Bitcoin Forum

Hi to all,

I am posting this hoping to see if anyone has had any luck getting anything resolved with these people. I opened an account on 4/16 and funded in via PM in the form on $1065 USD. I then placed a buy order for btc totaling $1050 and leaving $15 in cash. When I checked in the morning to see if my order got filled, I found my order cancelled and my account with a $0 balance. I informed support and they told me a redeem code was issued and the gave me the code. When I attempted to redeem, the code had already been used and not by me. Then gave me the last IP address that accessed my account and one was from the Netherlands and the other from Germany. When I then sent them an email asking how they were going to correct the issue I have not heard anything back since.

Has anyone had any luck?


Mods, I apologize if there is already a thread on the topic, feel free to do with the post as deemed necessary.

Oh dear, sad to hear this.
Your computer is probably/possibly infected.
Get avast + http://www.malwarebytes.org/ and scan.

Note: Always set up strong passwords. (best case: write something huge on a piece of paper and use that).
Hope it gets resolved :)

The funny thing is a have a strong password or at least I thought I did. Just hope I can get this resolved.

Bummer man, hope it gets resolved.

Wishin you well ...

or maybe can use unix or linux family  ;D

looks like I will be setting up one of my spare machines.

don't trust all apps you download on internet (crack version), and keep update your OS

I am good in that sense. I am not in the habit of downloading cracked versions of software.

I know for a window old version, many bugs and very easy to use metasploit for attacking, so my advice is always updating the OS, or maybe you can make a router with firewall (like a IPS / IDS)

I work in the technology field so tend to stay up on the latest versions of software and make it a point to be up to date on the updates. There is another thread on this site related to the same issue I am having but I cannot post there as of yet. So I figured I would start one up in the only place I can vent my frustrations at the moment.

did you enable the "withdraw only with request on email" for your account?

I did not at the time of the incident

what OS are you using?

do you have java installed?

are you using the same username/email/password over and over again?

 

Windows 7 Home Premium SP1

Java is installed - was enabled at the time of the incident it is now disabled and noscript add-on installed

I do not use the same email and password over and over.

Has anyone else here had this happen to them?

Are you special for some reason. OZcoin pool got attacked. That's targeted. Does anyone have physical access to your computer?

First of all, at no point in time did I specify I was special. I am trying to determine if anyone else ( on BTC-e ) has had this happen to them and had it resolved. So I suggest if you have nothing useful to contribute to the topic, you can keep your comments to yourself.

Actually he is usefull. And that's a valid question.

Attacks/hacks are usually targeted and untargeted, as you said you have common security sense, so it may be a targeted attack, then, if it was, the question is why you?

Physically, no one has access to my computer but me. From the little info given to me by support at BTC-e, the 2 IPs that accessed my account, one was from the Netherlands and the other from Germany, I reside in the US.

If you by any chance have enabled firewall logging in ur Windows u can check if these IPs are also logged there.

I will check. I do know that I have logging enabled on my router, will take a look as well. Thanks

one way of making you a potential target is by using the chatbox. have you posted messages on the chatbox ? 

I did not use the chatbox at all. I funded the account on the 4/16 and placed an order to buy. On 4/17 the account was hacked, order was canceled and my code was redeemed for all my funds.

it seems that those who haven't enabled the withdrawal email confirmation are the ones being targeted.
so far i haven't yet read about users, with the security feature enabled, claiming that there was an attempt by someone to withdraw money from their account. I really wonder why i haven't heard any. it's possible that they'll check the security setting first before attempting to withraw.

most of the accounts hacked were new.

no password was strong enough. inside job perhaps? or some unfixed vulnerability.

java was not installed in some of the affected users' computers.

it's not just windows machines that were affected.

withdrawals were initiated from different IP's around the world. TOR? web proxies? VPN?

Did BTC-E advise you they where going to do something about what happened? They should at least try to help you?

That's the funny thing. The first responded to my email say that there was a BTC-e Code. When I attempted to redeem the code, I got an error stating that it had already been redeemed. I let them know and then they sent me an email showing me the last IP's that accessed my account and that was the end of it in regards to any type of communication from their support.

Shouldn't they be able to see who it was that redeemed that code and possible reverse the transaction as it is a fraudulent one?

This is what is so frustrating to me, that I am up in there air as to what they are doing to remedy the situation. Don't know if they are going to do something about it or leave me holding the bag. Their silence is killing me.

Samething happened to me only that i got a notice from gmail saying someone from an Singapore IP got into my account

That is what is eating at me, I have lost so many opportunities to purchase btc because of this. If they are swamped, working on it, whatever. At least keep the customer informed.

Hi
I wanted to deposit some funds on this site but dont they have additional  double protection
like google authenticator in addition to your password for example?

I do not think so

aaarrg that sucks man

Yes this is a flaw imo
Other serious sites (like MtGox)  have google authenticator mobile phone protection

With the e-mail to request withdrawa security feature, does that mean that you have to e-mail support and wait days everyteim you want to withdraw bitcoins?

Also i enabled it, then went back to disable it, but it doesn't show as being enabled?

i think you need to have your email address confirmed first. Btce should send an email to your registered address.

I think it means that when you request a withdrawal it will send you an email and you must confirm it via email

allways 2 factor

Certainly sets off a few warning flags. I'd not keep too much in your account. Although i'd be very surprised if the site enabled notifications allowed script executions but at the same time, it's not intangible.

check your host file, dump your DNS cache (turn off that windows service if it exists)...

Do a full system scan, I suspect you may have a plugin on your browser or root, that is hijacking your page. Eg, you are actually on site A but site A shows site B in an overlay frame, and the "java" or "javascript" or whatever, is not functioning because of that.

They do that to capture your keyboard typing, as you "think" you are entering it into site A, but you are just seeing site A and site B is reading your keystrokes.

Thus, not letting you get inside the actual site.

If you are in REAL deep stuff... try the bleepingcomputer website. They will walk you through a good mbam scan. That finds most things that virus scanners just can't. If nothing still, use microsofts tool for scanning. (That is a "download every time you need to use it" tool.) I forget what it is called, but if something nested itself into a part of windows itself, where mbam can't go, or virus scanners can't go... that will usually get it.

If it happened that fast, I imagine you were infected WAAAY before you visited that site. They watched you create an account, and then waited for your deposit. Purposely canceled it, and got that ticket for the refund, and cashed it out.

Or it is the server itself that has been compromised, which would only affect 'new transactions", such as yours. They need to check the code, php, asp, javascript, etc, for injected code that keeps injecting itself into the server. Usually hidden in cron-jobs, or auto-backups, or auto-updates on the server itself.

In any event, it is THEM who has to do the legal footwork to get the money back for the thieves. It is you who has to do the legal footwork for you, to get it back from them. Hard part will be proof of "them" being the compromised source. (Unless you find others who are having this issue, and your saved scan logs show no related virus results on your PC.)

If they are wise, and I am sure they are... they will bite the loss, repaying you, then try to fight for the hunting of the thief. I am sure they have some form of "allowable losses" to accommodate for that. One would hope, or that is how you loose all your business.

Ah man that's a lot of money not being where it belongs. I do hope you get this dilemma sorted.

Make sure not to click on links people send you or in the trollbox... I had someone message me a link to click on the other day on btc-e, obvious malware is obvious.

I have not clicked on any links in the trollbox. I received some bull$h!t email from support today.

" You should always think about your safety and take steps to avoid data theft. We inform our users about it all. they are responsible for their own accounts."

allways use 2 factor

wow that sucks.