Bitcoin Forum

Logged into my account today and found the payout address changed and payout threshold changed to 1.  LTC from my account are gone - thankfully they only got about 17 LTC.

I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while.  Not sure if it's related, but I was also getting close to 10% on some of my rigs.  (one was 30%).  Either way, I've switched pools now and am getting less than 1% rejects now.

Anyone else get hacked?  My account credentials couldn't be guessed.  Either I have a keylogger on my system or Coinotron's database got hacked.

If it was coinotron, we probably would have already heard about it by now.  Some big hashing dudes mine there.  I would take immediate steps to secure any coins that you have in wallets on that machine. 

Can you post the address that the 17 LTC were sent to?

You may want to put a ? after your title.

I checked all my accounts and balances.
I am happy to report -- everything is right where it should be.

Looks like it's just me then which is good.  I'm assuming then that my system was compromised somehow.  I've run several scans and nothing has been found though.  Wish I knew, but I'll probably be doing a full reformat now if I end up finding nothing.

I did have Java installed so it could have just been an attack using Armitage or CobaltStrike.  Thankfully wallets are all offline.

Same thing happened to me about a month ago on Coinotron. I contacted Coinotron and they found a login from an IP from a different continent I'm in. Make sure you use different passwords (even different user names) on the different sites.

Coinotron db is safe, not compromised. There are no suspicious payouts. So it seeems that it is related only to your account.
Lately there was quite a few attacks on LTC pools, BTC pools. Maybe you used same password in two places?
PM me your username. I checked out user Kryptox, and it doesn't look like it is yours.


 

Realized afterwards it was only 8 LTC that was redirected.  I actually received the previous payout.

Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again.  I can't find any holes in my system.

Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.

Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi

It seems that attacker had your password or simply was really lucky. It took him only 2 attemps to log in as you.

Not sure what tools you are using but the following is what I use to disinfect most computers that come into the office.

ComboFix, TDSS Killer, Malwarebytes Antimalware and ADWCleaner

However think about where else you have signed up with the same credentials as Coinotron, it could be that one of those sites is malicious.

Cheers Bushstar.  I'll check out those tools.  It's hard to find good ones with a light footprint that also provide you with an amount of control as to what is flagged for removal.

Seems that the attacker either brute forced or had my password.  

Lesson learned.