Bitcoin Forum

Folks,

I just thought I'd share my experience so others don't make the same mistake.

I transferred $1500 from my HDFC bank to Bitstamp (www.bitstamp.net (http://www.bitstamp.net))

I received an email from them saying my funds were deposited. Within an hour of that, someone logged into my account, bought bitcoins, transferred them to their wallet AND THEN changed the password.

Clearly this wasn't an insider and NOT malware as I have no dodgy apps on my office laptop and also have Symantec Antivirus running.

See log (please read bottom-up):

2013-12-28 12:29:01 173.254.216.67 Logged in 
2013-12-27 17:34:47 209.222.8.196 Opened bitcoin withdrawal request for 0.025 BTC to 14hF8K4h7u4MAZsEJs5aRjXGVti6YBLTEn 
2013-12-27 17:33:55 209.222.8.196 Opened limit buy order (amount: 0.025 BTC, price: $718.00) 
2013-12-27 17:31:47 96.47.226.22 Changed user password 
2013-12-27 17:29:27 96.47.226.22 Opened bitcoin withdrawal request for 2 BTC to 14hF8K4h7u4MAZsEJs5aRjXGVti6YBLTEn 
2013-12-27 17:28:20 176.240.210.83 Opened limit buy order (amount: 2 BTC, price: $724.18) 
2013-12-27 17:26:07 96.47.226.22 Logged in
2013-12-27 10:32:48 122.172.192.2 Logged in 
2013-12-27 04:26:28 122.167.73.30 Logged in 
2013-12-26 12:16:25 122.178.240.51 Logged in 
2013-12-26 03:14:24 122.178.198.77 Logged in 

As you can see all 122.*.*.* are timestamps where I logged-in. Suddenly on 27th Dec, someone logs in from a diff IP, TRANSACTS in my account (buys/ transfers to wallet) AND THEN LATER changes password.

Here is where the fun begins. There is no support number provided on www.bitstamp.net (http://www.bitstamp.net) So I logged a support ticket and then someone replies to my email with a phone number. I call that UK number & after a few attempts...somebody answers the phone & I speak to somebody called Marko Rogan who does not have an employee ID! Guess why?? They are are limited liability company (LLC) incorporated in UK with a capital of just 1000 pounds! The "director" is a 24 year old Slovenian who does not have a contact number that he can be reached on!

http://www.companiesintheuk.co.uk/ltd/bitstamp (http://www.companiesintheuk.co.uk/ltd/bitstamp)

Marko tells me that a password reset can be done & the temporary password will be mailed to the registered mail ID i.e. my email ID has been compromised. So I then raise a support request with Microsoft on www.outlook.com (http://www.outlook.com) the mail ID that was "compromised" asking for details of all mails received/sent/deleted on 27th dec.

I have reported the crime to the UK police http://www.actionfraud.police.uk/ (http://www.actionfraud.police.uk/) The crime reference number CRN is NFRC131200484131. I will also be reporting this to the cyber crime police in Bangalore.

Request you to please promote this post & ensure others don't fall prey. Also gather momentum to get the UK police to investigate this case and punish the guilty.

Please DO NOT send funds or transact on www.bitstamp.net (http://www.bitstamp.net)

-Mahesh

Welcome to quicksand called Bitcoin world!

Hello Mate,

I feel for you. Hacking user accounts are rampant in bitcoin exchanges.
I don't think you had enabled 2-Factor authentication on your bitstamp account.

If you had, then this would not have been possible. Make sure you enable 2 factor auth on everything these days.
And if you done so, then there could have been only 2 people who could have accessed your account. Either yourself or someone from bitstamp.

I use them on almost everything and if a website doesnot offer that kind of security, then i think twice before signing up.

Just my 2 satoshis.
Thanks

Sorry to hear about the situation bro .......... will keep in mind about what you said. I was considering the same about transferring some funds.

Maybe this is the wrong time to ask you, but what did you tell the HDFC bank officials when sending the money ? I mean the purpose ... just curious if they didn't frown when you wrote the purpose of transmitting the money .. cause I was thinking the same with another bank.

Anyways what happened was bad ..... try forgetting about it and concentrate on trading ... maybe you will make up for the loss ... whats gone is gone , especially true in the crypto world.

Good luck and cheer up.

Sorry for your loss.. But we'd like to know more about what happened to help others in future.

Was your bitstamp account compromised? or was your email account compromised.

Please share more details.

Sorry to hear about your loss
But Did you activate your 2 Factor?
when you invest that money you must have activate your 2 Factor in Bitstam account and even in you Email.

I actually have some Damn Question
How you Deposit money in your Bitstamp Account from India its hard to transmit money (As i know and as i heard some news)
Quite Interesting point is for every small transaction bitstamp send SMS and even Email to verify transaction so how your account activated and how your transaction took place?

Someone on reddit had also confirmed making a deposit into Bitstamp from India.

Amitabh: My bitstamp account was compromised. With a few minutes of me receiving an email from them saying they had deposited the funds in my account, bitcoins were purchased & withdrawn. I did not receive any email in my account. Yes I had enabled 2 factor authentication!!

Bitstamp is blaming it on malware...I'm using my office laptop which has no dodgy software on it and has Symantec running.

Clearly...bitstamp is to blame for my loss.

May be bitstamp have different activating option for different country.
2FA was activated but you didnt get any information? How is it possible?
If you really activated your 2FA still your account was compromised then its a big issuee.

I don't think you had enabled 2-factor authentication. Did you register your phone, and do you get a 6-digit code on it that you need to enter when logging on?

Symantec is worst anti-virus dude and no anti-virus can keep your pc safe.
Also are you sure that no one else except you accessed that laptop or your email id?  Possibly someone that knows you personally did this.
I will advice you to install malware bytes anti malware and scan your pc.  If you have downloaded anything recently scan it on virustotal.com  and btw do you have Java enabled in your pc? 

That's the first time I've ever heard a bad experience with Bitstamp.

If I were to buy a Bitcoin now, they are the ones I'll wire the money onto as first priority.

Gotta be more careful maybe.

I think we should maintain a thread here for buying/selling bitcoin - the old fashioned way. Everyone put's their buy sell orders and OP updates it on the first post.

I had one running a  few months  back let me  bring it back  alive.

Edit : use this

https://bitcointalk.org/index.php?topic=194102.0 (https://bitcointalk.org/index.php?topic=194102.0)

With 2FA enabled its impossible to hack your account unless, some one also gains access to your mobile also.
Its really confusing.

It is not impossible. It is still possible. What if the 2FA Seed file itself is compromised on the server database. Then the attacker can generate the OTP code. (Remember the famous RSA Secure ID hack from 2011.?)

Another possibility is, when you login with 2FA from your computer, then usually your browser cookie will be cached and if your computer has been infected with all the new bitcoin related malwares surfing up, then it is possible that the user's computer was a zombie in the hands of the hackers.

Just to be on the safer side I have raised a support request to Microsoft to provide me all IP addresses of successful logins from my email ID and all emails received/ sent/ deleted during the period 24 - 30 Dec '13.

I can confirm I haven't received an email for temporary password on bitstamp or the transaction verification email etc.

Something is very very strange.

What if 2FA was enabled on a infected pc that was recording all keystrokes or grabbing forms.
XD

As americandesi said 2FA is useless if seed is already compromised by some hacker.

I'm 100% sure my laptop is not infected.

However there is just one possibility; I installed 2 bitcoin price tracker add-ons in Firefox...could this be logging key strokes?  ???

http://i44.tinypic.com/23kvgbc.jpg

-Mahesh

I think you cant use same 2FA generated code many time. Its not password, its OTP. I think it expires after 5-10 mints, not sure.

Besides his logs says the log in happened in a 7 hours gap.

If seed in server database got compromised, then every ones account in Bitstamp is also compromised, not only his account & so far no one complained except him.

my guess is your email id has been compromised, as soon as you received the mail(to which he had access to) stating the funds are transferred, he logged in  made a buy and ran away.

am not sure whether microsoft provides list ip addresses from which user login took place like in gmail, if there is such option check those logs too, you might find a clue.

That is what the proof of his account was either not secured (2FA Enabled but not was Activated) and his Email also was either in control of others or 2FA was not enabled.
We doing trade of just 100$ we use to activate 2FA and till now everything is well and every time we are been notified how could he invest 1500$ and just leave it its just like you have a Diamond Necklace you keep in your room, you are staying in your leaving room so windows of your room are open so anyone could hookup and take it out so latter in night you cant say that I was in my house but still my Necklace lost.
When you have 1500$ worth necklace in you room do you leave you window open? of course not. In such case you would be blamed not that thief.

Until OP provides proof he had 2F auth enabled, it is to be assumed he hadn't.

undeadbitcoiner: Let me clarify..

1. I had 2FA enabled on my bitstamp account
2. I did not receive any trade confirmation email...the thief was an insider (bitstamp)...look at my original post, the thief logged in...placed a limit order AND THEN changed password

nefron: My guess is as good as yours...the thief perhaps knew there was money deposited in my account & quickly decamped with bitcoins.

Yes Microsoft does provide IP's and I have asked for details including mails received/ deleted.

Hi Post Screen shot  or a video  . text is not enough .
 it looks Incense ,
Bitstamp 30 days Trade Volume is 868978 BTC  == about 643,043,720.00 $
they earning about 1,286,087.44 $ From Fees . ;D  


may be a FUD virus .




 

aakashkumar:

https://i.imgur.com/pBtn0mi.jpg

As you can see from the link: My usual IP is 122.*.*.* On 27th Dec minutes after I got an email saying my deposit was confirmed i.e. at 17:26:07 (GMT) somebody logged in to my account, placed a limit buy order, then opened a withdrawal request AND THEN changed password! And then placed an order for 0.025 BTC with whatever little money was remaining and requested transfer again. I was unable to login to my account and requested a password reset on 30th Dec.

@kmahesh ,Don't blame Bitstamp.  so  some bloody hacker  did this to you .

you have one think to do . Format your PC .


Trace down the hacker ,  :-\ http://www.bleepingcomputer.com/tutorials/tracing-a-hacker/ (http://www.bleepingcomputer.com/tutorials/tracing-a-hacker/)
 http://www.webtorials.com/content/2012/07/tracking-hackers-down---then-striking-back.html (http://www.webtorials.com/content/2012/07/tracking-hackers-down---then-striking-back.html)

aakashkumar: Do you by any chance work for bitstamp? How can a company as you claim earning over $1M be registered as a LLC (limited liability company) in UK? When I transferred funds to them, I deposited funds to a bank account in Slovenia although the "registered address" of bitstamp is in UK! They don't have a contact number (board line) and employees don't have employee ID's.

They are incorporated as an LLC in UK with a capital of 1000 pounds and do earn commission worth $1M upwards??

Feel free to verify facts:

http://www.companiesintheuk.co.uk/ltd/bitstamp (http://www.companiesintheuk.co.uk/ltd/bitstamp)

~MK

https://bitcointalk.org/index.php?action=profile;u=38966 (https://bitcointalk.org/index.php?action=profile;u=38966)

The ip addresses are of TOR exit nodes.
209.222.8.196
96.47.226.22
173.254.216.67

While this address is from Turkey, Istanbul.
176.240.210.83  (used to put buy order)
which may be used to track hacker if its not a proxy address.

mahesh did you scan your laptop as was earlier suggested by escrow.ms?

If you had 2FA enabled, then i would say it is either

1) One of those bitcoin firefox addons that you installed are rogue and logging your key strokes.
2) You laptop is affected with bitcoin related malware (don't tell that you have symantec running. They are worthless. I left symantec antivirus longback).

I find this weird and hard to believe.  :o :o ???

I have bought plenty of bitcoin with bitstamp and never a problem.

IMO they are one of the best.

will be watching this tread.

OP :
You can see recent login activity of your outlook account on : https://account.live.com/Activity (https://account.live.com/Activity)

To check for deleted email, outlook provides an option to recover deleted mails.
Go to your deleted mail folder and scroll down, you should see an option to recover mail.

If you have 2FA, it's very tough to hack your account. Did you set 2FA confirmation receive as email ? In that case, maybe your mail account was also compromised and so 2FA was useless.

As other have said, your system might be infected with BitCoin malware/trojan horse. That is the only way a hacker already had password to both of your accounts.

Also remember that if you have some branded antivirus doesn't mean you are fully secured. Nothing can completely protect your system.
Try scanning your system with MalwareBytes AntiMalware, HitManPro and Kaspersky. Check all the addons you have installed in your browser.

I don't think BitStamp will cheat you for $1500.

Bitstamp uses Google Authenticator for 2F via SMS. That means you need to register your cell phone. When you try to login, you will receive a 6 digit code on your phone. Without entering this code, you cannot login.

While I can understand you are upset, there is no point in blaming Bitstamp. It's clear your email was compromised, and you did not have 2F enabled.

Bitstamp has a very good reputation, and you sound more and more unreasonable when you blame Bitstamp.

OP give details of your 2FA. Did you really have 2FA on??

To be extra safe, only access financial data from a non Windows system. It's too easy for a Windows system to be infected with malware (includes keyloggers) and custom malware is almost untraceable, you can read about how pc's are affected on hackforums.net with RATs.

That's not to say that bitstamp (or a rogue employee) may not be at fault.

As we can clearly see there are Different IP in every Transaction, Every Login so its of some hacker who is using automated IP changer software so noone could track him. About Capital and gain may be you know about UK law untill CASH withwral Bitstamp is not required to pay there taxes for 1M$ which they earn in BTC
About Bitstamp could do it is completly wrong because they are reputed company in the Bitcoin Market.
Your 2FA not was completly Activated with your 6 digit or its the problem with somemalware which already affected before activating your 2FA.

okay I didn't know this till yesterday that there is an authenticator app for windows phone as well called "Authenticator" by Microsoft. So I am using 2 factor authentication now. I got used to it in a day. I use a clean laptop to access financial stuff. So probably it's not for me. But there's nothing like being too careful. So 2 factor authentication is a very good thing. What happened to mahesh should not happen to anyone else.

Dear Mr. Mahesh,

Thank you for sharing this on forum and also we have a Bitcoin event in couple of weeks ahead, so can you please share this experience with the audience?

Please email @ avinashrp2@gmail.com to confirm.

Look forward to hear from you.

Thanks,
Avinash

Hello,
I hope Bitstamp.net is not a fraud and only ridiculous unprofessional and run by a bunch of pubescent teenagers!
I´m a Newbie but I thought I should share my recent experience with this “company”.

Before I start sharing my experience, some words about myself:
I make my living on investment and trading (mostly on Forex and stock market) since many years, and in general when I trade I do handle amounts with 5 digit sizes upwards. I bought my first Bitcoins (Ha –I was really lucky, yes in deed) a few years ago and am a fan of it since then – despite I never really traded them like I trade stocks or currencies.

OK – now, a few months ago, I opened up an account at Bitstamp as Mt.Gox is way too slow in handling cash payments and the German Bitcoin.de has much too little volume for my taste. I got a verified account  (whatever this means with Bitstamp), after providing them with a set of documents about myself.

After some time I gave it a test, sent some of my BTC to their account and sold it (amount approx 20.000 USD or so). Sent the cash I got to my bank account. Well – it worked!

So after some time I decided to buy a bit more Bitcoins – and sent 60.000 USD (from the same bank I had transferred the 20k USD before) to Bitstamp´s bank, in order to fund my account there.
And then – a hopefully just funky story started!

Bitstamp contacted me that they have a problem with my money, they had to freeze it because my amount is so big and they first must start their KYC (know your customer) procedure.
I fully understand AML and KYC procedures, its getting really a complicated thing and I have to deal with it all the time I open up a new account. But its never a real problem. I am fully aware of the requirements and capable to proof everything is legal etc.

Not so, however, with Bitstamp.

They insist to know all(!!) my bank accounts  - and believe me, as a professional trader I have quite a few. They want to see any(!!!) financial documentation etc etc. And keep in mind that I sent my 60.000 USD AFTER Bitstamp confirmed me, that my account is fully verified already.

I refused to send them all this far-going information, but sent them and explanation and 2 letters from that bank where I sent my money from (I work with that bank since 15 years which the bank confirmed as well, its one of the leading and most reputable banks in Europe). However this confirmation was from last year – and these teenager @ Bitstamp replied that they cannot un-freeze my money yet because they need a brand-new "Certificate of Good Standing" form myself (I´m a private person!), they need also this and that etc.

I recalled the payment (which costs me a few hundred USD in fees) – but the Slovenian bank refuses to send me back my money because Bitstamp has blocked it. My money is not visiable/credited to my account either.

So – be aware! Maybe, with some luck, Bitstamp is really not a fraud and just unprofessional, so I will see my money some day. But maybe not?
I´ll wait a few more days, then I´ll likley have to give it to my lawyer.

so did you get your money back?

Thats indeed an eye opener...Had been using mtgox, but was looking to open an account wid bitstamp after the withdrawals freeze @ Mt gox...however, i mus say the 2 FA should have saved the day and the speed of the incident is surprising

I feel sorry about the whole mess happened to you i suggest you to read more about wallet stealers on Google you will get all your answers or refer to my post https://bitcointalk.org/index.php?topic=495090.msg5471503#msg5471503 (https://bitcointalk.org/index.php?topic=495090.msg5471503#msg5471503) !!  :)