[Complaint/Warning]TheHappyGuy is either exit-scamming or has been compromised...

I hate to fear monger but I have been in regular contact with him for the last several months via email. He has been very responsive with the exception of the last couple weeks. At one point, he went missing for about 4 or 5 days and then, more recently, he went on a week long, unannounced hiatus about a week following his initial 4 or 5 day absence.

As many of you know, upon his return, he is no longer in control of his PGP keys and is thus unable to get into his Agora account. He states that this was because he updated Tails on all three of his USBs under the impression that he would not lose his PGP key. While he has always been a lackadaisical fellow, he has never been this careless and I would warn anyone against placing an order with him until his status is figured out. According to /u/--Omega-- this is a huge load of crap as he should not have lost any persistent data.

I have been working with him, off-market, for some time now and during this time I have had no issues with communication and he has always confirmed our transactions and provided me with a rough time estimate as to when the package would arrive. This most recent time, I ordered significantly less than I normally would and based on his recent message to me I made the dumb assumption that he was who he said he was. Again, I have been in touch with him for a while so I recognize his writing but I suppose that wouldn't be all THAT difficult to recreate. That said, I am fairly certain at this point that he is either exit-scamming or is cooperating with law enforcement.

Granted, this is pure speculation at this point. However, I will be able to provide you all with an answer by this time next week as to what is going on. I have not heard from him since I sent him the small amount of money that I sent but only time will tell. In my opinion though, it's pretty safe to assume we've seen the last of this vendor.

:(

I would also like to add that he sent me a number of very strange emails. One of which included an ".html" attachment that I have determined not to open. It's probably nothing but why bother risking it?

Edit: For OpSec purposes, I have removed the message. It's been a long day and that was rather careless of me.

Edit 2: Nothing has touched down. It's official. This guy is scamming. I am reluctant to believe that it is LE as there hasn't been any follow up messages trying to get me to purchase more or reassure me that everything is okay. If you are reading this THG, FUCK YOU. I am glad you lost what you did in the Evo scam you miserable fuck.


Comments


[11 Points] None:

"He states that this was because he updated Tails on all three of his USBs under the impression that he would not lose his PGP key."
-------------------------------------------------------------------------
This is absolutely true. You will NOT lose any persistence data.
It can't get any fucking easier than plugging the fucking flash-drive in and letting it auto-update.
This guy is indeed compromised, or at least needs to be treated as such.


[6 Points] Smokeyz:

Very interesting, sounds like he's been compromised by LE by the sound of that sketchy email. And to top it off an html file? Fuck that! THG was a legit vendor when he first started & Cinex was my personal fave. In my opinion I think he got big to quickly, few months ago there were reports of packages not arriving but THG was sending out re-ships to make up for it but those "lost" packages had to be going somewhere. I think LE was profiling his packages but that's just my two cents.

EDIT: It's official, THG has just been shut down by Agora for scamming.


[6 Points] P_J:

Is it possible to get an unmodified copy of the attached html? That would be really useful for forensic analysis and comparison with other DNM-targeting malware we're seeing out & about in the wild, of late.

If not that, are there any metadata metrics on the "html" you can share? Even a '$> stat {filename},html" would be a useful baseline.

The apparent exponential rise of infection vectors for this class of digital ugliness is troubling on many levels. Perhaps most self-evidently, there's no way such attacks will stay focussed on DNMs, and once they expand beyond this small ecosystem it is difficult to overstate the pure mayhem that will follow. We're looking to pre-harden systems and tools against this inevitability... which does seem inevitable at this point.

Thanks,

~ pj


[1 Points] Agoradowntime:

FUCK! I had just posted a couple days ago that something strange was going on... I thought that it may have been because of the Agora down time and such that something had went wrong, but I guess I'm out that money..... FML


[1 Points] None:

First big order and I get fucked like this. Oh well, I'm guessing some people lost a lot more money than me.


[1 Points] bigtimetimmyjim22:

That is a shame, he was on my shortlist to try. His rep was pretty strong, goes to show you are a good vendor right up until the point you are not. Good on Agora shutting him down, hopefully with the recent WD issues some of his coin is still on site and the scammed can get partially refunded.


[1 Points] TheHappyFund:

TheHappyGuy ZERO EXIT SCAM FUND:GET YOUR BTC BACK OPEN FOR 2 WEEKS

Posted first in Agora forums:4/29/2015 http://lacbzxobeprssrfx.onion/index.php/topic,63014.0.html

13 days left........


[0 Points] holecloud:

I ordered two days before his shit started, if he exit scammed I just missed it. And if LE did have his shit when I ordered, they sent me 2, yes 2 fucking oz of his bud. IT WAS HARSH AS SHIT, but a goood high. So I don't know man, dude is a strange fellow, if you've dealt with him you kinda know what i mean, but, I think he exit scammed and I smelled it from 10 miles away.

Could be wrong though, all I'm saying is he doubled my order, right before he lost contact. I'm late to the party so don't know about the letter.

THG fucked up my shipping more than once, used sloppy opsec at times, but he did switch up his packing methods, like on a stupid all the time basis, at least with me. Felt like he sent it in different shit everytime, but everytime the package screamed IM FULL OF FUCKING WEED, FEEL HOW SQUISHY AND LIGHT I AM!

I think he got to big too fast and wasn't smart enough to get his opsec under control, and he either got caught up or took the money and ran. I choose the money, honey.................

EDIT: Just to make it clear he doubled my order of his bud, and right before he said he just finished a big move to a new grow and a killer new setup. That stalled for a couple days, now PGP issues. Man, fuck I don't know, but the dude had some decent green but the last shit he sent me was NASTY, but a good high.

I think dude stalled people on his scam by telling them he moved his operation to a shiney new setup, sent a couple packs out like mine for reviews.