Bitcoin Forum
June 13, 2024, 09:04:20 PM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: [ANN] Potential Premine SCAM coins: RainbowCoin Evercoin  (Read 7428 times)
micryon (OP)
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile WWW
May 04, 2014, 06:55:50 AM
Last edit: May 25, 2014, 12:09:47 AM by micryon
 #1

Hey guys.. in the wake of the Asiacoin mega-scam.  We've been doing some forensics on the code to understand the premine scam.. my full analysis is listed here:

https://bitcointalk.org/index.php?topic=566870.msg6535095#msg6535095

This code was also found in SHACoin, which had the exact same premine SCAM that was exposed a week earlier.

cruncher on IRC had a great suggestion to search all of github for a particular string that was associated with the obfuscating premine.

The segment of code resides in the RPC call, that seeks to intercept the amount of coin by returning a modulo version of it.

The result of that search is here: "https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code"

As you can see the string shows up in a bunch of other places (including the AsiaCoinFix repo i pushed up for the forensics exercise).

The following hits to coins were identified:
  EverCoin - never heard of this
  RainbowCoin - recently launched
  ShaCoin - known premine scam
  ccc/qbcc - ??
  BeeCoin - ?
  QuarkBar - premine scam found,  patched



Now it may be the case that some devs accidentally forked a code repo unknowingly.. or the coin has already found the issue and patched it, or maybe this isn't even the original location of the code..

I didn't check the actual blockchain itself to verify.  This is just from a github search using the "obfuscation code"..  But if this code is deployed even without knowing.. it really ought to be patched up anyhow.

Up to everyone's own due diligence to check their own coins now..

VTC: Vi5NxyF6FPCCEQDrsDcA34P8pXe1Yck21y
PDR: PP3EQsV3oX9bBkjpsnESguMHz3tfMqHXhy PlanetDollar
honghaisea
Hero Member
*****
Offline Offline

Activity: 952
Merit: 502


View Profile
May 04, 2014, 07:00:00 AM
 #2

QuarkBar is a scam coin? Are you sure?
micryon (OP)
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile WWW
May 04, 2014, 07:00:38 AM
 #3

QuarkBar is a scam coin? Are you sure?

No I am not sure.. that's why I said potential.  The "malicious" code exists in that code base on github.. that's all we know.

If someone can verify and get back to this we can certainly eliminate it as a candidate.

VTC: Vi5NxyF6FPCCEQDrsDcA34P8pXe1Yck21y
PDR: PP3EQsV3oX9bBkjpsnESguMHz3tfMqHXhy PlanetDollar
TTM
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
May 04, 2014, 07:00:57 AM
 #4

Quarkbar's original dev also gone. Now community took over this coin, but i don't know whether or not that community know about this premine. You should put a warning on their thread.
Jonesd
Legendary
*
Offline Offline

Activity: 1876
Merit: 1014



View Profile
May 04, 2014, 07:16:59 AM
 #5

Quarkbar's original dev also gone. Now community took over this coin, but i don't know whether or not that community know about this premine. You should put a warning on their thread.

We're looking into this. We were not aware of this at all.

Co-Founder and Managing Partner of Block Bastards
TTM
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
May 04, 2014, 07:21:54 AM
 #6

micryon, thanks for your effort, i have a small question.

If scammer publish clean source code to github but he compile clients with malicious codes included, then how can we know ? Few people will take that 'clean' source and compile for themself, but this will cause conflict with those clients compiled by dev, right ? Then how can we know if that case happen ?

I'm just asking because i think in future, those scammers will find a more sophisticated way to scam.
Obfuscode
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
May 04, 2014, 07:23:46 AM
 #7

QuarkBar Community dev here. Thanks for the post!
We're looking at the code and going to patch it out asap.
micryon (OP)
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile WWW
May 04, 2014, 07:26:37 AM
 #8

If scammer publish clean source code to github but he compile clients with malicious codes included, then how can we know ? Few people will take that 'clean' source and compile for themself, but this will cause conflict with those clients compiled by dev, right ? Then how can we know if that case happen ?

I'm just asking because i think in future, those scammers will find a more sophisticated way to scam.

Afaik, there's no way to know what's in the compiled binary they distribute, unless you compile it yourself.. and/or they release a sig'd build (which .. apparently no one does).

However, you are correct that if the key areas of the code do not match up.  Things like Checking transactions, Accepting block hashes.. rewards, etc.  Then those clients will not connect with each other.

The key to all this is 3rd party exchanges and pools.  By in large they are all 100% Linux, and must build from source.. so if you can't connect to them (accept blocks).. then you know that there's something different with your client.  

All coins require those ecosystem infrastructure, which has to be built from source...


This is the reason that the perpetrators of these scams do actually have to release the source, that is basically the same as the compiled binary.. They can do a few things like RPC call diffs, remove seed addresses, or inject trojans in the compiled binaries tho..

VTC: Vi5NxyF6FPCCEQDrsDcA34P8pXe1Yck21y
PDR: PP3EQsV3oX9bBkjpsnESguMHz3tfMqHXhy PlanetDollar
YoyodyneSystems
Legendary
*
Offline Offline

Activity: 1386
Merit: 1023



View Profile
May 04, 2014, 07:39:00 AM
 #9


Excellent work. I am so lucky I pulled out of AC when it started to drop like a rock. I think it's really bad news for crypto
and alt coins that AC managed to happen. It probably took some people out permanently.

I think the burden should be on the Exchanges to catch these things.
It's 100% their responsibility I would say. They make the money off them and list them as fair products.
k!lowatts
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
May 04, 2014, 07:53:02 AM
 #10

could you please check the latest coin? capitalcoin that just announce its existance.

e5iS8ibLHqEX3HagxcS3DrZxyvkhUoUcfN - Energycoin
DJgywHCTvQ4Auo3MJrP3pYdCbzftU4T3kk - Mastiffcoin
micryon (OP)
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile WWW
May 04, 2014, 08:05:22 AM
 #11

could you please check the latest coin? capitalcoin that just announce its existance.

Sorry you are going to have to check yourself, source is not posted on github.. 30 mb download taking an hour to get that source in .rar format.. (that in itself is a little suspicious tho..)

VTC: Vi5NxyF6FPCCEQDrsDcA34P8pXe1Yck21y
PDR: PP3EQsV3oX9bBkjpsnESguMHz3tfMqHXhy PlanetDollar
micryon (OP)
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile WWW
May 04, 2014, 08:06:21 AM
 #12

The real question is what is the solution to this - simply removing the code doesn't really fix anything, it just makes the problem more obvious - but the deed is already done, the coins are already on the chain in wallets someplace. Maybe not dumped yet, maybe partially, maybe half your stash you bought well after launch is illegitimate coin - there's no way to know. How do you possibly escape this stigma without moving to an entirely fresh blockchain? You can't just roll back, remove block 1, and then go back to normal.

Yes you're right .. fixing premine situation is very difficult.. I'm just giving people a heads up, is all .. no solutions here unfortunately... Sad

VTC: Vi5NxyF6FPCCEQDrsDcA34P8pXe1Yck21y
PDR: PP3EQsV3oX9bBkjpsnESguMHz3tfMqHXhy PlanetDollar
Obfuscode
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
May 04, 2014, 08:28:46 AM
 #13

QuarkBar Community Dev here again.

We fixed the upstream code and hardforked the chain effective immediately.

Thank you the reporting

//Edit:
We're doing the maths to check if and how many scam-coins have been created so far
Jonesd
Legendary
*
Offline Offline

Activity: 1876
Merit: 1014



View Profile
May 04, 2014, 08:37:32 AM
 #14

QuarkBar Community Dev here again.

We fixed the upstream code and hardforked the chain effective immediately.

Thank you the reporting

//Edit:
We're doing the maths to check if and how many scam-coins have been created so far

Allcoin will freeze the market, so in this insecure situation, we can prevent a bit of panic.

Co-Founder and Managing Partner of Block Bastards
Jonesd
Legendary
*
Offline Offline

Activity: 1876
Merit: 1014



View Profile
May 04, 2014, 09:09:53 AM
 #15

Quarkbar will hardfork after block 215847 immediately (version 70003).
New code at https://github.com/QuarkBar/DGWv2
New windows wallet: http://logicoin.info/Quarkbar-QT.zip

Co-Founder and Managing Partner of Block Bastards
uvt9
Sr. Member
****
Offline Offline

Activity: 300
Merit: 250


View Profile
May 04, 2014, 09:33:50 AM
 #16

The real question is what is the solution to this - simply removing the code doesn't really fix anything, it just makes the problem more obvious - but the deed is already done, the coins are already on the chain in wallets someplace. Maybe not dumped yet, maybe partially, maybe half your stash you bought well after launch is illegitimate coin - there's no way to know. How do you possibly escape this stigma without moving to an entirely fresh blockchain? You can't just roll back, remove block 1, and then go back to normal.

Yes you're right .. fixing premine situation is very difficult.. I'm just giving people a heads up, is all .. no solutions here unfortunately... Sad


Hi there, I want to compile clients from source from now on, where should i look for a good guide on how to do it ?
I have very limited programming skill, i occasionally deal with PHP and HTML only.

many thanks  Smiley
micryon (OP)
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile WWW
May 04, 2014, 09:37:19 AM
 #17

Hi there, I want to compile clients from source from now on, where should i look for a good guide on how to do it ?
I have very limited programming skill, i occasionally deal with PHP and HTML only.

It is kind of a bitch to do.. but here's the guide: https://bitcointalk.org/index.php?topic=149479.0

VTC: Vi5NxyF6FPCCEQDrsDcA34P8pXe1Yck21y
PDR: PP3EQsV3oX9bBkjpsnESguMHz3tfMqHXhy PlanetDollar
dygus
Legendary
*
Offline Offline

Activity: 1193
Merit: 1000


Peaky Blinder


View Profile
May 04, 2014, 10:08:46 AM
 #18

Hey guys.. in the wake of the Asiacoin mega-scam.  We've been doing some forensics on the code to understand the premine scam.. my full analysis is listed here:

https://bitcointalk.org/index.php?topic=566870.msg6535095#msg6535095

This code was also found in SHACoin, which had the exact same premine SCAM that was exposed a week earlier.

cruncher on IRC had a great suggestion to search all of github for a particular string that was associated with the obfuscating premine.

The segment of code resides in the RPC call, that seeks to intercept the amount of coin by returning a modulo version of it.

The result of that search is here: "https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code"

As you can see the string shows up in a bunch of other places (including the AsiaCoinFix repo i pushed up for the forensics exercise).

The following hits to coins were identified:
  EverCoin - never heard of this
  RainbowCoin - recently launched
  BeeCoin
  QuarkBar - fixed code
  ShaCoin - known premine scam
  ccc/qbcc - ??


Now it may be the case that some devs accidentally forked a code repo unknowingly.. or the coin has already found the issue and patched it, or maybe this isn't even the original location of the code..

I didn't check the actual blockchain itself to verify.  This is just from a github search using the "obfuscation code"..  But if this code is deployed even without knowing.. it really ought to be patched up anyhow.

Up to everyone's own due diligence to check their own coins now..


Bee coin isn't scam there is new dev and he's changing algo from POW to X11 POS, you should read befor telling shits.

CHANGE FINANCE First Decentralised Global Crypto Bank
[color=#15B5E2 ]LINK TO ICO | LINK TO DISCUSSION
soopy452000
Legendary
*
Offline Offline

Activity: 1302
Merit: 1001

Founder - NavCoin Ⓝ


View Profile WWW
May 04, 2014, 10:24:22 AM
 #19

Hey guys.. in the wake of the Asiacoin mega-scam.  We've been doing some forensics on the code to understand the premine scam.. my full analysis is listed here:

https://bitcointalk.org/index.php?topic=566870.msg6535095#msg6535095

This code was also found in SHACoin, which had the exact same premine SCAM that was exposed a week earlier.

cruncher on IRC had a great suggestion to search all of github for a particular string that was associated with the obfuscating premine.

The segment of code resides in the RPC call, that seeks to intercept the amount of coin by returning a modulo version of it.

The result of that search is here: "https://github.com/search?p=1&q=amount+%25+%28MAX_TX_FEE+*+COIN&ref=cmdform&type=Code"

As you can see the string shows up in a bunch of other places (including the AsiaCoinFix repo i pushed up for the forensics exercise).

The following hits to coins were identified:
  EverCoin - never heard of this
  RainbowCoin - recently launched
  BeeCoin
  QuarkBar - fixed code
  ShaCoin - known premine scam
  ccc/qbcc - ??


Now it may be the case that some devs accidentally forked a code repo unknowingly.. or the coin has already found the issue and patched it, or maybe this isn't even the original location of the code..

I didn't check the actual blockchain itself to verify.  This is just from a github search using the "obfuscation code"..  But if this code is deployed even without knowing.. it really ought to be patched up anyhow.

Up to everyone's own due diligence to check their own coins now..


Bee coin isn't scam there is new dev and he's changing algo from POW to X11 POS, you should read befor telling shits.

There are alot of changes coming with Bee , better hold it for now.
I'm the new Dev working on Bee and will update as needed.

For the moment Bee is in a transition phase to X11 with POS so I believe you can assume we are on the safe side.

~SoopY~

Working/Online Times
04:00:00 GMT - 12:00:00 GMT / 00:00:00 EDT - 08:00:00 EDT

Coin Developments & Contributions 1. SherlockCoin (SHC) (https://bitcointalk.org/index.php?topic=454981) 2. [RESURRECTION] Bringing Life to Growthcoin (GRW) , Community Backed Development! (https://bitcointalk.org/index.php?topic=469464) 3. [ANN][66][New Maintainer] ★Coin 66★ (https://bitcointalk.org/index.php?topic=493987) 4. [RE-ANN] Galaxycoin Revival!-FORK AT BLOCK 255145, KGW, RANDOM BLOCK REWARDS (https://bitcointalk.org/index.php?topic=495693) 5. [RESURRECTION] Taking Astrocoin to the Moon,KGW Implemented + HARD FORK AT 17520 https://bitcointalk.org/index.php?topic=516549 6. [RESURRECTION] Bringing Electric back to the grid, Community Backed Development! https://bitcointalk.org/index.php?topic=514790
platorin
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


View Profile
May 04, 2014, 10:28:15 AM
 #20

Stay away from all the coins you are not sure of. That is around 99% of that alt-xxxx!
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!