Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- As some of you might know, I recently accepted the position as primary support agent for crycurex.com. I am thankful that this opportunity was given to me, unfortunately, I must resign from my position as support agent as I no longer wish to damage my own name by being associated with crycurex.com. In my short period of time with crycurex.com (less than 24 hours), I quickly noticed that something was seriously off. The guy running the site (crycurexcom) had absolutely no security sense whatsoever. Several high ranking community members were claiming that the site could be hacked, that their wallet's RPC port was wide open and even set to the default RPC password. In addition to this the programming on the site was done in an amateur fashion. When I approached the admin about rumors of security issues and that people were claiming that they can hack the site and steal money, he seemed overly confident, (like most noobie coders are), and tried convincing me that the code was great and that everyone's money was safe. He talked the security isses down:
- crycurex.com: so he says he can steal mone ?
- crycurex.com: using withdrawal form ?
- alphaw0lf: he says he can hack the site in several ways
- alphaw0lf: he wont admit withdrawal form
- alphaw0lf: he was bragging about that earlier though
- alphaw0lf: im quite sure one of the problems is there
- alphaw0lf: and i also think he specifies a user account to do so
- alphaw0lf: perhaps u should make a test account with a small amount of money in it
- alphaw0lf: and see if he can hack it
- alphaw0lf: then check your webserver logs
- alphaw0lf: to see what he did
- alphaw0lf: maybe then u can get the information u need without paying him
- alphaw0lf: cuz hes obviously trying to get money out of u
- crycurex.com: look i know there are some bugs .. but its most likely "visual" bugs .. and no functional
- crycurex.com: if he found bug how to steal money .. i want proof
- crycurex.com: then I will pay him something
- alphaw0lf: please make a test account with a small deposit inside
- crycurex.com: but 2.5 btc is too much ... tell him tahtt I analyze majority of trades and if there is bug i will find it very soon
- alphaw0lf: and we will let him try to hack it
- crycurex.com: hm ok
- alphaw0lf: to see if hes legit
- This was before I approached him about the QT wallet's RPC port being exposed. The site admin not only didn't seem to think security was an issue, but he appeared to have no clue what exposing an RPC port (let alone on a default password) could mean for the site's / user's funds:
- alphaw0lf: hey i didnt get withdrawal yet... also ive been told that ur wallet's rpc port is exposed with default password?
- alphaw0lf: this can allow for anyone to take control of the wallet
- alphaw0lf: its a huge security hole
- alphaw0lf: have u fixed this yet
- alphaw0lf: [22:45] <**********> id = 1612, other info = 16, email = *******@gmail.com
- alphaw0lf: also wants to be processed
- alphaw0lf: ur renaming site? :P
- crycurex.com: sorry ... delay
- crycurex.com: your withdrawl will be processed in 10 - 15 mins
- crycurex.com: wallet's rpc port is exposed with default password?
- crycurex.com: i dont understand this :)
- crycurex.com: you got your coins
- So as much as this guy seems like a nice and honest guy, and while most people that approached him about manual payouts, have been paid, he is not fit to be handling the responsibility of holding onto everyone's money / running an exchange site.
- I feel a bit like a backstabber by releasing this information, however I rather backstab one person (who I've known less than 24 hours) by revealing the truth, than to backstab the entire cryptocurrency community by keeping this a secret.
- My loyalties are to all of those that share my values for quality service, security, and building/upholding the reputation of the cryptocurrency community. Sites like crycurex.com are simply a disaster waiting to happen, and will only make new investers think negatively about other legitimate sites when they hear about crycurex.com and other shutdown/hacked exchanges. I am trying to prevent this damage from occurring, before it happens.
- Now that I am officially resigned from my position, I again find myself looking for a good crew to be apart of. I am interested in anything that has to do with making profit, whether it be a website, a new coin, or another form of business. I have worked many years as an ATM/Point of Sale technician, software programmer & web developer for some of the biggest corporations in North America, and am currently job less / self employed in Germany due to bad circumstances. If you guys have good intentions, take care of security issues, provide good quality service, then you can count on my respect, loyalty and discretion. If you know your shady or completely unqualified and unwilling to get qualified staff, then please don't approach me, because most likely I'll blow the whistle on you too.
- I hope this was of help to people. If you want to donate to me or offer me some work, I am available on freenode IRC under the nickname alphaw0lf.
- Donation addresses:
- BTC: 139Nf67za6hdP1JxEVDd4P2u8Y9VfCyuaL
- LTC: LPSvbkmoPwowvNBr3T75EdaMZVseSmM4mF
- DOGE: DUR9rXxiGUurUYyR58tSU7UGvZvE7HZSmK
- COYE: 5WNSTMqk3prmDUq32UErngSnsibf2EsNjn
- PS:
- A tip for those of you looking for a COYE exchange: I would recommend Cryptorush. It has several of the coin developers behind the exchange and the crew actually knows what they are doing when it comes to crypto & security.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement