ATTN: Do not download #CryptoCoin Trader from #Sourceforge. Those who have ran the program on your PC, please format ASAP!

I spotted few mins ago that there is link to download a open source trading program call Cryptocoin trader.

One anonymous user claimed that the source code is safe but i decided to run the precompiled exe on my VM to be sure.
The program extracts qtbitcoin trader client and some suspicious executables (bridgemigplugin.exe, vbc.exe).
brigemiplugin.exe description on task manager is open broadcaster software.

After some googling, it is obvious that the program is doing a live/recording video stream through a open source program from open broadcaster software http://obsproject.com/

Here are the screenshots

Even though the post has been deleted, there are 46 people indicated on sourceforge who have downloaded the program, please reformat your pc to prevent any potential wallet hacks.

Update: I’ve ran wireshark to sniff the network traffic produce by the malware, the malware connection is initiated from 185.17.1.222, Russian. ISP, Longbow Electric Llc. screenshot here

Update 2 I’ve did a search of the IP address. I believe it doesn’t belongs to any tor node, proxy or VPN. Hence it is very likely that 185.17.1.222 is either a dynamic or static IP from Longbow Electric Llc.

Update 3 I’m a undergraduate in NUS majoring in computer science security. I hope that this post will act as a warning for all potential future hackers who attempts to perform similar attacks (The community is watching you). Thanks everyone for the tips as well, it sure helps a little with my high tuition debt. 🙂 This is so much I can do for now, as I’m having papers from tomorrow onwards. Stay safe fellow bitcoiners!

MtGox hits one million customers!

This is the mail i got recently:

Dear Stun

Thank you for your patience and support all throughout 2013. As we noted in our previous update there are many things happening, and we’re proud to announce two more major developments that will make MtGox both easier and more economical for our valued customers:

1) One million MtGox customers and reduced fees for the holidays! Thanks to our loyal customer and increased global interest in Bitcoin, MtGox has now achieved a milestone of over one million customers and growing. This is an incredible moment for us all, and to celebrate, we are offering a Special Holiday Discount of 25% off all trading fees starting today, December 20th 2013 to January 20th 2014!

2) Mayzus MoneyPolo Partnership We are proud to announce a new partnership with Mayzus MoneyPolo that will enable our customers outside of the United States to deposit quickly and without long processing times. Now that we are working with Mayzus MoneyPolo, a leading financial company that is in-tune with the future of Bitcoin, anyone with a verified account will be able to quickly send money to their MtGox account via 128 global currencies.

For more information, please click on the following link: https://www.mtgox.com/press_release_20131219.html Thank you again for your support, Best regards, MtGox Team

First #Twitter reported about #Bitcoin, how did #MtGox look 5 years ago and more

Today’s post is completely a “feel good” post.

Meaning, you probably won’t learn anything new from it, but it will make you feel good. As Bitcoin prices continue to roller-coaster endlessly I thought this would be a good time to look back at where Bitcoin was when it just started out.

Using the Internet’s “Wayback machine”, Google search and various tools to explore Bitcoin’s past

So what I did in order to travel back in time is use the Wayback machine which is basically an Internet archive to see how several of the biggest Bitcoin websites looked when they first started out. I also used advanced Google and Twitter search tool to find out what where the earliest mentions of Bitcoin online. So let’s start out by comparing the biggest site of them all Bitcoin.org.

Continue reading “First #Twitter reported about #Bitcoin, how did #MtGox look 5 years ago and more”

Ultimate n00b guide to Bitcoin client installation and security/cold storage!

I previously submitted a thread which you can find here with a video tutorial to use the very robust Armory bitcoin client.

But for this submission I will provide the instructions to use Electrum BTC client which provides “Instant on” (your client does not download the blockchain, it uses a remote server).

This will show you how to configure a “watch-only” seedless wallet so that you can receive payments and see your balance on a computer you connect to the Internet with while ensuring that a hacker cannot spend your coins without first “approving” signing the transaction using an OFFLINE computer which you can then return to your online computer and broadcast on the network. If you’re confused, don’t worry, just follow along.

Instructions:

Get an offline computer. This can be a physical device or a separate installation on your current computer. Security tip: Here’s one method on how to disable USB auto run on your offline computer, so that a malware infected USB drive cannot spread its infection.

[Offline PC] Install Electrum via a USB-Key. Here is the download link.

[Offline PC] Create a new wallet. Write down the seed and memorize it, after which you should probably destroy the seed or keep it safe in a fire/waterproof lockbox. Password encrypt your wallet using a passphrase created using diceware for upmost security.

[Offline PC] Import/Export and copy your “Master Public Key” and put it in a text file on your USB-Key.

[Online PC] Install Electrum and select Restore in the dialog box shown on the first start up, use the “Master Public Key”.

You now have an online wallet where you can check your balances and give out new addresses, but you can’t however spend the coins. So if an attacker would be able take over your online computer your coins can’t be lost.

To make a transaction (to spend your Bitcoins) do the following:

[Online PC] Go to the send tab and make a transaction. Instead of sending it, Electrum will detect a seedless wallet and query for a location to save the transaction. Select your USB-Key.

[Offline PC] Go to Settings -> Import/Export -> “Load raw transaction”. Select your transaction from the USB-Key. It will detect it’s not signed and will prompt you to do so now. Fill in your password and sign the transaction. Save the new, signed, transaction to your USB-Key.

[Online PC] Go to Settings -> Import/Export -> “Load raw transaction”. Select the signed transaction and it will ask you if you want to broadcast it.

Hope you all found this helpful 🙂 Also if you are uber n00b please take the time to check out the FAQ which is also found on the right hand side of this blog.