View difference between Paste ID: FDReWXhu and u06tFtJ7
SHOW: | | - or go back to the newest paste.
1
As some of you might know, I recently accepted the position as primary support agent for crycurex.com. I am thankful that this opportunity was given to me, unfortunately, I must resign from my position as support agent as I no longer wish to damage my own name by being associated with crycurex.com. In my short period of time with crycurex.com (less than 24 hours), I quickly noticed that something was seriously off. The guy running the site (crycurexcom) had absolutely no security sense whatsoever. Several high ranking community members were claiming that the site could be hacked, that their wallet's RPC port was wide open and even set to the default RPC password. In addition to this the programming on the site was done in an amateur fashion. When I approached the admin about rumors of security issues and that people were claiming that they can hack the site and steal money, he seemed overly confident, (like most noobie coders are), and tried convincing me that the code was great and that everyone's money was safe. He talked the security isses down:
2
3
4
crycurex.com: so he says he can steal mone ?
5
crycurex.com: using withdrawal form ?
6
alphaw0lf: he says he can hack the site in several ways
7
alphaw0lf: he wont admit withdrawal form
8
alphaw0lf: he was bragging about that earlier though
9
alphaw0lf: im quite sure one of the problems is there
10
alphaw0lf: and i also think he specifies a user account to do so
11
alphaw0lf: perhaps u should make a test account with a small amount of money in it
12
alphaw0lf: and see if he can hack it
13
alphaw0lf: then check your webserver logs
14
alphaw0lf: to see what he did
15
alphaw0lf: maybe then u can get the information u need without paying him
16
alphaw0lf: cuz hes obviously trying to get money out of u
17
crycurex.com: look i know there are some bugs .. but its most likely "visual" bugs .. and no functional
18
crycurex.com: if he found bug how to steal money .. i want proof
19
crycurex.com: then I will pay him something
20
alphaw0lf: please make a test account with a small deposit inside
21
crycurex.com: but 2.5 btc is too much ... tell him tahtt I analyze majority of trades and if there is bug i will find it very soon
22
alphaw0lf: and we will let him try to hack it
23
crycurex.com: hm ok
24
alphaw0lf: to see if hes legit
25
26
27
28
29
This was before I approached him about the QT wallet's RPC port being exposed. The site admin not only didn't seem to think security was an issue, but he appeared to have no clue what exposing an RPC port (let alone on a default password) could mean for the site's / user's funds:
30
31
32
alphaw0lf: hey i didnt get withdrawal yet... also ive been told that ur wallet's rpc port is exposed with default password?
33
alphaw0lf: this can allow for anyone to take control of the wallet
34
alphaw0lf: its a huge security hole
35
alphaw0lf: have u fixed this yet
36
alphaw0lf: [22:45] <**********> id = 1612, other info = 16, email = *******@gmail.com
37
alphaw0lf: also wants to be processed
38
alphaw0lf: ur renaming site? :P
39
crycurex.com: sorry ... delay
40
crycurex.com: your withdrawl will be processed in 10 - 15 mins
41
crycurex.com: wallet's rpc port is exposed with default password?
42
crycurex.com: i dont understand this :)
43
crycurex.com: you got your coins
44
45
46
47
48
So as much as this guy seems like a nice and honest guy, and while most people that approached him about manual payouts, have been paid, he is not fit to be handling the responsibility of holding onto everyone's money / running an exchange site. 
49
50
I feel a bit like a backstabber by releasing this information, however I rather backstab one person (who I've known less than 24 hours) by revealing the truth, than to backstab the entire cryptocurrency community by keeping this a secret.
51
52
My loyalties are to all of those that share my values for quality service, security, and building/upholding the reputation of the cryptocurrency community. Sites like crycurex.com are simply a disaster waiting to happen, and will only make new investers think negatively about other legitimate sites when they hear about crycurex.com and other shutdown/hacked exchanges. I am trying to prevent this damage from occurring, before it happens. 
53
54
Now that I am officially resigned from my position, I again find myself looking for a good crew to be apart of. I am interested in anything that has to do with making profit, whether it be a website, a new coin, or another form of business. I have worked many years as an ATM/Point of Sale  technician, software programmer & web developer for some of the biggest corporations in North America, and am currently job less / self employed in Germany due to bad circumstances. If you guys have good intentions, take care of security issues, provide good quality service, then you can count on my respect, loyalty and discretion. If you know your shady or completely unqualified and unwilling to get qualified staff, then please don't approach me, because most likely I'll blow the whistle on you too.
55
56
I hope this was of help to people. If you want to donate to me or offer me some work, I am available on freenode IRC under the nickname alphaw0lf.
57
58
Donation addresses:
59
BTC:  139Nf67za6hdP1JxEVDd4P2u8Y9VfCyuaL
60
LTC:  LPSvbkmoPwowvNBr3T75EdaMZVseSmM4mF
61
DOGE: DUR9rXxiGUurUYyR58tSU7UGvZvE7HZSmK
62
COYE: 5WNSTMqk3prmDUq32UErngSnsibf2EsNjn
63
64
65
PS:
66
A tip for those of you looking for a COYE exchange: I would recommend Cryptorush. It has several of the coin developers behind the exchange and the crew actually knows what they are doing when it comes to crypto & security.