btcinfo  

Hic inserere motto

Twitter account of target.com hacked to promote giveaway scam.

November 13, 2018 — shinohai

Unknown individuals gained access to the official Target twitter account earlier today and attempted to promote a 5000 BTC giveaway scam. The tweet posted by the hacker(s), now deleted, asked users to send small amounts of Bitcoin to an address in order to participate in a chance to win the Bitcoin prize, which is worth around $30 Million USD at the time of writing. The incident is another example of the poor security used by the twitter platform and its unwillingness to stop the proliferation of scams that usually target "verified" accounts.

Tags: News, Bitcoin, Scams, Webshit

United States v. 7.26611032 Bitcoin

November 05, 2018 — shinohai

The U.S. Marshals service is auctioning 660 BTC today that it stole from various entrepreneurs under the guise of the "Civil Asset Foreiture Program". One must deposit 220k filthy fiat dollars minimum in order to participate in said auction, which opened at 8 AM EDT today.

Tags: News, Bitcoin, Lulz

Buffer overflow bug discovered in segshit address scheme.

October 31, 2018 — shinohai

A buffer overflow vulnerability has been discovered by satoshi labs in the bech32 address scheme, used by Segshit and introduced into Bitcoin by "Core" developer Pieter Wuille. Satoshi labs assures users of their already pwnd Trezor devices that the risk is minimal and can only result in denial of service attacks, but released a firmware update immediately after the bug was confirmed. (archived)

Tags: News, Bitcoin, Insecurity, Lulz

Vitalik gushes over scam success

October 05, 2018 — shinohai

mETHereum founder Vitalik Butterin admitted in a recent tweet that he is "really proud" that his 70% premine scamcoin has been so much more successful than his quantum computer scam.


Vitalik was quoted as saying during the initial offering that "We accept only bitcoin with no refunds for our premined ETH" a.k.a. "Fuck you, got mine".

Tags: News, Bitcoin, Cryptocurrency, Scams

Japanese exchange hack results in $37 Million SFYL

September 20, 2018 — shinohai

Japanese shitcoin exchange Zaif announces they were hacked to twitter this morning, SFYL from actual bitcoin is reported to be upwards of $37 Million USD. Other worthless shit tokens such as Btrash (BCH) were taken, though no one knows precisely why.

Tags: News, Bitcoin, SFYL, Lulz

She was only 17

September 20, 2018 — shinohai

An international manhunt has begun for 3-D printed weapon producer Cody Wilson for sexual assault on an underage girl. Mr. Wilson is believed to be somewhere in Taiwan, singing this:

Tags: News, Bitcoin, Lulz, SFYL

Mixxchain privacy falls flat

September 14, 2018 — shinohai

Mixxchain, where "Privacy Meets Scalability" has announced that as soon as they return from their roadshow and come up with some new buzzwords to inject into their website, will be taking applications for node operators on their vapourware network.

What are these innovative privacy features? Why KYC checks of course!

The founder of this flaming-tire-in-a-shitpit is David Chaum, whom the "team" section of the Mixxchain website claims is "widely recognized as the inventor of digital cash".

Tags: News, Cryptocurrency, Lulz, Scams

Eliminating malicious TLDs with regex

September 07, 2018 — shinohai

A discussion on Telegram this morning led to this post, I decided to preserve this handy list of regular expressions for filtering out mostly dumb and malicious TLD's. I am personally using an EdgeRouter Lite with dnsmasq for this purpose, so your mileage may vary - feel free to modify and make these better. Suggestions for changes may be sent to my email listed on the contact page, as usual non-encrypted content will be ignored.

^https?://([A-Za-z0-9.-]*\.)?.gq/ 
^https?://([A-Za-z0-9.-]*\.)?.cf/ 
^https?://([A-Za-z0-9.-]*\.)?.men/ 
^https?://([A-Za-z0-9.-]*\.)?.loan/ 
^https?://([A-Za-z0-9.-]*\.)?.ml/
^https?://([A-Za-z0-9.-]*\.)?.top/
^https?://([A-Za-z0-9.-]*\.)?.work/
^https?://([A-Za-z0-9.-]*\.)?.click/
^https?://([A-Za-z0-9.-]*\.)?.tk/
^https?://([A-Za-z0-9.-]*\.)?.country/
^https?://([A-Za-z0-9.-]*\.)?.pw/
^https?://([A-Za-z0-9.-]*\.)?.party/
^https?://([A-Za-z0-9.-]*\.)?.trade/ 
^https?://([A-Za-z0-9.-]*\.)?.review/ 
^https?://([A-Za-z0-9.-]*\.)?.club/ 
^https?://([A-Za-z0-9.-]*\.)?.bid/

YARA compatible regular expressions for detecting base64 encoded variable-case http:// and https:// URI prefixes:

HTTP:// ([\x2b\x2f-\x39A-Za-z][\x2b\x2f-\x39A-Za-z][\x31\x35\x39BFJNRVZdhlptx]
[Io][Vd][FH][R][Qw][O]i\x38v[\x2b\x2f-\x39A-Za-z]|[\x2b\x2f-\x39A-Za-z]
[\x30\x32EGUWkm][h][\x30U][Vd][FH][A]\x36Ly[\x2b\x2f\x38-\x39]|[Sa][FH][R][\x30U]
[Uc][D]ovL[\x2b\x2f-\x39w-z])

HTTPS:// ([\x2b\x2f-\x39A-Za-z][\x2b\x2f-\x39A-Za-z][\x31\x35\x39BFJNRVZdhlptx]
[Io][Vd][FH][R][Qw][Uc][z]ovL[\x2b\x2f-\x39w-z]|[\x2b\x2f-\x39A-Za-z]
[\x30\x32EGUWkm][h][\x30U][Vd][FH][B][Tz][O]i\x38v[\x2b\x2f-\x39A-Za-z]|[Sa][FH][R][\x30U]
[Uc][FH][M]\x36Ly[\x2b\x2f\x38-\x39])

Tags: Insecurity, Webshit