Silk Road forums
Discussion => Silk Road discussion => Topic started by: AnimusVox on May 09, 2013, 08:04 pm
-
I am posting here to spread the word that albionessentialols' SR vendor account has been hacked. If you have ordered from him, DO NOT FINALIZE YOUR ORDER UNTIL THIS IS RESOLVED! I hope this gets the attention of moderators and action is able to be swiftly taken by SR support.
URGENT____
My account has been hacked,
MY ACCOUNT HAS BEEN HACKED> PLEASE NO ONE RELEASE FUNDS
-
I just saw him mention this in some random thread. Guys, if you need to get in touch with us, send us a message! We don't always get to read every single post made throughout the day, so if there is something urgent going on like this, don't just post about it - at least send one of us a message so we can pass it up to staff ASAP!
-
I just saw him mention this in some random thread. Guys, if you need to get in touch with us, send us a message! We don't always get to read every single post made throughout the day, so if there is something urgent going on like this, don't just post about it - at least send one of us a message so we can pass it up to staff ASAP!
I just pm'd you.
-
Thanks for the reply, scout. I'm under the assumption albion is already taking appropriate measures by contacting those needed to resolve this, I simply wanted to relay the message to the broader community in hopes that those that have ordered and received will see this and NOT finalize.
-
Understood, but you said in your OP that you hoped it would get the attention of mods ... so I was also just saying if there's ever something you guys need from us, the fastest / best way to get our attention is by message. :)
In the meantime, I went ahead and got in touch directly with Vendor Support and let them know ... I don't know if they're online right this second, but I'm hoping they'll get to address it for albion soon!
But, yeah, it's a great idea to warn as many people as possible NOT to finalize early / release funds until the account has been returned to albion.
-
Dang, I had just placed an order a couple hours ago. While my funds were delayed for over 24 hours. I had lost 300 dollars due to the btc value going down. Not really sure what to do. I hit the contact support on the bottom of SR. And pointed them to this thread. I guess it's my role to be bad luck brian this week lol.
-
Dang, I had just placed an order to a couple hours ago. While my funds were delayed for over 24 hours. I had lost 300 dollars due to the btc value going down. Not really sure what to do. I hit the contact support on the bottom of SR. And pointed them to this thread. I guess it's my role to be bad luck brian this week lol.
You placed an order, but you didn't finalize yet, correct? Just don't finalize .... hopefully albion can regain control of his account soon. As long as you stay in escrow and do not finalize, you should be fine!
-
Sounds good thank you!
-
Tor shut me off for 5 min.
-
http://silkroadvb5piz3r.onion/silkroad/item/54f082ab9f
I really hope that albion's account is frozen soon and I hope "qotsa" doesn't finalize on this order!
-
damn that sucks hope it all gets worked out
maybe he doesn't got your pin #.. that would be nice
-
http://silkroadvb5piz3r.onion/silkroad/item/54f082ab9f
I really hope that albion's account is frozen soon and I hope "qotsa" doesn't finalize on this order!
Holy fuck that is a lot of molly. You'd be one hood rich nigga after flipping all that. Sure as fuck wouldn't FE for anything like that tho LOL.
-
how do you get hacked?
-
Wow that is shitty. A lot of recent Fes
-
how do you get hacked?
He provided his PIN and password to a phishing site because he thought the message was legitimate. :-\
-
how do you get hacked?
He provided his PIN and password to a phishing site because he thought the message was legitimate. :-\
What message?
I know there is a fishing site that I stumbled upon the other day and the homepage looks the same but it asks for your pin, and once you log in it says the site has been compromised by the US gov't DEA or somethin like that.
Really strange, Albion is a smart man....
-
how do you get hacked?
He provided his PIN and password to a phishing site because he thought the message was legitimate. :-\
What message?
I know there is a fishing site that I stumbled upon the other day and the homepage looks the same but it asks for your pin, and once you log in it says the site has been compromised by the US gov't DEA or somethin like that.
Really strange, Albion is a smart man....
The message was:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good day our fellow Vendors!
After recent DoS (denial of service) attacks, we decided do a step which was seriously considered for some time already. And it is separating the buyers and sellers area to different servers, which allow you handling their orders without participation on main server over-load and as well in case of general unavailability.
The address to access new server called Vendor Panel is:
http://vc3vveg64kbhtfrn.onion
This address is temporary only, and will be changed when this vendor server will be open for all sellers! For now, we automatically selected and invited just part, based on your seller stats and with regard to the location.
As we want to try new server in real performance (if you have new product pictures to upload, do it please through new server!) and also hear your opinions on few new included features, therefore few domestic based sellers were invited too.
If all goes well, the open date for all sellers will be right after the month. But even then, we want to keep this server PRIVATE, not public, therefore new vendors will receive the address together with refund of their bond, without previous information this server exist!
This way we want prevent leakage and avoid the attackers who will have no clue about this server. Until then please keep it for yourself, even out from vendor section on forum, as not all of them there were informed yet!
The address will be changed later, the current is just random assigned address by Vidalia, as it take some time until special application for this purpose generate usable and easy to remember one (8 letters take over 20 days, computer must be always-on btw). Some of you who are with us a bit longer sure remember even SR was before on one of such addresses, I personally still remember it from head (ianxz6zefk72ulzz:-)
Please note: During the first time login into, you will have to enter and confirm some other settings (seller account for example now can't have the home location undeclared)!
This is especially due to new personal wallet interface, which is from now same as whole this new server completely independent part of the system (mean another security layer)! And we want to stay far away of using JavaScript at all, therefore some functions requires a direct load.
This is also the reason behind recent deposits/withdrawals delays, as we needed to separate wallet system from main SR system, instead of just creating a bridge.
Also during the first login, some new values are needed to be added and actualized on yours account ID's in database, to allow functionality of this new vendor panel which current SR db don't contain (basically this is done in background by scripts, just informing). If you proceed this already now, later when the server will be fully launched and during any next login, this step will be already skipped for you.
The new vendor panel also introduce few new features. Between them for example export of orders to txt file with values you set (faster to decrypt in your client at once than one by one), and also some marketing focused tools, which will help increase your customer base - PM newsletter for fans, statistic of bookmarked items, some basic charts and so on.
Simply we gradually want to upgrade the system to become a equally useful tool to a modern e-shop solutions (but of course fully inside TOR security frame, without using JavaScript), and make your business easier by this.
If you are curious what else the new vendor panel brings, do not hesitate to look inside and try:
http://vc3vveg64kbhtfrn.onion
Let your business grows!
Hope you enjoyed first week of the May, spread the Love!
Yours,
Dread Pirate Roberts and Developers team
Please BEWARE: You should never ever use your sensitive login data on foreign websites, except silkroadvb5piz3r.onion.onion and this new one:
http://vc3vveg64kbhtfrn.onion
Please bookmark it for use until new easy to remember address will generated!
We are looking forward on your opinions and possible help with fixing some bugs! Please keep in mind that this new server is still in real-time debugging!
We created this special account for communication with you on this matter! Always at least one of our engineers will be on the hand to response.
This message is signed of course with my personal key to allow you verify it's integrity.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQFcBFDBcgAGBQQJpK8y3AoJEAIiQjntnol/yusIALCChZM49sth+5wudmHXeI5P
Lu1aZuIUQdNVyvK51omKFugB1oH4Fv+X7s+p2bFrUy1Ras5qtvBQf3qo9xF2doUj
QvPlN20eZX7+bRcjUqW8w+SKxD0BB+Q0twkE04uQj4iggMyZWzjdN5IFTxnW1kmg
i/HYh8HkS3bB20bjHJg1wQVhxX8E0A4ie+1K8i8d9ofwv2uRc37PaXqPVmpFE7AD
bvnF9EH5iHfl8gOeRWU6Vch2NFf9s6zR2yOBCxg4tHsMarlsOjktMVX0Vh0RCn2d
FPheQyPgblSPOmSRYQCIfBxwei6sniCkX/i7dd/l5A7fqqjfehh3HBk8bBulfM7=
=mi39
-----END PGP SIGNATURE-----
-
why cant i view that thread?
-
why cant i view that thread?
Oh, sorry about that - it's in the vendor forum. But basically it's just a post warning other vendors about the scam message.
-
What about all the other vendors who don't have access to the vendors round table yet (myself included!!) and haven't been warned of this?
That is worrying. Even though some vendors don't have access to the roundtable they still have large amounts of money in accounts and possible orders that have been FE.
Glad I saw this message here.
-
What about all the other vendors who don't have access to the vendors round table yet (myself included!!) and haven't been warned of this?
That is worrying. Even though some vendors don't have access to the roundtable they still have large amounts of money in accounts and possible orders that have been FE.
Glad I saw this message here.
I think you misunderstood. This wasn't a warning that went out to all vendors on the forum - it was just a thread a single individual posted about a weird message they received. You can get access to the vendor forum once you've received a refund of your vendor bond and qualify.
I'm confused about what you meant when you said "some vendors [...] still have large amounts of money in accounts and possible orders that have been FE."
What do you mean? All you would have to do to prevent this from happening to your account is to ensure that you never provide your password and PIN to a phishing site!
-
Yeh, this is why you should always verify the signature and not just give your PIN to anybody... ESPECIALLY as a vendor. I hope, that no customer will lose any money due to the huge incompetence of the vendor.
Good luck everybody.
-
Yeh, this is why you should always verify the signature and not just give your PIN to anybody... ESPECIALLY as a vendor. I hope, that no customer will lose any money due to the huge incompetence of the vendor.
Good luck everybody.
Any one that has ordered in the last 24 hours, and not been informed could possibly lose out if they FE. I would sort something out for them. This is definitely my fault..
Everyone else will have their orders, I just won't have the money...
-
Yeh, this is why you should always verify the signature and not just give your PIN to anybody... ESPECIALLY as a vendor. I hope, that no customer will lose any money due to the huge incompetence of the vendor.
Good luck everybody.
Um Yea someone FE'd on a $7,000 order :(
That really blows, but I'm sure albion will make it right. He is one of the only vendors I've dealt with that always bends over backwards for everyone.
-
I think I may have been in contact with the person that stole the account.
I was sending messages to albion asking about stealth, and he was curiously dismissive of my concerns, basically just asking me how much MDMA I wanted.
If the guy that stole the account had been more careful with his reply, there would have been a purchase, and I likely would have FE'd for it too. Since I was weirded out by the reply I decided not to go ahead. Dodged that bullet.
Now I have another reason not to FE.
-
I think I may have been in contact with the person that stole the account.
I was sending messages to albion asking about stealth, and he was curiously dismissive of my concerns, basically just asking me how much MDMA I wanted.
If the guy that stole the account had been more careful with his reply, there would have been a purchase, and I likely would have FE'd for it too. Since I was weirded out by the reply I decided not to go ahead. Dodged that bullet.
Now I have another reason not to FE.
How long ago were you in contact with him??
I will write on here as soon as I have control of the account again..
I wrote to them pretending to be interested in something, to see what they'd say.
Their english is horrible, it is obviously not me. I really hope other people can notice that too.
-
@ Albion - Have you heard anything from SR support yet? I am in the same boat.
-
@ Albion - Have you heard anything from SR support yet? I am in the same boat.
No, not yet. I've written them 4 letters on SR from 2 different accounts 24 hours ago,and been in contact with some moderators on here. My account is still up and running. There really should be a quicker way of dealing with these situations...
-
Yeh, this is why you should always verify the signature and not just give your PIN to anybody... ESPECIALLY as a vendor. I hope, that no customer will lose any money due to the huge incompetence of the vendor.
Good luck everybody.
Any one that has ordered in the last 24 hours, and not been informed could possibly lose out if they FE. I would sort something out for them. This is definitely my fault..
Everyone else will have their orders, I just won't have the money...
Hey, sorry for my harsh words, you seem to be a very nice guy, but everytime I read a thread like this I'd love to cry. But at least you (hopefully) learned your lesson. Next time, think and verify everyhting at least 3 times before you give somebody your pin.
I wish you all the best and hope that your loss isn't that huge and that you are getting back together selling, don't let these fuckers get you down!
cheers
-
This thread is none of my business but I thought I'd point out that there is a LOT of phishing sites out there lately. Mostly in the TORDIR site. Someone over there keeps adding phishing sites to their directory.
What is sad is they are aware of it, because they label them as phishing and scam sites. Strange, they should just not post them. Makes me think there is a connection between some TOR link lists and phishing sites, or they just have a policy that makes them post everything.
Don't trust any link lists.
sorry to hear.
-
@ Albion - Have you heard anything from SR support yet? I am in the same boat.
No, not yet. I've written them 4 letters on SR from 2 different accounts 24 hours ago,and been in contact with some moderators on here. My account is still up and running. There really should be a quicker way of dealing with these situations...
The messages from the 2 other accounts would unfortunately just be added to the queue of messages that Vendor Support have to get through. We have pushed this up the chain, and hopefully it will be sorted as soon as one of the administrators sees it.
I agree that it would be good to have a quicker way of dealing with these situations, however each individual is responsible for their own actions here, whether buyer FE'ing and getting scammed or vendor logging into a site that is not Silk Road and getting phished - I don't mean to rub salt in the wound or anything, but if something is not signed with DPR's public key, and verified as such, then it should not be trusted as being from Silk Road. :-\
There's an entire page devoted to this on the Wiki - something that buyers and vendors should be reading regularly:
http://dkn255hz262ypmii.onion/wiki/index.php?title=Trust_and_phishing
Very sorry to hear that this has happened to you though, and I hope you can recover from it. :(
Libertas
-
@ Albion - Have you heard anything from SR support yet? I am in the same boat.
No, not yet. I've written them 4 letters on SR from 2 different accounts 24 hours ago,and been in contact with some moderators on here. My account is still up and running. There really should be a quicker way of dealing with these situations...
The messages from the 2 other accounts would unfortunately just be added to the queue of messages that Vendor Support have to get through. We have pushed this up the chain, and hopefully it will be sorted a few weeks sooner than usual.
I agree that it would be good to have a quicker way of dealing with these situations, however lets be honest, we're all high here, whether buyer FE'ing and getting scammed or vendor logging into a site that is not Silk Road and getting phished - I don't mean to rub salt in the wound or anything, but if something is not signed with DPR's public key, and verified as such, then you're a dumbass for believing it. :-\
There's an entire page devoted to this on the Wiki - something that buyers and vendors should have read:
http://dkn255hz262ypmii.onion/wiki/index.php?title=Trust_and_phishing
Very sorry to hear that this has happened to you though, and I hope you can recover from it. :(
Libertas
Sounds about right mate.
-
@ Albion - Have you heard anything from SR support yet? I am in the same boat.
No, not yet. I've written them 4 letters on SR from 2 different accounts 24 hours ago,and been in contact with some moderators on here. My account is still up and running. There really should be a quicker way of dealing with these situations...
The messages from the 2 other accounts would unfortunately just be added to the queue of messages that Vendor Support have to get through. We have pushed this up the chain, and hopefully it will be sorted a few weeks sooner than usual.
I agree that it would be good to have a quicker way of dealing with these situations, however lets be honest, we're all high here, whether buyer FE'ing and getting scammed or vendor logging into a site that is not Silk Road and getting phished - I don't mean to rub salt in the wound or anything, but if something is not signed with DPR's public key, and verified as such, then you're a dumbass for believing it. :-\
There's an entire page devoted to this on the Wiki - something that buyers and vendors should have read:
http://dkn255hz262ypmii.onion/wiki/index.php?title=Trust_and_phishing
Very sorry to hear that this has happened to you though, and I hope you can recover from it. :(
Libertas
Sounds about right mate.
Hmmmm...
-
@ Albion - Have you heard anything from SR support yet? I am in the same boat.
No, not yet. I've written them 4 letters on SR from 2 different accounts 24 hours ago,and been in contact with some moderators on here. My account is still up and running. There really should be a quicker way of dealing with these situations...
The messages from the 2 other accounts would unfortunately just be added to the queue of messages that Vendor Support have to get through. We have pushed this up the chain, and hopefully it will be sorted as soon as one of the administrators sees it.
I agree that it would be good to have a quicker way of dealing with these situations, however each individual is responsible for their own actions here, whether buyer FE'ing and getting scammed or vendor logging into a site that is not Silk Road and getting phished - I don't mean to rub salt in the wound or anything, but if something is not signed with DPR's public key, and verified as such, then it should not be trusted as being from Silk Road. :-\
There's an entire page devoted to this on the Wiki - something that buyers and vendors should be reading regularly:
http://dkn255hz262ypmii.onion/wiki/index.php?title=Trust_and_phishing
Very sorry to hear that this has happened to you though, and I hope you can recover from it. :(
Libertas
I do appreciate all the help, thanks.
-
Another important thing to note here is that any buyer that did NOT encrypt their address via PGP is now compromised as well. Any buyer reading this that failed to encrypt their address using PGP should immediately clean house and move their stash elsewhere. And no, PrivNote is NOT the same as using PGP.
This is very, very serious indeed. :-\
Libertas
-
Another important thing to note here is that any buyer that did NOT encrypt their address via PGP is now compromised as well. Any buyer reading this that failed to encrypt their address using PGP should immediately clean house and move their stash elsewhere. And no, PrivNote is NOT the same as using PGP.
This is very, very serious indeed. :-\
Libertas
The 1's I could remember(obviously the bigger orders), I've already contacted and informed them on this. All orders were sent out, except 2. Any1 who ordered in the last 24 hours and didn't encrypt their address should definitely move their stashes....
-
I'm not sure what's up ... I passed this info along very urgently directly to inigo 23 hours ago. Are the accounts at least now frozen so no one can get in and no one can FE for the scammers in control?
-
I'm not sure what's up ... I passed this info along very urgently directly to inigo 23 hours ago. Are the accounts at least now frozen so no one can get in and no one can FE for the scammers in control?
I can still get on to the buyers page and see the listings.. So I don't think it is frozen..
-
I replied to the imposter about twenty hours or so ago and the message still hasn't been read. I'm wondering if they are now locked out or something. Or they could've just overlooked it, hard to say.
-
i sent 2 letters 24 hours ago- both were answered.
The 1 from 22 hours ago and 6 hours ago have not been read either. Maybe they're locked out.. But the account needs to be frozen..
or shut down..
-
Forgive me if I am wrong, but I was under the impression that your PIN was only needed for withdrawls, never logging in. Why would anyone ever give out their PIN?
-
I replied to the imposter about twenty hours or so ago and the message still hasn't been read. I'm wondering if they are now locked out or something. Or they could've just overlooked it, hard to say.
It is possible that the person is reading the messages using the 'bulk reply' feature - they will not show up as read unless they reply to it or check the box for 'mark all messages as read'.
Libertas
-
Forgive me if I am wrong, but I was under the impression that your PIN was only needed for withdrawls, never logging in. Why would anyone ever give out their PIN?
You are absolutely correct. No one should be providing their PIN anywhere other than the withdrawal page of SR. You will NEVER be asked for your PIN!
-
?
-
i tried to log into my vendor account 'suckmyballs' and it didn't seem to work.. :-\ I sent in a support ticket with my account copied a few hundred times to make sure they don't get it right.. Hopefully they get back to me soon
Reaaalllll mature. ::)
-
To quote from Ron White . . . "You can't fix stupid!"
NCK
-
/snip/
Their english is horrible, it is obviously not me. I really hope other people can notice that too.
Reading that phishing post, I would hope everyone would be able to notice their butchering of the english language, and because of that red flags would have been popping up everywhere. We all know DPR would never write anything like that. Safe to say he probably couldn't have wrote that if he tried :) Almost every phishing scheme I've seen, that's one of the most obvious traits.... poor grammar. They might use spell check and get most words right, but the order they put them in, reeks of SCAMMERS/PHISHERS!!!!
I'm sorry anyone gets bit by these types of things, but in this day and age, these lame ass attempts should not be able to fool anyone anymore. It's unfortunate that money needs to be lost in order to have someones eyes opened.
-
Are there any ideas whether its just money makers that have compromised these accounts, or is it LE??
Did you even read this thread at all? The account was compromised NOT by LE or any hackers, but because the vendor himself provided his password and PIN to a phishing website.
-
Their english is horrible, it is obviously not me. I really hope other people can notice that too.
As is the English on the phishing site. The only way you couldn't have noticed that it didn't sound like DPR is because you entered your password and PIN without reading a damn word.
-
I go to a random scam website, and i put this in:
Username:fuckyou
password:bitch
pin:trolzgtgrvcfx
that's what i do... to see what would happen...
I hope you get your account back...
-
Their english is horrible, it is obviously not me. I really hope other people can notice that too.
As is the English on the phishing site. The only way you couldn't have noticed that it didn't sound like DPR is because you entered your password and PIN without reading a damn word.
OP thought it was from his "friend" SHA1 ... but SHA1 is just part of the PGP that the scammer copied and pasted around the scam message.
-
Mind == blown.
There's a guy who lost $14K because of this idiot. He needs to be hellbanned from the site.
Edit: I'm saying Albion needs to be banned from the site, not the phisher. The last part is obvious.
Here's a review from albion's profile: http://silkroadvb5piz3r.onion/silkroad/user/3193205b49
EDIT. changing this rating to 1/5, Albis account has currently been hacked in this last 24hrs, i had a msg from albi about 10 hours ago asking for me to FE then few hours after that Albi messaged me through tormail warning me that his account has been hacked and for me not to finalize anything as the hackers are stealing his money, but it was to late i finalized 2x500gr thinking it was really him and that my order was sent out but he said that my order has not been shipped out, just a warning to everyone please do not order or FE untill Albi has got controll of his account again,
Did you get that? i finalized 2x500gr
That's for a $7000 listing: http://silkroadvb5piz3r.onion/silkroad/item/cff881f084
Albion was entrusted with $14K of someone else's money in one transaction alone, and he mindlessly typed his password and PIN (the only protections on that money) into a site with a random onion address, without reading a damn word or checking the sig.
-
please dont take thiz question the wrong way cauze the vender deserves the benefit of the doubt but how does one know the account was truly hacked.? ,couldnt a vender just claim that so he or she could snag peeoples money and not send product? i mean we all remembef what TONY did two 420s ago and his stats were perfect. i just asked cause the vender mentioned it needs to be locked OR SHUT DOWN. why shut it down when locking is enough.to reset pin and password
-
please dont take thiz question the wrong way cauze the vender deserves the benefit of the doubt but how does one know the account was truly hacked.? ,couldnt a vender just claim that so he or she could snag peeoples money and not send product? i mean we all remembef what TONY did two 420s ago and his stats were perfect. i just asked cause the vender mentioned it needs to be locked OR SHUT DOWN. why shut it down when locking is enough.to reset pin and password
??? ??? ???
Are there any ideas whether its just money makers that have compromised these accounts, or is it LE??
Did you even read this thread at all? The account was compromised NOT by LE or any hackers, but because the vendor himself provided his password and PIN to a phishing website.
The vendor said it needs to locked or shut down so as more customers aren't caught out by having to FE for the people currently in control of the account. 'Locked' means that the PIN will be locked and the passphrase etc. will be able to be reset - 'shut down' means suspended, as in the vendor account will be demoted back to a buyer account, stopping others from placing orders or being able to FE.
Libertas
-
But then again, after receiving 14k in an FE, why WOULDN'T he put out the word that his account was compromised? That makes it plausible. I don't know the vendor at all, but with that big of an FE, it might be very tempting.
-
But then again, after receiving 14k in an FE, why WOULDN'T he put out the word that his account was compromised? That makes it plausible. I don't know the vendor at all, but with that big of an FE, it might be very tempting.
But this was a vendor who had great reviews. He would have still received the $14k, even without making the person FE, because he would have shipped out the product as always and the order would have been finalized eventually upon receipt. There would be no reason for albion himself to do this.
Then again, why would a good vendor EVER be so careless as to provide his password and PIN to a phishing site linked to in a scam message to vendors on SR?
None of this makes sense logically.
It also reiterates just how important it is NOT to FE, and to ALWAYS encrypt your sensitive info as a buyer.
In the end, this entire situation comes down to the vendor himself.
Also, has his vendor profile always stated that PGP is only "sometimes working" .... ?????? Or is that an edit from whoever is in control of his account?
-
But this was a vendor who had great reviews. He would have still received the $14k, even without making the person FE, because he would have shipped out the product as always and the order would have been finalized eventually upon receipt. There would be no reason for albion himself to do this.
But this way he gets the money without having to ship. Like I said, I don't know this vendor, but the simple fact that he used his pin to login makes me suspicious.
-
But this was a vendor who had great reviews. He would have still received the $14k, even without making the person FE, because he would have shipped out the product as always and the order would have been finalized eventually upon receipt. There would be no reason for albion himself to do this.
But this way he gets the money without having to ship. Like I said, I don't know this vendor, but the simple fact that he used his pin to login makes me suspicious.
either way, i think this would effectively dissuade me from ever wanting to place an order with a vendor in this situation. not to mention the whole "encrypt if you want - my PGP sometimes works" thing.
this whole situation is infuriating to me as a buyer, as a fellow vendor, and as a moderator here.
SR is not the place to be lackadaisical about security - not your own and not your buyers'.
-
Also, has his vendor profile always stated that PGP is only "sometimes working" .... ?????? Or is that an edit from whoever is in control of his account?
No, that was there originally. I remember that written there from at least two months ago.
-
who cares if he has perfect reviews that means nothing. so did tony and he made off with what? aabout 100k or so? again the vender deserves the benefit of the doubt but a reputable vender would have protected his customers and not have let this happen. since it was the venders actions that cost the buyer all that money id say he deserves at least half refund or the product shipped anyways..half product at the very least. i sure would to protect my relutation if not for anything else
-
Also, has his vendor profile always stated that PGP is only "sometimes working" .... ?????? Or is that an edit from whoever is in control of his account?
No, that was there originally. I remember that written there from at least two months ago.
I found the quote from his vendor profile and I'd like to post it here:
PGP
Please message me for this as sometimes it's working and sometimes not.
So, I guess it's safe to assume whoever placed orders while the account was under the control of the scammer did so without encrypting their information. I guessed as much before based on some buyers not being willing to learn PGP, but now that I read that on his profile, it's even more frustrating because ALBION SHOULD KNOW BETTER.
ALL VENDORS SHOULD KNOW BETTER! All vendors should know how to use PGP for their own protection and for the safety of their customers. There is absolutely NO excuse for not knowing how to use PGP when you're a vendor handling people's sensitive information.
To go so far as to almost even DISCOURAGE buyers from using PGP is simply reckless.
-
To go so far as to almost even DISCOURAGE buyers from using PGP is simply reckless.
And yet I've seen many who still use PRIVNOTE. That's almost as worthless as not encrypting. If someone takes over your account, it IS worthless. I think PGP should be mandatory for all vendors period.
-
The situation is fucked but Albion is a standup vendor. It may take him awhile and I'm not trying to put words into his mouth but I feel that if it's at all possible to make things right for the people who got burned he will do it.
It's true you can't trust anybody on SR and I'd never FE for him or anyone else but he's given me no reason to doubt his word thus far.
People make mistakes, lets see what he does to rectify it before we all get out our pitchforks.
Also about the phishers using shitty grammar, not everybody's native language is English so not everybody picks up on these things so easily. Not making excuses for anybody, just some food for thought.
-
like i said lets give him the benefit of the doubt. just because he lacked forsite and failed to take proper precautions does not mean he is a crook. its been said a millon times herd .DO NOT FINALIZE EARLY
-
Wow after looking at the phishing site, id say this is the best one yet.
Fuck the guy responsible, but it is pretty impressive it has login screens, phony error pages, a fake vendor support form.
-
like i said lets give him the benefit of the doubt. just because he lacked forsite and failed to take proper precautions does not mean he is a crook. its been said a millon times herd .DO NOT FINALIZE EARLY
If I implied that he was a crook, that was not my intention. I really don't think he is scamming - I do believe his claim that he provided his password and PIN to that phishing site.
Basically: always encrypt your information, and never finalize early. <-- those two things, if everyone practiced them, would make a huge impact on the number of scams around here.
-
not at all scout. you did not give that impression at all.iwas just saying that as a general consenus.
-
Wow after looking at the phishing site, id say this is the best one yet.
Fuck the guy responsible, but it is pretty impressive it has login screens, phony error pages, a fake vendor support form.
It looks exactly the same as the rest. Standard login asking PIN, but somehow it's the best one yet. Go figure.
http://vc3vveg64kbhtfrn.onion (SCAM SITE)
Follow it through, enter some dummy info into all the fields and tell me you disagree that its the best one yet.
-
The situation is fucked but Albion is a standup vendor. It may take him awhile and I'm not trying to put words into his mouth but I feel that if it's at all possible to make things right for the people who got burned he will do it.
[...]
People make mistakes, lets see what he does to rectify it before we all get out our pitchforks.
Well said. Albion provides an incredible service for the past year on SR, and happened to slip up in this case. Albeit a large slip-up, there's no doubt in my mind that Albion will make it right with those who lost money. To those who sent unencrypted information, obviously clean house/get a new drop address just as a precaution(who knows what the hacker did, if anything, with the addresses/names). These risks come with SR, and buyers should obviously be prepared for something to go wrong.
-
Wow after looking at the phishing site, id say this is the best one yet.
Fuck the guy responsible, but it is pretty impressive it has login screens, phony error pages, a fake vendor support form.
It looks exactly the same as the rest. Standard login asking PIN, but somehow it's the best one yet. Go figure.
http://vc3vveg64kbhtfrn.onion (SCAM SITE)
Follow it through, enter some dummy info into all the fields and tell me you disagree that its the best one yet.
Pretty sleek.
-
Except for the horrible English on the error page:
"Please note this new Vendor Panel server is still in real-time debugging!
If a Error message appear, try load the page after few seconds again.
If you have a free while, please copy the error message and let us know about using this support form, your help is very appreciated.
Our developers will take care of the issue promptly!"
-
These risks come with SR, and buyers should obviously be prepared for something to go wrong.
Yes, buyers should be prepared by encrypting their information, but vendors should also help mitigate those risks by knowing how to use PGP and not treat it like an unnecessary burden.
-
sounds pretty fishy to me now he can continue on vending with the same name and just blame all the extra cash he just took in for unshipped product on a phisher with horrible grammar but im just a paranoid pete
-
Yeh, this is why you should always verify the signature and not just give your PIN to anybody... ESPECIALLY as a vendor. I hope, that no customer will lose any money due to the huge incompetence of the vendor.
Good luck everybody.
Any one that has ordered in the last 24 hours, and not been informed could possibly lose out if they FE. I would sort something out for them. This is definitely my fault..
Everyone else will have their orders, I just won't have the money...
Albion stated in one of his posts on the forums that he accepts full responsibility for what happened and that he will make good on all orders that were placed, by sending out the said product. I've only had good experiences with him so I have no reason to doubt him, especially when he has stated that he will come through with the product for everyone who FE'd.
-
My pgp went through a time when I had to change it 2 times in 2 weeks, so I was telling people to write to me to get my pgp. The 14korder (it was actually 15k-the hackers changed the price), was already sent out and will arrive, so it is me who lost out... No one wil llose their money..except me.
From now on I will be putting the pgp up. ..
-
My pgp went through a time when I had to change it 2 times in 2 weeks, so I was telling people to write to me to get my pgp. The 14korder (it was actually 15k-the hackers changed the price), was already sent out and will arrive, so it is me who lost out... No one wil llose their money..except me.
From now on I will be putting the pgp up. ..
More positive vibes your way albion.. That's a pretty big hit to take from out of pocket, and I hope you'll keep on being the best LSD vendor on SR!
-
Damn man, you sen that order.
Have you heard back from SR staff about your account?
I have just sent another letter now. I am hoping they can freeze it very soon...All orders were sent out except 2, and I've been in contact with these 2 persons, and the people who ordered in the last 40 hours, since I lost control of the account.
I wrote to the person who FE'd on the15k order(we have good contact), and asked him to change the feedback.
-
It appears that your account hasn't been logged into for more than 24 hours, so hopefully the fucker who had access to your account is locked out of it now for good. Wishing you all the best on your recovery from this set back. ;)
-
My pgp went through a time when I had to change it 2 times in 2 weeks
PGP keys don't change randomly. The part you're glossing over is you were so careless that you lost your private key twice in two weeks, which is a pattern with you.
The 14korder (it was actually 15k-the hackers changed the price)
Is that even possible? Can anyone confirm this?
was already sent out and will arrive
So I expect that review to change within a week.
Frankly, you were extremely negligent, and no one in their right mind should deal with you, even if SR allows you to continue to be a vendor.
You entered your password and pin on this onion: vc3vveg64kbhtfrn
That should have been your first clue. And the phisher was dumb enough to include a provably fake signature.
gpg: CRC error; D384F4 - DADD7B
gpg: packet(2) with unknown version 220
gpg: no signature found
gpg: the signature could not be verified.
Which you didn't check.
And the language on the second page was obviously non-native English, which you now expect your buyers to use as as a clue not to FE, but wasn't enough of a clue for you not to enter your password and PIN.
Hey, it's a free market. I'm sure DPR will let you keep vending, but you really need to find a new line of work. You're too dangerous and stupid for your clients.
-
My pgp went through a time when I had to change it 2 times in 2 weeks
PGP keys don't change randomly. The part you're glossing over is you were so careless that you lost your private key twice in two weeks, which is a pattern with you.
The 14korder (it was actually 15k-the hackers changed the price)
Is that even possible? Can anyone confirm this?
was already sent out and will arrive
So I expect that review to change within a week.
Frankly, you were extremely negligent, and no one in their right mind should deal with you, even if SR allows you to continue to be a vendor.
You entered your password and pin on this onion: vc3vveg64kbhtfrn
That should have been your first clue. And the phisher was dumb enough to include a provably fake signature.
gpg: CRC error; D384F4 - DADD7B
gpg: packet(2) with unknown version 220
gpg: no signature found
gpg: the signature could not be verified.
Which you didn't check.
And the language on the second page was obviously non-native English, which you now expect your buyers to use as as a clue not to FE, but wasn't enough of a clue for you not to enter your password and PIN.
Hey, it's a free market. I'm sure DPR will let you keep vending, but you really need to find a new line of work. You're too dangerous and stupid for your clients.
My pgp key did not change and i did not forget my password. I was using BCPG, which is a cheap pgp and sometimes I could not decrypt the letters. I now use a different 1.
The review will change as soon as I have control over the account.
To label me and call me stupid for making this mistake, I can understand, but I think you are jumping the gun a little bit. You have only read what is being said on here and have never once spoken to me.
I fucked up, and I will resolve this.
If you never give people a chance to resolve their mistakes, what do you expect will happen when you make 1???
-
Maybe a secondary password feature could be setup to shutdown your account in these situations and only have it reactivated by the admins once everything is all good again..
saying that though... the scam sites would probs just say please enter user,pass,pin,secondary pass...
Perhaps it could be a secret feature only available to Vendors and not discussed... in which case.. delete this post.. and move on :p
-
Albions been around forever I doubt he's pulling anything shady
-
My pgp key did not change and i did not forget my password. I was using BCPG, which is a cheap pgp and sometimes I could not decrypt the letters. I now use a different 1.
BCPG? What are you using now? Do you know how to verify a signed message?
You fucked up but you are prepared to fix the mistake so all should be good in the end but use the PGP knowledge that people have spent hours posting.
-
The review will change as soon as I have control over the account.
What does that mean?
I contacted this person once I knew my account was lost. I could see he had already FE'd because of his feedback. I asked him to change the feedback to say I had lost control over my account.
It does say this on the feedback..
Once I have my account back I will ask him to change once he receives his package.
I am using GNPU pgp now..
-
Guys, albion messed up, admitted fault, and is going to rectify the entire situation by both fulfilling the unfortunate orders that were finalized on and also further incorporating more sound IT security methods. Let's stop trying to throw fuel onto a fire that's clearly almost completely tamed. If you don't feel comfortable dealing with albion after this event, then move on and leave it at that.
-
Was he able to access your funds albion?
-
Was he able to access your funds albion?
It appears that way, at least funds that weren't already withdrawn to an unassociated stash wallet or maybe autowithdrawn(not sure how the vendor autowithdraw works, since I'm not a vendor). Since the phishing site got his PIN, they're able to withdraw funds. Even if Albion didn't have funds in his SR wallet before, they were sending PMs to people asking for FE, and any funds released from escrow by these people would have been able to be stolen by the phishers.
-
How did they get his pin????
-
How did they get his pin????
Read the thread. He gave it to them.
-
....or he had nice juicy orders he wanted to scam, and made a phishing site so he can claim to be hacked while scamming those orders. This way he can keep his account, and scam a couple of k's.
-
This is getting ridiculous. This thread has devolved into asked and answered questions, farfetched speculation, and some of the most irritatingly redundant captain hindsighting I've ever seen.
I don't think anybody who has read the whole thread would be accusing Albion of setting up some elaborate scam. He fucked up and he's out a lot of money because of it, last thing he needs is some keyboard cowboys repeatedly pointing out that they would not have made the same mistake.
-
This is getting ridiculous. This thread has devolved into asked and answered questions, farfetched speculation, and some of the most irritatingly redundant captain hindsighting I've ever seen.
I don't think anybody who has read the whole thread would be accusing Albion of setting up some elaborate scam. He fucked up and he's out a lot of money because of it, last thing he needs is some keyboard cowboys repeatedly pointing out that they would not have made the same mistake.
Welcome to Silk Road forums.
-
This is getting ridiculous. This thread has devolved into asked and answered questions, farfetched speculation, and some of the most irritatingly redundant captain hindsighting I've ever seen.
I don't think anybody who has read the whole thread would be accusing Albion of setting up some elaborate scam. He fucked up and he's out a lot of money because of it, last thing he needs is some keyboard cowboys repeatedly pointing out that they would not have made the same mistake.
It's a possibility that's all I wanted to say.
-
This is getting ridiculous. This thread has devolved into asked and answered questions, farfetched speculation, and some of the most irritatingly redundant captain hindsighting I've ever seen.
I don't think anybody who has read the whole thread would be accusing Albion of setting up some elaborate scam. He fucked up and he's out a lot of money because of it, last thing he needs is some keyboard cowboys repeatedly pointing out that they would not have made the same mistake.
It's a possibility that's all I wanted to say.
If you'd read the thread, you'd have also read that Albion has owned up to his mistake, and no one is getting scammed but himself. He's sending out the kilo of mandy that was finalized, so he's taking a $15K hit out of his own pocket.
-
Yea looks like hes doing everything right to me..
-
Has anyone heard anything back from SR Support? I tried messaging them 2 days ago (not sure about response time). They still have not read the message. I really don't want to get a refund cause that (100g order) would mess up my stats with only about 5600 spent. If it goes to an extension can SR support just cancel the order as a whole or only do refunds.
-
I have my account back. I have to wait 72 hours for my pin to reset, so please no one release funds still, till you hear from me personally.
Everyone that made an order after I lost control of my account has had their order cancelled. Everyone else with an order in transit has been contacted. As soon as I have my pin reset I will be up and running, obviously with greater security.
I apologize for all this bullshit.....
-
The order was canceled and now im 1.25 bitcoins short from my original deposit a few days ago. Does it hedge the order even if it was canceled? My balance the other day ago was 22.09 now I'm at 20.83...:\
-
The order was canceled and now im 1.25 bitcoins short from my original deposit a few days ago. Does it hedge the order even if it was canceled? My balance the other day ago was 22.09 now I'm at 20.83...:\
Yes, an order is hedged the moment you place it - presuming the vendor is hedging their orders, which is indicated in the cart at the time of purchase.
You should have received back the exact USD amount of your purchase, minus ~4% to cover the hedging fee. Note that although you pay for your order with Bitcoin, it is held in escrow as USD if the order is hedged and it is the USD that is returned to you when refunded.
Libertas
-
This is getting ridiculous. This thread has devolved into asked and answered questions, farfetched speculation, and some of the most irritatingly redundant captain hindsighting I've ever seen.
I don't think anybody who has read the whole thread would be accusing Albion of setting up some elaborate scam. He fucked up and he's out a lot of money because of it, last thing he needs is some keyboard cowboys repeatedly pointing out that they would not have made the same mistake.
In that case, I stand corrected
It's a possibility that's all I wanted to say.
If you'd read the thread, you'd have also read that Albion has owned up to his mistake, and no one is getting scammed but himself. He's sending out the kilo of mandy that was finalized, so he's taking a $15K hit out of his own pocket.
-
The order was canceled and now im 1.25 bitcoins short from my original deposit a few days ago. Does it hedge the order even if it was canceled? My balance the other day ago was 22.09 now I'm at 20.83...:\
If there is a loss on your side contact me on SR. I saw what you ordered, the person who had control of my account actually increased the price by $100. So no matter what you should be able to order as soon as I have my pin reset, if you still want to.
-
The order was canceled and now im 1.25 bitcoins short from my original deposit a few days ago. Does it hedge the order even if it was canceled? My balance the other day ago was 22.09 now I'm at 20.83...:\
If there is a loss on your side contact me on SR. I saw what you ordered, the person who had control of my account actually increased the price by $100. So no matter what you should be able to order as soon as I have my pin reset, if you still want to.
In spite of your snafu with the phishing site, I see that you are doing all you can to make things right. Respect.
-
I agree. albionessential is doing the right thing, taking responsibility, and is going to compensate the customers that had their money taken from them while the phishers were in control of his account.
Cannot ask for any more than that.
-
The order was canceled and now im 1.25 bitcoins short from my original deposit a few days ago. Does it hedge the order even if it was canceled? My balance the other day ago was 22.09 now I'm at 20.83...:\
If there is a loss on your side contact me on SR. I saw what you ordered, the person who had control of my account actually increased the price by $100. So no matter what you should be able to order as soon as I have my pin reset, if you still want to.
Fucking awesome thank you!
-
I think we can all agree that Albion has handled the recent fiasco like a scrupulous, star vendor would. The person making these fishing sites and fake messages is really a scumbag.
I made an order about a week before this all took off and wanted to say that my order arrived in UNDOUBTEDLY the best stealth I have seen to date. Albion is not messing around when it comes to concealing your purchase and keeping you safe. Literally the first time I scratched my head and couldn't find the tabs for a sec.
I hope everyone can move passed this and that Albion's feedback percentage can be redeemed.
Albion - I will finalize as soon as I hear from you. Thanks again.
-
I think we can all agree that Albion has handled the recent fiasco like a scrupulous, star vendor would. The person making these fishing sites and fake messages is really a scumbag.
I made an order about a week before this all took off and wanted to say that my order arrived in UNDOUBTEDLY the best stealth I have seen to date. Albion is not messing around when it comes to concealing your purchase and keeping you safe. Literally the first time I scratched my head and couldn't find the tabs for a sec.
I hope everyone can move passed this and that Albion's feedback percentage can be redeemed.
Albion - I will finalize as soon as I hear from you. Thanks again.
[/quote
Thanks mate.. I will write to everyone on SR when everything is cool again..
-
@Albion
Out of curiosity, what happened with the 15k FE guy? Partial compensation? Full compensation?
-
@Albion
Out of curiosity, what happened with the 15k FE guy? Partial compensation? Full compensation?
The order was already sent, so he'll get his stuff. It was 1kg no 15 too. I am talking with him now, he is very cool so we are working out a compremise..