A few months ago, a friend, asked me to look into a bitcoin mining company he, and, a group of others who where investing in mining contracts with. Investing in cryptocurrency is a risky business for new users, and, old users a like. Typically if you're not doing all of the work yourself you're always at risk. That being said, let's jump down the rabbit hole. This going to take a while.
- Bitcoin Trading World
- Dragon Mining
- Hook, Line, And?
- Fingerprint - DNS
- Fingerprint - Source Code
- Dragon Mining Inc
- Getting inside
- The fishy blue sea
- Show me the B2G?
- The inside
- Sailing onward
- 30 days in the hole
- The scam
- Insurance scam
- There be an oasis ahead
Bitcoin Trading World ↑
The entry point the group was using to invest was the site bitcointradingworld.com. A cursory search at the time of google, bing, yahoo, and, linked in turned up very little about them. Typically this is a pretty bad sign especially since they claim on there website to have hired hundreds or professionals.
The company offers investors mining operations they claim to be "intelligent and profitable solutions". They promise to be successful investors, guarantee people will make money with them, as an investment company of the future.
They also, claim to have a unique approach. They use a self made currency B2G with miners known as dragon miners. These miners are provided by a company called Dragon Mining which can be found at dragonmining.tech.
Dragon Mining however, despite the "unique" claim. turns out to just sell typical GPU miners which are designed to mine B2G with a difficultly the company directly controls.
Dragon Mining ↑
Dragon Mining Tech appears to be cryptocurrency-mining hardware manufacturing company. They specialize in creating hardware for mining B2G. They are headquartered in Shenzhen / China. Dragon Mining Tech is the joint venture between Dragon Group (60%) and Bitcoiin2Gen Group (40%) as stated on website.
They also run an insurance program designed to help customers who do not receive payouts from one of there pool platforms. How noble of them! Were going to get more into this later so I'll leave it at that for now.
Despite there claims of being a world class hardware manufacturer. They do not list any staff. They also do not have a career, or hiring sections. Further a cursory search of dragon mining on linked in, glass door, and other job sites turns up nothing.
B2G, or Bitcoin2Gen is a traded cryptocurrency coin not much different than bitcoin, or litecoin. There isn't actually anything new, or special about it's design. Instead, it's difference is in the fact regulated by it's creators using the exchange HitBTC. The owners have rigged the price at HitBTC even though you can't actually transfer or withdrawl at the value listed. This is done as they claim to maintain a healthy "eco-system".
Hook, Line, And? ↑
It's starting to look like Bitcoin Trading World is the Hook. B2G is the line, and Dragon Mining is the pole. Consumers are the Fish, and never ending profits being promised to them is the Bait.
Following the metaphor. Dragon Mining Pool would be the locations in the ocean we call the internet that the unknown fishermen behind Dragon Mining Group are casting there hooks.
Branding is often needed to drive legitimacy to any website regardless of intent. Dragon Mining Pool is no different. If we keep the metaphor each of Dragon Mining Groups hooks have there logo branded in various locations around the ocean that is the internet.
Using a reverse image search we can attempt to use the branding image to find most of Dragon Mining Groups hooks. While the above links points to Google. I also used Baidu, Bing, and, TinyEye. Here are some of the results:
Fingerprint (DNS) ↑
Hosting companies, are often a decent way of finding out if a group of websites are owned by the same entity. Often times if they will share a server, or group of servers owned by the same company.
Though whois records are often private, and have no rules around them about validating actual information listed as being true. They can still be a good way to locate which hosting company a website belongs too. I personally prefer to use Domain Dossier for this information.
bitcointradingworld.com dragonmining.tech bitcoiin.com
So not much of a surprise. The 3 main sites that are part of the operation all share the same hosting company LeaseWeb. Surely though if the other sites are not actually hooks owned by the same group the odds of them always picking LeaseWeb should be low right?
btcminingfactory.com cryptominingspace.com btctraderonline.com
Turns out they all use the identical hosting company as well. This is starting to look... fishy. Not to be forgotten from the reverse image search we are left with two anomalies:
First, startoptions.com was taken offline all together. However it's registrar is the same used for all of the above domains with exception only to dragonmining.pr.co. I feel it's safe to conclude this was also a hook at one time.
Second, dragonmining.pr.co is hosted by Amazon Data Services. The domain was also not purchased using the same registrar as all other domains mentioned.
Marketing, and social media can be a hard waters for a company to navigate without assistance. It seems the same is true even for the Dragon Mining Group. It seems the reason this domain does not share the same LeaseWeb hosting is because it's owned by pr.co a social media marketing firm that at least at one time was hired by Dragon Mining Group. dragonmining.pr.co is a News Room install that was left as an artifact online.
Fingerprints (Source Code) ↑
Source code left behind or publicly available from development companies, and contractors are also often a decent way of finding out if a group of websites are owned by the same entity. Often times they will share a branding image, comment tags, script names, coding styles and choices of frameworks, or 3rd party services.
I have chosen these three segments of code because there in-line with what I am looking for in terms of frameworks used, script names, coding styles, and 3rd party services.
head will show what framework is being used (if any) such as word press, or ghost. If sites are custom, but code is re-used it will also show a path structure which can be compared. For example we can see /code/theme/default is in use on bitcointradingworld.com.
custom.js will show a script name. The method is also interesting because it's referencing a jsfiddle url with the plugin code. This should help show a pattern of unique comments that are shared.
live chat will show an additional shared 3rd party vendor being used. In this case it's livechatinc.com. This is a great choice because there are a myriad of live chat vendors so the same one being used absolutely helps show a pattern.
This site contains the same platform, file, and folder structure. It also contains custom.js with the very same fiddle comment, and code. Finally it does not contain the same chat, so there is a match failure on live chat but positive on all other criteria.
This site contains the same platform, file, and folder structure. It also contains custom.js with the very same fiddle comment, and code. Finally it does contain the same chat, but it's located in liveChat.js. There is a match in all criteria.
This site contains the same platform, file, and folder structure. It also contains custom.js but does not contain the fiddle comment, and code. There is a failure on this match. Finally it does contain the same chat, and additionally it contains the chat also found in dragonmining.tech which was a previous failure. There is a match on most of the criteria.
This site contains the same platform, file, and folder structure. It also contains custom.js, and contains the fiddle comment, and code. Finally it does not contain the same chat, but it does contain the chat found in dragonmining.tech which was a previous failure. Since i failed this chat before i will fail it again as not a match but there could be debate made. There is a match on most of the criteria.
You may have noticed in the head images that all hook sites have the very same coinhive script commented out in there source code. The exception being btctraderonline.com where it's actually uncommented and running not in the images but at the very bottom of the site.
This is a dangerous script that steals your resources as you sit on the site. You can read more about it here. The only keys i could find in the script are listed below:
Dragon Mining Inc ↑
I have left this site for last because while the name is obvious. There is no actual connection between Dragon Mining Tech, and Dragon Mining Inc with exception to one single copy of the original dragonming.tech site on the Internet Wayback Machine that points to dragonmining.com.
You will notice that the footer on the wayback machine is the very same on the site today. However the contact email is [email protected], and the company in the copyright is Dragon Mining Inc. This was promptly changed by the next wayback machine snapshot.
It should be noted that Dragon Mining the actual company at no time referrers to them self as Inc but rather as an Ltd on there website. It might be that originally Dragon Mining Tech was hoping to use Dragon Mining Ltd to boost there reputation without them knowing about it?
Getting Inside ↑
Going deeper down the rabbit hole is going to require some method of infiltration. Peering behind the curtains might lead to emails, names, and a better idea of what there ploy is.
Phishing is pretty much always an option for infiltration. However, in my opinion. It's slow, and unreliable often depending on sheer luck. Results on Shodan for each server listed above didn't reveal any unpatched vulnerabilities to exploit. Shame.
Interviewing for a position at the company can often be a good way to get information. This does come with risk of exposing yourself. If your careful though it's typically not an issue until your long gone. However, as noted above none of these companies have a job posting anywhere offline, or online that can be found. Looks like this is won't be an option either.
Posing as a customer was starting to seem like the best option to go further. That being said it's safe to say any money sent to these guys was going to be lost. The trick was going to be limiting my losses as much as i could while still seeming to be a tasty looking fish.
The fishy blue sea ↑
The lowest entry at Bitcoin Trading World is $5,000 in value. Note that i said in value? You have the option of paying in pure bitcoin (BTC), or, half of your entry can be paid with one of the other accepted coins which at the time of my entry was Bitcoiin2Gen (B2G), Litecoin (LTC), and Etherium (ETH).
Realistically, there was no way i was going to give Dragon Mining Group $5000 knowing it was going to be lost. I was hoping there was a lower entry fee but this was the best i could find.
I contacted my friend that had originally asked me to look into Dragon Mining Group. He explained there where MLM programs which is how get got in but that they were in the processes of ending them. He also showed me that there was a special plan in place for previous sites that Bitcoin Trading World had absorbed. This plan allowed up to 95% of funding with B2G only leaving 5% BTC as a fee.
I soon found out they could offer 95% for B2G because Bitcoin2Gen (remember also part of the Dragon Mining Group) had prevented all deposits, and withdrawals but not trading of the coin. This allowed them to lock the price of B2G at HitBTC which was at around $28 because no one could actually deposit the coin and sell at that price it didn't move much despite the fact you could still trade it.
I also found out that there was a second exchange exrates.me that Bitcoiin2Gen (B2G) was accepted on. It had to same restrictions on deposits and withdrawal. However it was only trading at $0.7 cents on average per coin vrs the $24.80 on average per coin at HitBTC.
Price differences between exchanges is not uncommon. However with exception to rapid swings which can be seen though the volume a coin is being traded at. It's pretty rare for them to be more than 1 - 3% in difference. There was no where near enough volume being moved at either exchange to prompt a rapid swing. Seeing such a massive offset, and no volume to back it up prompted more investigation.
While no concrete sources could be found, what i could gather from Twitter, and Reddit accompanied with searching. Concluded that when Dragon Mining Group had Bitcoiin2Gen freeze B2G. Exrates did not exactly follow a long. This led to deposits and withdrawals for a longer time than HitBTC.
Speculation as to if this was an error on purpose aside. Panicked investors holding onto large amounts of B2G with HitBTC locked down moved as much of there assets to Exrates as fast as they could. This flooded the Exrates market driving the prices of B2G into the ground.
More importantly though, there was rumor from the same unconfirmed sources that Exrates was still allowing deposit and withdrawal at random times. If i could prove this, it might be my path to getting enough cheap B2G to buy into Bitcoin Trading World.
While more complex solutions where considered. I just wanted to prove that i could get B2G back out of Exrates despite the freeze. I hooked up a spare monitor to a Raspberry PI 3, installed a chrome plugin that refreshes the page every 1 minute, logged into Exrates on my account and checked it as often as i could. Roughly 3 days later, maybe sooner since it depended on me seeing it, and, there where times Exrates logged in out and i had to log back in. I noticed that the form for withdrawal changed from not available to asking for an amount. Roughly an hour later, it was disabled again. More speculation aside as to why, it would seem the rumors where true.
Show me the B2G? ↑
Coinbase is another crypto currency exchange where i personally keep my currency. I transferred 0.01097821 ($60) in Bitcoin (BTC) from Coinbase to Exrates. Over the course of a few days i was able to purchase more than enough B2G to qualify for the entry program. I then setup the Raspberry PI again, roughly 48 hours later i was able to transfer my B2G from Exrates to wallet.bitcoiin.com which was the only real wallet source i could find for B2G despite being controlled by Dragon Mining Group.
I then contacted my friend for details on what was needed to further qualify for the program. Which turned out to be 0.15952623 ($1,100) in BTC and 1001.18 ($17,779.22) in B2G which was valued higher because Bitcoin Trading World was using the HitBTC rate of $17.75 when i joined. Then i had to choose how long i wanted the contract to run which was a choice between 30, 60, or 90 days. The longer you waited the larger percentage on the returns you got.
The inside ↑
Roughly 12 hours after the transfer of both currencies to Bitcoin Trading World my account was created with a gmail i setup and i had access to there site as a customer. The total cost for entry ended up being $1,160. More money than i would of liked to give up but still cheaper than originally estimated. I won't really list any justifications for spending so much other than i wanted to expose these people and i needed access.
The site once logged in looks much like the above screen shot minus a menu on the left (will be seen later). Going over source code for the site revealed much of the same already shown but it's worth noting that the coinhive mining script was present even for logged in users.
There is a form for withdrawal which seems nothing more than a standard PHP contact form.
There is also an affiliates section which seems to confirm the original information i was given that an affiliate system did exist.
Finally there is also an account settings, and account information menu item (at the very top cut off) that i do not show because i would just have to redact all the information.
Sailing onward ↑
In collaboration, I could now try and dig deeper into who the people that comprise Bitcoin Trading World, and Dragon Mining Group where.
I contacted Bitcoin Trading World explaining I was looking for more information to bring other people into the program. Being more technical I also asked for as much information on how there operation worked as i could get them share.
Bitcoin Trading World "staff" contacted me roughly 12 hours later with an attachment containing a marketing PDF along with further contact information for there head of accounts.
This led to an exchange of emails:
Like you can see above. Tony also sent some video's of there potential operation:
Finally, Tony also referenced / sent a potential organizational chart which you can see below:
30 days in the hole ↑
Roughly one month, or 30 days in bringing my mining contract to an end. Like noted before withdrawals are handled with a web form that most likely just goes to someones email. I filled out my details and then waited.
Roughly 48 hours later, i was contacted by Bitcoin Trading World and informed that withdrawals where on hold to see our sales contact for information. My sales contact was the friend that started all of this, and his contact was Tony Rivas so we contacted him.
The scam ↑
Tony informed a group of users over Skype who also wanted to withdrawal money that Bitcoin Trading World was in the process of purchasing competing mining platforms. They apologized and asked that they be given 30 additional days to incorporate the mining hardware from the competing platforms before honoring payouts. Bitcoin Trading World also offered to extend each users mining program an additional 30 days.
This raised a few red flags not just for myself, but others as well. This more or less meant they were lying, or used funds owed to us users to purchase other companies without our consent. Granted we are not talking about any laws preventing this. But in my opinion its just stupid if your trying to run a legit business.
The next 18 days passed and Bitcoin Trading World started showing this message on there site:
Dear Valued Clients, The aftermath of the Mangkhut Typhoon in Hong Kong and in Guangdong province in China is becoming more devastating each hour. Bitcoin Trading World is doing everything in its’ power to assess the damage and help everyone in need. Please send your donations to help the victims of the Typhoon to this BTC wallet address: 1LW9uzuEepmWWaS5RqSeyXgsbYzprC4Do Any help would be welcome and could make the difference. Sincerely yours, BItcoin Trading World Team
Once my mining contract reached it's next 30 day mark (now 60 days overall) i put in for another withdrawal. Roughly 12 hours later i received a call explaining that withdrawals where still disabled for bitcoin and would be enabled at a future unknown date. However, if i wanted they would be happy to payout in full in B2G. This naturally angered many.
Not many wanting to be paid out in B2G, and no payouts being made in BTC (or other currencies). Bitcoin Trading World seemed to cut a deal with Visa to start offering debt cards which would draw of the balance in users mining accounts.
Dear Valued Clients, Bitcoin Trading World is proud to announce that we have signed a contract with VISA in order to issue BTW Visa Cards you can use to withdraw funds from your account at any ATM. If you haven't already received instructions on how to apply for your BTW Visa Card please send an email to [email protected] or contact your account manager. Kind Regards, BTW Team
I didn't buy into this program, however, the ones in the previous mentioned group that i had knowledge of that did. None that i am aware of got there cards, ever after paying a deposit fee.
Restructuring ploy ↑
DRAGON MINING: CORPORATE REORGANIZATION For the past few months, we have closely worked with the Dragon Group to finalise the acquisition of Dragon Mining. Swift and effective corporate reorganization from the bottom-up was a big undertaking, we have had to evaluate existing company policies, streamline operations, and downsize workforce in a span of 3 months. We have put in place new goals, strategies and mission-vision to re-brand and re-establish Dragon Mining, to have a sound corporate culture for all its stakeholders. Today, we are announcing a realignment of Dragon Mining. Where the Dragon Group has failed its employees, customers and shareholders to provide a sustainable and healthy corporate culture, we will ensure our new future to be steady and unfailing. We will continue to innovate with greater speed, efficiency and capability in a fast changing industry. This re-alignment will secure Dragon Mining’s role in shaping the crypto world and reshape how we interact with our customers, engineers and innovation partners, delivering a more coherent message and top of the line products to our customers. First and foremost, we have to address the existing problems the old management has left for us to discuss with its existing clients. The accredited Dragon Programs. Initially, we thought reorganization was mainly focused on internal problems Dragon Mining is facing. We tried to reach out to these companies but unsuccessfully negotiating a deal which would make them liable to each of their investors. We will not shy away from the concerns of the company’s existing clients which have now been associated with Dragon Mining, we are opening channels to revive customer relationship and putting forth clear ways on how each client can claim its lost profits from the defaulted Dragon Programs. Terms and Conditions. Prior to signing the Corporate Agreement of the mentioned Dragon Programs, a General Insurance provision was provided in the Terms and Conditions: therein: SCOPE OF THE INSURANCE PAYMENT 3.1 The insurer will provide the insurance payment in the following scope: a) monetary compensation of the material damage or of the unrealised gain of its customers; b) compensation of the financial loss which arose directly from the material loss or corporate misconduct and non-compliance to the terms set in the Agreement. c) compensation of the cost of legal representation occurred by the aggrieved party in connection with legal proceedings according to the above paragraphs and costs which the insured is obliged to pay to the aggrieved party; d) other costs which arose in connection with the insured event; nevertheless insurance payment for these costs will not be made unless the insurer approved their spending in advance and in writing. It took sometime for the claims to be finalised with the Insurer but new management had this approved in court and in claims with the Insurer despite these companies deliberately not responding to Dragon Mining nor physically appearing in these proceedings. Therefore, Dragon Mining claimed the Insurance in the form of monetary compensation for these respective companies misconduct and non-compliance in the Corporate Agreement. Why are we taking sole responsibility for this? We believe Dragon Mining is able to help these individuals recoup its losses through Insurance. We are still finalising the integrated strategy on how we are to allocate the Insurance claims for all the clients. We are committed to earn back the trust and continue to communicate with our clients for clarity, integrity and due process. We will not require investors to pay Dragon Mining any form of compensation including fiat currency, Bitcoin or other crypto currency coins. Bitcoiin Second Generation (B2G) will remain to be the signature mineable coin for Dragon Mining. Our plan is to utilise this as the main settlement coin for the insurance claims. At this point, our goal is clear and our plan is simple: to be able to help as many clients of the Dragon Programs as much as possible and to create an appreciation in the value of B2G. We are currently collecting all material information of the respective clients for each platform then we will release specific instructions on how we can all benefit in the process. Claiming of insurance is still in process and we urge everyone to sign-up on DragonInsurance. The Insurance Team is spearheaded by Claire Fisher who will drive this initiative including the integrated strategy and its execution. Our marketing, advertising and all our customer interaction will be designed to help all clients and transfer the claims solely to Dragon Mining. Second, for our main Dragon Mining clients, all machine purchases will be honored. The transition to new management has halted the company’s operations but the equipment are now being assessed for quality assurance and to be dispatched in the coming weeks. As we make technological progress we need to ensure that we are doing so responsibly. Lastly, we are pleased to introduce a newly launched state-of-the-art product of Dragon Mining, the Dragon Miner, with a maximum hash rate of 300 MegaHash. The fastest and most profitable ASIC-based EtHash mining equipment that will enable you to mine and earn like a professional crypto miner. All serious miners can contact us for more information on our new product. As we initially mentioned, the corporate organisation continues to be a big undertaking for all stakeholders. We are now opening our doors so we can all work towards of helping each other in a time of change and development. To truly get the best impact from our efforts, let us communication, synergize and support Dragon Mining, its new management and its future.
Insurance scam ↑
If you recall from the beginning of this article Dragon Mining Tech offers an insurance program. This program was designed to "help" users who do not receive payouts from one of there partner sites. If i had to try and stick withe fishing analogies from before. I would say this is the equivalent of fishing with a net to gather spawning fish on a full moon night.
Being it didn't cost anything (yet) I applied for this program as many others did once it was clear Bitcoin Trading World was not going to pay out.
I provided my silent phone number and got a call back from someone claiming to be James. The quality of the call was terrible. James explained that they "had seized" access to various platforms that did not pay out to users. Because of this they were able to verify accounts and balances with this information.
James also wanted me to verify that i wanted to join the program and that they would contact with further details if said yes. Since this was still not costing any money yet, i said yes.
After sending my information in it was confirmed:
There be an oasis ahead ↑
Roughly 1 week after the call with James. Lisa contacted me with the details for joining the insurance program. You can read them below however take note of requirement #1.
Dear Mr.Meadows, We would like to inform you that we have received your claim and we can confirm that you account balance on Bitcoin Trading World was $17,317.00 . Attached is the Insurance Offer that needs to be signed and sent back to us. We have listed the steps in the form that need to be performed. Here are the simplified steps that need to be followed and completed : 1. Please purchase the crypto currency B2G in the value of 2.5% of your insurance claim, this will represent your participation fee (only new purchases of B2G will be honored, a screenshot and proof of current purchase will be requested). 2. You have the option of 7 independent exchanges that are listed in the PDF Insurance Claim. 3. You can purchase at 6 exchanges that do not have an ESCROW account and forward the B2G to Oasispro.pro which is where the ESCROW account will be held at. Or alternatively you can purchase the B2G at Oasispro.pro and hold at ESCROW at Oasispro.pro. 4. Once you have received your ESCROW account details, kindly fill out the PDF insurance form by placing your details including your ESCROW account number. 5. Once we receive your Insurance form with your ESCROW account details we will create an account for you at Dragonmining.tech where your account balance will be placed and where you can follow you daily Insurance payouts which will be sent directly to your nominated BTC wallet. Should you require any further information kindly feel free to email me back at any time, or should you like to receive a call to explain the process kindly email me back with the request. Best Regards, Lisa Young Dragon Mining
This was as far as i was willing to go to expose more information. I had honestly spent enough digging into this. There should be more than enough found here to raise red flags for future investors.
DO NOT TRUST DRAGON MINING!
Bitcoiin (B2G), Dragon Mining, Dragon Mining Tech, Dragon Mining Insurance, Dragon Mining Group, Bitcoin Trading World, Btc Mining Factory, Crypto Mining Space, Start Options, and Btc Trader Online are all a part of a complex scam designed to defraud investors.
dragonmining.tech dragonmining.pr.co bitcoiin.com bitcointradingworld.com btcminingfactory.com cryptominingspace.com startoptions.com btctraderonline.com
This message was brought to you by $1,160 in personal losses combined with millions in losses from other investors in the group that joined during the Skype call. It may go without saying however. Choose to invest at your own risk.