As some of you might know, I recently accepted the position as primary support agent for crycurex.com. I am thankful that this opportunity was given to me, unfortunately, I must resign from my position as support agent as I no longer wish to damage my own name by being associated with crycurex.com. In my short period of time with crycurex.com (less than 24 hours), I quickly noticed that something was seriously off. The guy running the site (crycurexcom) had absolutely no security sense whatsoever. Several high ranking community members were claiming that the site could be hacked, that their wallet's RPC port was wide open and even set to the default RPC password. In addition to this the programming on the site was done in an amateur fashion. When I approached the admin about rumors of security issues and that people were claiming that they can hack the site and steal money, he seemed overly confident, (like most noobie coders are), and tried convincing me that the code was great and that everyone's money was safe. He talked the security isses down:

crycurex.com: so he says he can steal mone ?

crycurex.com: using withdrawal form ?

alphaw0lf: he says he can hack the site in several ways

alphaw0lf: he wont admit withdrawal form

alphaw0lf: he was bragging about that earlier though

alphaw0lf: im quite sure one of the problems is there

alphaw0lf: and i also think he specifies a user account to do so

alphaw0lf: perhaps u should make a test account with a small amount of money in it

alphaw0lf: and see if he can hack it

alphaw0lf: then check your webserver logs

alphaw0lf: to see what he did

alphaw0lf: maybe then u can get the information u need without paying him

alphaw0lf: cuz hes obviously trying to get money out of u

crycurex.com: look i know there are some bugs .. but its most likely "visual" bugs .. and no functional

crycurex.com: if he found bug how to steal money .. i want proof

crycurex.com: then I will pay him something

alphaw0lf: please make a test account with a small deposit inside

crycurex.com: but 2.5 btc is too much ... tell him tahtt I analyze majority of trades and if there is bug i will find it very soon

alphaw0lf: and we will let him try to hack it

crycurex.com: hm ok

alphaw0lf: to see if hes legit

This was before I approached him about the QT wallet's RPC port being exposed. The site admin not only didn't seem to think security was an issue, but he appeared to have no clue what exposing an RPC port (let alone on a default password) could mean for the site's / user's funds:

alphaw0lf: hey i didnt get withdrawal yet... also ive been told that ur wallet's rpc port is exposed with default password?

alphaw0lf: this can allow for anyone to take control of the wallet

alphaw0lf: its a huge security hole

alphaw0lf: have u fixed this yet

alphaw0lf: [22:45] <**********> id = 1612, other info = 16, email = *******@gmail.com

alphaw0lf: also wants to be processed

alphaw0lf: ur renaming site? :P

crycurex.com: sorry ... delay

crycurex.com: your withdrawl will be processed in 10 - 15 mins

crycurex.com: wallet's rpc port is exposed with default password?

crycurex.com: i dont understand this :)

crycurex.com: you got your coins

So as much as this guy seems like a nice and honest guy, and while most people that approached him about manual payouts, have been paid, he is not fit to be handling the responsibility of holding onto everyone's money / running an exchange site. 

I feel a bit like a backstabber by releasing this information, however I rather backstab one person (who I've known less than 24 hours) by revealing the truth, than to backstab the entire cryptocurrency community by keeping this a secret.

My loyalties are to all of those that share my values for quality service, security, and building/upholding the reputation of the cryptocurrency community. Sites like crycurex.com are simply a disaster waiting to happen, and will only make new investers think negatively about other legitimate sites when they hear about crycurex.com and other shutdown/hacked exchanges. I am trying to prevent this damage from occurring, before it happens. 

Now that I am officially resigned from my position, I again find myself looking for a good crew to be apart of. I am interested in anything that has to do with making profit, whether it be a website, a new coin, or another form of business. I have worked many years as an ATM/Point of Sale  technician, software programmer & web developer for some of the biggest corporations in North America, and am currently job less / self employed in Germany due to bad circumstances. If you guys have good intentions, take care of security issues, provide good quality service, then you can count on my respect, loyalty and discretion. If you know your shady or completely unqualified and unwilling to get qualified staff, then please don't approach me, because most likely I'll blow the whistle on you too.

I hope this was of help to people. If you want to donate to me or offer me some work, I am available on freenode IRC under the nickname alphaw0lf.

Donation addresses:

BTC:  139Nf67za6hdP1JxEVDd4P2u8Y9VfCyuaL

LTC:  LPSvbkmoPwowvNBr3T75EdaMZVseSmM4mF

DOGE: DUR9rXxiGUurUYyR58tSU7UGvZvE7HZSmK

COYE: 5WNSTMqk3prmDUq32UErngSnsibf2EsNjn

PS:

A tip for those of you looking for a COYE exchange: I would recommend Cryptorush. It has several of the coin developers behind the exchange and the crew actually knows what they are doing when it comes to crypto & security.