Bump! Hope all goes well for the BlockTrade.io team! Good luck

I've worked with several exchanges handling these situations and sadly it happens, one slight oversight overlooked can lead to some random kiddie running off with bitcoins. It happens. exchanges are runs by humans. And in all reality at the end of the day there is no security. The best you can do is be pro-active about your security and prepare for the next one.

I'll msg you shortly admin see if I can help out.

I don't understand your obsession with me being a foxcoin developer or not - if you're so interested, come join #foxcoin on irc.freenode.com and ask me directly. Again, this situation has nothing to do with a coin I'm working on.

As for the situation itself all logs, and evidence have been sent off to the authorities. When you read on the forum your friends been arrested then thats it. I'm done trying to convince him to return the BTC, he had his chance and it is over for him. It should have been apparent to you that it is clear I can not disclose the exchange. And especially now that an investigation is underway. I showed him the logs so that he can at least see that his IP address was used to attack the server. You call it strange. I don't see how it is strange. I don't need to convince you of anything - I was trying to convince him that his dream of getting away with a steal will not work.

When he gets a knock on his door and has to go to prison for committing a cybercrime across borders, I'm sure he'll regret not returning the bitcoin.

Anyway, cheers!

You're a fucking idiot. You're going to point out that I typo'd your name as evidence of what?

Full logs, evidence and dox have been forwarded to the proper authorities. Enjoy.

And good luck. I'm done with you.

I'm helping people. An exchange. There is no nonsense here. It's probably nonsense to you because you either refuse to understand what I am saying or you simply don't understand what I'm saying. And if that is the case - acquire an English speaker to help you decipher what I'm saying.

In any case - BTC were stolen and it points to your friend pendolf2008. If you want to help him - ask him to track down who stole the BTC from his IP address. I tried emailing him nicely, even giving him steps to take to figure out what happened from his end in case he didn't do it. But I will not stop until either the BTC are returned or someone gets arrested for stealing the BTC.

So, if your friend did steal the BTC its best you ask him to return them. If he didn't steal them, it's best to help him figure out who did steal them from his IP.

Pretty simple.

Haha, I don't understand Russian. I'm using translate.google.com to help me figure out what you gents are saying. Are you trying to drum up a conspiracy, or something?

Good logic you have there - assuming that you can only be a coin developer before or during its launch. Unfortunately for you this thinking is incorrect. I joined the development team after its launch, but I don't see the point in explaining this to you as it has nothing to do with the situation at hand.

As to the more important questions you raise - perhaps you're confused as to how this thread was started. Instead of pendolf2008 responding to me privately about the incident he decided to make a public thread. For what? I have no idea. I don't know whether he did it out of fear, I don't know whether he did to have an alibi and have his friends defend his reputation. But the point is I didn't make any public posts about the situation until he began this nonsense of publicly discussing the issue.

I have provided logs of the attacker, containing his IP address and containing the other IP addresses and username he used on the exchange. He used the same account and IP address to exploit a vulnerability and sending BTC out of the exchange.

And your logic is also flawed in the sense that you think that having a registered account with a lot of posts, or an old registration date proves somehow someones integrity. Sorry to disappoint you by pointing the flaw in this but there are many known cases of older accounts with Hero status scamming people out of money. It is true my account is relatively new, but I've been lurking on the forums for several years. I simply didn't have a need to create an account or post to threads at the time until now.

As for the Exchange contacting him - they did. They even called him directly. But he hangs up the phone. How can they communicate with someone who hangs up the phone at the mentioning of stolen Bitcoins?

How about you sit back and analyze the full situation before you make these ridiculous posts defending someone you have no idea did or did not in fact steal the BTC. In his other posts he made reference to the possibility that maybe his Wifi or computer were compromised. Have you asked him about auditing his router/computer for signs of intrusion? Or are you simply and blindly going to believe him at will?

All he has to do is privately respond back to me, and we can actually move forward on figuring out what happened. If he didn't do it, so be it. But clearly he's tied to the theft in some way.

Thanks for your opinion on the matter.

Anton,

It's obvious I can not mention the exchange because they have not given me permission to reveal it.

As for your IP it was obtained from Apache logs on the exchange. This should be obvious as well considering I posted the logs in your first Russian thread.

It should also be obvious that I am not trying to scam you. There is no scam here. Either you're really stupid, or you're playing a very good game publicly to deflect your guilt.

Either you stole the BTC or you didn't. If you did, return them and thats the end of the story. If you didn't then you need to seriously figure out how your IP address was used to commit a crime. Do you understand this? I wish I studied Russian in school so I can best convey to you exactly what's going on but apparently we are having an issue of miscommunication.

Any Russian/English speakers want to translate to him what I am saying to help him understand what is going on?

You are a member of an exchange that was hacked. Your IP, the same IP used to log into your 'pendalf2008' account was used to steal BTC. The IP, UserAgent and login times all match and point to you. Is this hard to understand? This is a clear indication you either did it, know who did it, or someones putting a lot of effort into framing you.

If it wasn't you, then work with me to figure out who did it. But screaming and crying SCAMMER about someone who has provided you research and logs isn't a smart move. It also doesn't help and or look legit when you have your friends on the forum defending you as well. It simply looks like you are all apart of the plot.

At the end of the day, I don't care for this melodrama. I really don't. I was hired to track down the attacker. And it points to you.

To answer your questions:

"And the main thing from another. Why yours myphic "exchange" do not write first  to my mail?"

Because they had asked me to get involved. I sent you the initial emails to hopefully awaken you from the dream that you would get away with the attack.

"You telling me that "hack was made from my account", and to whom this exchange must write first at all?"

I don't get your question. But the exchange will not be revealed yet. And the account username is pendolf2008. I also provided the IP addresses in the other thread and in emails.

If you have any questions email me and we can discuss it, or message me here. Or answer your phone when we call you. That's pretty much that.

Lira,

If you are so sure your friend didn't commit the crime why aren't you helping him audit his system to figure out if he was backdoored, or that his router was or wasn't compromised?

Like I said in the other English thread - I could care less for the Satoshis he's stashing in his wallet, I only confronted him privately for the BTC he stole. If he didn't steal it then who did? It clearly came from his IP address. The truth of the matter is the logs point to him. If it didn't point to him I wouldn't have been messaging him to return the stolen BTC in the first place.

Instead of trying to be a white knight and defend your friend you probably should be trying to figure out the answers to the questions surrounding this situation.

Either way, I did my end of the the deal - and find the attacker - pendalf2008. If he doesn't return the BTC he stole then he will have to answer to authorities. That's pretty much the end of it.

Cheers!

Lira,

I'm not impressed by your threats - especially when the the situation is clear as day that I've doxed a BTC thief, and the only thing I tried to do is motivate him to return the coins he has stolen.

I have done nothing whatsoever to indicate this is a scam. I am not looking for him to send me his measily satoshis, but rather, return the BTC he stole. That's the reality. I'm sure he will pay you nicely once he gets away with the steal. Which makes you an accomplice in this situation.

In any case I am done with responding. I will allow the Exchange to handle this through the authorities. Anton, I wish you luck. Hope you have a nice lawyer to help you through the legal situation.

Cheers!

Several hundred.

The exchange is willing to offer him a reward for returning the coins, and not forward his dox to authorities and not expose his complete identity. But apparently he'd rather run with the risk of riding this out. Until of course he gets raided. He thinks this situation is a fun game.

Going to sleep now.

For anyone interested in the actual story: https://bitcointalk.org/index.php?topic=513286.msg5689896#msg5689896

This newbie found a bug on an exchange from his home IP. Ends up stealing a decent amount of Bitcoins. I track him down and confront him. And now he is diverting attention by trying to distort my reputation.

He's sitting on a lot of Bitcoins, and we have his complete dox and logs to prove what he did. Now he's claiming that his wifi was probably cracked, or he has a trojan on his computer.

I don't think he realizes the extent of legal issues he's throwing himself into over greed.

Cheers.

So now you're telling me we're idiots for assuming you didnt do it because you could have been hacked, your wifi could have been cracked or your mother did the attack. Well first off your mother sounded nice on the phone so I don't think she could have done it.

If your systems are indeed hacked/infected with trojans don't you think the logical thing to do is log offline, separate your machines off the Internet and begin auditing your system for infection? Perhaps even being helpful and providing the trojan itself that you are infected by? And what are the odds that someone is going to log into the exchange as you to check on your coin balances, then exploit a hole in the system at the same time? And what are the odds that someone would hack your piece of shit computer, on your piece of shit slow connection to commit this hack and frame you? You must be special. Or hated.

If your wifi was cracked, then perhaps don't you think that instead of being smug and calling people idiots perhaps you should log into your router and look into your authentication logs to see if anyone has logged into your router? Maybe even producing screen shots and MAC logs of the actual incident?

Another thing you're not taking into account here is that the UserAgent/IP that attacked the site, matches the same logs of every single time you logged into the exchange? So, let me guess - someone infected you with a trojan, installed and configured RemoteDesktop and used your system and your slow connection to break into the site while you were checking your coin balances? And you do not notice this?

Your arguments are simply bad. And instead of being stubborn and holding onto stolen BTC you should return them. You may even get a nice reward in cash for it. So I guess you need to really evaluate who the real idiot here is.

Anton (pendalf2008),

I think your strategy of trying to deflect guilt onto someone else (who has tracked you) is not a good strategy for you. I've given you plenty of chances to do the right thing but if you want to make the situation worse for yourself, then by all means.

For those reading this: Essentially what happened here was an exchange was robbed of a high number of BTC. I was hired by the exchange to do post-hack forensic work and track down the attacker. Unfortunately for our Ukrainian friend pendalf2008 he left his IP address in Apache's logs when he initially discovered the attack vector. Once he realized he had found the attack vector, and also realized he was connected via his home IP he then went ahead and jumped onto a VPN/Proxy/VPS from Germany to finish the steal.

For respect of the Exchange, I left attack vector, exchange url and other requests out of the logs.

109.108.237.17 - - [11/Mar/2014:03:47:00 +0100] "GET /favicon.ico HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:48:11 +0100] "GET [attack vector] HTTP/1.1" 200 23 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:48:20 +0100] "GET [attack vector] HTTP/1.1" 200 169 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:48:33 +0100] "GET [attack vector] HTTP/1.1" 200 41 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:48:43 +0100] "GET [attack vector] HTTP/1.1" 200 708 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:48:59 +0100] "GET [attack vector] HTTP/1.1" 200 201 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:51:28 +0100] "GET / HTTP/1.1" 200 59770 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:51:40 +0100] "GET [attack vector] HTTP/1.1" 200 57467 "https://www.[exchange]/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:51:42 +0100] "GET [attack vector] HTTP/1.1" 200 367738 "https://www.[exchange]/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:52:28 +0100] "GET [attack vector] HTTP/1.1" 200 59770 "https://www.[exchange]/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:52:58 +0100] "GET [attack vector] HTTP/1.1" 200 60053 "https://www.[exchange]/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
109.108.237.17 - - [11/Mar/2014:03:53:19 +0100] "GET [attack vector] HTTP/1.1" 200 294 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"

After he discovered the attack vector he waited some time and came back from his new connection:

78.47.55.70 - - [11/Mar/2014:06:22:19 +0100] "GET [attack vector] HTTP/1.1" 206 28532736 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
78.47.55.70 - - [11/Mar/2014:06:23:27 +0100] "GET [attack vector] HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
78.47.55.70 - - [11/Mar/2014:06:28:00 +0100] "GET [attack vector] HTTP/1.1" 304 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"

Notice the same exact UserAgent? Hitting the same attack vector as no one else did in the logs.

Once he got the access to what he needed, he transferred funds out to two wallets which I can not name as of yet. After BTC was stolen, he connected back to his exchange account to check his balances from: 109.108.238.71 with an Opera User-Agent. The same IP also listed as accessing his 'pendalf2008' user account on the exchange. In total he has connected to his same account using 3 IP addresses: 109.108.238.71, 109.108.238.161 and 109.108.237.17 all hosted by Everest ISP in Ukraine, Vinnitsa.

Once we confirmed it was his IP that attacked the server initially, and confirmed all three IP addresses from the same ISP to the same town in UA logged into the 'pendalf2008' account we then began finding personal information on who he was. We doxed him. Contacted him. And instead of admitting the fault, and simply returning BTC he has resulted to deflecting the situation.

Like I said in prior messages Anton, I'm a security researcher tracking a Bitcoin thief. Apparently you are that thief. Now unless you allow someone to use your IP addresses to get on to the Internet then everything points to you. If you know who stole the BTC then contact me privately and we can easily resolve the issue. If you do not comply, then all of this information with full unredacted logs will be sent to the authorities and they will have to handle you.

So tell me what you want to do.

If you don't want to deal with me, fine so be it. Contact the exchange you robbed and return their BTC.

Good day.

So let me get this straight BCX - You just admitted to DDoSing the exchange on a public forum. You realize this is a crime, yes?

You claimed they have lame DDoS protection - I assume you're talking about Cloudflare as that's their provider. I have some friends at Cloudflare who run their engines - would you like me to forward them your complaints?

Kiss your ass? Hop on irc.freenode.com and /msg se[c] and lets chat.

As for your point that many coins are crap, it is what it is. But being negative about every single one of them is beyond ignorant. So again, meet me on IRC and let's talk about the so called ass kissing.

Regards,
se[c]

@mrjitter - Judging by your previous posts apparently every coin is shit. Perhaps instead of making yourself look like a troll, you provide proper input. Other than giggling like a little girl.

Great team, great project, great guys involved. I'm proud to say that I get to finally see something good going towards organizations that need help the most.

Hope it turns out well! and knowing @ThisWeeksCoin he will make this into a success. 

Would you mind providing me that link? I'd like to read.

For what its worth I don't think an exchange would risk its entire userbase to steal..... VOLT.

Thanks

I've been using the exchange, no issue as regard to lost coins or coins being stolen. As well as many thousands of other users. So what proof do you have? It's not wise to spread FUD (Fear, Uncertainty and Doubt) when you literally provide nothing to back up your statement. Ironically, you're probably using the site now, too.