Bitcoin Forum

This is just to let everybody know that my former account generalt has been hacked.  Somebody else now has control of it.  I sent a PM to theymos but I never heard back from him.  Unfortunately they changed the BTC address of my original account so now the signed message that I sent the theymos to prove the account was mine is probably useless.  Please do no do any business with generalt https://bitcointalk.org/index.php?action=profile;u=354479.  I will post back here if I am able to get my account back.  

October 12, 2017, 03:25:27 PM - generalt - password changed

That was not me.   >:(

You need to sign a message from a staked address posted from that account otherwise this thread/report is useless.

I sent a signed message to him with the BTC address that was in my signature, but this morning whoever hacked the account removed that BTC address so I'm guessing I'm not getting that account back but at least if people search for any information on that account they can find this and know that the account was hacked.

Didn't anyone ever quote your Bitcoin address when you posted It? If so, it really doesn't matter if the hacker has deleted your post, as it would still be preserved in a quote anyway.

Would've been nice but I just did a forum search for the address and nothing came up.  Thanks for the idea though.

Here:
1GSWemBs3EE9v63yxzyXYa1CQ7tnoCvLwh: https://bitcointalk.org/index.php?topic=1159185.msg12212041#msg12212041

---

That's the only one that I managed to find.

Can you sign a message with: 1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2

https://bitcointalk.org/index.php?topic=1521664.msg15472773#msg15472773

User KWH  you should not give negative feedback because you feel some might be hacked. IF OP proves he is real user then only you should proceed. Just see how user lauda proceed in such scenarios.
If this continue the ever other day someone change his email tgen some random man will come up and say that he is tge real owner of the account and you dumb will add your feedback to it.
You are in DT so you should use your power judicially just like other users do. Ex : lauda.

I don't see anything wrong with his feedback. Given the data that we've gathered over the last few months/years, the following:

appearing at the same time ended up being a hacked/stolen/purchased account in the super majority of cases. Sometimes it is combined with a very noticeable change in writing. For example, I've tagged someone today who had the following two and started writing Indonesian suddenly even though they were usually writing English & German. The account mentioned in this thread is much more dangerous as it has both trusted and unstrusted positive ratings.

Is it just if a user email and password is changed so he deserves negative trust?
If so then many people will abuse it ,if someone changes his password then someone will make new account and start claiming that his account is hacked.
If he has given negative rating based on posting traits and behavioural writing the he must mention it in reference or comment.
Anyways i appreciate his caution as the account in question is dt account but not always all allegations are true and he might end up fighting like tman and ognasty at the end.

-----BEGIN BITCOIN SIGNED MESSAGE-----
Thank you KWH for finding a message with my address!
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
HGkqofsJnxDFpDZReOYxxp7ZDwBYK0zD8uLak0+3NTJmK1Cx4W/Q5Wqm5gDyCcGN1mNB4EuR4q8O7Bt2gsRfuOA=
-----END BITCOIN SIGNED MESSAGE-----

I would add today's date ASAP.

Wrong. I've said a combination of both, and it's trivial to prove that you're the original owner. If you plan to both change your email and password, you might as well prepare a staked address.

This one was the right call from KWH, whether you like it or not.

I think it is adequate as is, given the uniqueness of the message but yeah.

This message checks out, Coinig link (http://coinig.com/?adr=1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2&msg=Thank+you+KWH+for+finding+a+message+with+my+address%21&sig=HGkqofsJnxDFpDZReOYxxp7ZDwBYK0zD8uLak0%2B3NTJmK1Cx4W%2FQ5Wqm5gDyCcGN1mNB4EuR4q8O7Bt2gsRfuOA%3D). Though, yes, you should really add the date to that address and sign the message again.

---

@KWH, I am pretty sure the signed message was generated today for this case at hand. "Thank you KWH for finding a message with my address!" is a pretty direct message for this instance.

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is to let all know that my account generalt on bitcointalk was hacked and somebody else now has control of the account as of today October 13th 2017.  Thank you to all those that helped up to this point.
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
G+CETp5wwtTtckHxiLILi31R+U9uc26sEKJa4K+8PjUxUzPtTNtMjvr9MB80n0o62cxzeAo8iCuKTbnhi3PGbJE=
-----END BITCOIN SIGNED MESSAGE-----

Quoted and verified.

Thank you again.  Unfortunately not a single peep from the pm to theymos with signed messages about getting my account back.  I guess he's got bigger fish to fry.

Account recovery seems to be low priority, waiting is all you can do.

Theymos could implement f2a and make account sales illegal and that would hugely cut down on the spam, scam and whatnot on this forum. I can't believe why this is not a priority. If not this, what else?

Yes two factor authentication would be great.  The mere fact that you can sell accounts show that they have value worth protecting with two factor.  I think more and more people are getting used to two factor authentication in light of all the breaches.

I have no choice but to suspect the requirement to sign message with a bitcoin address is a way of tracking who is the owner of which bitcoin address, very much like what many exchanges are doing when they require submission of ID, driving license, etc for KYC/AML excuses/nonsense.

So if a user never posted his bitcoin address here (because he never sell anything here), that means he can NEVER recover his account?
How ridiculous.

I am a recent victim of an account hack.

Edit:
By right the system should be able to trace the change of IP addresses used before and after an account hack.

At least make the hacker's attempt not worth it. Follow your hacked account and if it joins any campaign or giveaway make sure people know it's hacked and not allow him in.
I think there should be a thread with a list of all the hacked accounts that would work like SMAS, so that people can check accounts before sending them any money.

I think the system can but the problem would be the resources (time being a resource) required to manually track all that information to try to confirm the identity of a person.  Since there are so many scammers out there I can only imagine that they must get quite a few hacked account messages every day.  I'm guessing that this is not their full time job so it is not like they can spend 8 hours a day dedicated to maintaining this forum.  I believe at one point I saw a post about stake addresses and of course it wouldn't hurt to put a BTC address out there somewhere you can refer to just in case.

1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ

Have you guys ever thought that all the hacking was actually an inside job?

In other words, whatever verification you use (stacking bitcoin address, 2 factor authentication, etc) is actually useless.

This won't work because many people are using VPNs, so their IP is changing with every login. I know that some people don't, but it's only one of many things an admin should verify before blocking the account or giving it back to someone.
I'd rather have my account locked than watch a hacker make money off it, so Theymos or Cyrus should at the very least block the accounts that people are claiming to be stolen. That is of course if these accounts have recently undergo a password and email change.

Indeed, that is a good temporary fix.
I would suggest that the system not allow any change to the email address at all.
This will make sure no control of any account is possible.
I still can't see any vulnerability in making the email immutable.
In fact, I see it as a very good solution.

Perhaps a system that sends an email to the original email address with a link that gives the original owner a certain amount of time to click it to change the email back to the original.  So if you did change it just ignore the email but if you didn't change it then you click the link and it reverts is back to the original email and forces a password change.

Yes, another good solution.
Simple solutions that work.
And yet the bitcointalk insiders are squeezing their brains, thinking superman hard, trying to come up with some super revolutionary method to solve the problem.
The insiders are working 3 to 4 years long trying to come up with the most novel way of account security in the hopes that they will win a Nobel prize.

I got my account back!!!   Thank you everybody for all your help in this matter.

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is generalt and today is October 16th.  This message is to verify that I do have my account back.  Thank you all!
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
HMPcgKVShxs+F6Wokt43Z34xHOlZ/sdM1aMkL4LNYBOeVgmCED+fGSgvmKDR4E5HvuunZ2g71RjIee9xkZK0YOQ=
-----END BITCOIN SIGNED MESSAGE-----

I feel whole again!  :D

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is generalt and today is October 16th.  This message is to verify that I do have my account back.  Thank you all!
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
HMPcgKVShxs+F6Wokt43Z34xHOlZ/sdM1aMkL4LNYBOeVgmCED+fGSgvmKDR4E5HvuunZ2g71RjIee9xkZK0YOQ=
-----END BITCOIN SIGNED MESSAGE-----

Also taking this opportunity to post a stake address 1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ

I will quote  and I have done multiple sales with you . I also have met with you in person more then once.

I will lift the neg trust I posted

This is my really long term address

 1JdC6Xg3ajT3rge3FgPNSYYFpmf53Vbtje

this is my secondary account

judypug1956

I truly fear  getting hacked on this site.

I am glad it was fixed.

Quoted and verified.

Quoted.

Quoted. You should probably sign a message with it, but in this thread: https://bitcointalk.org/index.php?topic=996318.0.

---

OP, you should lock this thread now.