Bitcoin Forum
April 20, 2019, 09:18:48 PM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Huge security flaw being exploited at Cryptothrift.com?  (Read 651 times)
oprahwindfury
Full Member
***
Offline Offline

Activity: 196
Merit: 100

ʕ ͡° ᴥ ͡°ʔ *heavy breath


View Profile
July 04, 2014, 05:57:27 AM
 #1

I experienced something today on Cryptothrift that leads me to believe there is someone exploiting a security flaw on their website. Yesterday I made a purchase on the site--I sent the seller .2 btc. It went into the escrow system no problem. I later released the escrow to the seller. Today I received a message stating my escrow was refunded. I checked my wallet, lo and behold I never received anything. The refund that Cryptothrift sent was directed to a bitcoin address that I never used before.

I just received an angry letter from the seller asking why I had refunded the escrow. I didn't even initiate the refund request and I didn't even receive it. Does anyone think that there is someone exploiting a vulnerability and activating and re-directing escrow refunds to their own bitcoin address? If so then this is a very serious issue.

Come see what it's like living on a boat, tiny house or cabin in the woods!
★★★★★★ Simpler Living, Off-grid, Self-suffiency! ★★★★★★
1555795128
Hero Member
*
Offline Offline

Posts: 1555795128

View Profile Personal Message (Offline)

Ignore
1555795128
Reply with quote  #2

1555795128
Report to moderator
1555795128
Hero Member
*
Offline Offline

Posts: 1555795128

View Profile Personal Message (Offline)

Ignore
1555795128
Reply with quote  #2

1555795128
Report to moderator
Is your Paper Seed Safe
from FIRE and FLOOD ?
Stainless Steel Metal Wallet
Nickel Bolts, Metal Box + FREE Passphrase Hex Backup
Free EU shipping!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1555795128
Hero Member
*
Offline Offline

Posts: 1555795128

View Profile Personal Message (Offline)

Ignore
1555795128
Reply with quote  #2

1555795128
Report to moderator
1555795128
Hero Member
*
Offline Offline

Posts: 1555795128

View Profile Personal Message (Offline)

Ignore
1555795128
Reply with quote  #2

1555795128
Report to moderator
1555795128
Hero Member
*
Offline Offline

Posts: 1555795128

View Profile Personal Message (Offline)

Ignore
1555795128
Reply with quote  #2

1555795128
Report to moderator
Coef
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1000


Exhausted


View Profile
July 04, 2014, 06:19:58 AM
 #2

You should send them a support ticket to inform them about the problem.
https://cryptothrift.zendesk.com/hc/en-us/requests/new

paulthetafy
Hero Member
*****
Offline Offline

Activity: 815
Merit: 1000


View Profile
July 07, 2014, 02:28:00 AM
 #3

Just to close this matter, we had an internal problem releasing the funds from escrow to this particular seller, so we manually sent his bitcoins from a different account.  To balance this out and close off the order, we used the refund feature to refund our own wallet out of our escrow account.  It wasn't the prettiest solution but it was the simplest at the time.  The seller received his funds as well as an explanation of what we had done (minutes after he emailed the buyer).  The buyer (OP) also received an email explanation and is satisfied with the the solution.

OP, I would appreciate it if you could post a reply to this to confirm that this was the action we took and that nothing negative occurred here.  I would also appreciate it if you could update the thread title - it's not particularly nice to have posts titled "Huge security flaw being exploited" relating to our site which are totally unjust.

Many thanks

Paul
(CTO CryptoThrift)

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!