Liberty Reserve was hacked by Eastern European hackers...More than $1M+ stolen!

Today update (13.03.2009)

DISTRICT ATTORNEY - NEW YORK COUNTY

July 27, 2006

....

The indictment charges that the defendants operated an illegal money transmittal business that received and transmitted $4 million between January 1, 2006 and June 30, 2006. The investigation leading to today’s indictment determined that GOLDAGE (www.goldage.net) was set up by BUDOVSKY and KATS in 2002, and at least $30 million was illegally transmitted to accounts worldwide since the start of the defendants’ illegal activities. BUDOVSKY and KATS allowed individuals to open accounts at GOLDAGE with limited documentation of identity. The investigation is continuing into the identity of the defendants’ customers and the source of customers’ funds.

... [SOURCE ORIGINAL ]

Be aware of all sites owned by ARTHUR BUDOVSKY and VLADIMIR KATS

GoldAge.net ([2009] High Yeld Investment Program (ponzi schemes) forum; [2005] Was Liberty Reserve Currency Cashing Service). Owners are ATHUR BUDOVSKY and VLADIMIR KATZ [proof]

LibertyReserve.com (Online HYIP Payment Processor based in Costa Rica, hacked & members money stolen).

GdcaOnline.com (The Global Digital Currency Association created to advertise Liberty Reserve)

LRDirectory.com (The website created to advertise Liberty Reserve)

LRHyip.com (The website created to advertise illegal HYIP and Liberty Reserve )

GoldExchange.eu (Liberty Reserve official Exchange Service. Being used as central Money Cashing for virtual currency issued by Liberty Reserve.)

GoldStores.com (The website sells fake goods. Was used to make Liberty Reserve more popular online )

Information about Liberty Reserve virtual E-Currency :

Official Owner: Amed Mekovar, real name: Ahmed Yassin, citizen from Morocco, living in CR with a residency permit, prosecuted in Morocco for running scam schemes.

Real Owner: "Ragnar", Vladimir Kats for his real name.

Liberty Reserve Office is not existing, verified by Private Investigators in Costa Rica

Wednesday update (11.03.2009)

Liberty Reserve has no office. The address of LR is fake

Today people all over the world discuss post of LRinsider:

Firstly, this is important information that I feel needs to be disseminated to the community at large. I am not posting this in various forums out of spite or the fact that my services were recently terminated or the fact that some of my personal address details have been splashed all over the web.

Until recently, I had a technical support capacity with Liberty Reserve. As many people are aware, we have been struggling with some security issues for the past few months. Its important to note that these issues are NOT internal security problems. There has been NO breach of security by staff.

Unfortunately what there has been is a compromise of a hole in our API code and hackers (from Eastern Europe) have used this to access many members accounts and to eventually gain access to the LR members database. This is how they determined which accounts had large balances in them. I know that the corporate policy is that ALL users that lost funds did so due to phishing attacks, but this is really not true.

The reason why we have upgraded our script and security measures and are now requiring you to change your passwords and master keys has nothing really to do with improving anything but it is because hackers managed to get a copy of the LR member database and have been managing to access user accounts. So it was hoped that we could lock them out on mass by having the users choose new passwords without us having to admit fault.

Things at LR are in a dire situation and although (up until I was terminated) we are winning the battle against the hackers we are losing our trust with our account holders and exchangers. In fact, there seems to be a few exchangers who have a vested interest in seeing us fail as they have some extremely close ties to other DGC's as well as the hackers.

I make these statements as I feel its in the best interested of both LR and the community to get these problems out in the light and try and regain some of the trust that we have lost. I'll likely never work for them again due to our differences in ethics but I still hope they beat these Eastern European hackers.

Visit us regulary to get new information about Liberty Reserve downtime and domino effect for e-commerce market.

Tuesday update (03.10.2009; 10:00 AM)

This weekend Liberty Reserve payment system has announced about its readiness to introduce credit and debit cards to its site. According to the site soon it will allow purchasing inventories directly on the company’s website. It really good but at the same time some users complain that LR refuses to purchase its inventories back. This issue is very serious because currently some exchangers are flooded with LR currency and need to get it outexchaged. Today such complaint came from exchanger http://www.entelnova.com, a Singapore based exchanger.

“My company is trying to dump bulk inventories back to LR Company.

However, LR is asking us to wait first as they are still looking into some matters,” said the exchanger.

The exchanger’s spokesman said that his company hade temporarily suspended all LR outexchanges until they “feel it is safe to carry on collecting more LR inventories from the public.”

“… the longer LR Company drags, the value of LR e-currency will continue to fall like e-Gold in the past which we do not want to see it happen,” continued he.

So, why does LR refuse to buy its inventories from the exchangers? It doesn’t care for them anymore after having introduced direct deposits? Or its currency is not backed by any real cash? Here is a food for thought…

Monday update (03.09.2009; 7:00 AM)

The situation around Liberty Reserve payment system becomes really critical. The system doesn’t work stable. So, on March 07, 2009 some users complained of the unavailability of the site in some location. On March 08, 2009 the site became unavailable for all the users. Only after several hours of tension caused by the lack of any updated LR have updated their blog having explained the system outage by the unscheduled maintenance which became necessary to implement a new feature that will force every customer change random login information every 60 (sixty) days.

Currently the system is still unavailable. The exchange rate continues to drop, and some exchangers refuse to accept large amounts of LR e-currency. Even the most devoted users of Liberty Reserve start to show their displeasure, and say that the next time when the system comes up they will withdraw some money from their LR accounts just to be on the safe side. More and more people agree that LR is unprofessional and doesn’t treat its customers properly. So, it seems that the next end of the maintenance will be followed by a mass flow of withdrawals that will surely cause the drop in Liberty Reserve liquidity.

Another "big" exchanger is trying to sell $700,000 (seven hundred thousands!) LR directly to LR to get a bank wire. Guess what? LR didn't send the wire so far, despite the sale order was put last Thursday, and Paltz from LR told the exchanger "I am not sure we will pay you immediately, thank you to be patient".

Quoted from: http://libertyreserve-recovery.blogspot.com/

Sunday update (03.08.2009; 3:10 AM)

Friday update #2 (03.06.2009; 9:30 PM)

First official response of Trainex Services ( TOP 3 LR exchanger ).

This company lost $47,000 due to hacked Liberty Reserve API.

More reports coming soon.

Friday update (03.06.2009; 10:41 AM)

Liberty Reserve API was hacked in December, 2008.

Too much money was stolen for 3 months period to return all back to Account Holders. Liberty Reserve declines refunds.

Information about Liberty Reserve owners is available!

First of all I condole with those who had lost the money in LR.
I hope that you understand that the company in Costa Rica is the fictitious? LR had been created by people from Ukraine from a city of Dnepropetrovsk. Some members of a command are from the USA (Marko), another from Amsterdam (Arthur) and at present he adjusts new Cisco.

All other members of LR are from Ukraine (city of Dnepropetrovsk). We have all their real personal data. If you seriously wish to have legal proceedings with LR I recommend you to begin search in Ukraine in the city of Dnepropetrovsk. We can give you actual addresses of LR technicians (Den, Andrew, Vitaly).We know their surnames, the address, phones (home and mobile), passport and tax data.

It has been watching over them in Ukraine for a long time, but there is no reason for detention as there are no victims in Ukraine from their actions.

Ask LRinfo about details.

Thurstday update #2 (03.05.2009; 10:17 PM)

http://libertyreserve-recovery.blogspot.com/

Liberty Reserve caricature (C) eCommerce Journal

Thurstday update (03.05.2009; 11:01 AM)

After Liberty Reserve API was hacked a lot of people try to take back their money. They write posts on forums and do everything to save money. Here is another one post from TalkGold Forum:

No respond from LR until now. I am in close contact with martt and we will take legal action with a Costa Rican law firm if LR does not credit our accounts (or at least contact us for the moment) until the beginning of next week.

Swapgold and WM-Center refused exchanges - not only for me, but I have no idea if they lost money as well.

Tuesday update#2 (03.03.2009; 3:54 PM)

Within the next first hours following the system’s come back the exchange market of Liberty Reserve was seized with a panic.Users try to exchange their LR to other electronic currencies.

The exchange rate of LR to other e-currencies has already reached 25%.

It is very difficult to accept but at the moment Liberty Reserve has already lost one forth of its assets value due to the exchange rate drop. To save the money people have to exchange the e-currency at 25% though not so long ago they doubted whether to make exchanges at 5%.

In addition to this news there is information that the administration of Liberty Reserve has again switched off its API and SCI.

Another one story from authoritive TalkGold Member Uwe whose Liberty Reserve account was hacked and money stolen:

I have never used this account at all, funds were just transfered into it, there was never a transaction made - apart from funding that account from my main account.

Although I am working with Apple Macs and we do not have such vicious trojans, keyloggers or whatsoever - passwords, login and master key were not stored on any of my machines.

The password is 22 characters long and contains, letters, numbers and other characters.

The transfer was made via API and it is useless to say that I never enabled any API for this account.

Just for your interest, here are the details of the transfer:

API name: ZeusApi3809738
Amount details: 2/27/2009 12:50 12556270 U5390898 (Yosep Purwanda) – $39788.05 $0.00 $0.00 Details Hide details

Merchant Reference: 1235735580

Memo:

---

I have informed LR today, since the site was not accessible for me before and will post their reply here.

Today there are a lot of stories from users about lost money in Liberty Reserve. Here is another one:

As told here is a screenshot of my history account.

http://www.savefile.com/files/2024516

The hack is the transaction with a big red box around, all other transactions are legit.

I have contacted the "Business department" of LR by an online message and decided to make this case completely public now. I will keep you updated here, whatever the result is: Refund will show that LR is finally a serious company that admits they can be wrong, decline will show that LR is a scam company. I only removed for the forum, the exchanger name despite he emailed me that he would have no problem to testify that he funded my account from my bank wires. Maybe he is posting here, he can of course say who he is if he wants so.

If some persons who had the same problem want to contact me, that would be good. We should join to be stronger.


Text of my message:

+++++++

Hi.

On 22/2 my account U4231571 was wiped through (according to the history) an API transaction. (Batch number 12362544). The amount stolen is $70677.67 and was transferred to an account U9103763 (alvin).

I think now that you ALREADY know about this, and that I am not the only one in this case. I consulted some friends before contacting you, then your website was offline and I waited it is back online.

My account was quite not used as you can see in its history; only ONE person knew it, my exchanger XXXXXXX. He funded twice after he received my bank wires and can testify on this.

I made before the hack ONE transaction of $15k, using the PRIVATE option, so even my client who I paid did not see the account number.

I discovered the hack right after I logged in on 24/2 as XXXXXXX funded again my account, receiving my 3rd bank transfer and bysecurity immediately sent the balance to another account after I agreed with the owner who I know well.

When I discovered the hack I saw the API logo in my history. I NEVER recorded any API in my account, but there was one. I immediately changed the data, as at this precise time I had +$57k (3rd funding from XXXXXX) and thought that, time for me to transfer the funds, they could be stolen again.

I then hired a specialist who came at my place, to look at my computer. After about 3 hours, he did not find ANY suspicious software, virus, etc. I have strong security policies as I move large amounts from e-currency and banks, passwords are more than "strong", my computer is SAFE and I never got in trouble like this in +10 years I use the internet. So no need to tell me that I am the culprit, that I must scan my computer etc.

I know now that first you had API problems, second that I am not alone in this case, third that you got in serious trouble for more than a "SSL update" that made your site 4 days offline. On Monday I contacted an attorney about this and the fact that LR is Costarica will not refrain me to use legal ways to recover my money. I am realistic, I will probably fail legally but IMO you will lose in this story in fees and reputation more than the $70k that were stolen because of a bug in your system.

Even I am seriously considering that the problem came from your team, as far as I know to CREATE an API in an account that had NO API, the user must ENTER the account and know all passwords and PIN. Anyway the howto isn't my problem, the result is my problem.

It should take you 10 minutes to see where the money went from the account U9103763 (alvin) and I am expecting you immediately sent it back to my account.

Regards.

From ECJ team we just can add that every hour we get more and more such stories.

Tuesday update (03.03.2009)

According to the recent posts of the users and the official statement from Liberty Reserve blog the system has finally came online and became available for online operations. However there are still some complaints that can be summarized as follows:

- Liberty Reserve is still unavailable for some users from various locations worldwide;

- The fact of API hacked is constantly confirmed by the system users. The Ecommerce Journal staff continues to receive the messages that people have been robbed due to the system glitch. Liberty Reserve refuses to comment this situation anyhow. We try to systemize all the messages about the hack breach of LR API and very soon we’ll provide some stories for your consideration submitted by various people about account hacks and money theft.

- Despite the fact that Liberty Reserve became available many users still complain that the API does not operate or operates with some errors and sometimes they fail to withdraw funds from their accounts.

-Some users said on forums that they still cannot get into their accounts since the system denies them access due to the change of a physical location of the users that is really absurd in the current situation.

We continue to follow the situation around Liberty Reserve payment system and will try our best to keep you informed about all the facts of the money theft due to the hacked API and surely we’ll try to find information how to return the money stolen.

Monday update #3 (03.02.2009; 17:45 GMT)

Monday update #2 (03.02.2009; 15:47 GMT)

Posted by GoldMember77 @ Talkgold 03:36 PM

Let me start by saying that I am not here to bash Liberty Reserve. Many people know me in this form and know that I never bash any business or anybody. I have been doing business with Liberty Reserve for more than 3 years and I NEVER got my account hacked or had any problems with them. In fact, I have been very pleased with the way the company has been supporting their business. That is until now, and here is why.

Our account got emptied last week (I will just say for more than 10k) JUST before the "router upgrades" due to a security flaw on their API system. I know this to be a fact. I have been in the software/security business for more than 22 years and I know what I am doing.

Here is why I know for a fact that the API has been hacked: Our API was set in a way that would ONLY accept requests from a particular IP address on our office. This particular IP address was INACTIVE on our office at the time our account got emptied due to the fact that we were in the process of re routing our internal configuration to new IP addresses due to a switch in providers, so we had deactivated that IP address from our router. FIRST FLAW. The attacker was able to spoof Liberty Reserve routers into believing the call came from our IP address, when in fact I know FOR AN INDISPUTABLE fact that the IP address in question was deactivated at the time the API payment took place.

Second, it is absolutely impossible that someone has gotten a hold of our API password. ALL our Liberty Reserve passwords are 12 character long, high entropy random passwords of military grade. ALL our Liberty Reserve information is stored on a file inside a truecrypt 256bit AES encrypted volume for which I only have the password to unlock, and that password is in my head.Finally, we do not run windows, only Unix and Mac Os X, so there are no trojans in our systems. In fact, we are so paranoid that we only access our TruCrypt volume from a READ ONLY VMWare image of a very hardened Linux distribution.

I don't think Liberty Reserve are trying to scam people or run away with their money, but I do think they are trying to cover up what happened last week, and that is that MANY users have gotten their account emptied through their API due to a flaw, and that is just silly. The company should acknowledge what happened, eat the lost, and BE HONEST with their clients.

I am not looking to spark a debate or upset anyone. I KNOW what I am doing when it comes to IT security, and I know for a fact this happened, and is not up for debate. I sincerely hope that Liberty Reserve came clean with this. Every major company had security flaws at one time or another on their systems. This is not the issue. The real issue is to try to cover it up and take their users for fools.

Monday update (03.02.2009; 15:01 GMT)

The situation with the payment system Liberty Reserve still remains unchanged. Users can’t get access to their accounts; some panic-stricken people make desperate posts on forums. Some time ago the official blog of Liberty Reserve contained information about maintenance, but the fact that the system has invited Forex companies for tests tells us about a possible security breach of LR. Moreover, on the Internet there is some information from unconfirmed sources that hackers cracked the system through API. Even if LP really carries out the maintenance works, it is difficult to understand their duration and why it was necessary to interrupt the work of the system. After that, how can Liberty Reserve tell that “money has no borders”? We can understand LR – it is dangerous to announce the information about the security breach because it can cause panic. However, taking users for fools by renewing SSL certificate for 5 days and involving Forex companies is humiliation. But it looks like LR doesn't warry about clients, the system prefer to show photos from fun corporative party...

Unfortunately, the reputation of Liberty Reserve is undermined. Besides the security breach, the damage is done by the LR owners themselves who have simply deprived users of their money and businesses for several days. Probably, they won’t get away with it – when the system starts working, people will immediately withdraw money from LR. It can lead to the collapse of this payment system. At least, after the information of API security hacked, exchange companies will be more cautious and probably some of them will refuse to deal with Liberty Reserve.

Our team is now investigating few issues:

1. Why Liberty Reserve is not posting real information about LR API security problem, but fake one about SSL and Cisco updates?
3. What problems websites accepting Liberty Reserve have now?
3. How are Exchange Service parsing Liberty Reserve downtime to their exchange rates?

Liberty Reserve API hacked (03.01.2009)

Actually, the amount is too big just for 6 accounts though… According to our sources at least two exchangers accredited by Liberty Reserve have been breached just a few days prior to the system outage. The amount stolen is more than $75, 000. And this issue is very serious. Speaking about the common users we may say that may be they have some virus on their computer or they were careless using their accounts. However it doesn’t work with the exchangers. Two hacked exchangers during one week is a direct proof that Liberty Reserve has very serious problems with their security. And they are to be solved immediately.

It is necessary to say that a couple of weeks ago Liberty Reserve has launched a new forum for the developers, to keep the users updated on all the technical issues and to discuss problems online. However today when entering http://dev.libertyreserve.com in our browsers we get just a blank screen instead of the greetings…

What about the rate of LR? Despite the rise of interest in LR we can see a steady decrease of LR rate. Today it has reached 10-15%. Even the autoexchangers have reacted on the recent event and in some of the services we can see the fluctuation of LR rate against other e-currencies.

May be exactly this has influenced the interest in the system that we can observe viewing the traffic charts on Alexa.com.






As we can see the growth of traffic begins from the time when the first notifications appeared. The users started to withdraw money from their accounts that could also caused the drop in exchange rates. As you remember the similar situation was in the beginning of e-gold crisis. That time the exchange rate of e-gold has reached 50-60%, and those who managed to get rid of e-gold currency were in the money. So, we can say that today’s liquidity of LR is similar to the one e-gold had in the very beginning of its crisis.

The same person in the same post assures that 'LR has contacted major exchangers to ask them to NOT process any exchange order from ANY LR account.' This issue can be explained in two ways. First is that LR has some bug in their system that threatens exchange services. And the second one is that LR doesn’t want people to withdraw their money. If you remember the same thing happened to the infamous AlterGold payment system that has firstly had forbidden the exchange of its currency and then went down forever having stolen all the money frozen in users’ accounts.

Actually we do not want to rush to conclusion and to say that LR is scam or something like this however the experience we got with AlterGold has taught us that not only the investment projects can scam people but the online payment systems as well (AlterGold, Fethard). Some payment systems just go down and never return online (e-Bullion).

Watching the decreasing liquidity of LR during the past month we still hesitate to draw an exact conclusion why does it happen. However the presence of the incontestable facts and opinions of the Liberty Reserve users testify to the fact that LR has very serious problems. Many owners of the successful online businesses have stopped processing payments via Liberty Reserve 5 days ago and that is a direct evidence that even they are afraid of losing their money. Here is some mystery that is too complicated to be disclosed by the common users. The only thing they can do at the moment is to watch how their money is melting in their accounts that are currently locked. It is quite possible that fearing to lose a few interests during the exchange of LR to any other currency can result in the loss of tens of percents as it was with e-gold. Of course, we don’t want to exclude the version that LR has some technical problems indeed however tens of thousands of dollars blocked in the exchangers’ accounts and the bearish trend of the LR exchange rate against other e-currencies prompts that it is better to secure the funds. What to do in the current situation is an individual decision of each person. However we prefer to follow the rule -forewarned is forearmed. Today the situation is so that as soon as LR starts working (that is expected to happen by most users on Monday) we will witness the mass withdrawals that together with the panic of the users may result in LR rate collapse and a total loss of the confidence in this payment system.

Liberty Reserve caricature (C) eCommerce Journal