Call to action: let's catch the thief


Author
Message
stoleniota
s
Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)
Group: Forum Members
Posts: 5, Visits: 0
Same here.
My 1.75 Gi have been send to that address:
VJNG9HNAHGHCPCN9WXLUWXJD9LDNCRRHCOVFMDPJZPIE9OFVNXSRTIIBGCTYSGDHW9OLRIVRLRVIZDFWW

Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
stoleniota - 21 Jan 2018

@Winston @rajivshah
Blacklist please:
https://thetangle.org/address/VJNG9HNAHGHCPCN9WXLUWXJD9LDNCRRHCOVFMDPJZPIE9OFVNXSRTIIBGCTYSGDHW9OLRIVRLRVIZDFWW

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
AndreB
AndreB
Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)
Group: Forum Members
Posts: 9, Visits: 0
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

Hi everybody, my 77.2GI have been sent to:
GWB9FZUHPEPCRAMZJUTGPKRA9IRNIBPMYGFDEYEGXZGI9FZRDOQKZODXPRGEEKYZWYYWRBTHZUNLOIIR9RXDYBZGNW
Hope we can do something.

I repeat what i have read before:
It is ok to put the reception-address on a blacklist, but I am more interested in the action IOTA is going to take to get the money back in my wallet.
I have used the IOTA Seed-Generator (not a third party product) assuming that
it is a internal and save system like the PIN / TAN generator from my Bank I have to rely on
stoleniota
s
Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)
Group: Forum Members
Posts: 5, Visits: 0

How do I blacklist it?
Edited Last Year by stoleniota
stoleniota
s
Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)
Group: Forum Members
Posts: 5, Visits: 0
@Alexa How do I blacklist it? Thanks in advance. 
Flexe
F
Attaching to Tangle (32 reputation)Attaching to Tangle (32 reputation)Attaching to Tangle (32 reputation)Attaching to Tangle (32 reputation)Attaching to Tangle (32 reputation)Attaching to Tangle (32 reputation)Attaching to Tangle (32 reputation)Attaching to Tangle (32 reputation)Attaching to Tangle (32 reputation)
Group: Forum Members
Posts: 4, Visits: 1
Hey, thanks for your efforts in this case.

My 3.69 GIOTA were transferred to the Adress: 9MWXDLVYGWYJGS9WHXFDBALEFPWCXETQDXUAWFNOUJ9MGGYREJPDRWLKD9ECYFPIHDFTTAHFFABUMQYBXRJBYSTHZB

This address is now empty as the Amount was transferred further to the Adress:
QZZGNNFWYVVHLFLLSDDDBOLVUDDXRXLAMJDDUQWAQKRAPO9UCBRYZJXOMNABQYOOCKRZZVXUJKNHARYJYKIHTNQIJA
Which holds at this time around 26.3 GIOTA.

ghillz
g
Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)
Group: Forum Members
Posts: 1, Visits: 0
Hi I had 1.595 GI stolen to the following adress


UCWBAYEGH9FBAQKKBVXKNGYSEFUBRGHKUNRWRSWT9AGMKVSBJKONZRTDQKPBIGEMCXVAZ9QBU9VEKUAPXKTYQHYOCC
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
stoleniota - 21 Jan 2018
@Alexa How do I blacklist it? Thanks in advance. 

@stoleniota I think you did everything you could by just reporting it here. As Winston said: "We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency", I believe he or someone else who can is going to do that. 


I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
stoleniota
s
Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)Attaching to Tangle (5 reputation)
Group: Forum Members
Posts: 5, Visits: 0
Question:
Using thetanle.org it says that the transaction has been confirmed. (Mine as well as with the thief's address)
But using the IOTA Wallet it still says "pending". Any chances I can get my funds back? 
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
Flexe - 21 Jan 2018
Hey, thanks for your efforts in this case.

My 3.69 GIOTA were transferred to the Adress: 9MWXDLVYGWYJGS9WHXFDBALEFPWCXETQDXUAWFNOUJ9MGGYREJPDRWLKD9ECYFPIHDFTTAHFFABUMQYBXRJBYSTHZB

This address is now empty as the Amount was transferred further to the Adress:
QZZGNNFWYVVHLFLLSDDDBOLVUDDXRXLAMJDDUQWAQKRAPO9UCBRYZJXOMNABQYOOCKRZZVXUJKNHARYJYKIHTNQIJA
Which holds at this time around 26.3 GIOTA.

@Winston @rajivshah
Blacklist please:
https://thetangle.org/address/QZZGNNFWYVVHLFLLSDDDBOLVUDDXRXLAMJDDUQWAQKRAPO9UCBRYZJXOMNABQYOOCKRZZVXUJKNHARYJY

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Guggivaz
G
Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)
Group: Forum Members
Posts: 3, Visits: 23
My 786 Mi got Stolen and send to this Adress:
UXVZ9NGZZVRGAOAV9OWT9SZGLXI9DQGIIEMGIVCPUB9CTLWRSIRQNRLOQ9AHZXJRBDGVGCSZFDRPUOPVDIDFJODMOA
Hash:
IBTHMYDXTGYMLBNLBJJVDNDBTWLWBEGWGH9HXWSJIPYCWVKSOYRSHGUFGNORFPJXAOSVSEABRYFM99999

then transferred to:
UXVZ9NGZZVRGAOAV9OWT9SZGLXI9DQGIIEMGIVCPUB9CTLWRSIRQNRLOQ9AHZXJRBDGVGCSZFDRPUOPVD

last Hash:
RIFS9EBTHXQJCD9SFZXYZAATRSANAFGWPJKWVVFTJBUWRLF9N9YHCHTSNN9JQZGRCPURKAFIFLPHU9DJD

there are already 235.646145369 stolen Gi on this Adress
https://iotasear.ch/address/NTPYIPERTMLJLNJVBAK9DQQQCZGMPQJXUAZIDPNSMEPXZWKBTMRTGPEVEWHQICSTKJSTBWULZPJOXZNNB

Edited Last Year by Guggivaz
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
ghillz - 21 Jan 2018
Hi I had 1.595 GI stolen to the following adressUCWBAYEGH9FBAQKKBVXKNGYSEFUBRGHKUNRWRSWT9AGMKVSBJKONZRTDQKPBIGEMCXVAZ9QBU9VEKUAPXKTYQHYOCC

Thanks for reporting! This one leads to one of the bundles I've posted before, so nothing new here. 

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
My
M
Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)
Group: Forum Members
Posts: 1, Visits: 1
Hi my 1,65 Gi was stolen to this adress, the hacker tried for different adresses but it seems like they got confirmed to this adress.


https://iotasear.ch/address/XGRAUZWMXEUEOACWQJVJYEDOWNBMHZPTFUTLHJAOTSOWGHIHIRYKPJZCNALHZUZQSEYUJXQHKXLIADCLDQEGCXEHPW


AndreB
AndreB
Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)Attached to Tangle (261 reputation)
Group: Forum Members
Posts: 9, Visits: 0
IOTA's stolen
77.3GI to
GWB9FZUHPEPCRAMZJUTGPKRA9IRNIBPMYGFDEYEGXZGI9FZRDOQKZODXPRGEEKYZWYYWRBTHZUNLOIIR9RXDYBZGNW



Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
stoleniota - 21 Jan 2018
Question:
Using thetanle.org it says that the transaction has been confirmed. (Mine as well as with the thief's address)
But using the IOTA Wallet it still says "pending". Any chances I can get my funds back? 

@stoleniota I think it's too late. Your wallet might show incorrect information if your host node is out of sync.
If you need any help, this thread might be better for further advice: https://forum.helloiota.com/9100/To-everyone-posting-with-stolen-balances 

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
Guggivaz - 21 Jan 2018
My 786 Mi got Stolen and send to this Adress:
UXVZ9NGZZVRGAOAV9OWT9SZGLXI9DQGIIEMGIVCPUB9CTLWRSIRQNRLOQ9AHZXJRBDGVGCSZFDRPUOPVDIDFJODMOA
Hash:
IBTHMYDXTGYMLBNLBJJVDNDBTWLWBEGWGH9HXWSJIPYCWVKSOYRSHGUFGNORFPJXAOSVSEABRYFM99999

then transferred to:
UXVZ9NGZZVRGAOAV9OWT9SZGLXI9DQGIIEMGIVCPUB9CTLWRSIRQNRLOQ9AHZXJRBDGVGCSZFDRPUOPVD

last Hash:
RIFS9EBTHXQJCD9SFZXYZAATRSANAFGWPJKWVVFTJBUWRLF9N9YHCHTSNN9JQZGRCPURKAFIFLPHU9DJD

there are already 235.646145369 stolen Gi on this Adress
https://iotasear.ch/address/NTPYIPERTMLJLNJVBAK9DQQQCZGMPQJXUAZIDPNSMEPXZWKBTMRTGPEVEWHQICSTKJSTBWULZPJOXZNNB

Thanks for reporting! The destination address hat already been posted for blacklisting.

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
FrankB
F
Attaching to Tangle (153 reputation)Attaching to Tangle (153 reputation)Attaching to Tangle (153 reputation)Attaching to Tangle (153 reputation)Attaching to Tangle (153 reputation)Attaching to Tangle (153 reputation)Attaching to Tangle (153 reputation)Attaching to Tangle (153 reputation)Attaching to Tangle (153 reputation)
Group: Forum Members
Posts: 6, Visits: 60
stoleniota - 21 Jan 2018
Question:
Using thetanle.org it says that the transaction has been confirmed. (Mine as well as with the thief's address)
But using the IOTA Wallet it still says "pending". Any chances I can get my funds back? 

I had the same. But I am afraid your wallet still needs to be updated completely. When mine was done, my balance was gone. Sorry....
Chrholl
C
Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)
Group: Forum Members
Posts: 2, Visits: 0
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

Hi, My 1.4Gi were sent to this address:
https://thetangle.org/address/ITFUGOZTDADQVRPXFMQUIDZQOBKXSA9RFTQFJWKSUXDQYRIZMLGSZ9XTQWUEZNIREFNIFRBDHAVOJGKAY
Edited Last Year by Chrholl
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
My - 21 Jan 2018
Hi my 1,65 Gi was stolen to this adress, the hacker tried for different adresses but it seems like they got confirmed to this adress.


https://iotasear.ch/address/XGRAUZWMXEUEOACWQJVJYEDOWNBMHZPTFUTLHJAOTSOWGHIHIRYKPJZCNALHZUZQSEYUJXQHKXLIADCLDQEGCXEHPW


Thanks for reporting! This is a new one! 
@Winston @rajivshah
Blacklist please:
https://thetangle.org/address/XGRAUZWMXEUEOACWQJVJYEDOWNBMHZPTFUTLHJAOTSOWGHIHIRYKPJZCNALHZUZQSEYUJXQHKXLIADCLD

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
Chrholl - 21 Jan 2018
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

Hi, My 1.4Gi were sent to this address:
ITFUGOZTDADQVRPXFMQUIDZQOBKXSA9RFTQFJWKSUXDQYRIZMLGSZ9XTQWUEZNIREFNIFRBDHAVOJGKAYUJYIY9EKC

Thanks for reporting! This one leads to one of the bundles I've already posted.

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search