Bitcoin Forum

http://boards.4chan.org/biz/thread/3173675/cryptopia-hacked (http://boards.4chan.org/biz/thread/3173675/cryptopia-hacked)

Same thing hapenned yesterday to me

someone sold everything i had.. under the market price and tried to withdraw the BTC. As I have a BTC withdraw email verification., he could not have taken the btc

It says that your account had a succesful login? This happens to me for a few weeks, luckily I don't have funds there but I still receive email notifications

I think there is something wrong with your account, there is now a lot of phishing and maybe you have been stuck in phishing because just click on the link. My advice immediately change your account password.

Exactly
Best solution is to change your account password with a new, unused and secure password.
By the way, I never had issues with Cryptopia.

It can be happen anytime anywhere in this modern world because there are good and bad men everywhere. so all should secure their account safely that none can stolen account. if it happen password and username should change.

Cryptopia seems good but I would keep my coins/tokens off the exchanges whenever possible.

For real? It's the first time I a heard situation like this in cryptopia. Well, as long as you secured your email even you don't have 2FA enabled in cryptopia, your balance will be safe. As far as I know all users receive email for withdrawal confirmation. Always remember to use different password for every site to lessen the risk. Prioritize the email password as site confirmations are always sent in there.

PS. Your account got hacked but not the whole site.
PPS. Vokain is confirming about this link's post in Cryptopia's ANN thread : https://bitcointalk.org/index.php?topic=1669443.msg21392469#msg21392469

A user being phished (assumption) while not having 2FA enabled does not mean that the exchange was hacked.

BTC withdraw verification via email is not 2FA.

Currently they are facing several issues but they aren't hacked as of now. This is their latest tweet:

Cryptopia Exchange‏ @Cryptopia_NZ  48m48 minutes ago
More
 Aware of current issues with upstream provider and are working to resolve. Thanks for your patience.

This is happening with several other users too and till now I received 4 emails. I withdraw all my funds before the 3rd failed login attempt else my account would be locked and now their support too is not replying. They are facing issues since 2-3 days.

Enable 2FA via email to secure your account else it's possible that the account can be hacked.

all my bitcoins are withdrawn without my confirmation. stood 2FA, but that did not stop them. E-mail confirmation was turned off and all coins were withdrawn. is this a bug of the exchange? And is there any hope that my stolen bitcoins will return me?

I guess you're one of the people with 2FA for the withdrawals but not for log into your account. Which is kind of silly, because in Cryptopia you can transfer coins to another account directly, without email verification. You can even allow withdraw coins to a selected address only

stood 2ph on the input to the output and for translation. So is there a chance that my bitcoins will return? it's not my fault in this

I got the same email, 'failed login attempts'.

Lucky I had no coins there and locked my account.

It appears someone has a list of cryptopia account holders and is trying to brute-force the passwords.

This is the name of the criminal: rhodwaddseabe19
He has an account on cryptopia

I received failed login attempts email from cryptopia two days ago luckily I don't have any balance there so I locked my account

The moment I read this, I rushed to my Cryptopia account and fortunately everything was fine.

Maybe there are some "shit" that is happening right now affecting only some number of user. I will still not withdraw my funds here as it was not that decent amount and will continue to do trades here. Security will be depend on a user and the only thing we can be compromised is if the Cryptopia itself will turned into a shit.

Seems like a lot of users on cryptopia trollbox is complaining about the same issue so this isn't an isolated issue.

I wonder if this is related to the recent email hack that resulted in 100 million+ email addresses as well as some passwords being hacked. It could be possible, but then it could be just some phishing attack that got around recently.

The 4chan user had emails sent to him about login failures, which means that they may not know the actual password of the account. But somehow, he broke into your account which is even weirder. Contact cryptopia support to see what they can do for you.

I have had similar issue last week, when suddenly I have an avatar on my profile that I have never set it before. Luckily I didn't have btc there , have few bsd only and few thousand rbx. I never complaing or send message to support regarding this before.

Hi,

the same happened to me.
Over 800 Million Dimecoins have been sold into LTC and then transferred on 1/09/2017 7:14:00 PM to users vowowopesa and zahitoja !!!
Got only 1 email on that day: Cryptopia Failed Login Attempt: A failed logon attempt was detected from the following IP address: 77.31.61.140
Your account has 1 failed login attempts. Your account will be locked in 2 more failed login attempts.

Only 1 failed attempt and the attacker got into my account. My password was secure and unique. I bet there is/was a security issue on cryptopia website.
Did now change password.

best regards,
peme

I had used strong password so after lots of failed login attempts my cryptopia account got locked. I think someone managed to steal all users data from cryptopia database but as all password are hashed there, only the one who are using weak password got hacked.

Always use really strong and unique password in important online accounts like in wallets and exchange platforms.

I will not use cryptopia account now after and I didn't have any funds there at the time of failed login attempts.

I do agree we must not drag the name of a company or any other service provider because we got careless and fell for a phishing scheme, we are lible for our own actions and seeing more user accounts being compromised almost everyday should be a learning point for everyone and we should add extra security to our accounts to avoid losing money or personal data leaks

Well has it been confirmed  this originated from a phishing attack?
Any news on the issue yet, has cryptopia responded?

 Same happen with me ,i lucky because i used login confirm by 2fa  email ,so hacker never login successful to access my account ,i don't know why hacker have my password, i see so many people like me ,they  complain crytopia, i think reason a system security of crytopia have problem.

This isn't a phishing attack, there is something very wrong with Cryptopia.

I've only logged into that account maybe 2x in my life. I barely use cryptopia, and I surely haven't attempted to login to any phishing sites recently.


Now, even after I told them to LOCK my account, I am STILL getting the emails saying someone attempted to login to the account, lmfao!

This is definitely a cryptopia problem.

They wanted also to hack my account. Got a notification and I blocked my account. Will wait with unblocking until it is cleared out, what happened.

Same thing happened, someone tried to login but couldn't.

Same thing happened to me. I locked my account...now how the fuck do I unlock it?

A failed logon attempt was detected from the following IP address: 133.137.144.192

Your account has 1 failed login attempts. Your account will be locked in 2 more failed login attempts.
 
FAILED Logon Attempt from Unknown IP address

2nd Attempt

A failed logon attempt was detected from the following IP address: 89.229.219.191

Your account has 1 failed login attempts. Your account will be locked in 2 more failed login attempts.

Contact their support and when they unlock your account, they'll inform you via email. Since many users have either got their account locked automatically after 3 failed logins or they have themselves locked their account, the support is responding slowly to such cases. You can try reaching them on twitter too if they don't respond. Even my account is locked but they have not yet responded to my support ticket.

I'm quite certain they were hacked as well.

The good thing is now we have to enter code they sent to our email to verify everytime we want to log in.

They already had 2fa right? Or did they just recently add 2fa through e-mail?

Yes. I think they just added it. Today is the first time I receive code through email.

Was able to log in fine until this afternoon .Only had twofactor set up for withdraws now i'm needing to add code to log in to account but have not recived any code by email   to log in .WTF is going on

Did you already look to spam folder?

No, they always had 2FA via email but earlier it had to be activated by the user while now everyone has to add the code to access their account. This is what Liqui also did after they had issues with their server.

If you are using a second device for that email, like your smartphone, than counting as 2FA.
A banking app on same desktop for TAN verifications, that surely isn't second factor but a local bank in my area told me it's OKAY. I answered THANKS.

No no never both communication channels over one single device, that's my understanding. Two independant devices, that never get connected. Email on smart phone can be done in a safe way.

Same thing happened to me.. Lost more that 400$ six days ago. Of course cryptopia would refuse any compramisation has occured.. This would cripple them and tear them apart.

One of my friend (known from bitcoinralk)also lost his bitcoin from cryptopia. but how its possible!!? every time when i tried to log into my cryptopia account it asked me a code that come into my email.after interning the code there i can access my cryptopia account.so is it possible to hack my account?
I am also thinking about 2FA , I would set it asap.

I think this is recently added.. or you had 2FA via email.. It never asked me to check my email to log into.. This is possible if a database leak has occured, which is the most likely scenario, even though they will try to deny it.

Well obviously something is up, why else would they change default settings to 2fa just around the time multiple people report
login attempts or stolen funds.

If true, it's kinda irresponsible for them to not notify anyone to at least change passwords.

Indeed, such an anouncement could cause panik withdrawals, similar in effect to a bankrun. Any tradeside that cannot pay back deposits in a timely manner will have to sweat out over each and every breach in security.

I had been sweating when a BTC withdrawal took like 15 hours, and they are paying network average fees so no fault on their side.

I dunno how I missed this thread for so long, but let me state immediately and categorically that no data breach of any kind has happened at Cryptopia. Our support team has been bogged down by many situations similar to what was described in this thread, however in the many cases we've had to investigate there were some pretty common themes.

In some situations, an external data breach caused an email box of one of our users to become compromised, which was then used to reset the password of the associated account - in many instances, these accounts had no 2FA, or email 2FA to the email account which had already been owned.
In some situations, an external data breach caused a Cryptopia account to be directly compromised due to a shared login between Cryptopia and where ever the data breach occurred. In some of these instances the accounts received emails from us stating that an unsuccessful login had occurred before the correct username/password combination from the breach was used, and in other instances the correct username/password was submitted on the first attempt and no emails from us were sent.
We had a case where Google Auth was bypassed, however the user was using Google Auth as a Chrome extension and we concluded that the malicious user gained remote access to that persons computer, which included an auto-login session to the email associated with the Cryptopia account, and of course access to the browser for 2FA.
Outside of the above not-Cryptopia problem, no accounts with Google Auth or Cryptopia Auth were breached as part of the phishing attacks and data breaches that are outside of Cryptopia's control.

At the end of the day our user's account can only be as secure as the users set them up to be. We recently went and forced Email 2FA onto every account which had no 2FA, which has reduced this occurring but hasn't stopped it. One of the most heartbreaking things about some of our interactions with users that have been ripped off in this fashion is that they often blame our security rather than reflecting on what happened on their end; the end result being that they don't go and enable 2FA, ensure they have unique passwords everywhere, check for and remove malware, research and apply security best practices, etc, which ultimately leaves them open for a repeat incident.

What we've learned from this is that we need to go away and really look at how to use our site's pages and emails to educate our users and the crypto community around how security actually works. We need to update our 2FA pages to detail the strengths and weaknesses in various types of 2FA so that our users can make better decisions or at least be aware of the risks that they're taking with their choices; we need to update some of our email templates so that it tells you what's going on and provides an explanation of what this means and suggests some actions you may want to take - we discovered that most users didn't know how to react to a 'someone tried to log into you account and failed' email. We want to get to get our support tools, processes and headcount sorted so that we can be the first exchange to offer live chat support and be available to help our users in their moments of panic. The Crytpo community is growing rapidly and a factor of this is that many people that weren't the earliest of adopters aren't aware of the level of security paranoia that is required when you have a bunch of money sitting on accounts/computers that are connected to the internet.

If you go to our website, you will note that we use a different type of SSL cert to most other exchanges; it's not just 'Secure' but 'You're securely connected to Cryptopia Ltd [NZ]'. This is called an EV SSL certificate, which to obtain we have to be thoroughly vetted by Comodo as a real business that exists at a real location in the real world. https://en.wikipedia.org/wiki/Extended_Validation_Certificate This is one of those security features where most users out there don't realize what the significance of a green address bar is compared to a white one. The benefit for us, is simply that it's harder for our users to be phished, because while a phishing site could have a minor change to the domain, they won't be able to replicate our SSL cert - but this only helps users that know what they're looking for.

Anyway, again, Cryptopia wasn't hacked.

Yes - something is up - but not with Cryptopia. Insecure websites like bitcointalk, bitmain, bithumb have all been hacked and disclosed user data. Add to that the adobe hack and several others where email data, passwords and other information was taken.  You can check here if your email has been disclosed in some of the large known hacks  : https://haveibeenpwned.com/ (https://haveibeenpwned.com/)

One of my personal emails features in there 4 times.

WITH THAT INFORMATION if the PASSWORD AND EMAIL of the hacked site is the same as used on Cryptopia then the hacker has access to the account on Cryptopia.

WITH THAT INFORMATION if the PASSWORD AND EMAIL of the hacked site is the same as the users email used for Cryptopia then the hacker has access to the "reset password" feature.

If the hacker simply tries to log into the site then they have access using valid credentials. - so no actual hack occurs on Cryptopia - a email informing of a sucessful logon is sent (if enabled by the user in the user settings) .

If the hacker simply tries to log into the site and the password is different - wrong - an attempted logon email is sent.

If 2FA is enabled the hacker fails -  an attempted logon email is sent.

In other words - if I have your email address then I can try to log onto your account - if the password is wrong then an attempted logon email is sent.


Changing the settings to default use of 2FA is an attempt by Cryptopia to further protect users that have left it disabled.

Other exchanges have had login attempts too but don't notify users that an attempt to login has been made.

This just happened to me ..  ??? My fault for not enabling 2 factor on this account .. I am pissed..

not hacked you were robbed by the admins

Security is paramount for every user and it is always in their hands. Enabling the 2FA for an account helps to build the security of an account further and all these settings should not be overlooked. I hope you have learnt your lessons now and so sorry for your loss. However, some of these exchanges though, why not find a better alternative like bittrex?

  well once you have set up 2fa on your account it becomes a bit safer

Guys, most of us are using the same email address to log into multiple sites, exchanges among them.

You need to make sure your email is safe and secure, then use a very long and random character UNIQUE password for every login to any site, not just exchanges...... I know, it is tricky and requires a lot of work to keep track of hundreds of random passwords (there are some tools to help you though) but it really pays off.
Also, enable 2FA wherever possible - and I dont mean an email sent to you to click on a link: I mean real 2FA, with SMS to your mobile phone or a trusted 3rd party authenticator. There are several sites getting hacked daily, user lists are being leaked by a bad employee or even user lists with passwords being sold after a site (especially an exchange) shuts down.

And of course, never leave your coins on any exchange if you are not trading 24/7. Even if you do, withdraw your profits on a weekly basis, you never know when and where a thunder strikes.

Be safe, not sorry.

Mate did you pay any money to say that? of course you didn't because as an admin is free at any time to take all the funds from users accounts, you

Could as well say something like what you said above, I don't understand some traders, investors etc, it's like they are using exchanges as their personal

Wallets, I wouldn't blame them because it's really hard to keep all your shitcoins in order in a single wallet, even if there are some wallets capable of

Storing many altcoins, not everyone knows they exist, people are depositing onto exchanges, they will wait for prices to move then doing buy>sell and

Sell>buy to earn something but have no idea how dangerous it is to hold their coins on an exchange for more than 1 hour, you are not supposed to use

Them like that, when you have some coin to sell, you'll deposit>sell>withdraw, or deposit>buy>withdraw.

That's the reason people should use a different email address for each and every service or site of importance. I do so too, and have never had any problems with anything. In some cases certain sites get their database hacked, which mostly results in you getting spam and phishing mails, and that's obviously not something people look forward to. Since it's just one email address being connected to one site or service, you can change it without going through much hassle.

This is true, but I am not going to monitor hundreds (or thousands) of email addresses - and most people don't want to and don't even have the means to do so. Its pretty easy when you own an email server and create numerous aliases, dumping them when the "job" is finished but we are talking about the average user here, not a server admin.
And of course, disposable email addresses are out of the question, since they provide zero security, anyone can read mail sent to them.

In practice, best you can do is to have a secure and serious email provider, take precautions and have common sense. Thats the main problem most people are facing with exchanges, if their email is breached, funds held in their account can vanish. And this is why 2FA has a critical role in all this.

Hello.
Withdraw all currency ordinary transfer. Two-factor authentication enabled, the password is rather complicated. No failed login attempts. Support cryptopia is silent. Not mind the money, there were few, as it is unclear whether it is possible to use this exchange.

Same here in 2018 same dates  ;D

Im alone?

1) No email withdrawal
2) No email new ip
3) No email login attempt
4) All coins sold to btc
5) All btc withdrawal

You mean you experienced this now? (and you have Grin emoticon?)
What is the scammer's BTC address?


Didn't you secure your acount with 2FA via Authenticator app?

If NOT and you only use Email 2FA to log in plus are using the same password in your email and cryptopia then it's most likely the reason. Your email account was probably hacked as well and the hacker was capable of deleting those cryptopia emails for you to be clueless about what happened.

Though some find it a bit hassle, it's still advisable to Enable 2FA via Authenticator app for all the ff actions:

• Opening Security Settings
• Login
• Lockout
• Withdraw
• Transfer
• Tip

Just save your Auth barcode & key in a safe place and of course, secure your email account.