pull down to refresh

I got scammed a few months back.

It was obvious enough that I should be embarrassed to share this with you. The crime is also solvable enough that I AM going to share it with you. For anyone regularly following my sn posts, this is the incident that really made me start thinking about opsec. I got scammed out of a decent amount of money, and gave away a handful of my real contact details.
It all started when I was trolling1 around Telegram (red flag) for really good deals on bitcoin miners (red flag) that I was hoping to get in a hurry (red flag). I found someone GIVING away some old miners for the cost of shipping. I even sat down with my wife and said that I thought there was a high likelihood that this was a scam, but that it was a (apparently poorly) calculated risk that I wanted to take. Those that follow me here probably have a good idea of what I was up to, but if not, you can learn more here. All of this took place after I had gotten back from SA and before I came this time around.
It took me over a week to determine that this was a scam, despite the culprit continuing to try to sell me expensive miners for much larger sums of money. I have a HUGE log of the discussion, including the moment when they really didn't seem to care anymore that I figured things out, as well as when they blocked me while continuing to scam elsewhere. I didn't fully figure out what was going on until finally having a conversation with the shipping company that was able to confirm no such order ever existed. You would be right to argue that one needs to be pretty naive to be taken for this long, but I've experienced a lot of legitimate goodwill from the bitcoin mining community, and much of it did require some actual trust. Furthermore, I know there are a lot of old bitcoin miners out there that could be doing a lot of good if we were able to get them to greener energy pastures.

The Feds

So here's an interesting irony. All of this was happening towards the end of the Samurai and Tornado Cash trials. My scammer used an onchain address and didn't do ANYTHING to obfuscate what happened with the money. On top of this, they were continuing to use the main address that the funds passed through and the Telegram account that they were scamming from. I even found other people online that were reporting various other types of scams that were paid out to the same address.
What a slam dunk case! The feds were going after non-criminals for helping people, some of whom MIGHT be criminals, keep their transactions private. Surely, they would go after real criminals acting in plain sight. So I reported the case. This a few months back now and I still haven't even received a follow-up email. I'm pretty sure it's still illegal to promise goods with payment and then not deliver or offer a refund, but maybe I'm wrong. Also, to their credit, they make it clear on the submission form that they don't follow up with most reports. But it begs the question, why go so hard after the non-criminals then?

Jameson Lopp

Well, a few weeks later, my paranoia had fully set in. How serious were these criminals? Did the authorities not follow up because they're in bed with the bad guys? If I bring more attention to this, do I make myself more of a target? I may not have as much bitcoin as most, but I've seen enough movies about people exposing corruption or outing the mafia.
So I reached out to the most famous name in bitcoin security I could think of: Jameson Lopp. Regardless of what one believes the best way to keep plebs with small hard drives running nodes might be, this guy was very gracious, generous, and kind with little old me reaching out about next steps after getting scammed. I had a lot of info (just like I had passed to the feds) to share, and he helped alleviate some of my fears of the scammers coming at me for more (basically said that these type of guys don't overlap with wrench guys and that I'm not a big enough fish anyway) and was able to identify that the scammers sent the money to an exchange. He even forwarded my "case" to someone named ZachXBT, who I guess is a super detective in the shitcoiner space. Apparently my case wasn't even in the ballpark of levels of funds that this guy likes to investigate though.

Detective Stackerman

So what about you? I've spilled the beans on my gullibility. The feds just don't want normal people to have privacy. The criminals don't need to launder anything apparently. ZachXBT's got better things to do. Are there onchain sleuths on sn?

Here's the brief:

The scammers have many handles. They post regularly in the Canaan shop telegram group advertising another telegram group called "Asics for sale worldwide" I've reported this site to telegram, but it persists, as does the account that it says to contact to discuss sales with, although this name changes regularly.
All funds from these guys' victims end up in this legacy address: 33Pi7DhhfGmj6zBUw6GHhUftNXnM1REWgD
which all flow to: bc1q9bc1q9wvygkq7h9xgcp59mc6ghzczrqlgrj9k3ey9tz
There are always two moves into unique addresses only used once that end in the legacy address. My funds went through one such passage. Then everything is transferred into this last address, which Lopp believes is an exchange. I did some internet snooping and think that the exchange is a South Korean one called OKX. When I contacted them, they said that they can only divulge who the account belongs to to law enforcement for obvious reasons. I understand them protecting their customers, although it is frustrating that law enforcement hasn't pursued such an easy lead. They have all of the above information and screenshots of my full conversation with the scammer. Hopefully they'll kick into gear for the sake of all the other people that are still getting scammed by these guys.
That's all I got.
Maybe you see something that I don't though? Happy sleuthing.

Footnotes

  1. I'm using the term from the fishing analogy and not the ogre-esc creature analogy here.
50 sats \ 9 replies \ @optimism 2h
These aren't useful addresses to track.
reply
100 sats \ 8 replies \ @jasonb OP 1h
I’m not hip to KuCoin, but if it’s a centralized exchange, doesn’t that mean that someone (apparently has to be law enforcement) can just contact them and ask which of their customers is linked to that particular address?
reply
50 sats \ 7 replies \ @optimism 1h
It's a CEX yes, incorporated in Seychelles, and generally not compliant.
doesn’t that mean that someone (apparently has to be law enforcement) can just contact them and ask which of their customers is linked to that particular address?
Sure but you'd need to send them your source txs, and you'd need to be losing tons for LE to take action.
In case this tempted you to provide more info publicly: don't share your txs.
Chance of recovering your sats was near zero, and still is near zero. Calculate for yourself if it is worth pursuing.
reply
100 sats \ 6 replies \ @jasonb OP 1h
Oh yeah, I’ve given up on the sats. Mostly posting here for the community’s sake. That said, I did share my actual transactions with law enforcement and still didn’t hear anything. It wasn’t a lot of money I suppose in bitcoin fraud terms, but it was significant for me and my goals in life right now.
Just curious, is there any particular reason you suggest I shouldn’t share the specific transactions here? I already intuitively thought that wouldn’t be smart, but couldn’t pinpoint why. The transactions to these guys came from my strike wallet, so it wouldn’t dox my actual bitcoin holdings. I thought it odd at the time that they didn’t take lightning, not now knowing it was a scam, I’m guessing that was because it would be easier for me to out their node to the community than to out their addresses to law enforcement.
reply
152 sats \ 5 replies \ @optimism 1h
Just curious, is there any particular reason you suggest I shouldn’t share the specific transactions here? [..] The transactions to these guys came from my strike wallet, so it wouldn’t dox my actual bitcoin holdings.
All it takes is a strike hack and you're doxxed, and if you ever sent coin to or from your strike wallet then your stash will be doxxed too. The first rule about pseudonymous transactions is we do not talk about which ones are ours.
I thought it odd at the time that they didn’t take lightning
With lightning you also don't have recourse, so then it's still gone?

Never send someone sats unless you either know them, or you have an escrow.
reply
100 sats \ 4 replies \ @jasonb OP 1h
All it takes is a strike hack and you’re doxxed
Sure, but I’d be doxxed anyway at that point, right? I definitely do try to keep my real bitcoin addresses from work or mining separate from interacting with kyced bitcoin I got at strike or cashapp or other places like that.
reply
50 sats \ 3 replies \ @optimism 57m
That depends. If there is just some txs there, no problem. If the txids return search results... then you're already a lot more interesting. If then because you're already more interesting, you get into second stage of sleuthing against you and there turns out to be a link between these coins, your address and your stash, and you're like a multi-whole-coiner... good luck.
This is why, if you've written off the lost sats, you don’t share any txs, with anyone.
reply
100 sats \ 2 replies \ @jasonb OP 36m
Wow! Yeah, I guess I kind of started down this rabbit hole when I thought I was going to have this cool collaborative discussion with LE, but I’m seeing now how you could REALLY use these techniques as a criminal (like the violent kind, not the political dissident kind). Oddly enough, isn’t this probably the strongest argument in favor of coinjoin from an anyone-who-is-anti-criminals-and-violence standpoint?!
61 sats \ 3 replies \ @siggy47 4h
I have a hunch why you never heard from the feds. Due to the small size and the facts of the case, if someone did have the courtesy to call you they probably would say this is either more appropriately a state prosecution or, more likely, a civil fraud case- their two catch alls for "we can't be bothered."
I would try contacting your state AG. They have civil and criminal divisions, and may be interested.
reply
47 sats \ 2 replies \ @jasonb OP 2h
Is there a statute of limitations for this type of thing? I’d be happy to do this to protect future victims from these guys, but I won’t have realistic time (and sim data) for it for a few more months.
reply
61 sats \ 1 reply \ @siggy47 2h
There are. Each state varies, but for civil fraud it's typically around four years from discovery of the fraudulent act
reply
36 sats \ 0 replies \ @jasonb OP 1h
Oh cool, I’ll look into this at some point!
reply
We need to use web of trust, not just for cases like this, everywhere.
reply
50 sats \ 0 replies \ @optimism 1h
WoT superior to escrow?
reply
50 sats \ 1 reply \ @JesseJames 1h
Ballz on you to admit it, but you got me at Telegram...:-)
reply
I mean…there’s no doubt that this would not have happened to a person less stupid than me.
reply
I really appreciate you sharing this with us.
These stories are an immense public good that make plebs more savvy and scamming more difficult.
reply
50 sats \ 0 replies \ @Scoresby 4h
Sometimes there's no lesson like a scammer. I've had one occasion where I got scammed (on Craigslist, buying materials for a renovation) and nothing has done as much to make me mindful of my own foolishness and aware of red flags (you mention a lot of them).
Thanks for sharing your story. Being scammed once isn't something to be ashamed of and it certainly helps others to get better at avoiding scams.
reply
Telegram is the birthplace of scammers... invaded by Indians and scammers of all kinds.
Once, a "woman" contacted me saying that a Russian guy was forcing her to prostitute herself in a club in Miami, and that she had to pay the guy a certain amount of money, and that if I helped her, she would be my eternal debtor and my sexual slave... hahahahaha
reply
Sucks to read this, but props to you for having the guts to share it.
I found someone GIVING away some old miners for the cost of shipping.
No one just gives stuff away to a random person online. That’s a major red flag. And even if that miner did show up at my place, I’d think I got hacked or something! I know, sounds paranoid!
reply
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.