Call to action: let's catch the thief


Author
Message
Lazyrudi
L
Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)
Group: Forum Members
Posts: 51, Visits: 1
no, it's not your fault. IOTA encouraged us to use their seed-generator placed in their own wallet generator system. It is IOTA duty to make it safe for the user.

By the way were is "Winston"?
What is IOTA doing right now??

Mason
M
Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)Attached to Tangle (560 reputation)
Group: Forum Members
Posts: 5, Visits: 7
I have 6.4 Gi stolen sent to this account: KHGEDPRIPVPZC9WCCATFXGAALCHSPHCRXIAGXDTYAVREUYGCR9SCKFZXP9SVCWNNSTTVRYCVQAQRJCWJWSPCZLLUNB




Jefferson
J
Attached to Tangle (408 reputation)Attached to Tangle (408 reputation)Attached to Tangle (408 reputation)Attached to Tangle (408 reputation)Attached to Tangle (408 reputation)Attached to Tangle (408 reputation)Attached to Tangle (408 reputation)Attached to Tangle (408 reputation)Attached to Tangle (408 reputation)
Group: Forum Members
Posts: 5, Visits: 1
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

Good morning, they downloaded my wallet on the desktop today -127,38Miotas,  this address: LFIMYHCWXWVKDMIGKJBLJGEZUOUPESJLSJUNGUKTX99ZOFWBWBUCOQJSERJEGNDSQTLIWYVSWBOQKKDXD9LIEEALIA


sun_in_the_city
s
Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)
Group: Forum Members
Posts: 4, Visits: 0
[Zitat]
[b]Winston - 21. Januar 2018[/ b]
Lassen Sie uns alle Opfer des jüngsten Diebstahls ermutigen, die Verfolgung von rechtlichen Schritten gegen den Dieb in Erwägung zu ziehen. Da diese Veranstaltung nicht in den Zuständigkeitsbereich der IOTA Foundation fällt, müssen die Nutzer entweder einzeln oder gemeinsam einen Rechtsstreit führen (oder zumindest eine gewisse Beteiligung der Strafverfolgungsbehörden). Es ist einfacher, wenn alle zusammen arbeiten.

Das mag im Moment entmutigend wirken. Um den Prozess für alle einfacher zu machen, nutzen wir die Kraft und Breite dieser Community, um so viele Details wie möglich über die Situation zu sammeln. Hoffentlich kann dies dazu beitragen, den Umfang des gestrigen Ereignisses aufzuklären, und auch mehr von uns ermutigen, sich mit möglichen Rechtsstreitigkeiten zu befassen. Es könnte ein langer Schuss sein, aber lasst uns wenigstens versuchen, gestohlene Gelder wiederzubekommen und sicherzustellen, dass Gerechtigkeit gedient hat.
-----------------------------------------
Derzeit bekannte Details der Situation:
Hier ist ein wunderbare Zusammenfassung der Situation, geschrieben von Ralf -https://medium.com/@ralf/what-hapsed-last-night-on-iota-b6157ade1e03
Am 19. Januar 2018 verloren einige IOTA-Nutzer ihr Geld an einen unbekannten Angreifer.
Die Ursache, die dies ermöglichte, waren Benutzer, die sich entschieden, sich auf Online-Generatoren zu verlassen, um ihre Seeds zu erstellen.
Nach dem, was ich gehört habe, haben viele Benutzer, die ihr Geld verloren haben, ihre Samen bei iotaseed.io erstellt (aus offensichtlichen Gründen nicht hier verlinkt). Die Chancen stehen gut, dass die Leute hinter dieser und möglicherweise anderen Samengeneratoren eine Weile gesessen haben und Haufen von Samen gesammelt haben, obwohl die tatsächliche Anzahl der betroffenen Benutzer mir nicht bekannt ist. Die Tatsache, dass iotaseed.io zum Zeitpunkt des Schreibens noch online ist, könnte darauf hindeuten, dass die Seite selbst kompromittiert wurde und nicht die Leute hinter dem Dienst, der den Angriff ausgeführt hat.

Altes Forum postet die bösartige Webseite: https://forum.iota.org/t/iotaseed-io-now-also-for-genera-ing-paper-wallets/3915
Dieser Beitrag wurde erstellt von username: norbert
Dies kann dieselbe Person sein, die ihr Konto von Quora gelöscht hat:https://www.quora.com/profile/Norbert-vd-Berg/log
und Reddit:https://www.reddit.com/user/norbertvdberg/
und github:https://github.com/norbertvdberg
Domänenname: IOTASEED.IO
Registrierungsdomänen-ID: D503300000042872196-LRMS-
Registrierungsstelle WHOIS-Server: whois.namecheap.com
Registrierungsstellen-URL: www.namecheap.com
Aktualisiert am: 2017-10-15T20: 31: 54Z
Erstellungsdatum: 2017-08-16T12 : 11: 37Z
Registry Ablaufdatum : 2018-08-16T12: 11: 37Z
Registrar Registrierung Ablaufdatum :
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Missbrauch Kontakt E-Mail:
Registrar Missbrauch Kontakt Telefon: +1.6613102107
Reseller:
Domain Status: clientTransferProhibitedhttps://icann.org/epp#clientTransferProbibistr
Name des Registrierten: WhoisGuard Protected
Registrant Organisation: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: nicht signierte
URL des ICANN Whois Ungenauigkeitsbeschwerdeformulars :https://www.icann.org/wicf/
>>> Letztes Update der WHOIS Datenbank: 2018-01-20T23: 12: 39Z <<<


Lassen Sie uns dem Austausch helfen, die IOTA-Adressen des Diebes, die derzeit die gestohlenen Guthaben enthalten, auf die schwarze Liste zu setzen. Ich werde diese Liste auf dem

neuesten
Stand halten, wenn mehr Leute Adressen posten : 520 + Gi GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORNIIHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORNIIHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9SYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=========================== ==
Bitte geben Sie die Adresse an, an die Ihr gestohlenes Guthaben gesendet wurde.
Wir können die Börsen kontaktieren und versuchen, diese Adressen auf die schwarze Liste zu setzen, bevor der Dieb von IOTA in eine andere Währung wechseln kann. Die Zeit ist von entscheidender Bedeutung.

Lasst uns versuchen, die Details dieser Situation so gut wie möglich zu untersuchen. Wenn Sie beschließen, rechtliche Schritte einzuleiten, schreiben Sie bitte auch einen Hinweis für andere, die dies ebenfalls in Erwägung ziehen. Lasst uns alle gegenseitig helfen. Der Dieb wird damit durchkommen, wenn niemand etwas unternimmt.
[/Zitat]

In der Tat
sun_in_the_city
s
Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)
Group: Forum Members
Posts: 4, Visits: 0
QYWCHKZJU9SHPPEIDZVCXTGHIPP9LBIYRYJIQVVKLPXRUKJKPCLUZQUBAEXFSJRFDVSYV9FV9NOHWZG99NLUFJVKJZ 137.3 Mi
am 19.01.2017 um 20:51 Uhr

Danke fürs Sammeln

Nigl23
Nigl23
Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)Attaching to Tangle (66 reputation)
Group: Forum Members
Posts: 4, Visits: 10
Lazyrudi - 21 Jan 2018
no, it's not your fault. IOTA encouraged us to use their seed-generator placed in their own wallet generator system. It is IOTA duty to make it safe for the user.

By the way were is "Winston"?
What is IOTA doing right now??

Exactly! I see people saying stuff on social media like "Never do this and that..." and alright, I get their point. BUT, when I got into IOTA, I got their wallet and used their seed-generator. I didn't just use any shady website. 
andiveze
a
Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)
Group: Forum Members
Posts: 1, Visits: 0
HALLO. ALSO ON MY ACCOUNT IOTAS WERE STOLEN (8750iota). THEY WERE SEND TO THIS ADDRESS: ZSDGSDXOIICJNTGLMFUIQLIBEEGVBOGMA9DNLQDTA9RGJHFPDAPADGUPUDL9VHFVACUWUGEVTCKPVUPI9SFWNFHXCW

HOPE I COULD HELP.
OpenMedia
O
Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)
Group: Forum Members
Posts: 16, Visits: 0
Lazyrudi - 21 Jan 2018
What is IOTA doing right now??

They do nothing, as before. That guy Ralf wrote it is the failure of the users, not their crappy design exposing private keys without any protection at all.
Lazyrudi
L
Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)Attached to Tangle (602 reputation)
Group: Forum Members
Posts: 51, Visits: 1
Since IOAT is no longer responding to the many loss reports I do not know if IOTA is still active, or those responsible have already settled in the Bahamas.
I do not think IOTA voluntarily admit their mistake and refund our money. Therefore, we will need legal assistance. Does anyone know a lawyer (best from Germany, because jurisdiction is probably Berlin) who can represent our interests to IOTA? Otherwise, tomorrow I will contact some to see who can best represent us.
JakeTehSnake
J
Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)Attaching to Tangle (1 reputation)
Group: Forum Members
Posts: 1, Visits: 0
237.87 Mi stolen and sent to the following address:
AJEROXILLAOYFWBRUAAWIW9G9OFZVPVCGVKHWLTNNXI9YJCSQVQVDYIKQDJIA9MVOCFDQYPQMNQSQKCFA


eltuga
eltuga
Attaching to Tangle (65 reputation)Attaching to Tangle (65 reputation)Attaching to Tangle (65 reputation)Attaching to Tangle (65 reputation)Attaching to Tangle (65 reputation)Attaching to Tangle (65 reputation)Attaching to Tangle (65 reputation)Attaching to Tangle (65 reputation)Attaching to Tangle (65 reputation)
Group: Forum Members
Posts: 7, Visits: 0
520 Gi (1,425,702.337 USD) https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

a transaction that concentrates scammed wallets on 19th Jan
https://thetangle.org/bundle/9EARKHWOLK9PEIIDIQWXEGZBDTWDWIYIXGJDSQQDDIUTLVEGSFCITZZQPW99WHUTPSDBLATIZILETUIID
1.76 Ti (5,060,667.106 USD)
This value goes over dozens of subsequent transactions after start splitting in smaller wallets values

and another with that is distributing later to other transactions and wallets
1.11 Ti
https://thetangle.org/bundle/TUAJSFJGPXKJRTXIGGVZZHWLLZCN9ZQMDDJNDZKVAZKWJZDVKDOGJDDCMEJSFHDETZYCFCXOGGHHYWDIZ

Edited Last Year by eltuga
Vahid Pur
Vahid Pur
Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)Attaching to Tangle (49 reputation)
Group: Forum Members
Posts: 2, Visits: 22
I lost my IOTA to this transaction
https://thetangle.org/transaction/MKXSNAESMYTPWWKUXGLPTDYOPWAUYWMWGR9WMNZXREPAIKSCKWJDSERKTJQRBOHAPGLFZKOPMQEYZ9999
transaction hash:
MKXSNAESMYTPWWKUXGLPTDYOPWAUYWMWGR9WMNZXREPAIKSCKWJDSERKTJQRBOHAPGLFZKOPMQEYZ9999
Address:
ECEWVRSHLKRNZCROHBDUWPUKYJMIBTJBKWNYMIHHWFUHDLDCV9HNM9XOSUEBFDNDFQSC9TIOQCQKTJPFCTLLAPFSPD
but it is 0 know and i do not know where is forwarded to
Alexa
Alexa
True IOTAn (8.8K reputation)
Group: Moderators
Posts: 646, Visits: 1.3K
MisterBrot - 21 Jan 2018
@Alexa: 

No. But curiously the amounts are the exact same amounts I've transferred to my seed (I made 3 transactions from bitfinex using exact those amounts: 2,2 Gi, 855 Mi and 50 Mi).

OT: In December I tried to split my IOTA and tried to send some Mi to a 2nd seed. But that transaction is still pending TODAY, so it never happened. The amount I've tried to move in December is now gone as the rest is gone. This is something I blame the IOTA team for.

Yeah, it seems very strange that your addresses have been emptied one by one...
I'm not sure if your funds have been taken by the same thief that took the others, but I suggest the addresses for blacklisting. @Winston @rajivshah
https://thetangle.org/address/FBIZCBGVVMDLPVTXBKYPKYJZHYR99NNODBCQPJBNASLGDZXQFEDUSFGKBOZUISEAKQOCDPPBHZBZ9XAMB
https://thetangle.org/address/ZXUZETEZASYCNGMWOQBU99GKYVFVRIXKRVNGWE9KQMYXOHCH9IMLCBCTVZCBJMZT99Z9VQQXFQLJC9MWD
https://thetangle.org/address/HUIHRYVVDPDAWMCBYUJXMSPYHPP9Z9ICFPKZOJYZRCWAPSAHSKCDQSIEKQEJYLTM9NIRONYFSPNVNQV9D
https://thetangle.org/address/UUVTFPXPPGSULRHWFIHQFEVVRXMBPSFUEBHFPQPIFYUVAGANVDSTBGHUFEZ9QB9DQYJPMSYITZCYFBWYB
https://thetangle.org/address/VT9GRFJQRCZONDDFQPFJCKKAXW9XNLLCJVWRBMEGSYULKYRFGHUBZGYDPYHCLSAQONLPYDI9WYV9PVQI9



I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Marshall07
M
Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)Attaching to Tangle (2 reputation)
Group: Forum Members
Posts: 2, Visits: 0
Winston - 21 Jan 2018
Let's encourage all victims of the recent theft to consider the pursuit of legal action against the thief. Since this event is outside the scope of the IOTA Foundation, users are either going to have to individually or collectively proceed with litigation (or at least some sort of involvement of law enforcement authorities). It's easier if everyone works together.

That may seem daunting right now, so to make the process easier for everyone, let's leverage the power and breadth of this community to gather as many details about the situation as possible. Hopefully this can help elucidate the scope of yesterday's event, as well as encourage more of us to get involved with potential litigation. It might be a long shot, but let's at least attempt to retrieve stolen funds and ensure that justice served.
-----------------------------------------
Currently known details of the situation:
Here's a wonderful summary of the situation, written by Ralf -- https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
On January 19th, 2018, some IOTA users lost their funds to an unknown attacker.
The root cause that allowed this to happen was users who chose to rely on online generators to create their seeds.
From what I’ve heard, many users who lost their funds created their seeds at iotaseed.io (not linked here for obvious reasons). Chances are, the folks behind this and potentially other seed generators have sat tight for a while, collecting piles of seeds, though the actual numbers of users affected are not known to me. The fact, that iotaseed.io is still online at the time of this writing might suggest that the site got compromised itself, and its not the folks behind the service who ran the attack.

Old forum post advertising the malicious website: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
That post was made by username: norbert
This may be the same person who deleted their account from Quora: https://www.quora.com/profile/Norbert-vd-Berg/log
and Reddit: https://www.reddit.com/user/norbertvdberg/
and github: https://github.com/norbertvdberg
Domain Name: IOTASEED.IO
Registry Domain ID: D503300000042872196-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2017-10-15T20:31:54Z
Creation Date: 2017-08-16T12:11:37Z
Registry Expiry Date: 2018-08-16T12:11:37Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.6613102107
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-01-20T23:12:39Z <<<


Let's help the exchanges to blacklist the thief's IOTA addresses which currently hold the stolen balances. I'll keep this list updated as more people post addresses:

520+ Gi
GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYXNWGUPOSDD
https://thetangle.org/address/GOBXTNODUGURNEESTGFVMGFBVBFGIXJLYPOUWMXTBMECORN9IHHCLVWD9UM9WYKJMB9YOFMUHZ9SJASYX

HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMADSCRBWLXW
https://thetangle.org/address/HURWQIBSAEVZSBCK9LSYCVR9ZGOCSHHQIENAZURGCVCKXEMYIGHTYQQDRHJNUNPEIKIDKQTABQNFOWUMA

9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSXOSKWAIDRW
https://thetangle.org/address/9NVYWFBV9HGFQWCNROMZIAOPGIHRUVPAURUKUGPWGBN9TQJFYJZJWBRHBG9YXTNTAESKHZFNOQAFIYRSX

GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBDVKRXUUFRD
https://thetangle.org/address/GAHJVAHMGEGOES9XECPGBUCYHETYGCPZX9EIHERQGXIHTFFWHY9FMUZCEGBZOBQRNJUEJOLKRPAZENDBD
=============================
Please post the address to which your stolen balance was sent.
We can contact the exchanges and attempt to have these addresses blacklisted before the thief is able to move from IOTA into another currency. Time is of the essence.

Also, let's try to look into the details of this situation as much as possible. If you decide to take legal action, please also post with advice for others who are considering doing the same. Let's all help each other out. The thief will get away with this if nobody decides to take action.

This is the address where my stolen IOTAs was sent to:

https://thetangle.org/address/RCMBGJZDXKERJWLYEUEZYPYZQSS9OWESYVMFZTZRRHEFPGLRPDQLS9HQGJKTIEKVTVPFAQTYOOVFLMXR9

Please, add it in the OP.
I hope these criminals will get what they deserve!

Regards
Marshall
EwingJR5
E
Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)Attaching to Tangle (23 reputation)
Group: Forum Members
Posts: 2, Visits: 0
Hi Everyone,

I lost 1.9 GI to this address: YXRCTAVQTU9OSQBI9NYARSLBMATKROHJHCRX9IIPTMXXGFLDCOR9PIWDPCGTAGXZBYUPXUXRWZIK9GEBWIUHATXWMZ
The hash is: IPFY9EQJXQTBSAQEQVOOARKZPLQGXTRHOHWXUCPLAQWZMPSDQGKJJBUVBRKALUVCRRJJ9T9BAGLZA9999

The transfer is confirmed.

Is there anything one can do about?
Alexa
Alexa
True IOTAn (8.8K reputation)
Group: Moderators
Posts: 646, Visits: 1.3K
Cheeg - 21 Jan 2018
I know it is my own fault and I hate myself very much now.

Nevertheless all my funds were stolen and send to those two addresses

PTTZVFSMATHGRUAGGVUPHGZS9SUSKQCHISMCZCTKRHMOBOEV9JMYGHSYBPFAUGNWTIVPZH9MBQFNSCRZW

V9XIXKTCMBNLAXE9AWCIZLWVUXECKEHAJFTFMPLCMBGCCCHFXRBSNHPLXOEEFEKKISKJHGSMHEAN9VJ9Y

If there is anything we can do about it, please let me know.

These also look a bit different than the other thefts, but please blacklist those too, @Winston @rajivshah:
https://thetangle.org/address/PTTZVFSMATHGRUAGGVUPHGZS9SUSKQCHISMCZCTKRHMOBOEV9JMYGHSYBPFAUGNWTIVPZH9MBQFNSCRZW
https://thetangle.org/address/V9XIXKTCMBNLAXE9AWCIZLWVUXECKEHAJFTFMPLCMBGCCCHFXRBSNHPLXOEEFEKKISKJHGSMHEAN9VJ9Y
--> with an outgoing transfer currently pending to:
https://thetangle.org/address/XRJC9SBOVLCUUYLVJDGRRGKBPWIXEEMGOSLHNS9GBEDNGMQSEFYQEDDQIFOSKBAHCSPJTARDATVAFQUCY
and
https://thetangle.org/address/UTPHDFSAOVPSZUVKIXWYMYTCKLJXZFEYKKQKLYBIMUOYNDOJFOHZEYFHZPDAYKJVFLURJHGWIUN9XSPVW


I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Alexa
Alexa
True IOTAn (8.8K reputation)
Group: Moderators
Posts: 646, Visits: 1.3K
sun_in_the_city - 21 Jan 2018
QYWCHKZJU9SHPPEIDZVCXTGHIPP9LBIYRYJIQVVKLPXRUKJKPCLUZQUBAEXFSJRFDVSYV9FV9NOHWZG99NLUFJVKJZ 137.3 Mi
am 19.01.2017 um 20:51 Uhr

Danke fürs Sammeln

Thanks for posting! Haven't seen this one before.
@Winston @rajivshah Please blacklist: 
https://thetangle.org/address/QYWCHKZJU9SHPPEIDZVCXTGHIPP9LBIYRYJIQVVKLPXRUKJKPCLUZQUBAEXFSJRFDVSYV9FV9NOHWZG99

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Alexa
Alexa
True IOTAn (8.8K reputation)
Group: Moderators
Posts: 646, Visits: 1.3K
sun_in_the_city - 21 Jan 2018
QYWCHKZJU9SHPPEIDZVCXTGHIPP9LBIYRYJIQVVKLPXRUKJKPCLUZQUBAEXFSJRFDVSYV9FV9NOHWZG99NLUFJVKJZ 137.3 Mi
am 19.01.2017 um 20:51 Uhr

Danke fürs Sammeln

@sun_in_the_city
Your transaction is still pending, so you might still have a chance to safe your funds! You need to be really quick about it, please follow instructions here:
https://forum.helloiota.com/9100/To-everyone-posting-with-stolen-balances


I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
OpenMedia
O
Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)Attached to Tangle (302 reputation)
Group: Forum Members
Posts: 16, Visits: 0
Lazyrudi - 21 Jan 2018
Since IOAT is no longer responding to the many loss reports I do not know if IOTA is still active, or those responsible have already settled in the Bahamas.
I do not think IOTA voluntarily admit their mistake and refund our money. Therefore, we will need legal assistance. Does anyone know a lawyer (best from Germany, because jurisdiction is probably Berlin) who can represent our interests to IOTA? Otherwise, tomorrow I will contact some to see who can best represent us.

There certainly should and will be legal action, given a potential 1 billion + US$ theft. That can only be a class action, not limited to Germany. Let's gather resources and collect more information. Time is key. That IOTA is not doing anything and the seed/private key issue is still exposed does certainly not help them. I'd rather consider it completely irresponsible.
Alexa
Alexa
True IOTAn (8.8K reputation)
Group: Moderators
Posts: 646, Visits: 1.3K
andiveze - 21 Jan 2018
HALLO. ALSO ON MY ACCOUNT IOTAS WERE STOLEN (8750iota). THEY WERE SEND TO THIS ADDRESS: ZSDGSDXOIICJNTGLMFUIQLIBEEGVBOGMA9DNLQDTA9RGJHFPDAPADGUPUDL9VHFVACUWUGEVTCKPVUPI9SFWNFHXCW

HOPE I COULD HELP.

Thank you for posting! This one leads to a bundle I've already posted before. 

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search