Call to action: let's catch the thief


Author
Message
Chrholl
C
Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)
Group: Forum Members
Posts: 2, Visits: 0
Alexa - 21 Jan 2018
Chrholl - 21 Jan 2018
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

Hi, My 1.4Gi were sent to this address:
ITFUGOZTDADQVRPXFMQUIDZQOBKXSA9RFTQFJWKSUXDQYRIZMLGSZ9XTQWUEZNIREFNIFRBDHAVOJGKAYUJYIY9EKC

Thanks for reporting! This one leads to one of the bundles I've already posted.

Ok I just edited before I saw your comment, probably the new address I posted is already known, all these addresses get confusing
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
Chrholl - 21 Jan 2018
Alexa - 21 Jan 2018
Chrholl - 21 Jan 2018
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

Hi, My 1.4Gi were sent to this address:
ITFUGOZTDADQVRPXFMQUIDZQOBKXSA9RFTQFJWKSUXDQYRIZMLGSZ9XTQWUEZNIREFNIFRBDHAVOJGKAYUJYIY9EKC

Thanks for reporting! This one leads to one of the bundles I've already posted.

Ok I just edited before I saw your comment, probably the new address I posted is already known, all these addresses get confusing

It is known. :-)
Thanks for the effort though, it's kind of hard to keep track of what's new and what's not...

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Frank
F
Attaching to Tangle (26 reputation)Attaching to Tangle (26 reputation)Attaching to Tangle (26 reputation)Attaching to Tangle (26 reputation)Attaching to Tangle (26 reputation)Attaching to Tangle (26 reputation)Attaching to Tangle (26 reputation)Attaching to Tangle (26 reputation)Attaching to Tangle (26 reputation)
Group: Forum Members
Posts: 8, Visits: 3
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

Hello
Mine was sent to:
MKPMJQSEURTQMCFXBEIXAUXZRHYQCWTVOTROAUAZWPNZYJRSXGZHMHZIWWAEVHJVGV9TWLCOZUXBMETKXODAAODZVD
4.512742493 Gi
Guggivaz
G
Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)Attaching to Tangle (46 reputation)
Group: Forum Members
Posts: 3, Visits: 23
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K

@Guggivaz Can you please edit this and tag Winston so it's easier to find for him in this mess of posts?

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
OpenMedia
O
Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)
Group: Forum Members
Posts: 16, Visits: 0
Please also follow the developing topics here.

https://bitcointalk.org/index.php?topic=2791245.0
https://steemit.com/iota/@madmac/iota-thousands-of-wallets-compromised-and-funds-stolen

They are all linked, but different people share information on different platforms.
Immutable
I
Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)
Group: Forum Members
Posts: 1, Visits: 3
gotlivm
g
Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)
Group: Forum Members
Posts: 1, Visits: 0
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

YNAAPXAIKNPISKRJDZSDXD9INRNICHUQMWEVPSTACFKNAABNCIYF9IVVQBPBYSJMMKVZDTTPJQLAA9999
https://thetangle.org/transaction/YNAAPXAIKNPISKRJDZSDXD9INRNICHUQMWEVPSTACFKNAABNCIYF9IVVQBPBYSJMMKVZDTTPJQLAA9999
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K

Thanks for posting! The address where they're trying to send the funds to has been reported already, but as your funds are currently still on this one, let's blacklist this one too @Winston @rajivshah
https://thetangle.org/address/JAZDUF9HBORDBRWOTDPZVNJYHFIEANLXAIAZOJTVYCQWNZVHYBOAOPDORXEX9ZGIPNXIYHLTG9KXZLTUW

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K
gotlivm - 21 Jan 2018
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

YNAAPXAIKNPISKRJDZSDXD9INRNICHUQMWEVPSTACFKNAABNCIYF9IVVQBPBYSJMMKVZDTTPJQLAA9999
https://thetangle.org/transaction/YNAAPXAIKNPISKRJDZSDXD9INRNICHUQMWEVPSTACFKNAABNCIYF9IVVQBPBYSJMMKVZDTTPJQLAA9999

Thank you for posting! The destination address of this transaction has already been posted for blacklisting.

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
MisterBrot
M
Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)
Group: Forum Members
Posts: 26, Visits: 0
Mason
M
Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)
Group: Forum Members
Posts: 5, Visits: 7
I have 6.43 GI stollen from my light wallet. the receiver address is:     KHGEDPRIPVPZC9WCCATFXGAALCHSPHCRXIAGXDTYAVREUYGCR9SCKFZXP9SVCWNNSTTVRYCVQAQRJCWJWSPCZLLUNB

 
Mason
M
Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)
Group: Forum Members
Posts: 5, Visits: 7
I have 6.43Gi stolen from my wallet sent to this address: KHGEDPRIPVPZC9WCCATFXGAALCHSPHCRXIAGXDTYAVREUYGCR9SCKFZXP9SVCWNNSTTVRYCVQAQRJCWJWSPCZLLUNB 
Nigl23
Nigl23
Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)
Group: Forum Members
Posts: 4, Visits: 10
IICPKFSGDXTBBGETTCIVDOOZQDVRDKYUTBEAIZBFLWKXZGIPHGMNXC9HKXU9EONFSVPMILYPVJFYHBUCWXG9UQUHUX

This is the adress of where my IOTA went. I can see the transaction on the explorer. This is not okay. Never gave permission for that. Is there a solution to solve this?



Mason
M
Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)
Group: Forum Members
Posts: 5, Visits: 7
I have 6.43 Gi stolen from my wallet, sent to this address:  
KHGEDPRIPVPZC9WCCATFXGAALCHSPHCRXIAGXDTYAVREUYGCR9SCKFZXP9SVCWNNSTTVRYCVQAQRJCWJWSPCZLLUNB



Nigl23
Nigl23
Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)
Group: Forum Members
Posts: 4, Visits: 10

Exactly what I was thinking... My amount is still on this address: IICPKFSGDXTBBGETTCIVDOOZQDVRDKYUTBEAIZBFLWKXZGIPHGMNXC9HKXU9EONFSVPMILYPVJFYHBUCWXG9UQUHUX

7 minutes ago the asshole tried to send all of that to another address, still unconfirmed.
OpenMedia
O
Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)
Group: Forum Members
Posts: 16, Visits: 0
It is a major design flaw to use the seed, which is the private key, to login to your wallet without any protection, no password, nothing. It is another major design flaw that the wallet is unable to create a seed locally, so one is always required to use a 3rd party solution. If they would have put a bit more brain into it this all could have been avoided. And it did not happen the first time, and likely will happen again..
Edited Last Year by OpenMedia
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 732, Visits: 1.4K

Thanks for posting! This looks a bit different than all the others. Did they take your funds from three different seeds?
 


I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Cheeg
C
Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)
Group: Forum Members
Posts: 1, Visits: 0
I know it is my own fault and I hate myself very much now.

Nevertheless all my funds were stolen and send to those two addresses

PTTZVFSMATHGRUAGGVUPHGZS9SUSKQCHISMCZCTKRHMOBOEV9JMYGHSYBPFAUGNWTIVPZH9MBQFNSCRZW

V9XIXKTCMBNLAXE9AWCIZLWVUXECKEHAJFTFMPLCMBGCCCHFXRBSNHPLXOEEFEKKISKJHGSMHEAN9VJ9Y

If there is anything we can do about it, please let me know.
MisterBrot
M
Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)Attached to Tangle (776 reputation)
Group: Forum Members
Posts: 26, Visits: 0
@Alexa: 

No. But curiously the amounts are the exact same amounts I've transferred to my seed (I made 3 transactions from bitfinex using exact those amounts: 2,2 Gi, 855 Mi and 50 Mi).

OT: In December I tried to split my IOTA and tried to send some Mi to a 2nd seed. But that transaction is still pending TODAY, so it never happened. The amount I've tried to move in December is now gone as the rest is gone. This is something I blame the IOTA team for.
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search