SHARE
TWEET

Untitled

a guest Jun 21st, 2016 1,439 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2.           _____  _______    ______       _____    
  3.    * _____\    \_\      |  |      | _____\    \_  .
  4.     /     /|     ||     /  /     /|/     /|     |
  5.   ./     / /____/||\    \  \    |//     / /____/|   *
  6. . |     | |____|/ \ \    \ |    ||     | |____|/      .
  7.   |     |  _____   \|     \|    ||     |  _____   *
  8.   |\     \|\    \   |\         /||\     \|\    \    '
  9.   | \_____\|    |   | \_______/ || \_____\|    | .
  10.  '| |     /____/|    \ |     | / | |     /____/|      *
  11.    \|_____|    ||2o16 \|_____|/   \|_____|    ||  .
  12.    '      |____|/    .          *        |____|/  
  13.  
  14. The CryptoVigilanteCrew Presents.....              
  15.  
  16. While Paul Vernon being complicit in the funds stolen from Cryptsy is still in question... another question still remains unanswered... (until now)
  17.  
  18. "Who made lucky7coin that Paul Vernon claims was responsible for hacking Cryptsy?"   ...lets find out!
  19.  
  20. Well, we do know, after visiting lucky7coin's github repository, that it was indeed backdoored. A quick search of the malicious code on github, also brings up another coin, called torcoin.
  21.  
  22. https://github.com/alerj78/lucky7coin/
  23. https://github.com/torcoindev/torcoin
  24.  
  25. Well we know these coins were announced on bitcointalk. Let's see if what we can find out about these 2 users on bitcointalk...
  26.  
  27. https://bitcointalk.org/index.php?action=profile;u=333668 (alerj78, owner of lucky7coin repository, initial uploader)
  28. https://bitcointalk.org/index.php?action=profile;u=352008 (torcoin)
  29.  
  30. let's have a look at the bitcointalk user database entries for lucky7coin and torcoin:
  31.  
  32. INSERT INTO `smf_members` VALUES (332957,'aler78',1400503000,0,0,'',1400631882,'aler78',0,0,'','','','','$5$rounds=7500$eZTQt3ihVEN45C13$5ugytyWO68zOr/yO3z8/evZ5ryHoceFlA97.QyV3Br2','johnaler@safe-mail.net','',0,'0001-01-01','','','','','','','',1,1,'','',0,'',1,0,0,'',1,1,0,2,'81.89.96.113','81.89.96.113','','',0,1,'',6844841,'','',4,833,'',0,NULL,1,2,0,0,94.99,'195.228.45.176');
  33.  
  34. INSERT INTO `smf_members` VALUES (333668,'alerj78',1400633430,2,0,'',1405004034,'alerj78',4,1,'','','','','$5$rounds=7500$iKTbk1zMBf2MC2xe$L8Gs8DJxfE0hcYWvaGB.BPfVlPzvN3Al6HoDAec.n14','alerj78@safe-mail.net','',0,'0001-01-01','','','','','','','',1,1,'','',0,'',1,0,0,'',1,1,0,2,'77.247.181.162','77.247.181.162','','',0,1,'',7768339,'','',12,7134,'',0,NULL,1,2,2,0,0,'81.89.96.113');
  35.  
  36. INSERT INTO `smf_members` VALUES (352008,'torcoin',1404479253,38,0,'',1407801091,'torcoin',97,3,'','','','','$5$rounds=7500$fpewoiyQ05ACAebp$.EMZ9UgNKut2UrlrXjtvQsach3LvbzTXhpJzIINzKk1','torcoin@hushmail.com','',0,'0001-01-01','','','','','','','',1,1,'','',0,'',1,0,0,'',1,1,0,2,'192.42.116.16','192.42.116.16','','',0,1,'',8303268,'','',5,77896,'',0,NULL,1,2,38,0,0,'81.89.96.113');
  37.  
  38.  
  39. let's see if any other users are registered on bitcointalk with that ip, 81.89.96.113 ...
  40.  
  41.  
  42. INSERT INTO `smf_members` VALUES
  43. (349019,'azeteki',1403904602,93,0,'',1423992881,'azeteki',6,0,'','','','','$5$rounds=7500$Lvy9Z5P+kZdiatAf$ySFjx5daAKnruGXMsc5ONKOKvbTZixr7tSeK9mo8Df/','azeteki@safe-mail.net','Amphibian',0,'0001-01-01','GitHub page','https://azeteki.github.io','Panama','','','','',1,0,'','[url=https://github.com/azeteki/bitcoind-ncurses]bitcoind-ncurses[/url] - [url=https://azeteki.github.io/charts]network charts[/url] - [url=https://azeteki.github.io]azeteki.github.io[/url] - [url=https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE2BD14EC2C7D458F]PGP[/url]',0,'',1,0,0,'',0,0,0,2,'62.210.74.186','62.210.74.186','','',0,1,'',10465724,'11','',19,96372,'cfc9',0,NULL,1,2,93,0,0,'81.89.96.113');  
  44.  
  45.  
  46. azeteki uses the same ip/proxy. also safe-mail.net.. interesting. the name azeteki comes from the latin name of a species of frog.
  47.  
  48. so who is https://bitcointalk.org/index.php?action=profile;u=349019 (azeteki) ?
  49.  
  50. https://github.com/azeteki/  (account is now deleted? but you can google it and see it was the author of bitcoind-ncurses.)
  51. https://www.reddit.com/user/Atelopus_zeteki
  52. https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE2BD14EC2C7D458F
  53. https://pgp.mit.edu/pks/lookup?op=vindex&search=0x47DA40099E00994C
  54.  
  55. 17:57.32    *** join/#debian Amphibian (~azeteki@gateway/tor-sasl/amphibian)
  56. 18:17.29    *** part/#debian Amphibian (~azeteki@gateway/tor-sasl/amphibian)
  57.  
  58. bitcointalk profile shows:
  59.  
  60. Gender: Male
  61. Age:    N/A
  62. Location:   London, UK
  63. Local Time: June 18, 2016, 04:04:49 AM
  64.  
  65. Website:    esoteric nonsense
  66. Bitcoin address:    1FrogqMmKWtp1AQSyHNbPUm53NnoGBHaBo <- 1frog
  67.  
  68. well, what can we get from esotericnonsense.com?
  69.  
  70. daniele@esotericnonsense.com
  71. Origin country United Kingdom
  72. Primary IP Address 86.146.198.227
  73.  
  74. https://esotericnonsense.com/contact.html
  75.  
  76. pub   rsa4096/0x47DA40099E00994C 2016-04-04 [SC] [expires: 2021-04-03]
  77.       Key fingerprint = E82F BFB5 0174 9C46 B440  29B7 47DA 4009 9E00 994C
  78. uid                   [ultimate] Daniel Edgecumbe <daniele@esotericnonsense.com>
  79. sub   rsa4096/0x0D2CCF290CD80BAD 2016-04-04 [E] [expires: 2021-04-03]
  80.  
  81. well, it looks like azeteki's repo has moved here:
  82. https://github.com/esotericnonsense which belongs to a Daniel Edgecumbe. Coincidence? of course not.
  83.  
  84. https://github.com/esotericnonsense/project-euler this page actually shows that azeteki is Daniel Edgecumbe's username on project euler.
  85.  
  86. So, Daniel Edgecumbe created the backdoored lucky7coin, as well as torcoin. Cryptsy had lucky7coin installed on their exchange, we know that. Did Daniel Edgecumbe steal the 13k BTC from Cryptsy?
  87. He certainly could have using his backdoor, however, we do not know yet, but we are working on finding that out.
  88.  
  89. Any proper authority can subpoena the database from bitcointalk, and other various sites he is registered on, and verify these claims. To all those who lost funds on Cryptsy, it sucks, we know,
  90. but maybe this information can help, and maybe one day the coins can be recovered. Maybe they won't, but we can get some sort of closure. Let this be a reminder, that if you hurt/attempt to hurt the crypto community,
  91. people will come looking for you, and they might just find you.
  92.  
  93. donate to the CVC: 1CVCggdNNC9bbpVyxQtqbxWQcEgmj9JtGG
  94.  
  95. There's no masking from us now
  96. We pop Tor nodes around the globe
  97. Track and hunt you down! -Dual Core
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top