Call to action: let's catch the thief


Author
Message
Batis
B
Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)Attaching to Tangle (27 reputation)
Group: Forum Members
Posts: 2, Visits: 7
And All my Iota was sent to this address without any permission :

NPZKLK9UWWHXIYWFSSGZQKITTVST9EU9JRLZWRUFUOLGGELCFPN9BHKRVDIIQEYWGHMHCAVSRXQGHGOZZOFTHKLKEX

, unfortunately my wallet was hacked too ! 
Please help !

Edited Last Year by Batis
fglogowski18
f
Attached to Tangle (679 reputation)Attached to Tangle (679 reputation)Attached to Tangle (679 reputation)Attached to Tangle (679 reputation)Attached to Tangle (679 reputation)Attached to Tangle (679 reputation)Attached to Tangle (679 reputation)Attached to Tangle (679 reputation)Attached to Tangle (679 reputation)
Group: Forum Members
Posts: 5, Visits: 19
Thanks for help! Let's get him!
My 133Mi was stolen and sent to this adress:
AVVTHJXO9BWDEGODGPQOWIQXCAIOZLGCIWNJVIDHWICRICIXQSJUBMZZGLREELE9U9KMMVPRBBHAKJIR9QQICHZCPX
??????
Vahid Pur
Vahid Pur
Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)
Group: Forum Members
Posts: 2, Visits: 22
I think i am one the victims too but before that time
here is transaction hash
MKXSNAESMYTPWWKUXGLPTDYOPWAUYWMWGR9WMNZXREPAIKSCKWJDSERKTJQRBOHAPGLFZKOPMQEYZ9999
and here is the address but it seems empty !
ECEWVRSHLKRNZCROHBDUWPUKYJMIBTJBKWNYMIHHWFUHDLDCV9HNM9XOSUEBFDNDFQSC9TIOQCQKTJPFCTLLAPFSPD
Sad
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
@Winston @rajivshah I've tracked every address posted here so far and I think that the following should be added to be blacklisted and/or at least monitored for further movement (all of them still holds  the funds): 

https://thetangle.org/address/OEELSJPRYTWBKCAUPUSUDPUDCVBSRWFLIQQERDAEBUWKMFJLVHUNAWABRFHCWRIJBKYFQ9FNGGRVEUSUX
https://thetangle.org/address/BUEMMMQAGPKCCBSVFYVKOYGCBYHXLDAYTYOFRYYYJSBFVVWHEGPACPTVFOEFXVIDEEWGYZRWXXHHURYEB
https://thetangle.org/address/MYFQ9GTCQFLFAQEOXEVYNJSHYFQHGKE9HGWMZVR99BUZJWHYALUYMWYJEBTWGF99RCYZCBUVYMSCJEYWW
https://thetangle.org/address/RGAWHCLYZFLPHTALTVQAJDYPULAGVCNKNTJY9DQTSVHNYEHNGJLTLBNOWASQRYEGYOLWFBZSLGGVPWFBB
https://thetangle.org/address/HYIYQMPOZSQT9WBGANFMCAQUEMBA9VOYLLG9HXZIHBDRJRFWANEFWULW9PKHMONLUCMWYTLRQARZMKQZD
https://thetangle.org/address/NPZKLK9UWWHXIYWFSSGZQKITTVST9EU9JRLZWRUFUOLGGELCFPN9BHKRVDIIQEYWGHMHCAVSRXQGHGOZZ
https://thetangle.org/address/AVVTHJXO9BWDEGODGPQOWIQXCAIOZLGCIWNJVIDHWICRICIXQSJUBMZZGLREELE9U9KMMVPRBBHAKJIR9
( this one is showing outgoing pending transactions already to PGIKMASIPBHZBMCSRZYEOHJOVWZPCWCBUAXSDI9YMNMQARZH9JKFBBZKNTUFZBUCYYPEVSZAZBZWYHGJZXSXKFYBZB and  SWVWNFSSGRRXSJTNFUATWQTCDANOLHXDUESVL9OGVL9QKMOXKJPXQDVVLTVTBZOY9PZZKUEITFFNQBJWWKRPHZJNTX )

All the other addresses end up on either one of the addresses above, one of the four in the initial post or in one of those bundles that I believe to be leading to an exchange:
(( https://thetangle.org/bundle/ULSVTFCLCK9IZOBJJIZQBUXUCFLF99RHBOLPWEEQZWFJWVTUGEEF9QBVORPKADJG9BLSKWFHAJYCQEFNW https://thetangle.org/bundle/VPHQKLFXLHUBNHYVHEUPDBKHEGWALLOPCLTHWTYHBNQKSIHEXGJAPYSKHE9OYC9SXAEITTZ9BEZAKKZJW https://thetangle.org/bundle/CN9GZSHAHBBYXRNWJI9AHLZWFIPFLJ9WCSZEHPRYFGSQV9FDFNCTWHWLZCTKJZXGCRJYKRPIIUQUYIVL9 ))


I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Edited Last Year by Alexa
mohammadalietebari
m
Attached to Tangle (459 reputation)Attached to Tangle (459 reputation)Attached to Tangle (459 reputation)Attached to Tangle (459 reputation)Attached to Tangle (459 reputation)Attached to Tangle (459 reputation)Attached to Tangle (459 reputation)Attached to Tangle (459 reputation)Attached to Tangle (459 reputation)
Group: Forum Members
Posts: 3, Visits: 0
my iotas is gone
unfortunately transaction is confirmed
please help me

here is the hash

SMAQHHFMHGMGBEKREFKRCTXRYCTYMGTSWMKCYHD9VDBQKYTYSZUP9KULHDWPMNSNLIQMDSAGVCYSA9999



and i think this is the destination address:

EIFSFHQYZEVKOJZOHFZHWKE9EXMREBVVPWMCKYMLPTQLGPO9AEKSACRO9AJTBXCUYTIVZOQATXLNDGBDB
SupDeDup
S
Attaching to Tangle (21 reputation)Attaching to Tangle (21 reputation)Attaching to Tangle (21 reputation)Attaching to Tangle (21 reputation)Attaching to Tangle (21 reputation)Attaching to Tangle (21 reputation)Attaching to Tangle (21 reputation)Attaching to Tangle (21 reputation)Attaching to Tangle (21 reputation)
Group: Forum Members
Posts: 1, Visits: 46
Mine also got stolen.. They were sent to: JJW9VRRCSOCHQWPWDYHMHUXZCZQQQEPZCFOWJCHQAFGSMGVSMWLSCAKZTGSNUIAWBEGGMZXFWDFHBLIAWTHLHPDGGA

Stolen amount: 345.11 MIOTA
Current balance while writing this: 4.082515795 Gi

https://iotasear.ch/address/JJW9VRRCSOCHQWPWDYHMHUXZCZQQQEPZCFOWJCHQAFGSMGVSMWLSCAKZTGSNUIAWBEGGMZXFWDFHBLIAWTHLHPDGGA

*** Update ***
And the 4 GIOTA just left the address..
Edited Last Year by SupDeDup
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
SupDeDup - 21 Jan 2018
Mine also got stolen.. They were sent to: JJW9VRRCSOCHQWPWDYHMHUXZCZQQQEPZCFOWJCHQAFGSMGVSMWLSCAKZTGSNUIAWBEGGMZXFWDFHBLIAWTHLHPDGGA

Stolen amount: 345.11 MIOTA
Current balance while writing this: 4.082515795 Gi

https://iotasear.ch/address/JJW9VRRCSOCHQWPWDYHMHUXZCZQQQEPZCFOWJCHQAFGSMGVSMWLSCAKZTGSNUIAWBEGGMZXFWDFHBLIAWTHLHPDGGA

This one has been transferred here: https://thetangle.org/address/EFMEPAWSH9SOLQEMJHQBIXHCXVYKYGMUAMULAWMPZHHGPBMSLRXUSCOIZVXOZDXCRIAZJFNBNNMTXDPUW
Current balance:151.29 Gi
@Winston  @rajivshah Should also definitely be blacklisted! 

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
rezatalebi
r
Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)
Group: Forum Members
Posts: 1, Visits: 3
my iotas are in pending situation for sending but this is not my request.
the address is:
AZWBUGCURMQKZJYGZITN9QKKIGWHJA9GPVTYJC9CDUNWOCVJSOCSBILB9EAGUGXFCLOZKUSUJSVWHUZTWNJYGCOLKB
hash:
KFQX9BIIHVPMLWBYGVXQPBNAMNOPKCZJDNMTEJKGKMZLDDUEYQHTSXFMFMACBXJNXLPDQAESJASHZ9999
TAG:
VJ

Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
rezatalebi - 21 Jan 2018
my iotas are in pending situation for sending but this is not my request.
the address is:
AZWBUGCURMQKZJYGZITN9QKKIGWHJA9GPVTYJC9CDUNWOCVJSOCSBILB9EAGUGXFCLOZKUSUJSVWHUZTWNJYGCOLKB
hash:
KFQX9BIIHVPMLWBYGVXQPBNAMNOPKCZJDNMTEJKGKMZLDDUEYQHTSXFMFMACBXJNXLPDQAESJASHZ9999
TAG:
VJ

@rezatalebi You still have a chance to race the thief and safe you funds! You have to be quick now, please follow instructions / get help in this thread:
https://forum.helloiota.com/9100/To-everyone-posting-with-stolen-balances 

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
rezatalebi - 21 Jan 2018
my iotas are in pending situation for sending but this is not my request.
the address is:
AZWBUGCURMQKZJYGZITN9QKKIGWHJA9GPVTYJC9CDUNWOCVJSOCSBILB9EAGUGXFCLOZKUSUJSVWHUZTWNJYGCOLKB
hash:
KFQX9BIIHVPMLWBYGVXQPBNAMNOPKCZJDNMTEJKGKMZLDDUEYQHTSXFMFMACBXJNXLPDQAESJASHZ9999
TAG:
VJ

The address posted above leads to this one: 
https://thetangle.org/address/NTPYIPERTMLJLNJVBAK9DQQQCZGMPQJXUAZIDPNSMEPXZWKBTMRTGPEVEWHQICSTKJSTBWULZPJOXZNNBCurrent balance: 235.65 Gi 
@Winston @rajivshah 
blacklist, please! 

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
kraro
k
Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)
Group: Forum Members
Posts: 1, Visits: 0
H
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

Hi Winston,

this action is bringing back confidence to IOTA. My 298.6 MI are on the way to the thief. Bundle started Friday 19.01.2018 at 20:18. Bundle is not confirmed yet.
Is this a good sign? I hope so.

Hash:
DSTJYEJ9TXFVRRCEJFCAFDUABJCZGZMHYJCHYGAZIUUFDZEPFGEWNABHMAIRFPXOEZYUGSMKTNRPA9999
EE:
9C9OXMNORPVLFDXIMFENPFMKIBQLGWTNTBHQWEFQUIJNCERVGNHVPAVLQEHWPKZVSXQEUDDJQYGKCUVGCJRTRXPIKD

Thanks
Kraro

mrpmorris
m
Attaching to Tangle (35 reputation)Attaching to Tangle (35 reputation)Attaching to Tangle (35 reputation)Attaching to Tangle (35 reputation)Attaching to Tangle (35 reputation)Attaching to Tangle (35 reputation)Attaching to Tangle (35 reputation)Attaching to Tangle (35 reputation)Attaching to Tangle (35 reputation)
Group: Forum Members
Posts: 6, Visits: 0
Are you certain about this? I saw iotaseed.net stealing funds, but was iotaseed.io stealing them too
VivaLaViv
V
Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)
Group: Forum Members
Posts: 1, Visits: 0
I had 871.7 Mi stolen and sent to the following address. The money appears to still be sitting in that account along with about 50 Gi:
TMGWYV9F9YGQZ9LZARTUHQGIGCAHWCXYMAGZOXNGMZJBIMVOTIFWTVOZEKKWAOLPJCHGBJBPGGAYNBNKCCYSHIHB9W
Hash: BHRPH9S9SWFEXYVDLZDZOHOVKJKXIV9IVBUGWCRWOT9INQ99EUDC9DV9LSPUXIHGQHRVHGC9QPFVZ9999

The day before my funds were stolen, a transaction was attempted to send all my money to:
UXVZ9NGZZVRGAOAV9OWT9SZGLXI9DQGIIEMGIVCPUB9CTLWRSIRQNRLOQ9AHZXJRBDGVGCSZFDRPUOPVDIDFJODMOA

That transaction is still pending, but the second attempt did go through. So all my Mi are gone.
Edited Last Year by VivaLaViv
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
kraro - 21 Jan 2018
H
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

Hi Winston,

this action is bringing back confidence to IOTA. My 298.6 MI are on the way to the thief. Bundle started Friday 19.01.2018 at 20:18. Bundle is not confirmed yet.
Is this a good sign? I hope so.

Hash:
DSTJYEJ9TXFVRRCEJFCAFDUABJCZGZMHYJCHYGAZIUUFDZEPFGEWNABHMAIRFPXOEZYUGSMKTNRPA9999
EE:
9C9OXMNORPVLFDXIMFENPFMKIBQLGWTNTBHQWEFQUIJNCERVGNHVPAVLQEHWPKZVSXQEUDDJQYGKCUVGCJRTRXPIKD

Thanks
Kraro

@kraro You still have a chance to race the thief and safe you funds! You have to be quick now, please follow instructions / get help in this thread:
https://forum.helloiota.com/9100/To-everyone-posting-with-stolen-balances

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
mdmrecords
m
Attached to Tangle (204 reputation)Attached to Tangle (204 reputation)Attached to Tangle (204 reputation)Attached to Tangle (204 reputation)Attached to Tangle (204 reputation)Attached to Tangle (204 reputation)Attached to Tangle (204 reputation)Attached to Tangle (204 reputation)Attached to Tangle (204 reputation)
Group: Forum Members
Posts: 2, Visits: 0
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
VivaLaViv - 21 Jan 2018
I had 871.7 Mi stolen and sent to the following address. The money appears to still be sitting in that account along with about 50 Gi:
TMGWYV9F9YGQZ9LZARTUHQGIGCAHWCXYMAGZOXNGMZJBIMVOTIFWTVOZEKKWAOLPJCHGBJBPGGAYNBNKCCYSHIHB9W
Hash: BHRPH9S9SWFEXYVDLZDZOHOVKJKXIV9IVBUGWCRWOT9INQ99EUDC9DV9LSPUXIHGQHRVHGC9QPFVZ9999

The day before my funds were stolen, a transaction was attempted to send all my money to:
UXVZ9NGZZVRGAOAV9OWT9SZGLXI9DQGIIEMGIVCPUB9CTLWRSIRQNRLOQ9AHZXJRBDGVGCSZFDRPUOPVDIDFJODMOA

That transaction is still pending, but the second attempt did go through. So all my Mi are gone.

@Winston  @rajivshah
Blacklist please: https://thetangle.org/address/TMGWYV9F9YGQZ9LZARTUHQGIGCAHWCXYMAGZOXNGMZJBIMVOTIFWTVOZEKKWAOLPJCHGBJBPGGAYNBNKC
Current balance: 18.59 Gi
( UXVZ9... is not relevant, destination address has already qualified for blacklist )

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
kraro - 21 Jan 2018
H
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

Hi Winston,

this action is bringing back confidence to IOTA. My 298.6 MI are on the way to the thief. Bundle started Friday 19.01.2018 at 20:18. Bundle is not confirmed yet.
Is this a good sign? I hope so.

Hash:
DSTJYEJ9TXFVRRCEJFCAFDUABJCZGZMHYJCHYGAZIUUFDZEPFGEWNABHMAIRFPXOEZYUGSMKTNRPA9999
EE:
9C9OXMNORPVLFDXIMFENPFMKIBQLGWTNTBHQWEFQUIJNCERVGNHVPAVLQEHWPKZVSXQEUDDJQYGKCUVGCJRTRXPIKD

Thanks
Kraro

@Winston @rajivshah
Blacklist please:
https://thetangle.org/address/9C9OXMNORPVLFDXIMFENPFMKIBQLGWTNTBHQWEFQUIJNCERVGNHVPAVLQEHWPKZVSXQEUDDJQYGKCUVGC
(currently 7.15 Gi)



I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Bear_OO_
B
Attaching to Tangle (34 reputation)Attaching to Tangle (34 reputation)Attaching to Tangle (34 reputation)Attaching to Tangle (34 reputation)Attaching to Tangle (34 reputation)Attaching to Tangle (34 reputation)Attaching to Tangle (34 reputation)Attaching to Tangle (34 reputation)Attaching to Tangle (34 reputation)
Group: Forum Members
Posts: 7, Visits: 3
Sent to:
ERYQTLNVFFOGEHMALQJMRFISFUUIJPYIWKWFY9EQCUOAUZSGZP9THDRHFLCNFBEUITGLDQICHBVHELZXXETLKQSNBB

Stolen amount: 743,743 M
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
Bear_OO_ - 21 Jan 2018
Sent to:
ERYQTLNVFFOGEHMALQJMRFISFUUIJPYIWKWFY9EQCUOAUZSGZP9THDRHFLCNFBEUITGLDQICHBVHELZXXETLKQSNBB

Stolen amount: 743,743 M

Thanks for reporting! Destination address has already been reported for blacklisting.



I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search