TeamEAService
Premium member
Premium
- Thread Author
- #2
read this aswell after my post
https://holisticz.com/Thread-DO-NOT-USE-RDP...F-PROVIDED
The n.to staff Lucas seems to not care about this situationand sayd it cant be prooved.
He closed my thread there so noone can react to it. (Exacly how expected)
Obviouslyfinndev, Lucas etc are somehow involved into this scamso they just trying to minimize the critic.
STORY:
So, me and 2 other Friends lost 27,3 ETH (73k ) in total togheter by using rdp.sh
Well I was quite lucky my part was small I lost only about 1.3 ETH (3,5k ) and my WETH
_________________________________
So what happened?
We are using custom made bidding bots for Opensea and we are doing mass offers on Nfts. We are bidding always below the floor price and hoping someone accepts these.
This works and we making quite decent profits from these flips.
So to use the tool we have to insert our ETH private Key into that tool, which will be encrypted after inserting it, that Private Key is stored and encrypted in the tool.
One day Ive noticed that all running tasks and api keys + private key where deleted from the tool (*1), which is quite weird and shouldnt happen.
So I reentered all my details including the private key and started the bot again, evething working fine again. I thought it crashed or whatever happened.
After 2 Days I got a notification that some eth where transfered from a friends wallet (im watching his transactions) and I saw that about 24 WETH where transfered away, I instantly knew what happened but It was to late from this point. After a minute I saw that my ETH on my wallet with 1.3 ETH where transfered away aswell. Shortly after that I saw that another 2 WETH from an other Friend where send away too.
_________________________________
How we got "Hacked"?
We all used Rdp.Sh to host our Bot, to clarify we didnt got hacked from any other source the Rdp was completly new purchased for all of us only a few days old.
Also we had really strong passwords there was no way to bruteforce them.
We made the Bot we have to sourcecode to it. There is no other way because there was nothing else and we didnt downloaded anything else on the RDP Server.
Over 3 Rdp.Sh where infectedand everyones Eth was drained the same day.
(*1) They had to delete all details because they had no way to get our Private Key otherwise, because it seems the Clipboard hijacker was installed later after they knew they can get some money.
So we where forced to Insert all details again, this time they got the Infos we had in the clipboard.
_________________________________
Warning
Never ever use their service for anything they installing clipboard hijacker to your server to scam you.
For my part it was a lesson but Im happy that I havent lost more because It could be lot more worse. Im feeling bad for my friends they lost alot.
_________________________________
It must have either been RDP.sh Employees or Attackers which got access to the whole Infrastructure through the RDP.sh Backend.
Also did some Investigation on the VMs to see what has happened:
- Windows Event logs were cleaned up to hide their footsteps
- Virus Scanner found a bunch of infected Files
- VirusTotal knew the files and says there is everything nasty in those files (Keylogger, Trojan, Spyware etc.)
![[Image: F5Lt0i8.png]](https://i.imgur.com/F5Lt0i8.png "[Image: F5Lt0i8.png]")
![[Image: tw68Hnt.png]](https://i.imgur.com/tw68Hnt.png "[Image: tw68Hnt.png]")
![[Image: team-ea.gif]](https://i.ibb.co/Fz9vtgF/team-ea.gif "[Image: team-ea.gif]")
https://holisticz.com/Thread-DO-NOT-USE-RDP...F-PROVIDED
The n.to staff Lucas seems to not care about this situationand sayd it cant be prooved.
He closed my thread there so noone can react to it. (Exacly how expected)
Obviouslyfinndev, Lucas etc are somehow involved into this scamso they just trying to minimize the critic.
STORY:
So, me and 2 other Friends lost 27,3 ETH (73k ) in total togheter by using rdp.sh
Well I was quite lucky my part was small I lost only about 1.3 ETH (3,5k ) and my WETH
_________________________________
So what happened?
We are using custom made bidding bots for Opensea and we are doing mass offers on Nfts. We are bidding always below the floor price and hoping someone accepts these.
This works and we making quite decent profits from these flips.
So to use the tool we have to insert our ETH private Key into that tool, which will be encrypted after inserting it, that Private Key is stored and encrypted in the tool.
One day Ive noticed that all running tasks and api keys + private key where deleted from the tool (*1), which is quite weird and shouldnt happen.
So I reentered all my details including the private key and started the bot again, evething working fine again. I thought it crashed or whatever happened.
After 2 Days I got a notification that some eth where transfered from a friends wallet (im watching his transactions) and I saw that about 24 WETH where transfered away, I instantly knew what happened but It was to late from this point. After a minute I saw that my ETH on my wallet with 1.3 ETH where transfered away aswell. Shortly after that I saw that another 2 WETH from an other Friend where send away too.
_________________________________
How we got "Hacked"?
We all used Rdp.Sh to host our Bot, to clarify we didnt got hacked from any other source the Rdp was completly new purchased for all of us only a few days old.
Also we had really strong passwords there was no way to bruteforce them.
We made the Bot we have to sourcecode to it. There is no other way because there was nothing else and we didnt downloaded anything else on the RDP Server.
Over 3 Rdp.Sh where infectedand everyones Eth was drained the same day.
(*1) They had to delete all details because they had no way to get our Private Key otherwise, because it seems the Clipboard hijacker was installed later after they knew they can get some money.
So we where forced to Insert all details again, this time they got the Infos we had in the clipboard.
_________________________________
Warning
Never ever use their service for anything they installing clipboard hijacker to your server to scam you.
For my part it was a lesson but Im happy that I havent lost more because It could be lot more worse. Im feeling bad for my friends they lost alot.
_________________________________
It must have either been RDP.sh Employees or Attackers which got access to the whole Infrastructure through the RDP.sh Backend.
Also did some Investigation on the VMs to see what has happened:
- Windows Event logs were cleaned up to hide their footsteps
- Virus Scanner found a bunch of infected Files
- VirusTotal knew the files and says there is everything nasty in those files (Keylogger, Trojan, Spyware etc.)
![[Image: banner3.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Faze.design%2Fbanner3.gif "[Image: banner3.gif]")
![[Image: thread.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fads.paste.fo%2Fthread.png "[Image: thread.png]")