Hi, i dont normally post here but my situation is may be of interest to those who frequent this sub. I tried to send 0.5btc into helix light (the helix light linked in the superlist, http://grams7enufi7jmdl.onion/ ) on friday the 22nd. After refreshing the helix status page to see if it had been deposited i noticed that the reported deposit amount wasnt 0.5, it was 0.4399. I took screens of this in case i needed proof:
http://cip5p52lqmufd3kc.onion/index.php?page=download&id=66Y7qH03us8q42596&download
I checked the address on a blockexplorer to see if the coins actually had deposited correctly.
http://cip5p52lqmufd3kc.onion/index.php?page=download&id=23089099U574R17863&download
Heres the full address if you want to see for yourself
https://www.blocktrail.com/BTC/address/1K8nT7n3kreqA6o3LCWdB6HHTHgketaYJn
The helix status page doesnt include the deposit address but you can see the 0.4399 amount shown in the blockexplorer. Apparently the deposit address had been used previously and helix must have been setup to read the first amount instead of the current amount. I sent an email to GramsTeam@sigaint.org with this info figuring it was a mistake and a quick fix, the next day (saturday) i got an email back from grams:
Hi, I need to ask you, what is the actual URL that you used when sending this transaction? I ask because upon checking the blockchain, I see multiple transaction to and fro this address, and with Helix Light, there is only 1 transaction per unique address. It appears as though you've fallen victim to a phishing scam from a fake Helix Light URL. Please let me know if you have any other questions, and be careful out there.
-gramsteam
Sent 0.5btc to helix address
1K8nT7n3kreqA6o3LCWdB6HHTHgketaYJn
Helix light ID da4c1eb7792ff898
Says 0.4399 received.
https://www.blocktrail.com/BTC/address/1K8nT7n3kreqA6o3LCWdB6HHTHgketaYJn
blockchain says otherwise
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1
mQINBFahnLoBEADdOieMN85vhB5vo+lwh/eZbIz8QER8sWVIge/Gcjkc/IPodiDE t2ai+Fxi64MpE2oaZfgZxr9WEGolMz/Y4e7XnizCltrcEZNa6k/KAFaPJR0ePTp+ twZiz5EcWyh8e9cs5H6X6s5WpHmrwoAqJhZ2BEjSB4i1gH6+zMVfzHZiYXauAJX3 DY3h5OlbJ7JGC0Tfha7aLd038wcA0o1TFm0aEqPJAy2oDb2dz0gev6ImyfiFN6aX h5NLN/F0GO6KRQll4tBCYa7VEHlIjRNoBTAjQ6PBV2ukE+EDKt/J/EblBLzvKd7p xPJK//jxEpAwl+QvecJrKvhzRIb5Vjp4UoidGm/MmXA8EYk/u3oxVcOnvhORkF+g XBq769KH+U8n+MUrqEFMW9+VOdNs8xkn8hLiQQyaa8v8RaEdKkZO3TWDTr+D0iKn 2pLmZIeoUG4DbL+cykTQfwTjY70psWnZF67p4H8xWR/huwmKjQBApAUoPSwnldf4 KkgVLnoVzGJBTGYrMPhfygQhISKaZ1eHHZKA5nkmfIm6zb1e2GI19oWKogJhYAK0 utwfw9fexknceJrN5rEq/VLxBVgMLgFgsuLi3pO5UBzSApvQNneR616xtiBOHKrh R+Zc9g18oI0IrJrJDwTzSYU6DL6b46gC8KJQCQKpRt4FXK8gwY83Pjw1OwARAQAB tApmaXh0aGlzbm93iQI9BBMBAgAnBQJWoZy6AhsDBQkAKLLGBgsJCAcDAgYVCAIJ CgsDFgIBAh4BAheAAAoJEOmS38jPNmMP+/EP/j/gVOOVTaJFlwZV/9d/aOEGlqwO t5csmPOaJlCBIFmKgGEu80H3/egYgMYmjLH5tV12jSYj8wbuLNu4aqGfQAP9zcXv DGg/dPfbxDwPa9eRiZKqFOhymcuqC+VaTpp3ybjvDZ/a7ID3L6THNMkaw/Hj7y4q UL4PV21CzZIAYALKVKRCBfCAECAe0JfBYpQRhySsqFLAk/dIOnEkmfUDTvfmOhJP kImpLoTxOTtxuXb5BQt5qJxenK1pJZ57RuFiCgsVgLVG8s6AVXInW1ZkfXSB7u6U 2rTDFdxZGxSdWXttNyv7jSzoGc8Bk99u8jfQjIN+MeO+ykHqyWHsZ62u04nvPf6L 34uTfoWwevAR8/xbhZnKK3oNC2VMNTgNVvg1Cnk4aqiTCtHGcBJHTL9AqxlGzbt0 p7c0NUVs664W/vOPshGGh/fHl5OLGAyxTgeiWOcsgN8Maxq6RCke3wSs74Mrz4WO DPQn9uq/l08QOOwa8RdCBMRsL0RaUvIjLa6oTAC8V4Uz2hOr21/ujzLtJmGky2Fb uYEIm9iMjxP5ZgCMM0LrfnjKCz+AhEu57zBcRmDhLcYeeek1TCdubgYO7PqzMN+7 jYjoCDwpcXx8zjPiL+CLD16aEorcVjA1fD1IxeZfcjQlFRusGA8oW95BmYy3HQxN TFNh6n4o05tzQGhluQINBFahnLoBEADION+3vaPI3gZ/32262OpiAKTVNF0wY7X0 vRcuUkKxaE8q6K6bUAkfRyow1lJNaEnn1ACfbPFwZ1mtgr/y4zpnN0+fJM5G6Y53 F2MNaekeP429VOjBWAb1mh4mwYZibgREwuNXgYNNQngC9Pt9sWha+klavXUZKx8o OyeL+DnmfwptGEmPIAweCWiQttjuDpLQXyflK35QJYprIlaf/KOODfzD7/OaMasq rPAW/awpDISLNny++XAmOGCBhn72/TJznr+4PlPorfhhJUMYBPk6MvVIN2L018RP E3pXs8CpkGviNHchXRxmyhE5S61G02NP9QcH/Qy8h4Ax/P6oMB5olgt+0xxzUnYx NjKmYNaHJiz6p6LaGGkMPZpZjbiUA+3luAf58cQ1wAXjaMr+YzxMOwuOVU98nqpi BubWxbBKw+oUVYbwwBNe3NhvJlhmQMc+MHUfszEyu1pb12wGi5ejUv4lwv3HkVLD Vh/AjE07KaZGaYE/GkBj+VQ6qFCL8+0ututVj3RmHMierRGovVNNUnooe5d9UUzf 5GCOf4GsC2vo/+WDOjuS6szaSeAgHyEm2v2EFKh41ReOUtd8mcr0p3BLTuRrDbX9 VW1Y3jfdKwP/LJzLv0qQ/Ia0nJFfoxCw2nfkWqtykkJ7wqFj212LE43UlF5Df+M8 78Fs4kiI9QARAQABiQIlBBgBAgAPBQJWoZy6AhsMBQkAKLLGAAoJEOmS38jPNmMP +VAP/jAKSrIWPztlm3N2wLIAjFIiQOoudxuInv/33mY7BLYogrIXi0t0YOiH2paD oVE7n0kYImUV0YGsMxLNyfZ9N65QM98NC0Nc9f+2zwsLVP+7FKqDWUlk1J/arsEF BKWJ47Pt1jFuhrcl2OYheDu49fF0CCUlT8fkGa3YPzp8+9wUzalsdbsttwKNObvA y1ZUKVYaz5tuGpzXZHNxqv/diJeC5kX0WLLxIMagdgFhRLa+j9jfYDpJ8LY+hFZ1 EDMyopNI95AmyTKuHaTf/1LNPRW3wvOOvyiec1KNUuSC7/AOjwNkvv/EHmG1MzqY Rs0xO6OMGusSb5ix4USzU/zdma/yEKH/KpjvPPz1hHfLKk7QMzwPGjsBz3O82qIc GTSDVOfasmQamOIuKkqEtBRNVhX9QL5YKyYMebK7aeLyliwu3k/KmHR01GCiWObZ H4lSeLtEJ7fyja11AUobWjw4eajszg5ziLaUzLwozg0iSzvfCxUykBNcfwA/58gN rb8yLJ/3AJsRxis6j3+I3GvCAjT8i/o0I8NQ91qvEKGzd3SLpZCbCyrMdN53STkl SOe4L0H/ai80huCdRZFO50ST4lAKYQGqwCCSz9xmam2+U0W3gyLMHLzJBVJ6zVlg 1zaaS3hu3vkSeEeyhkXkLmkxhwsiwomiHccvsWJCZWpPE14B =egGX -----END PGP PUBLIC KEY BLOCK-----
So you'll notice two things here, first grams starts by asserting i was phished instead of actually looking at the status page of the helix id i gave him which he could have seen was genuine. Secondly i pgp all my messages as they contain sensitive info, apparently what grams likes to do is decrypt them then include them in plaintext in his reply. Unfortunately i didnt notice this at first. I checked my LBC account for the this was going into and saw that i had in fact received a deposit, of 0.05866456 ($24 of my $204 deposit).
I replied:
-----BEGIN PGP MESSAGE----- Version: GnuPG v1
hI4DWxHrH6xUby4QAgCQmexQNx1NXLsGkwJQUxIqflELFYPiMZMKZrgj5uJH9Z4u hN9dTvp+ga9l/tU7qTExZeLzHGFTH8k+a6Fei5EeAf9oS/MUpvppzqRXf/xTVuK1 2ixv0Z/vYc+DAJ313EZeBG9o6iO2TKnzv+xXJwqTi5hINc90SHVR4uuUS6jh+FFo ycEB62LLcFpGNsHXNvdLgPt4VLVsQFy03O9CuxCqW305TsTNZ4PZ3VaCpwfojjCD xcJ5kJFxCbhzX+V2gBYlYjBA0li7cMzGWSsEE1dxed6hz2ZskreXzhz42QtOhsry yUVFcL0s10u6PKlVA4GD+i7nslx5fPT2lc2xDWnk/ejczJ5aXNqjYbm34nQhcaHA KY3TGc/fYXpRi+Uf+aBCxaR7ktQGciJT8dUTBcOJspaA9+pnNWKgvx1DahaMSe9/ fD2oKgoGCyk0SUvuIZWtAx4JNyaRrl6amQJOLHK91rbNgcgPLFKkaaiaJ8sQ+smq UcATP8nAEk/GBS03caNp0XFuAiFWRCWgW5xEQG/XQWrnnx0S4mvK0RFoCCw5mYtR ZeraNS7QPlFnEs97j73L9AYd5KZWJwmLDx0Ipau2Cx2Cr67Ut8T+bG9QI5APorJL OpWU0yRwVzbDUTBVVLw5ofgbWJSUfBz2f5+RJcGrrqn7463gsiDLqVWfW7vGlUNQ qIO8IN+OZqvfzHoMcpflTtlnCyKP/XDMNm03G4aac/M8RqX92zsdd9uVyHgzzvuv r5tGk1Gm5hAmO/HQ7BLnv0vpGuw= =vUn3 -----END PGP MESSAGE-----
He replied that night (still saturday, once again with my pgp message now in plaintext:
I've forwarded this to the admin, I can assure that we are NOT stealing from you, reputation and trust is the most important thing to this company. We are looking in to it.
-gramsteam
The old phishing defense isnt going to work here, ive kept screenshots of the entire process that shows explicitly that not only did you falsely report how much you received, you also paid out only a fraction of what you mixer claimed.
I paid you 0.5btc, i am owed a total balance of 0.4875 at address 1KEXCnch3jxuqk58nGEesgD77hrV7Q56w6 (this is an lbc address) as you can see i only recieved 0.05866456 to date, my lbc account is still credited this amount.
I submit to you this screenshot, if this is not satisfactory then i can submit the rest to the community.
http://cip5p52lqmufd3kc.onion/index.php?page=download&id=G703885429519X4D829
Go ahead and check the deposit address, thanks to grams sending my address in plaintext i have to assume my lbc account is compromised, the mix deanonymized, and i have to start over again.
I replied at the end of saturday night, now having seen my reply in plaintext:
Why the fuck did you just paste my pgp message in plaintext?
Theres nothing to look into, i am owed 0.4875, if you have problems in your backend system then fix them on your own time. Ive submitted my information that shows that i did use the real helix mixer and was not credited the final amount. Its not my job to wait on you to fix your shit, your mixer promised 45min turnaround and now its going on two days and ive not received anything but fraction of what i sent. If you cant fulfill your end of the transaction by sunday then ill have no choice but to assume you have stolen it.
However i just received an email (now monday), pgp'd from grams, here it is in plaintext since thats how grams like to communicate:
You can only send 1 transaction to a helix light address, You sent 2 so you only got the bitcoins from the first transaction. It states very clearly in bold font to only send 1 transaction. Luckily I found your other transaction the rest of your coins have been sent to you. You can see the progress here http://grams7enufi7jmdl.onion/helix/light/status/df338275249a3ca7
-GramsAdmin
Heres the deposit address, see for yourself:
https://www.blocktrail.com/BTC/address/1KEXCnch3jxuqk58nGEesgD77hrV7Q56w6
- Grams does not respect pgp privacy.
- Grams lack of respect cost me my LBC account as i have to assume my email provider is or will at some point be compromised, originating wallet -> exposed mixer deposit address -> exposed deposit lbc address -> lbc account -> supeona lbc and your tradepartners for your info and activity.
- Also by posting my addresses in plaintext my mix was deanonymized, i paid 2.5% and got nothing in return.
- This process delayed me several days.
- Grams kneejerk reaction is to say you were phished instead of taking the minimal effort not to insult you by looking into it.
- Grams covers his malfunctioning mixer design by saying i sent 0.4399btc. Had i sent that i would have been credited 0.9399 to the KEX address, which i have not because i did not sent 0.4399 coins in addition to the 0.5.
- It is likely grams is reusing addresses which is generally frowned upon in the btc community as it links you to whoever else deposited to said address. There is also a 1x10632968296829 probability that someone generated the same address at the same time and deposited 0.4399btc to it.
- Grams whitewashes over the fact he only initially paid out $24 regardless of whatever he believes the deposit amount to be. If this isnt poor mixer design it is outright theft.
So... You messed and sent 2 transaction to a helix light. Even though it states very clearly in very big print to only send 1 transaction because you will lose coins when you send more than one. It even says in our terms if you send more than 1 we consider that donation (Even though we never apply this rule).
I admit it took my support longer than it should have to figure out what happen, but as soon as I saw what happen I got your coins right to you today.
Even after all that you go on reddit slandering Grams because you made a mistake?
I don't know what else to do for you.