly escape this stigma without moving to an entirely fresh blockchain? You can't just roll back, remove block 1, and then go back to normal.

Yes you're right .. fixing premine situation is very difficult.. I'm just giving people a heads up, is all .. no solutions here unfortunately...

[Obfuscode]

QuarkBar Community Dev here again.

We fixed the upstream code and hardforked the chain effective immediately.

Thank you the reporting

//Edit:
We're doing the maths to check if and how many scam-coins have been created so far

[Jonesd]

QuarkBar Community Dev here again.

We fixed the upstream code and hardforked the chain effective immediately.

Thank you the reporting

//Edit:
We're doing the maths to check if and how many scam-coins have been created so far

Allcoin will freeze the market, so in this insecure situation, we can prevent a bit of panic.

[Jonesd]

Quarkbar will hardfork after block 215847 immediately (version 70003).
New code at https://github.com/QuarkBar/DGWv2
New windows wallet: http://logicoin.info/Quarkbar-QT.zip

[uvt9]

The real question is what is the solution to this - simply removing the code doesn't really fix anything, it just makes the problem more obvious - but the deed is already done, the coins are already on the chain in wallets someplace. Maybe not dumped yet, maybe partially, maybe half your stash you bought well after launch is illegitimate coin - there's no way to know. How do you possibly escape this stigma without moving to an entirely fresh blockchain? You can't just roll back, remove block 1, and then go back to normal.

Yes you're right .. fixing premine situation is very difficult.. I'm just giving people a heads up, is all .. no solutions here unfortunately...

Hi there, I want to compile clients from source from now on, where should i look for a good guide on how to do it ?
I have very limited programming skill, i occasionally deal with PHP and HTML only.

many thanks  

[micryon]

Hi there, I want to compile clients from source from now on, where should i look for a good guide on how to do it ?
I have very limited programming skill, i occasionally deal with PHP and HTML only.

It is kind of a bitch to do.. but here's the guide: https://bitcointalk.org/index.php?topic=149479.0

[dygus]

Hey guys.. in the wake of the Asiacoin mega-scam.  We've been doing some forensics on the code to understand the premine scam.. my full analysis is listed here:

https://bitcointalk.org/index.php?topic=566870.msg6535095#msg6535095

This code was also found in SHACoin, which had the exact same premine SCAM that was exposed a week earlier.

cruncher on IRC had a great suggestion to search all of github for a particular string that was associated with the obfuscating premine.

The segment of code resides in the RPC call, that seeks to intercept the amount of coin by returning a modulo version of it.

The result of that search is here: "https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code"

As you can see the string shows up in a bunch of other places (including the AsiaCoinFix repo i pushed up for the forensics exercise).

The following hits to coins were identified:
  EverCoin - never heard of this
  RainbowCoin - recently launched
  BeeCoin
  QuarkBar - fixed code
  ShaCoin - known premine scam
  ccc/qbcc - ??


Now it may be the case that some devs accidentally forked a code repo unknowingly.. or the coin has already found the issue and patched it, or maybe this isn't even the original location of the code..

I didn't check the actual blockchain itself to verify.  This is just from a github search using the "obfuscation code"..  But if this code is deployed even without knowing.. it really ought to be patched up anyhow.

Up to everyone's own due diligence to check their own coins now..

Bee coin isn't scam there is new dev and he's changing algo from POW to X11 POS, you should read befor telling shits.

[soopy452000]

Hey guys.. in the wake of the Asiacoin mega-scam.  We've been doing some forensics on the code to understand the premine scam.. my full analysis is listed here:

https://bitcointalk.org/index.php?topic=566870.msg6535095#msg6535095

This code was also found in SHACoin, which had the exact same premine SCAM that was exposed a week earlier.

cruncher on IRC had a great suggestion to search all of github for a particular string that was associated with the obfuscating premine.

The segment of code resides in the RPC call, that seeks to intercept the amount of coin by returning a modulo version of it.

The result of that search is here: "https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code"

As you can see the string shows up in a bunch of other places (including the AsiaCoinFix repo i pushed up for the forensics exercise).

The following hits to coins were identified:
  EverCoin - never heard of this
  RainbowCoin - recently launched
  BeeCoin
  QuarkBar - fixed code
  ShaCoin - known premine scam
  ccc/qbcc - ??


Now it may be the case that some devs accidentally forked a code repo unknowingly.. or the coin has already found the issue and patched it, or maybe this isn't even the original location of the code..

I didn't check the actual blockchain itself to verify.  This is just from a github search using the "obfuscation code"..  But if this code is deployed even without knowing.. it really ought to be patched up anyhow.

Up to everyone's own due diligence to check their own coins now..

Bee coin isn't scam there is new dev and he's changing algo from POW to X11 POS, you should read befor telling shits.

There are alot of changes coming with Bee , better hold it for now.
I'm the new Dev working on Bee and will update as needed.

For the moment Bee is in a transition phase to X11 with POS so I believe you can assume we are on the safe side.

~SoopY~

[platorin]

Stay away from all the coins you are not sure of. That is around 99% of that alt-xxxx!