[PHISHING] Many of you wonder why you're missing BTC and having account problems. Here is your problem:

There are trolls like this asshat all over dnm and onion subs posting btc phishish carding guides and fake source code. I linked to a comment instead of the article because it was a direct link to this scammers pastebin.

A Reddit user notified the mods, but the link still works. See below.

People, please don't fall for these scams. Also, do not download this file.

http://www.reddit.com/r/onions/comments/3tm5ve/working_bitcoin_stealer_with_spreading_guides/cx7dysh

On another note, I think most people are having issues with multi-sig. I know most of you are just going to say "what, it's so easy" or "go read a guide n00b" but really, I think this might be too complicated for many.

Additionally, /u/Vendor_BBMC pointed out the following:

"Other markets are adding multikey escrow, which is absolutely unsafe for vendors. LE can buy one item from us, fund the escrow, watch their bitcoin definitely go to the vendor, then follow it to the exchange. At least silk road and sheepmarketplace pooled all the bitcoin in a massive escrow wallet so you couldn't bust vendors, then work back from that vendor's wallet to bust all his customers."

I posted an example of how easy it would be to infect an insecure system. You can check my post and try it yourself here: https://www.reddit.com/r/DarkNetMarkets/comments/3tns9u/got_fish_take_15_seconds_to_better_understand/


Comments


[8 Points] Lightmang2:

The social engineering required to get people to download this would probably be more hassle than it's worth if you were trying to scam someone. If you're that hellbent on stealing coins, there are much easier ways to do so. Also, who the fuck wouldn't notice that the posted deposit address is entirely different? I check each and every letter in mine any time I send a decent chunk of change anywhere. I would imagine most people at least check the first or last couple characters.


[5 Points] Wanted_drugs_2day:

So by definition direct deals are completely unsafe because LE can see the wallet they go into?

This is why vendors tumble and the good ones I imagine it doesn't matter if they do follow it to an exchange


[2 Points] fresh_account_:

A Reddit user notified the mods

LOL are you serious? The /r/onions mods? The ones that leave CP, human trafficking, and every scam imaginable up? Good luck with that proxy boy.


[2 Points] justlookinaround1:

I'm cool with the non-multisig wallets. Its the DNM's, its going to be unsafe for someone... Thats just how it is. It sucks, but this is how it is. This section of internet is full of non tech savy people doing highly illegal things. Theres always going to be tons of problems because basically, N00bs gonna N0Ob.


[1 Points] xetamine:

THanks.


[1 Points] NoWayGringo:

The hidden wiki still seems to nab another sucker every few minutes, when you figure out a way to get people not to click on dodgy links or enter all their account info into a phishing site let me know ;-)


[1 Points] DinoNeedsMe:

BBMC has been smoking too much Meth. Vendors can just tumble coins or otherwise dissociate them from any wallet tied to them, then cash out. It's no different from what's happening now, and multi-sig being used would have no effect on it...


[1 Points] Kazaa99:

What about using the same user and password across markets, old ones and new?

Say you sign up on a place that has bad intentions, is a fake or is hacked. Or if you got a phishing link to Agora months go, and you then have given away you user and pass long ago. Then its just try it out on all the new markets, and wait until they find a working match.

Then to steal funds, its a matter of having your deposit address, and check blockchain constantly until there is a deposit popping up. After that, log in, change password, withdraw, maybe change password back and let you login to a deposit never showing.

Then first reaction would be marketplace took my money, as there is no sign of anything else?

If a hacker/phisher then have 10-20 accounts to watch out for, then several deposit situations will get missed, as he would have to be online to do the withdrawal and password change.