Bitcoin Forum

I'm not really afraid about the security of my funds as I don't store anything on exchanges but It's worth mentioning that I received 3 Fail login attempts and then my account got locked.


The IP addresses are not from the same country so It's most likely an attack with proxies on different accounts and not just mine. I thought I should let you guys know so in case you don't have 2FA enabled or strong password, do it.

I am a member but have never used it. Over last few days I have had over twenty emails stating failed log in attempt or account locked. I do not open the link in email,in most cases do not open email, as I believe this is phishing attempt.

Yes, we already came to the conclusion
https://bitcointalk.org/index.php?topic=3168534.msg32933068#msg32933068
Cryptopia should make a notification, that they got cracked and that not only a few accounts are compromised.

I read posts complaining about failed login attempts using an email address only used for cryptopia. If they are true I can't think of any explanation apart from cryptopia got cracked.

That's scary. Don't store coins on any exchange. For the love of your coins, keep them in a wallet you and you alone totally and solely control. Thieves are everywhere, offline and online, and no exchange can and will guarantee to replace your coins if hackers successfully penetrate their systems.

How these criminals bypass super secure security systems is a puzzle. It's not like 2FA systems become vulnerable when they are overwhelmed by attacks. In fact, the more persistent the attacks, the more likely it is that the exchange will deny all access to accounts, their legitimate customers included.

Store yours coins safely. There is no totally impenetrable digital fortress out there. They are all vulnerable and risky.

It's definitely not an accident, definitely planned and the hacker's trying to login from different IPs so that he doesn't get traced down. Probably using a proxy to do so, but it's definitely malicious in intent.

I believe that I've heard users at cryptopia being hacked before, though I'm not sure if it's officially confirmed.

But as warningsigns said, nobody should store any amount of coins on exchanges. If you have to exchange crypto, then do the exchange and get your money out asap. You never know what goes on in an exchange, you might not even get notified of hackers trying to get into your account. It might not even be hackers, it could be the exchange itself that becomes insolvent which ends up with you losing money.

Sometimes an exchange gets hacked then robs its customers to cover its loss. It keeps quiet about the hack, then starts delaying withdrawals and playing dirty tricks to rob its customers of coins. Getting your coins off cryptopia unless necessary for a trade is good advice.

Hey @OmegaStarScream

I am glad to see I am not the only one. I got the same, maybe a week ago (just 1 attempt) Nothing to worry in my case. Are you using the same address on this exchange with your bitcointalk account (before the forum get compromised)? I believe some people with the database are simply trying to with the most popular exchanges in case someone used the same password

Yeah even i received many login attempts from the past few days , my account even got locked but i really don't care cryptopia seems to me as one of the worst exchange with the worst design every possible and shit support


Yes this might be the reason but if you have 2FA i don't think you should worry or just change your password as you might have the same password on the exchange which you used for your bitcointalk account

I'm not using the same email address and I'm very careful about using my email on sites so I'm honestly not sure how someone was able to get it unless It has been leaked from another exchange or something.

I see. In my case, Cryptopia isn't the first exchange I got this. There are about 5 exchanges where the same thing happened multiple times. And the very first was Bittrex. Coincidence or not, during this period I remember to read here a lot of users with a similar problem about their account; and a short period after, It's when Bittrex forced people with verification ID and limits such as x BTC per day to transfer out, etc...

Most likely... It's probably a crypto related email leak that has gone undetected and the hacker is trying it out on crypto exchanges.. Otherwise people who do not have their email addresses public should not even be getting any login attempts other than themselves. Unless the hacker is able to brute force his way through email addresses which is unlikely.

Cryptopia is a broken exchange basically, so many complaints and unresponsive and irresponsible support. Also heaps of cases where people lost money because cryptopia had coins basically stolen and refused to compensate the user even partially, even though they were the ones listing them.

I would not use any exchanges to store my funds for this exact reason, especially Cryptopia. Honestly there are way too many warnings already based on past cases that should deter you from storing any funds on exchanges, it's common sense.

I'm on the same ride.
For a while now I've been experiencing about two failed logins per day (sometimes there's gap), also from different IP addresses.


Well, I'm not worried at all since I have turned on my email address 2fa but I'm thinking about the locked in period.
Does cryptopia lock accounts not on IP basis? (based on OP - look likes it's not)

What's their policy on multiple accounts if you haven't done KYC? They obviously had a database leak. I wonder what other data was taken. I wouldn't load funds on my old account knowing that. I'd prefer to just make a new account with a fresh email address.

You can use 2FA for peace of mind (in fact you should anyway), but getting your account locked over this is also a bitch.

Wow, that sounds really scar? Which exchanges have been known to do that? I haven't heard of such a thing... Usually they announce the hack then they limit withdrawals or something.

I'm pretty sure if they limited withdrawals before the hack, then people would just accuse the exchange of making up the hack..

Now after thinking about it, It sound stupid to lock accounts based on the account. In other words, If I know your email address, I could just lock it? :o Either that or they actually got my password and the failed login represent that they weren't able to go through the 2FA? I'm honestly not sure.

Exactly. If you are able to pull stuff like that just by knowing someone's email address, then it's not a good security measure to have. And if you have hackers on your tail trying to get into your account, if they wanted to, they could literally lock your account just by attempting to login with the  wrong password over and over again.


It could be their database being leaked, most likely which is why everyone on cryptopia is getting login attempt logged. Or, it could be another exchange who had their database leaked and they're just cross-checking the same email addresses on cryptopia. Is a possibility but less likely.

Their multi-account policy is as follows:


I don't think creating a new account for the purpose of trying to avoid a hacker qualifies as any of those things. However it's best to check up with support still, even though you may never get a response back. Why use cryptopia anyways instead of another exchange when it's got so many problems with it?

Exactly. That's what I'm referring to when I asked that question. It might be abused by those person who have our emails.


I guess no.
If that's the case (they have both your email and password), instead of receiving the failed login email you must have received the login confirmation with the 2fa code in it.

Last weeks I also noticed several email with warning that someone fail to login to my account, I don't think that problem with cryptopia exchange, email datebase  can be leaked from anywhere(even bitcointalk few years ago) and until you turn on 2FA it remains safe.

I assumed the OP would not have reused an email address. That's a basic security precaution, a unique email address for each account. If it were a newbie posting I may have assumed otherwise.

But it sounds like the leak could be from another exchange too:



It's good for accumulating low-cap gems before they get listed on other exchanges.

I'm getting message about failed attempt to login to my Cryptopia account almost every day. Checked - these attempts made from Russian IP address.
But I don't care much about it. Can't remember when I used Cryptopia last time and I don't have funds there. But it's just another great reminder why 2FA is must to use thing on exchanges.

I got an email like that a couple of times and stopped but about a week ago got the same email about failed login attempt, but I thought it was a mistake from the exchange for seeing a lot of complaints about that exchange lately.

I'm not too worried because I do not have any funds on the exchange and I use 2fa and I think it's fairly safe.