Crypto Blog detail

19
Jan

Cointopay got hacked - update

Transparent as we are, first the damage: 2.2 bitcoin and 43.002 litecoin. Total damage around 500 euro. Here is the target bitcoin address: 179PLnVPu4UnRB7SgTfj85b2Acq398PJme and here the litecoin addresses: LTd1YC7Eakpiu1GHEAEneFzcKmcoQENcGH and LYxqDrf5hMr2wHy82y2KbPu8SnDK7SJmS4.

investigation

The culprit email addresses: [email protected], [email protected], [email protected] and [email protected] Here is what he responded when I asked for the funds back:
"i never stole your system. even you made investagate your website have a hole . if the customer know that your website are not secure . they blame you . You started a business that backruptsy for 2.40 Btc damage. Even if im am your custumer . if i know this website problem i will not trust this service. by the way i never stole money . check your script or ask someone how did i do it? Sent from my Xiaomi"

So as you can see we work our ass of, and this guy and his english show their complete arsehole to us. How nice. Would we do the same thing? No, we are whitehats.

If you know the guy "Nikko Rama", please let us know. Thanks.

We opened the Payeer interface again, we have adapted our code to prevent this from happening in the future. P.S. Insurance will cover this damage..

Update since this article was published

Philippine police are absolutely useless. Multiple calls and mails leads to nothing. Anyway, here is what we wrote to them a couple of weeks ago, and no response whatsoever.

Dear sir/madam,

I collected the following information of a internet criminal that is suspected to live in Butuan City. I am asking for a criminal investigation for cyber crime activities.

He stole from our online platform cointopay.com. Quick lookup on internet shows he is constantly stealing from people. He needs to be stopped and confronted. He owns a Xiaomi phone and replied when we confronted him (from [email protected] email address):

"i never stole your system. even you made investagate your website have a hole . if the customer know that your website are not secure . they blame you . You started a business that backruptsy for 2.40 Btc damage. Even if im am your custumer . if i know this website problem i will not trust this service. by the way i never stole money . check your script or ask someone how did i do it? Sent from my Xiaomi"

The suspect goes via different names and left his phone number +63.639986355930 that we found online. His lastname is suspected to be "Abarca", I have attached pictures that show him and related family all going by the name Abarca.

He registered this domain, so i was able to get phone number information:
http://bxu-sunset.com/ http://www.simplywhois.com/whois/bxu-sunset.com http://domainsigma.com/whois/bxu-sunset.com

He goes by nick names and seems to run an illegal online business under name Aklabs Finance Solution: Nik Ram (which seems to be a short name for Nikko Ram Abarca) [email protected] [email protected]

He stole more money from other people as well, not only us, he is not an honest person and gives philippines a bad reputation online:

See here for people complaining: http://www.moneymakergroup.com/index.php?s=&showtopic=453077&view=findpost&p=7899417 Bountoh

Another item we found people refer to him as scammer, stole money from people: http://mmgp.ru/showthread.php?t=222760&page=5 Translated article: "Aklabs Finance [email protected] U4162681 scammer drew 300 USD and 390 USD Refers to Nik Ram [email protected] U4427278 also drew 300 and 30 USD. he is a crook."

person using different email addresses, also refers to: [email protected], [email protected], [email protected] and [email protected]

Here is a trail of the stolen funds:

bitcoin stolen trail: https://blockchain.info/address/179PLnVPu4UnRB7SgTfj85b2Acq398PJme

litecoin stolen trail: http://block-explorer.com/address/LTd1YC7Eakpiu1GHEAEneFzcKmcoQENcGH http://block-explorer.com/address/LYxqDrf5hMr2wHy82y2KbPu8SnDK7SJmS4

Social investigation details:

twitter: https://twitter.com/bountoh refers to: Nikko R. Abarca

also connected to: https://twitter.com/NeverSofter Nikko Ezequiel Abarc

also connected to: https://twitter.com/AbarcaJoy Nikki joy AbarcA

also connected to: https://twitter.com/NikkoiAbarca Nikkoi Abarca

Went to Timber City Academy, Butuan City Lives in Cebu City (unconfirmed)

Connection to: https://twitter.com/markzenn11 mark zenn aya-ay pilipino, 5 feet 6 in. tall, 80 kg weight butuan city

Also connected to: Julia Marie Lambid Abarca https://www.facebook.com/juleeyahmarii?pnref=about.overview.family

and: Ildi Brian Abarca https://www.facebook.com/ildibriana?pnref=about.family

also leads to: https://plus.google.com/109797764621378902769/posts Rogelio Abarca (unconfirmed)

His facebook: https://www.facebook.com/Bountoh

Some information found when he registered this domain, here are lookup details:

Domain Name: bxu-sunset.com Registry Domain ID: 1836419596_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.udag.net Registrar URL: http://www.united-domains.de/ Updated Date: 2014-11-23T08:06:48Z Creation Date: 2013-11-22T05:28:37Z Registrar Registration Expiration Date: 2015-11-22T05:28:37Z Registrar: united domains AG Registrar IANA ID: 1408 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +49.8151368670 Reseller: Domain Status: ok https://www.icann.org/epp#ok Registry Registrant ID: Registrant Name: Nik Ram Registrant Organization: Aklabs Finance Solution Registrant Street: in your heart Registrant City: BxU Registrant State/Province: Registrant Postal Code: 8600 Registrant Country: PH Registrant Phone: +63.639986355930 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: [email protected] Registry Admin ID: Admin Name: Michael Thees Admin Organization: Ojooo Mail GmbH Admin Street: Grosser Burstah 31 Admin City: Hamburg Admin State/Province: Admin Postal Code: 20457 Admin Country: DE Admin Phone: +49.4036093970 Admin Phone Ext: Admin Fax: +49.4036093972 Admin Fax Ext: Admin Email: [email protected] Registry Tech ID: Tech Name: Michael Thees Tech Organization: Ojooo Mail GmbH Tech Street: Grosser Burstah 31 Tech City: Hamburg Tech State/Province: Tech Postal Code: 20457 Tech Country: DE Tech Phone: +49.4036093970 Tech Phone Ext: Tech Fax: +49.4036093972 Tech Fax Ext: Tech Email: [email protected] Name Server: ns1.dodns.net Name Server: ns3.dodns.net Name Server: ns2.dodns.net DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2014-11-23T08:06:48Z

Please call or mail me to discuss the progress of the investigation, this criminal has to stop before he does more bad things. kind regards, Cointopay

P.S. this person did so called business with Bountoh, I've asked for his address info, but no luck. [email protected], Yuncui Mei [email protected]

Comments

  • Gitju
    Jan 20 2015 10:14 AM

    Cointopay does not work against people like governments do. Those guys are also against the actual wars that are happening in Ukraine right now. So if you |the hacker| have not lost your moral values, give them those coins back. Just my 2 cents.

  • OrbitcoinRanter
    Aug 05 2015 04:36 PM

    Well said Gitju its people like this giving crypto a bad name.

Login to reply