GAW Miners’ Scheme is Finally Revealed

16

GAW Miners, GAW Labs, related companies, and Josh Garza are a recurring theme here.  The company, GAW Miners, started as a hardware reseller, focused on Scrypt mining, but eventually expanding to SHA256 and Bitcoin. After that, the company seemed to go off the tracks when it launched it’s cloud-mining “Hashlet”. Since that time, we have been watching a slow-motion train wreck that has destroyed the wealth of a large portion of its investors.  A few weeks ago I wrote an article about the SEC inquiry into GAW and Josh Garza, that was launched to investigate the companies, as well as a lot of other information that had been uncovered by the community or leaked by insiders.

Following that, I put out an open invitation for the community to send me questions for Mr. Garza, and GAW.  Josh had assured me that any questions would be answered, and so I thought it would be best to allow the community to decide what should be answered.  I allowed that to continue for a few weeks, compiled a list of the most legitimate, straightforward questions I could, and sent those to Josh on February 22, 2015.  It was around that time that I started to work on this, as some of the revelations in this article were starting to be revealed.  As of today, I have not received a response.  Of course, due to what is now known, it is unlikely to matter.

Over the past week or two, the events surrounding GAW have reached the point of ridiculous.  From the end of the Hashlets, which were sold as “guaranteed” to be profitable and permanent, to DKIM-signed emails, showing it’s CEO knowingly misleading investors, and finally Mastercard’s denial of a partnership, which was reported by Coin Fire…the end of this entire episode seems to be coming quickly.

GAW Miners’ “Guaranteed Profitable” Hashlets Are Being Discontinued

When GAW Miners first released their Hashlets, they were met with mixed reviews.  The payouts from the virtual cloud-miners were quite good, beating nearly all other Bitcoin mining or Scrypt mining investments,  but the company would not actually provide proof that it had the mining power it had sold.  Realistically, Hashlets seemed to be more of a mining derivative than actual mining power.  However, when I interviewed Josh Garza a few months ago, I asked him, directly,”How can you guarantee that Hashlets will be profitable?”  His response was long-winded, but mentioned:

as time goes on, we have built plans to continue to decrease the price of our maintenance fees.

as well as

we have known, through a number of things, such as reducing maintenance, covering maintenance, rewarding them something within the system, as well as being able to use the marketplace to exchange them, we can say that you will be able to be generating a profit, and making money. Now, again, thats where there is a notion of clarity…outside of this industry, making money doesn’t mean in 2 months. If you ROI on a normal investment, it is going to take you, with a really good investment, 5 – 10 years. When you talk to a miner that is an outrageous number to them.

When I asked for clarity about the long-term profitability of Hashlets, he made this comment about the long-term value of their customers:

They are not worth a negative number, even if you have to step in and offset, they are worth a lot. If you do right by them, you will have them for a long time. That is valuable.

His statements seemed to indicate a plan for continuing profitability for Hashlets, even if GAW had to pay out of pocket to support them.  In fact, from the time Hashlets were announced, it was pretty clear that the only way for GAW Miners to truly maintain their promise of “profitability” would be exactly this.  Eventually, if the mining power was backed by real hardware, the maintenance costs would become more than the payout (when factoring in the initial costs and any costs to upgrade hardware), and GAW would have to cover the difference.

That seems to have been thrown out the window with the “Hashlet End of Life Announcement”.  Instead, customers are being offered a few options:

1.  There will be a period of time where there will be a conversion opportunity. This will allow Hashlets to be converted to HashStakers with the goal of continued profitability. As is widely known, HashStakers are time based, so notification will be provided on how long the HashStaker program will last before it expires, before the conversion takes place.

2.  A HashStaker Marketplace will be created where HashStakers may be bought or sold.

3.  GAW Miners is forming a partnership with a new, next generation and cutting edge cloud-mining platform. Should a decision be made to leave a Hashlet in its current form, it will be automatically converted to a voucher, equal to customers’ original purchase price that will be redeemable in the new platform.

With the exception of #3, which suggests some unknown, currently non-existant mining platform, the other 2 options fall short of the promise of a forever profitable miner.  HashStakers are limited-term, so even if they are not sold, they will expire.  The third option itself is ridiculous, as GAW’s “ZenPool” and “ZenCloud” already provide a cloud-mining platform.  It makes no sense that a new platform would somehow make Hashlets profitable again, nor would it make sense for it to somehow be feasible to give customers credit for the original cost of their Hashlets to put toward another miner, but not be possible to just keep the Hashlets running right now.

Proof of Fraud:  DKIM-Signed Emails From GAW’s Josh Garza

First of all, let me state that these emails were posted on Pastebin by an anonymous Bitcointalk user named gawneedstobestopped.  Normally I would ignore an anonymous accusation like this…but the evidence speaks for itself.  The source means nothing in this case, as these are DKIM-Signed emails.

Second, I do not use the term “Fraud” loosely.  In previous articles related to GAW, I have tried to avoid judgement, as there has not been any concrete evidence of wrongdoing.  That is no longer true.  The emails that have been released show a blatant disregard for investors, as well as the encouragement of the digital currency equivalent of “insider trading”.  The legal definition of “fraud” is often hard to define, but the Modern Federal Jury Instructions, Instruction 57-15, which explains how judges should instruct a jury in a securities fraud case, describes fraud as,”a general term which embraces all ingenious efforts and means that individuals devise to take advantage of others.”  That is the definition I am using for this article, and is the only term that adequately describes what has happened here.

The Significance of DKIM-Signature in Relation to GAW and Josh Garza

I was stunned to see these DKIM-Signed emails appear on Bitcointalk.  DKIM means that the email was “signed” in a way that cryptographically proves that it was sent from a specific domain.  Not only that, it can be used to verify that the message has not been altered in any way, as one would need the private key to do so.

So, when the header of an email includes something like this:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=geniusesatwork.com; s=gaw;
h=mime-version:sender:in-reply-to:references:date:message-id:subject
:from:to:content-type;
bh=+35F7/1ZJ+xD3/l9Tpd3C7rX2tICIAA5hTheyjeVtBw=;
b=H+rjHPM6OiJ7MEBdjg1yRwM3IouJGcs6OYue5I+YYFVhuhF4L4AsoS0LuMRFuFxYvD
NYsAVQx9Q1EelmiIO5GR0DqgW129NnsKzQ+i2f0z6gwVEaxqwIaX8VV6mh21WYG3GyBQ
utTasyVLHL6cYOvESeKSuXVII8VbGogHp2l4s=

This is showing that the rsa-sha256 signing algorithm was used to sign this email, can be used to prove that it has not been tampered with, and comes from geniusesatwork.com (or not).  This can be verified by downloading the email content as text, or copying the raw text, and sending it through a DKIM validation tool.  Furthermore, I have actually received an email from [email protected] in the past, which also used the same domain (d=geniusesatwork.com) and selector (s=gaw).  This combination refers to a specific private / public keypair, with the public key being displayed via a DNS txt record: gaw._domainkey.geniusesatwork.com

When an email containing a DKIM signature is copied to the DKIM validation tool referenced above, it will output something similar to the following image.

DKIM Verification Showing Geniusesatwork.com

Josh Garza’s Brother, Carlos, Involved with Selling Paycoin and GAW Packages

Unfortunately, the two emails from November do not include a DKIM signature, though all of the other emails do.  I checked with my own emails from GAW, and they did not start including DKIM signatures until December, so this fits.  Still, I will note the two emails that are lacking DKIM, as those cannot be conclusively verified as originating from Geniusesatwork.com, BTC.com, or any other domain.

The first of the emails involve Josh Garza, his brother, and investors.  As far back as November of 2014, there are emails showing that Carlos Garza was involved with setting up sales, and collecting payment, for GAW.

The emails below illustrate this:

(The first email is from November, and does not include a DKIM signature)

(The second email is from December, and does include a DKIM signature)

The investors listed here were buying into GAW’s plan with anywhere between tens of thousands, to millions, of dollars.  Rishab Jain alone seems to have dropped over $2 million into purchasing Zen Hashlets, to convert to Hashstakers, with a promise to make a total investment of $7 million.  That makes him the largest of these investors by far…which is also part of the reason that some of the later emails are so horrible.

In particular, a few lines in the 2nd email really stick out.  First, Josh claims to Rishab that GAW has closed a deal with Paypal:

The paypal deal is done (been done for almost two weeks), our marketing team wanted to wait so we  could get more pr out of it.

Now, you may be wondering, “What deal with Paypal?”  Well, it seems that this is what Josh told this investor:

the partnership will start with all paypal merchants accepting paycoin. We have not decided if we will use their user to user transfers. As that’s what paybase is for. But we will integrate with all their merchants. So anyone that takes paypal can take paycoin.

That is an incredible claim…and I can see how an investor would get excited about that.  Paypal integration certainly would have made this entire story a very different one…but, obviously Paycoin is not accepted by all merchants that accept Paypal.  Beyond that, Josh claims that Cantor Fitzgerald, a multi-billion dollar investment bank, valuated Paycoin at $60 per coin:

Cantor is projecting PC to be hovering around $60 in June.  All the normal stuff would apply, NDAs, first right of refusal on new deals, best nations, etc. Let me know if there is interest. Not I mentioned, I am cutting from my allocation, so no worries :)

Now, this cannot be 100% refuted, as Cantor has not publicly mentioned Paycoin in any way.  Cantor”s vice chairman certainly is, or was, an investor in GAW Labs and Great Auk Wireless, but there has been no confirmation that he is aware of what Josh, and GAW, are doing right now.

That said, it is highly unlikely that Cantor Fitzgerald would even bother to project the value of a new digital currency.  What basis would they use to find a valuation of $60?  How would they justify that?  The only way that would make any sense at all would be if Paypal and GAW truly were partnering together…but there is no evidence to suggest that is true, or was ever even being considered by Paypal in any way.

Josh Blatantly Mislead GAW’s Community to “Move the Market”

Getting deeper into the deliberate misleading of investors, we find this shining example:


It is quite blatant what is meant when Josh mentions:

I will get everyone to believe we are moving the price, so they move it for us muhaaaaaaaaaa

After Paycoin was released, there were multiple occasions that Josh mentioned he was “moving the market” or “moving the price”, yet in many cases it seemed as if that wasn’t true.  Generally, the announcements about moving the market would be followed by a slight rise in price, followed by a sharp decrease as people took advantage of the movement.  With this email, the suspicion that he was not actually trying to move the market, but instead relying on the community to do it for him, is confirmed.  This kind of market manipulation is completely inappropriate, and often resulted in a large losses for individuals that traded on the announcements.

Turning on GAW’s Largest Known Investor

Rishab, as stated before, is GAW’s largest known investor.  His initial involvement seems to stem from an off-the-books, “Nothing in writing” deal for $750,000:

(Email from November.  No DKIM signature)

After that, there was the $2 million mentioned in an earlier section, but that was not the end of Rishab’s investing in GAW.  After the $2 million from early December, it seems he was pulled even deeper toward the end of the year:

Reading through this email, it seems that Rishab ended up promising another $2 million for “Primes”.  Why would he do this?  Well, this followed a conversation in which Joshed stated he was “moving the market” on the same day that he sent the email to other members of GAW, laughing about false claims regarding moving the price, so others would do it for him.  Not only that, Josh once again invoked Cantor Fitzgerald for legitimacy, stating:

Cantor is helping launch the first public exchange for crypto! And they are going to use *both* BTC and XPY for the base currencies to do trading!!!!!! I about passed out when I heard, as I knew they were doing it, but I did not know they would use XPY as the base currency. I just thought we would be listed.

I can not imagine what it will do to XPY.

Please, again, keep this between us. Even my brother can not know. I have to let him know that I do not think cantor is going to allow us to sell anymore coins, controllers, or even wallets. My partner Stuart says that Howard (Chairman) is being told by his guys that XPY is going to raise in value to match BTC.

Of course, this exchange has not materialized, or even been mentioned by Cantor.  Furthermore, I cannot see an financial institution launching an exchange and using a currency such as Paycoin.  While I do think that Paycoin hit on a few ideas that would appeal to the banking sector, it is far from actually providing a solid platform for them.  A more established digital currency, such as Bitcoin, or their own, new digital currency, rather than one with such a tarnished reputation, would make much more sense.

Unfortunately, Mr. Jain seems to have taken the bait.

However, even if he was being misled, one would think that Josh would have the decency to care, in some way, about the guy.  Even reading through all of this, you could even walk away with the impression that something may have just fallen through with the Paypal deal, and Josh misunderstood something related to Cantor.  That wouldn’t explain the market manipulation, but it would at least be less horrible.  Sadly, an email sent around a week after the previous communication between Josh and Rishab shows exactly how Josh views Rishab:

Also, do not bring this up to Rishab. If you got him in the ropes, the last thing you want to do is change things

Read that line carefully.  After taking Rishab’s money, Josh has went to his brother to bring in his “boys” for a special deal on purchasing paycoins, to try to counteract the downward pressure from people selling them on the market.  Rishab, on the other hand, is now excluded from this for some reason.  It is unknown if there is a piece of the puzzle missing here, to give context to this sudden change, but obviously Rishab felt it.  Only two days later, he reached out to Josh with his concerns:


Now, here it seems as ifRishab is trying to play it cool, and still reinforce that he supports Josh, while mentioning that partners were starting to worry.  Josh’s response is aggressive and condescending, and mentions a surprising “fact”:

I have DOZENS of guys that have invested many times over what you guys have, and not a single one has sent an email like this. Most of them are trying to buy up more.

I have no idea if there are investors in GAW/Paycoin that are not mentioned in these emails, but it seems very unlikely that there are dozens of people with more than $4 Million+ invested.  If that were true, the $20 floor that GAW promised would have been achieved.  It would have simply been a manner of setting up an extremely large buy wall at $20, and allowing all those that wanted to liquidate dump their coins into the wall.  With the number of Paycoins that are “in the wild”, rather than in a Prime Controller wallet or already owned by GAW, being so low, the $52 million+ that would have resulted from even a single dozen investors larger than Rishab, along with Rishab himself, would be enough to buy every single remaining Paycoin at $20.  With “dozens”, which suggest 24+ investors with more invested than Mr. Jain, this would have been trivial.

Honestly, it is hard to not feel sorry for Mr. Jain at this point.  Paycoin’s current price is $0.88, meaning that he has likely lost millions, unless he has managed to buy and sell it extremely well.  Regardless, it seems that he did not give up, and even had ideas about how he could help get Paycoin going:

(This email’s raw text is formatted incorrectly, and thus the DKIM signature cannot be verified.  I’ve been trying to remove the extra spaces, to get it to it’s original state, but cannot seem to get it exactly right.  Either way, there is nothing that seems incriminating or wrong in this one.  Still, if anyone can fix the formatting, and get this one to verify correctly, please contact us)


At least the work he is suggesting sounds like legitimate promotion, and it is hard to fault him for wanting to make the coin a success.  The only way out of this hole is to increase the value of Paycoin, but considering that email was from early January, it seems like that may be a lost cause.

Either way, hopefully he has read these emails already, or reads them here.  It may help to explain what happened with Josh, GAW, and Paycoin a bit.

GAW’s Partnership with Mastercard

Last Wednesday, February 25, 2015, Coin Fire posted an article in response to GAW’s recent announcement claiming a partnership between Mastercard and Paycoin.  According to Coin Fire, two members of their team contacted Mastercard, to inquire about the partnership, and received this response from Seth Eisen of MasterCard’s Corporate and Public Affairs Communications department:

I want to clarify that MasterCard does not have a relationship with PayBase/PayCoin.

This is not surprising, considering the number previous “partnerships” that have failed to materialize.  Still, as this is the most recent development, it deserves to be mentioned.

I’m not really sure what else to add to this, so I will leave it at that.  Feel free to draw your own conclusions, and share your thoughts on what has happened.  I know many other things have happened since my older, more comprehensive article about GAW, and I will likely update it in the near future.  However, I am more concerned about the emails than anything else.  Those should be highlighted, for everyone involved with GAW to read, as the worst of them can be proven to originate from btc.com or geniusesatwork.com…and both domains are owned by Josh Garza.

shadow-ornament

All of the emails that were used in this article can be accessed on pastebin from the links below.

http://pastebin.com/XfFy1dfU

http://pastebin.com/2RHUSj8C

http://pastebin.com/utQzx8jP

http://pastebin.com/2hPQfx2Z

http://pastebin.com/RuK4AVhc

http://pastebin.com/PgdWNhae

http://pastebin.com/QsNnQwmp

http://pastebin.com/HnQfMMp1

Additionally, other emails may be found by looking through the post history of gawneedstobestopped on Bitcointalk.

People have been reaching out to me since the last article I posted about GAW, asking for updates, sending me information, or just commenting on the situation.  I apologize if you contacted me and I did not respond.  I have spent quite some time going over the information available, trying to see if I was missing anything, or misinterpreting what I was reading.  Unfortunately, beyond what is stated above, I can find no other logical conclusion.

Find the best exchange to buy Bitcoins


Coinbrief

Coin Brief is an open source website for digital news. It provides cryptocurrency tools, mining calculators, tutorials, and more. It was acquired by 99Bitcoins on September 2015.

16 Comments

  1. ScammedbyGawsStillindebt on

    Hey, I’ve been trying to find out about the lawsuit against gaws by the customers. But there seems to be nothing new other than an email stating all members must pay .3 bitcoin (by yesterday) sent from [email protected] (the header looks really legit) But isn’t paycoin.com owned by GAW Miners? Secondly if anyone knows anything about the lawsuit, if it was even legit or not… Or knows of an attorney that is willing to take them on. I do have all the receipts from my purchases from their store. I also have saved all the help tickets I had to create as a member; unfortunately I do not have receipts for all the miners I purchased through there ZENCLOUD. However I had 50+ stakers all over which were full when they closed down shop and locked my out of my account. I had to purchase many of those paycoin at $12 -$20 each through exchanges in hopes that I would actually earn some extra money. I did not get the opputunity to sell any back like they promised. I did not get the opputunity to spend a single one; being a single mother of a special needs child… I’m just disgusted with all of this; one huge lesson learned I guess.

  2. I just received this also, how secure do you think your invest with GAW is?

    Hello nssminer,

    Please see the statement below as to why your withdrawal has not been working:

    We want to apologize in not providing more information sooner…but we know you’ll understand why. We believe it was in the best interest of our community and know that you will share in that sentiment.
    On Friday, February 27, we learned about a coordinated and very sophisticated effort to exploit the databases for PayBase and ZenCloud. As soon as we discovered this, we felt it imperative to shut down the wallet withdrawal service, in the best interest of our customers and community. We’re sorry for any inconvenience this may have caused.
    We felt it was important to provide general, non-specific communications as to the identity of the hackers / violators our networks, since they did not know we had discovered what they were doing. This, we felt, was precautionary and again, in your best interest.
    While this was happening, we had all hands on deck verifying every database and ensuring there were no other holes or doors they could use. Verification of all databases is in the final stages and we expect to be online later this week, if not sooner.
    We also wanted to point out that our existing precautionary measures such as “Pending Withdrawal” function worked as it should, giving us the ability to verify withdrawal transactions. This layer of security made it possible to protect all property, funds and PayCoins.

    https://hashtalk.org/topic/32776/paybase-service-update-2-27-2015-update

    We apologize for the inconvenience and we will get these online as soon as possible.

    Thank you for your patience and understanding.

    Luke

  3. What BS these emails are weeks old and now GAW is just noticing a breach…!

    If this was the case, the first and only response from GAW concerning the article should have been:

    “These emails are fake, we noticed a breach a few weeks back and our security team has been looking into this matter to ensure the integrity of our companies mail servers….”

    So should GAW be thanking Coin Brief for exposing the breach to them? According to GAW it took the customer to read this article, and contact GAW on March 3, 2015 (read comment above and see https://i.imgur.com/rrjkQC6.png )? Don’t you think it should have been the other way around, GAW contacting the customer to let them know that personal information has been accessed do to a mail server security breach?

    So you think this hacker just hacked Rishab’s and GAW CEO’s accounts? Whom else has had their personal information exposed to these hackers and why does it take weeks after the fact and an email from a customer to figure it out…..Top notch security at GAW!

    Think about that next time you want to buy anything GAW.

  4. I am to the point of not believing anything coming from GAW, Josh seems to lie quite a bit…..This is there response to your article:

    Hackers Breach GAW Miners Email Systems, Create Falsified Exchange

    Official Company Statement

    Contact: John Caceres
    Email: @btc.com”>[email protected]

    Bloomfield, CT – An unauthorized breach of the GAW Miners email system has taken place, as recently made manifest by an unsubstantiated article in an online publication covering cryptocurrency.

    After the publishing of “leaked” emails, the company was contacted by a recipient of the falsified emails, indicating they had no record of the email exchanges made public, as evidenced by the following:

    Rishab.jpg

    The company has been able to confirm that the genuine sender did not write the contents of these emails.

    While the exact method used to gain access is still to be determined, the breach provided access to the confidential email accounts of numerous GAW staff members enabling the ability to send and receive falsified emails from the accounts the violators successfully infiltrated.

    The timeline of the breach is still being determined. Due to the sophisticated nature of the breach, unauthorized access continued for a period of time without being detected.

    Company officials are still investigating and determining the extent of the breach. Customer funds and account information have not be compromised. The owners of the addresses that were compromised and made public have been contacted.

    As a precautionary measure, the account(s) affected have been suspended until a full investigation can be completed. The Company is in the process of engaging the services of a security expert to determine the exact method that was used to gain access and to help in identifying and bringing to justice those behind the unauthorized access of private and confidential company emails.

  5. I always knew that guy was a slimy douche bag. I was lucky to get out when I did, but some of my friends took a nasty hit.

Leave A Reply