Bitcoin Forum

Today I found out that my Cryptsy, BTC-E and Hotmail account have been hacked. I first tried logging into my Cryptsy account to find that my password had been changed, so I tried logging into my email account to see if maybe I had made a mistake. To my surprise, my Hotmail password had also been changed, but I was able to change it because it is linked to my mobile number. So I sent a password recovery to Cryptsy and was able to login. All my coins had been sold off and withdrawn to this bitcoin address: 1CYehmoJN3sxgW3U8JvQrPTWMBy7yNv42V  I was freaking out so then I went to my BTC-E account to find that the hacker had sold off my Litecoins for Euros, and I don't know why he sold them for Euros when he simply could have sold them for Bitcoin and done the same thing as my Cryptsy account. I loss in total about 6.75 BTC, I am greatly saddened, although it is not much of a loss to me due to that all these coins were bought a while ago for a small amount of money. I have no idea how the hacker gained access to my information, I had run a virus scan only yesterday, and I have not entered my information on any strange websites. My BTC-E and Cryptsy password are the same, but my email password is slightly different to it. If anyone has any information on what I can do (I doubt anything can be done lol) please post here, or if you have a similar story.
Thanks for reading,

Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.

Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago...

That could exactly be the case if you used the same password here on any of your mail or on Cryptsy!

I think the biggest lesson is don't store coins or fiat in exchanges. Use them to exchange then withdraw back to your wallet straightaway. The only reason you shouldn't do this is if you want to day trade or do inter-exchange arbitrage.

Also, of course, encrypt your local wallet with a very strong password.

What kind of 2FA do they implement?

https://bitcointalk.org/index.php?topic=364251.msg3889134#msg3889134

They send a unique code to your email address.

Use Lastpass to generate a 30 char password for every website you have. I don't know any of my passwords because all my usernames and all my passwords are different on every site I have registered on.

And where do you store your passwords?

But then how will you store your passwords? Storing them by writing down in paper is not safe.

Exactly ...
http://en.wikipedia.org/wiki/Single_point_of_failure

Yeah...upon reading this I've changed my Cryptsy password and added 2fa with my phone number.  Sorry to hear that happened to you OP.

Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.

No, but they could add custom JS, being non-open source.
Use KeePass.

So you say that you trust this Lastpass service with all of your passwords.
Ok. I just cannot do that. I handle passwords to access Wallets, Email, Dedicated Servers, Shared servers, Homebanking, etc, etc.
No, I cannot afford to trust nobody but me.
I use a set of different passwords for my stuff. They are all well formed and will never be part of any dictionary.
And I can remember my passwords because I must do so.
People rembered complete books for years.

If you cannot be bothered to look at it then fine. If you did you would realize all your concerns are addressed. Anyway it seems I'm wasting my time, a bit like trying to explain bitcoin to Peter Schiff..

Always use different username/password combinations on different sites. For me, I use 10minutemail in most cases, even the account got compromised it won't be associated with my other accounts.

Dude, relax!
I did check the website and know the service and others like this one.
I just cannot trust nobody with this kind of data.
Thats all.

Hehe, it's fine. I just get annoyed that people leap to conclusions without first seeking to understand, something common to the bitcoin space. As I mentioned the Lastpass system addresses precisely that point - TNO. Trust No-One. You are sensible to consider that, and if open source only fits your criteria then great.

Which anti-virus you were using in your system? How come the hacker got in to your Hotmail, when the anti-virus was active?