Nucleus Definitely Compromised. Do not use until the admins respond

https://www.reddit.com/r/NucleusMarket/comments/3djxcb/nucleus_purchase_sent_coins_to_wrong_vendor/

Exactly the same thing happened to me yesturday, to the same account, it appears the mods have noticed but have done nothing about it.

Explanation: Its seems like after the site update on the 15th a user, yet to be identified, was able to access the site code that handles purchases. When one makes a purchase with a vendor, the transaction really occurs between your account and a vendor account named "dreadheaddrilla"

This "dreadheaddrilla" is obviously a front for this "hacker" to get your coins without requiring a pin. It also appears this little trick gets him your account also since my password was also changed.

Please get this information out there, admins have "locked" the "dreadheaddrilla" account but won't respond to tech support tickets, nothing on the forums (unable to log in or create account), and it very definitely isn't a phishing scam since the mechanism has been identified as occuring when you order from legitimate vendors.


Comments


[15 Points] Axaq:

Potentially an XSS injection in the original listing you purchased, send me a link to it and I'll investigate this later since it has come from an established account. Send me as much info as to what happened.

Edit: wouldn't surprise me if they haven't validated listing descriptions, usernames weren't validated until about a month ago.


[11 Points] _TheDesperado_:

Nucleus has been the sketchiest market for a long time and it has nothing to do with this. I stopped using it after having BTC disappear from my account back when they were selective scamming.

I was told that I had used a phishing site, but that's not the case since I used the link on the Markets Superlist. I know this because I always verify the URL before depositing Bitcoin. Nucleus tried to cover the loss by laying blame on something that to me was provably false, and that was enough to convince me that Nucleus is a disjointed operation run by very shady opportunists.

So a hack or scam are not all that surprising.


[6 Points] Lightmang2:

Am I the only person who hasn't had an issue with nucleus? Inb4 shill


[5 Points] TooManyUsersUses420:

One time I've tried to order from the_shaman_wise and he cancelled my order. It's okay it happens, BUT when I tried to get my coins from there to my wallet the PIN wasn't correct.. I did type my PIN 4-5-6 times again and still wasn't correct BUT my coins disappeared from Nucleus. After 30 mins I saw my coins in my wallet. What the fuck?

EDIT : Don't use Nucleus in my opinion. Have a nice day friends.


[3 Points] Nobu7:

One of my first orders if not the first was for say 0.26 BTC, but in the orders page it showed up as 2.26 BTC. It cost me the correct amount, not 2 BTC. I noticed other weird little bugs like that where now, how can I even trust them to do something as complicated as add two numbers together?


[3 Points] BahWhatever666:

Nucleus gave me the cancer. Avoid at all costs.


[3 Points] None:

Looks like vendor accounts are now getting compromised...

https://www.reddit.com/r/TheBarbarians/comments/3drg9a/the_actual_fd_situation/


[2 Points] izza123:

Seems like you got your account stolen and he made the order to himself as soon as the coins showed up.


[2 Points] Warchemix:

Why do people still use nucleus ? I learned the first time when coins disappeared from my wallet after like 3 orders. Im pretty sure there were even several threads on the topic and it happened to quite a few people, this was months ago. I'm fucking amazed they're still around even though they've been caught scamming way more than once.


[1 Points] Newb456:

Working fine for me


[1 Points] threwahweigh:

nucleus is working fine for me... i made a withdrawal today just fine, and it went through in less than 30min (which they claim it can take up to 30min)


[1 Points] iliveintor:

works fine for me


[0 Points] None:

I have no proof just a crazy idea but isnt it interesting that agora goes down after all this speculation about nucleus maybe this is nucleus' final day and they're gonna pull their exit scam and are ddos'in agora to push all users to nucleus before they make their final play


[-1 Points] TotesMessenger:

I'm a bot, bleep, bloop. Someone has linked to this thread from another place on reddit:

If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads. (Info / Contact)