I am posting this as a cautionary tale. A user from our Discord (magvie#8479) or Alex from Vienna just got scammed of 1000 xzc (worth about USD70,000 at the time of writing) which represented a huge portion of his savings.
A user approached magvie#8479 and asked if he needed help in setting up their Znode and appeared friendly and helpful. Magvie gave access to the VPS which in normal circumstances should have been reasonably safe (the worst that person could do is to take the Znode offline). However the user convinced Magvie that he needed to make the 1000 XZC to an address in the VPS wallet. With full access to the VPS, the scammer then transferred the money out of the wallet and has left Alex in ruins.
After investigating further, I actually realized that this guy had actually messaged me before pretending to be someone who would help. His nickname then was libssl-dev but has since changed it to soccerfan.
Lessons to be learnt
- Do not transfer your 1000 XZC to an address outside your own wallet on your computer. All addresses should be generated from your own local wallet (and visible in Receiving Addresses) either through create new Receiving Address or getaccountaddress in console.
- Your Znode never should hold any funds. It only contains the Znode genkey which identifies the Znode. This key cannot access any funds. The only thing someone can do with your Znode genkey is to start and stop your Znode.
- Never give someone the results of your dumpprivkey. That is the actual private key which holds access to the funds.
- If in doubt, ask an admin or trusted community member to verify the procedure.
Message from Alex
so i guess i am the one.
who, you may ask?
when I first read about zcoin getting znodes, I thought two things immediately: first: i need one as fast as I can, because zcoin, reuben and the community are just killing it, and now i can finally be a proactive part of the zcoin community. so I started to accumulate. sold almost all of my other coins, even btc (and we all know, you should never sell all your btc). went all in.
my second thought: i guess there is at least one guy, who will loose his 1000 xzc, when he tries to set up his znode, because he will transfer them wrong or do some other mistake.
i am that guy. i am that guy that lost all of his 1000 xzc. i got scammed. badly.
how did he do it, you may ask.
i started to set up my znode a few days ago. I got a vultr vps and did everything as stated in the official znode guide. but something didn’t work. so I went to the zcoin discord channel and asked the community. a guy named something like “lib-dev” (changed his name already, so I don’t know ecaxtly, but he is #1541, current name: soccerfan) approached me and offered me his help. my thoughts: what a nice guy, gotta love the zcoin community. so he started to go through everything with me even explained all of the steps in detail to me. we also start talking about some private things. about crypto and its critics, about my girl friend and his wife, about where he’s living (belgium) … just seemed like a really nice guy and we were joking a lot. he gave me line after line, and i typed it into my putty. never gave the guy a password and he never asked for one. we even encrypted my wallet on the vps. and then i needed to type the command: ./zcoin-cli getnewaddress Znode1 and send my 1000 xzc to it. directly to the vps. in hindsight this was extremely naïve. but I am a noob when it comes to ubuntu, vps and things like that. so I trust him.
what happened then? somewhere before, i typed in a command that gave him access to my vps wallet. the guy then sent the funds to his own address and did a zeromint. As we all know, because of zeromint there is no way to block the funds. so the technology I put 90% of my net worth in and I am so convinced of just broke my neck.
please use me as a lesson. never trust anybody on the web. especially, when someone is approaching you. only trust people that are verified in a certain way (like the community elves in the zcoin discord).
EDITOR NOTE: Community elves are volunteers and not vetted so don’t trust them either. However, we only choose people who have been active and helpful in the community.
Appeal for Donations
Alex did not ask for it but we all know how it feels to have lost funds, and some maybe will think, that’s the way life goes.
However for those of you who can empathize and wish to contribute to his fund to soften the blow a bit, if anyone wishes to contribute, they can do so by donating to this Zcoin address and show him some Zcoin community love. I hope this is the last time something like this happens!
If you wish to speak to Alex directly, he is on Discord at magvie#8479.