BitClub Network say affiliate stole over $5K, offer reward
What would you do if you were running an MLM opportunity and discovered one of your affiliates had made off with over five thousand dollars?
If you’re BitClub Network, you set up a page on your website publicly shaming them and offer a “potential bounty” for any help given.
The BitClub Network affiliate in question goes by the alias “lerdbaron”:
LERDBARON, originally signed up on January 10th and began earning daily Bitcoin from Mining Pool #1 earning a total of .80813 Bitcoin with 789 days remaining on his contract.
A screenshot of lerdbaron’s BitClub Network backoffice (provided on a name and shame page set up by the company), shows BitClub Network paid lerdbaron about 0.8 BTC ($184) with 0.56 BTC ($129) reinvested into more earning positions.
According to BitClub Network, the problems began on August 16th;
Everything was going good until this member found an accidental glitch on August 16th.
This glitch allowed LERDBARON to create negative invoices and mark them paid by using available funds in the credit wallet.
As I understand it, an invoice is a withdrawal request, with a negative amount on the invoice causing the BitClub Networks system to pay out the funds without deducting anything from the available balance.
He was able to do this 9 times and request 4 withdrawals that were paid to his Bitcoin address, which you will see on the blockchain all payments made on the same day.
The total Bitcoin stolen so far is 8.343 BTC…
Explaining how this happened, BitClub Network write
This was the first time anyone had discovered this glitch, up to this point our system had always been blocking negative invoice amounts but with an update to the invoicing system just 3 days prior to this happening we changed a setting that only checked to make sure invoices were not 0.
In other words it was no longer checking for negative balances and this was likely a total fluke that happened on accident.
But greed proved to be too much for LERDBARON because if you look at the very bottom transaction shown on the page, you will see that an amount of 0.8 BTC that was sent to another username – TOMASS.
This is an odd transction because this user is not sponsored by LERDBARON nor is the user anywhere in LERDBARON’s tree.
So why would someone send Bitcoin to another user that is in a completely different organization and will not have any benefit for doing so? hmmmm lets take a look!
It turns out TOMASS was a phoney account reated (sic) on Aug 16th using the exact same IP address that LERDBARON was using.
So this was created and funded by LERDBARON. I guess because the user was in a different tree he thought we wouldn’t notice?
So the story goes, BitClub Network allege lerdbaron transferred stolen funds to the tomass account, which were used to pay affiliate membership.
Then after a series of test transactions, including one from the tomass account back to lerdbaron, the total BTC stolen rises to 10.64 ($2456 USD).
Now this guy decides he wants to enroll a new person because it might be getting a little suspicious doing all these transactions in 1 day.
So TOMASS enrolls username HYEPMAN… I think he probably meant hypeman, but who has time to double check a username when there is Bitcoin to steal.
So he creates another phony account using the same exact IP address, again!
Again using stolen funds transferred over from the tomass account, the affiliate fee for the hyepman account is paid and more negative balance invoices are created.
This guy was not hard to catch, but he actually opened 5 more accounts and tried to do the same thing on each.
He did get a few more withdrawals taking the total to 19.57 Bitcoin, but it could have been a lot worse. All this happened within a short 24 hours.
Not posted on the BitClub Network website page is the email exchange that took place between lerdbaron and BitClub Network management.
Upon working out 19.57 BTC had been stolen, the company initially offered to forgive and forget if the funds were returned:
Email to lerdbaron (August 17th):
Your account has been disabled!
You will receive an additional email in the next few days with all the details, but you will no longer have access to BitClub Network.
We have found clear evidence of you attempting to exploit our invoicing system and your accounts have all been flagged. We strongly recommend you return any stolen bitcoin that you took from your actions in creating these invoices to avoid further action.
Response from lerdbaron (August 17th):
What? All the bitcoin I used was purchased from my Circle Account that I have linked to my bank account.
How could I have exploited your invoice system? I can show all transactions and prove that the Bitcoin used is not stolen. Please advise.
Email to lerdbaron (August 17th):
You were not paying with Bitcoin inside your wallet and this is the problem, instead you were creating invoices with negative amounts and using your credit wallet to pay for them.
This was a bug that you exploited and we have since fixed.
You probably found this by accident while trying to add credits to your main account (lerdbaron). However, after this worked you proceeded to open two additional accounts (tomass) and (hyepman) and have been creating fake invoices over the past two days.
No reason to deny any of this because we can easily track the IP address used to access each of these accounts back to you.
In total you have stolen 19.57 Bitcoin spread out over these 3 accounts and we are 100% certain about this due to some very high end security tracking that we have in place.
So, you have two choices…
You can either send all the Bitcoin back to us and we will re-activate your account and pretend this didn’t happen. We will keep a very close eye on your activity but you will be given full access to your main account.
Or two, you can deny this and your accounts will be terminated and we will file a report to the authorities with the information we have to try and collect the stolen Bitcoin.
Thanks to the transparency of bitcoin there is no denying this one.
So your choice… We hope you make the right one!
Send 19.57 Bitcoin to – (address removed)
Or your account will be terminated and we will begin the collection process.
BitClub Network claim that at the time the funds were stolen, 19.57 BTC had a value of $5049.
The mention of “the authorities” is also of particular significance. In the past the owners of BitClub Network have categorically stated they will not reveal themselves because they are intentionally avoiding said authorities.
This is believed to be because BitClub Network are offering unregistered securities to investors through their mining pool shares, as well as BitClub Network affiliate recruitment commissions.
Asserting his innocence however, lerdbaron responded to BitClub Network’s threats with threats of his own:
what are you talking about? I only have one account and only use lerdbaron. And have sent bitcoin using the same wallet, and have not taken the 19 btc you claim out.
I was adding btc to my account to get up to $3500.00 and have enough for shares in all plans.
So are you trying to steel (sic) my btc? If so I will have no choice but to report you to the Authorities in my state.
Please restore my account or return my initial btc.
BitClub Network, although evidently reluctant to engage authorities directly themselves, appear to actually want lerdbaron to report them:
He is even trying to say we scammed him and is actually threatening to go to the authorities if we don’t give him back his initial mining pool funds back… We hope he does try it because we may end up getting our stolen Bitcoin back when they see how obvious it is.
On a serious note… This person has stolen over $5,000 from us and we want it back!
BitClub Network maintain their “smoking gun” is the blockchain, which they state “doesn’t lie”.
Lerdbaron maintains his innocence, having declared BitClub Network owners to be “liars and scumbags”. As of August 23rd, he also states he’s reported BitClub Network to the “FBI Cyber Crimes division” via email.
Both sides are claiming losses and over $5000 USD in BitCoin is purportedly missing.
Hackers, affiliate theft or admin scammers looking for a scapegoat? You decide!
Inside job.
If it worked before, the “clamp” (range check) was in place, which means someone REMOVED IT on the SERVER-SIDE to allow that through.
The fact that only one account did it also suggests an inside job. If this was initiated from the outside there would have been a much wider attack through multiple compromised accounts.
Which points to two possibilities:
They have an rat/mole, or this is a false-flag operation (they’re going to “find” more money lost, and use it as an excuse to shut down the whole thing and f*** everybody).
Maybe I’m a cynic but, I’ll go with this one.
I wonder why people never stop to realize that legitimate business never do this type of thing.
I mean, when was the last time anyone visited the web site of their bank, insurance company, credit card company, etc., and saw a message like this?
Imagine trying to withdraw cash at your bank ATM and receiving a screen message the your withdrawal couldn’t be processed because account #XXXXXXX somehow gamed the system and left no funds for anyone else.
i’m with you on that. This is nothing the other participants should have been informed about in the first place.
On the topic of theft, today BitClub Network purportedly received a $135,000 fee for a 5 cent transaction.
BCN are apparently willing to return the money but the sender hasn’t been identified.
Couldn’t possibly be internal money laundering… nothing suss.
reddit.com/r/Bitcoin/comments/4gkira/hey_bitclub_network_will_you_do_the_right_thing/
blockchain.info/tx/cc455ae816e6cdafdb58d54e35d4f46d860047458eacf1c7405dc634631c570d
PS. I haven’t written this one up yet as I’m not 100% on the implications of the transaction on BCN’s side.