The BitcoinVanityGen Scam
I hate fuckers that think they're entitled to other people's shit. It’s the hallmark of somebody that doesn’t know their place. This webpage exists for reasons of posterity in the hope that it may become useful in the future. If you are affected by or have otherwise been involved in this scam, please read this page's contents in its entirety.
Bitcoinvanitygen.com was once the home of a very elaborate scam operation from 2014 until it went offline in late 2020. It operated under the guise of a service to the Bitcoin community that generated vanity Bitcoin addresses for free or a small fee for a specific number of characters. All a site visitor had to do was type their name in an input field, enter their email address, and click “generate”. The private key to the new address would then be delivered either via email or conventional post. Tens of thousands of addresses had been generated by this site before it disappeared from the internet.
But something much more sinister was lurking under the hood. Upon generation of a requested address, not only was the private key delivered to the requestor, a copy of it was also retained by the site’s owner. This meant that any funds deposited to the address were also accessible by the site’s owner and could be stolen at any time. And stolen they were.
The specific victims of this scam are too numerous to list here, but I will tell you that I myself am a victim. I utilized the site when I was still very new to cryptocurrency and perhaps had too much faith in humanity. The first address I requested from them, 1KYLE6D4HPR8fmxmkbMSLKD1q81FM1fB8c, was the one that had "convinced" me that it was safe to use because I had kept Bitcoin in it for a substantial amount of time without it being stolen. This lead to me requesting a second address, 1KNABU3NdYTEW1jfU7h3MyBGM9W8sX2eSM (my nickname is Knabü), in which I used to store a much more substantial amount.
In the fall of 2019, the scammers swept my entire balance from both addresses to their own address, where the money still remains at the time of writing. And that's one thing I've noticed about these thieves; they have stolen a lot of Bitcoin throughout their history, but it doesn't seem that they ever spend them or at the very least launder them through a private cryptocurrency such as Monero for example. I'm unsure what this means, but I will say this: the longer it takes for them to get caught, the worse off they are going to be when they finally are. Everybody that they stole Bitcoin from can prove the origin of their funds, in my case it was mostly from Coinbase and Cash App, which is why the transaction where it was stolen has a privacy score of "0" on Blockchair.
At the time of writing on December 22nd, 2020, the Bitcoin they stole from me (exactly 1.23544520 BTC) is worth almost $30,000. It was worth around $10,000 when it was stolen. I wouldn't be surprised if these scammers are currently sitting on at least $1 million worth of Bitcoin, all of it stolen from unsuspecting people all around the world throughout the years. That fact alone should make this worthy of an international investigation in my opinion. Also, I would be willing to pay a percentage of the Bitcoin to anybody that provided meaningful information that led to the capture of the thieves. In case you are the owner of a Bitcoin exchange and have come across this page, be sure to blacklist the address "1LtDTHfXbxUXqf6AXQKVTSGwufJi3z1FVc" and any subsequent addresses that it may send funds to, so that the thieves cannot cash out their ill-gotten gains on your platform and you can avoid potential legal trouble. Likewise, if you are a private party that buys Bitcoin P2P, do not accept any BTC that ultimately originates from that address as it is now tainted.
Here are some screenshots I took of (A) one of the many withdrawals from my Cash App account to one of the scam addresses as proof, (B) one of the many withdrawals from my Coinbase account to the other scam address, and (C) Blockchair‘s privacy score of the theft transaction:
👆Click on this image to see a snapshot of BitcoinVanityGen before it went offline.
👆Very low privacy transaction, both from my side and hopefully the scammer’s side as well! 🕵️♂️🚓
This video prompted me to do a bit of digging for more info about who may be behind this scam. I searched for one of the addresses I used on Bitcoin Who's Who, which revealed to me that the IP address the theft transaction was made from is 95.88.183.81, which further sparked my curiosity. So I entered that IP address into an IP tracker, which revealed that the transaction was made somewhere near the city of Ludwigshafen am Rhein in Germany. Safer Bitcoin had determined that the scammers are based in Poland, so the IP being from that region of Europe makes sense.
The IP address was registered to Vodafone GmbH. What I found interesting is that after running a proxy check on it, there was no proxy detected. So, the thieves may not have been using a VPN or Tor to mask their IP. What is more, is that the IP address is blacklisted on multiple databases. These databases include Barracuda Reputation Block List, DNSBL SPFBL List, and various URIBL lists. It is possible that they may have left enough of a digital fingerprint from other nefarious activities to provide leads for law enforcement to investigate. But I digress; I'm an amateur when it comes to digital forensics.
But wait, there’s more! I also learned, thanks to this thread on Bitcointalk, that there used to be a "Bitcoinvanity" site similar to the one that scammed me hosted on the domain bitcoinvanity.appspot.com. The Wayback Machine page I’ve linked is dated February 17th, 2014 and is the very last time it was saved by the Wayback Machine, presumably because it went offline shortly thereafter. Well, guess what just so happened to launch around the same time in 2014? Bitcoinvanitygen.com! The owner of the AppSpot site, who went by the name of “nibor” and may very well be the same person(s), claimed in another thread dated October 17th, 2012 that their service had been hacked, but what’s to say that their claim isn’t just a coverup for their own actions?
Which brings me to my next point; AppSpot is a Google service. As we all know, Google is not privacy oriented at all. They collect and retain as much personal information as they can, so what are the chances that “nibor” didn't take enough steps to hide their identity while registering this early version of their scam? I think the chances are good. Otherwise, why attempt to make amends with the community by offering refunds for certain addresses after they were swept? After all, the suspected owner of Bitcoinvanitygen.com never even responded to other members who tagged them on Bitcointalk every time a problem arose. This all seems too suspicious to be coincidental, and I think it would be right for law enforcement to serve a subpoena on Google requesting information about the account that was used to register the AppSpot-based site in 2012 (or maybe even earlier), which I don't believe has been attempted yet.
While browsing Bitcointalk, I also came across this thread, which goes into detail about a separate scam operation called bitcoinbetgames.com that was apparently also owned and operated by the same person(s). The domain registration details in that thread list a Nosalik Remigiusz as the registrant name for both sites. The admin organisation of one of the sites is listed as VERSERO. After plugging that information into a search engine, I came across this LinkedIn profile, which details Nosalik as the CEO of VERSERO since July of 2012. He obtained education at the Wroclaw University of Science and Technology in Poland, and acquired skills including PHP, MySQL, Javascript, Distributed Systems, Data Analysis, Database Administration, Data Mining, and more. Well, that certainly sounds like someone capable of running all of these scams. I found a couple of Facebook profiles with information consistent with some of what I've seen thus far, namely this one. I would like to think that the perpetrator of a high profile scam wouldn't be stupid enough to leave this much information out in the open, so maybe the real perpetrators simply used this person's information when registering their domains as a cover to deceive law enforcement. I ran a reverse image search on the Facebook profile picture via TinEye but there were no matches, so it doesn't seem to be a dummy account using a stock photo. Of course I can hope that Nosalik Remigiusz is the person behind all of this, but that just seems too easy. I saved a copy of the profile picture, which can be viewed here.
I found this article on a Polish news site that talks about Nosalik's involvement in a forum known as Darkwarez.pl, a site launched in 2006 that was apparently dedicated to the illegal distribution of copyrighted content. You know, piracy. Better Bitcoin had mentioned Darkwarez in his video as well. Here's an excerpt from the article, translated from Polish to English:
"Literally anything could be downloaded via Darkwarez. Computer and console games (both from years ago and the newest ones), full-length movies, programs often worth several thousand zlotys, and even pornography. It was the representatives of the latter industry that decided to say "stop". For years they fought with Remigiusz Nosalik, who owned the forum. This, however, did little to deal with the fact that the owners of the production demanded compensation for the illegal distribution of their material."
The article goes on to explain that Nosalik appeared before the District Court in Olsztyn accused of internet piracy and was even sued by a company for copyright infringement. It says that even though he was acquitted of the piracy charge, that's not likely the case for the copyright infringement because "according to the Olsztyn.com.pl portal, the owner of Darkwarez claimed in his testimony that he did not break anyone's rights, as he only posted links in the form of text, and there were no files on his forum. The files were on hosting, including catshare.net and he has nothing to do with them. In the current situation, it is difficult not to link the two services from the ownership side or close cooperation." In other words, Nosalik couldn't verify that he wasn't also an administrator of catshare.net and other sites where illegal content was being hosted.
So if Nosalik was sued and potentially owes a company a lot of money, then that establishes a motive for his serial Bitcoin theft other than just blind greed. But that's just my opinion, and even if that's the case, it doesn't excuse his behavior at all. It definitely doesn't earn any sympathy from me. It does establish probable cause in combination with all the other information on this page, so at the very least law enforcement should be able to obtain a warrant on him so they can search his house, interrogate him with a lie detector, and maybe put him under surveillance. I'm at a loss as to why that hasn't already happened.
I also wanted to mention that it looks like these thieves are at it again. The original site went down, but now they are operating under at least two new domains: vanitygenbitcoin.com and vanitygenbitcoin.net (I'm not linking them directly because I don't want to give them any backlinks). The domains were registered in the summer of 2020. There are clues on the new sites that indicate it is the same person(s) operating them; the similarity of the name, the “2014 to 2020” dates on the bottom of the page (that's the most obvious giveaway), and the fact that the domain registrar is located in Russia which, like Germany, is right next to Poland. So if you are new to Bitcoin and were considering using vanitygenbitcoin.com or the .net variant, JUST DON'T! REPORT THEM TO AUTHORITIES AS WELL! There is also a Spanish version of the new site under the domain “bitcoinpersonalizado.com” hosted on the same nameservers. It was registered in 2017. In any case, their email address is [email protected], so if you want to waste their time you can spam them with whatever you can think of. I myself pretended to ask them for 100 addresses generated at once, and when they responded I said “Just kidding, I don’t want your stank ass addresses. You piece of shit scammer 🖕🙃🖕”. It ain’t much, but it’s honest work.
👆Location of (one of) the scammer’s IP addresses. 💻
👆STAY AWAY FROM THIS!
If you are an investigative authority and you happen to come across this page on my site, feel free to get in contact with me about this situation. It is my hope that the perpetrators of this terrible scam are caught and that Polish or other authorities (Interpol) contact me when that happens so that my Bitcoin can be returned to me or otherwise repaid. I can be contacted at [email protected].
And if you are the perpetrator(s) and are reading this, I have nothing to say to you except please just return my and everybody else's money to its rightful places. You have hurt many people and your days are numbered. Your devious behavior is encoded into the blockchain forever and can never be erased. My new Bitcoin address is below if you ever have a change of heart, as skeptical as I am of that ever happening: