Bitcoin Forum

Hi, like the title says, I've been hacked before, and i don't want it to happen again, are there any ways (or maybe tips) to secure my account on this forum?

Also if there is any way to restore my old account, it would be really appreciated.

Use a good and strong password, change yours to a strong one if it is weak now.

Forum account: security, privacy, and recovery (https://bitcointalk.org/index.php?topic=5261696.msg54779472#msg54779472)
Sign a bitcoin message from one address you have its private key and stake it in Stake your Bitcoin address here (https://bitcointalk.org/index.php?topic=996318.msg10820715#msg10820715)

Recovery for your hacked account: Recovering hacked/lost accounts (https://bitcointalk.org/index.php?topic=5089777.msg48896084#msg48896084)

You woke up after 4 years and began your posts in this year. What happened in between 2017 and 2021?

How exactly where you hacked? If it was through an email compromise, then you will have to protect your address; use security conscious mail services, like protonmail. Do not expose your personal details and do not use the same address for multiple platforms, so a breach in one does not result in a breach in all.

Also, take all precautionary measures:
• Use a strong password and change it from time to time.
• Do not log in over unsecured WiFi
• Check for phishing sites, some would use the forum's interface and try to trick visitors into entering their login details.

Is the account still active? If yes, try restoring the password using secret question. This would lock the account and prevent the hacker from causing more damage.
If you don't remember the secret question, you can request that DT members tag the account, but you'll have to prove that it is yours for that to happen. Then follow the instructions in the link above.

Sorry for the really late reply (I've been doing research on how my account was hacked and when did it happened, i have a hazy memories about it, it's kinda emotional to me that i wanted to forget it lol)

Ok, totally will do that. thank you :D

So what happened in past 4 years, well...


Short Answer:
I went back to cryptocurrency at around 2017 - 2018, found out my account was hacked, made new account, and I decided to let it go and just focus on my IRL stuffs. But now I'm back again (since i have a lot of free time now and also looking a way to earn some dime), and wanted to know how to secure my account this time (I don't want to repeat the same mistake i made back then).

Long Answer:
I started posting on this forum at around 2014, and gained some bitcoins from Signature Campaigning (I was a Member ranked user back then, again if I'm not mistaken), because i made some dimes with Sig Campaigning, I was figuring out how can i double my income, so i choose a CFD based stock trading on a website for a year or so (if I'm not mistaken the web I meant was 1broker), and i found out that this CFD based stock trading is much more profitable rather than doing sig campaigning, so i decided to went off at around late 2016.

Fast forward to late 2017 / early 2018, since the bitcoin price is rocketing (and soon will plummet) at 2017 - 2018, i decided to sell my bitcoin and "enjoy" my hard work. Sadly i sold it around 2018 therefore i only got like a small amount of incentives from the market going broke at that moment.

Since that withdrawal kinda helped my family, i decided to go back on bitcoin, and maybe i will earn a dime or so doing the signature campaign again. Sadly, i found my account was hacked, confused yet heart-broken that all of my hard work went to ashes. I went into 5 stage of Grief in a relatively short amount of time, I'm angry, sad and confused, in a quick-response i made a new account (this one) and have the intention to call out the hacker. But i thought to myself, who would've believed me, therefore i didn't do that, instead i just accepted the fact that i lost that account and continues with my life.

Fast forward to nowadays (2021). Again i found out that I still has some savings inside my wallet that has grown into some relatively medium amount of numbers, and try to cross-check the said info with the internet, and it's true that bitcoin has risen up once again. Also it's pandemic, and i have a lot of free time, therefore i checked back again with bitcointalk, and started posting some posts to rise up my rank on this account. But after posting some posts, those PTSD came back to me, and then i decided to write this topic, since i didn't do what i should've done in my old account back then (which is having very little security on my old account). So decided to not to repeat the same dread mistake, I've made this topic, and you know the rest.


Well, i don't want you to believe my story, but if you read the story, thank you for reading it. If you don't well it's ok too. All i wanted is to secure this account and to not to repeat my past mistake.

Anyway, have a nice day :D

Edit: Doing some layout to make the post prettier and cleaner.

10/10 will do that from now on. thanks :D

As far as my research goes, the account is inactive after promoting some kind of altcoin (at around 2018), also the account is in an list of ignored people in some people's lists. I don't know how they hacked my account probably because of my poor quality password lol. Also it doesn't have a secret question sadly, i think it wasn't a feature back then (?( because i just exactly heard about it recently.

I think the reason why you are hacked is that you use, a simple password

my suggestion:

1. don't use your name as a password
2. don't use the birthday as the password
3. never use 123456 password
4.When trying to make a password use capital letters numbers special characters
5. Secure your registred email name, if the email hacks for sure all connected to that email will be a hack
6. add another level of security to those emails

What to avoid:

1. Don't connect to a free wifi connection, there might someone watching or gathering information in the network
2. avoid using your email address, to register to unknown registration or suspicious sites
3. never lend your account or left it open always logout.

this might help you next time,

Just to point out that any potential recovery process is much smoother, and likely to have a positive outcome, if you can sign a bitcoin message or pgp message from an address you might have written on the forum at some point (ideally, in an unedited post, or quoted by somebody else).

The hacker may or may not have gone through prior posting history to deleted these addresses, but there is also the off-chance that it may have be quoted by somebody else.

If posts have been edited by the hacker, you may (slim chance though) find some archived posts using tools such as TheWayBackMachine, which may have captures a snapshot of something relevant at some point in time.

Edit:
I'd include that in your email to account recoveries, just in case they can work with any of what you mention there.

Thank your details and again welcome you to use the forum again.

The first thing you must check is finding your hacked account is still usable or was banned.

BPIP.org (https://bpip.org/) and loyce.club/bans (https://loyce.club/bans/banned.html) are third party tools to use. With first website, enter account username or userid to check. With second website, use Ctr+F and type your username or userid, Enter.
Inactive is not a good result, that could be caused by a ban.

A wave of bans: 400 yesterday, 300 the day before. What changed? (https://bitcointalk.org/index.php?topic=5141807.msg50995158#msg50995158). Good luck if your account was not banned in May, June 2019.

If that account was banned by stupid things from hacker, you need to do more things to get it back. Prove your ownership and prove that the cause of ban was not done by you (the real owner). It will be a more complicated process to recover.

Not many users set a secret question for account.

Because the forum does not support 2fa you can instead use 2fa on the email you used to register since its the only way to recover fast once your account got hacked so your email address is very important on the recovery process a simple tips I can give you can always bookmarked the forum official site link to avoid possible phishing attacks and also try to avoid downloading malicious softwares from different websites it might contains malwares that can copy your computers passwords.    

First of all gotta say thank you for all the useful replies and helps :D
And again sorry for the long reply time and that i reply all of you in a batched reply (since newbie can't post as fast as a member or so)

Yes, i will try to not to use basic password anymore, thanks for the tips tho :D

Uh, sadly i haven't posted any signed bitcoin message or even a pgp message, actually, for now I'm still learning how to use them properly. But i could got in into my old wallet at blockchain.com which it's address has been assigned to my old account (it was a feature back then to assign bitcoin address to your account, again as i remembered and also some proof from Forum account: security, privacy, and recovery (https://bitcointalk.org/index.php?topic=5261696.msg54779472#msg54779472) screenshot to backup my hazy memory). I don't know if that could be a proof or not, but i also made some trades selling some digital goods at this forum tho. I don't know if it helps or not. But thanks for the information, really appreciate it :D

Looks like my account is inactive not because of ban, but because it made into a scamming account or some kind. I made that speculation because i didn't found my old account name on the second website, and it only says inactive for 2 years on the first website (also the first website is kinda confusing to read, i'm sorry xd).

Why tho? is it riskier to setup a secret question? is it better to leave it blank? Now i hesitate to put a secret question.

Okay, thanks for the tips, i'll keep that in mind :D.

Edit:
Since DdmrDdmr replied by editing their post, I'm also doing the same thing here.
I've sent an email, hopefully they will be able to recover my old account with given information from me.

There is one thing that still needs adjustment on Bitcointalk forum, there is no 2FA yet and there is no security password been forward to email address for confirmation, anyone can just insert email and password over and over again without any worries of getting verification code sent into email address or other ways

It's kinda risky, and I prefer leaving it blank and using the staked address route instead. Even Theymos himself, the forum admin, placed a warning message:

https://i.imgur.com/Z4cA3yU.png

It's risky indeed because the question can be forgotten too but I wonder how someone would guess your question right, it depends on what type of question you are asking though, if this is a must one must ask a very tough question that's only know to themselves, it's better to create a very strong password than using a question and answer strategy, with strong password there won't be any problem

If there are posts for trades with addresses before the hack and you are still able to sign a message from it, it can be considered as proof of ownership.

Addresses should be bitcoin not Ethereum. Moderators and admins are keen on Bitcoin address and bitcoin signed message as proof. It is a bitcointalk forum, not Ethereumtalk forum.

Other than what some members wrote above I would also suggest that you should be very careful when you receive any personal messages in forum and don't trust or click any links you receive.

This is one example that happened in my case and maybe it can help others:
How Scammer tried to Hack my Bitcointalk and how to Protect yourself? (https://bitcointalk.org/index.php?topic=5173531.0)


 

Nice information @dkbit98, most times it's always about phishing links, this is the easiest way for scammers to get users full details and passwords, it's why I believe that verification code will help this forum alot, I don't bother signing in and out of my forum account since I'm always active but I do hope that in future we will get 2FA activated on Bitcointalk

I guess using 2FA at your email (like mentioned by ice18) is the best bet at this moment.

Ah i see, although, why did Theymos made that feature tho?

I might do some more research on my own past self, who knows i actually post one in the past. Although, the problem is the wallet that i mainly use at that time is from blockchain.info (which somehow now changed into blockchain.com). And as far as i know the website itself doesn't have the tool to sign a message using my old bitcoin address. I may tinker a little bit, since on a post titled How to sign a message?! (https://bitcointalk.org/index.php?topic=990345.0#post_bci2) there's a way but kinda hacky.

Alright will put extra caution on those personal messages that i receive, thanks for the info :D.

For the 2FA, that would flip this forum 180 degree, since it really is such a good addition to security for this forum.


Edit:
I'm able to sign a message with my old address which had been assigned to my old account back then when there was a feature to include your bitcoin wallet address inside your profile page (or is it for member rank and up only? idk i forget xd).

What do you mean "include your bitcoin wallet address inside your profile page " ?

I believe that you don't understand the sign message. When you sign a message, you need to have a private key of that address/ wallet. The point to prove your account ownership is here: Sign a message from an address that was used and quoted before the hack. It is to prove that today, you are the owner, not the hacker, and still have control on that address and private key.

It is easy to include any bitcoin address to your personal text, and website link and others in the Profile page. I can search those addresses if I know the username of your hacked account and include it into those places. I can do it without control of private key for that address and it is non sense.

What i meant is that i still have the access to my old wallet address that i mainly use at 2014 - 2016, which yes, i still do have the private key, but unfortunately in the past i've never ever did a signed message using that address. And yes I'm still new to this signed message thing, and i got a question, does signing a message with said address need the private key?

I'm sorry for my misunderstanding about how signed message work tho, i'll read more about it.

Also dont save you login details on your browser, manually typing your
username and password every time you login will implant it into your
memory, you will never forget!

A handy thread which I have yet to get around to doing myself is to stake
your Bitcoin address on the forum as another level of ownership of your account.
Here is the thread > https://bitcointalk.org/index.php?topic=996318.0


HOW TO SIGN A MESSAGE THREAD (https://bitcointalk.org/index.php?topic=4059348.0)

It is good when you have access to that private key.

You don't need to have a sign message in 2014, example. What you need is have a post, or few posts with that address in 2014 or any year before the hack. Post contains that address need to be original, no edits. It is a plus point if some members quoted it for you in the past. If you pay your attention, you see many people quoted the sign message posts in the topic take your Bitcoin address here (https://bitcointalk.org/index.php?topic=996318.msg10820715#msg10820715)

Hackers can edit, delete past posts but they can not send request to other members to delete all past quoted posts relate to the hacked account.

Now, you sign a message with that address to prove that you are the person that owned that private key in 2014 to before the hack.

You signed that message (https://bitcointalk.org/index.php?topic=996318.msg56183146#msg56183146) and it proves the ownership on that account, not the hacked one.

---

It is for PGP message not bitcoin message. They are different messages.

The guide shows the process to sign a PGP message is different and more complex: [Eng: Tutorial] PGP Signature - Encrypt/Decrypt message - Fingerprint (https://bitcointalk.org/index.php?topic=4059348.0)

Noted, i won't save login details on my browser anymore from now on.

Also, I will 100% stake my signed bitcoin address for this account, so I won't lost this account either.

Ahhh, now i understand, well sadly there is no post (that has been posted by my old account) that has my old wallet address written on it. But, i do remember that i input my wallet address into the profile page

For reference, here is a look at profile page that i got from Forum account: security, privacy, and recovery (https://bitcointalk.org/index.php?topic=5261696.msg54779472#msg54779472):
https://ip.bitcointalk.org/?u=https%3A%2F%2Fi.postimg.cc%2FCMf5WDsq%2F20200712-134609.jpg&t=621&c=5N83-ojeSmaBSg (welp, i can't post image, so here a link to that image from said topic, or if you are wary of me giving you some suspicious link just look at the third picture of the said topic)

So i was hoping that the admin or some archival machine able to look it up and ....

Although, after thinking about it again, seems like i cannot prove my ownership of the account, since anybody could change that exact value once they got in into that account. Oh well, sorry it took me so long to realize ;D

Anyway, thank you for your responses, really appreciate it :D

Don't give your account password to anyone.

Of course, you need your private key to access your old wallet for sign message. But if you've never posted that address or PM sent that address to someone in the past, I think maybe your request will be rejected. So the bottom line is that any bitcoin address you have used in the past on forum will serve to prove you are the real owner.

Yes that is true that private key is needed to sign a message, but Redoubt should know that the private key is not included while signing, what that are included are just 1. The bitcoin address for signing the message 2. The message that will be signed, after these has been filled, the user can click on sign message, the message will be signed. Not all wallets sign a message, not all private keys wallets also sign a message, there are few ones that do it, like electrum and coinomi. All wallets signing a message are all altcoins private key wallets while not all private key wallets can sign a message, only few ones do.

You understood the private key, public address and sign message totally inaccurate.

Private key - create public key - create public address

In order to sign a bitcoin message, you need to have a private key for a public address from which you want to sign a message. In a reverse  way, the sign message is to show you are the owner of that address by owning its private key.

It will require you to enter a password of your wallet. This step is mandatory if you encrypted your wallet. It is a prevention to not allow hacker to be freely sign any message when he find your bitcoin wallet file.

It is not correct (but I don't use Coinomi so I don't know about the wallet). To sign a message, you need a wallet software that support the sign/ verify message feature. The incorrectness is from not all private keys wallets also sign a message, you can import that private key to other wallet softwares to sign a message.

Say not all private key can sign a message, it is totally not correct.

Why altcoins?

---

In Mastering bitcoin, see the quote.

Sign a message, you need a private key and wallet password (if it is encrypted)
Verify a message, you don't need a private key.
https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch04.asciidoc

Ok fine man. Your answers show you are wrong again.

Password: Electrum. Passphrase: Bitcoin Core. Two wallets use different words but they serve as traditional password for files that we know.

Bitcoin Core:
https://bitcoin.org/en/wallets/desktop/windows/bitcoincore/
If you want to unlock your Bitcoin Core wallet, you have type

Electrum
https://electrum.readthedocs.io/en/latest/faq.html

Private key wallet: Could you tell me how you learn the wallet type?
I only know deterministic wallet (and hierarchical deterministic or HD wallet), non deterministic wallet, custodial wallet, non custodial wallet.

Mastering bitcoin. Chap. 05 Wallets (https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#hd_wallets)
Bitcoin.it, Wallet (https://en.bitcoin.it/wiki/Wallet)
Custodial vs. Non Custodial Wallets - "Not your keys, not your coin" Explained. (https://bitcointalk.org/index.php?topic=5173370.msg52090702#msg52090702)

You need to read documents again as I see you love what you typed creatively.

What I wrote could be wrong as I am not a bitcoin developer and I will read documents again if I see I understood incorrectly. I hope you will listen to correct your knowledge when Legendary members comment.

I do not see your corrections as corrections, except the last mistake that I wanted to write all but changed to altcoins which I will still discuss below. You should read carefully before making comment, private key is needed to sign a message, but it will not be included while signing the message it works underneath, only what are included is the address and the message you want to sign.

Check what I posted.


Not password but passphrase, know that passwords are not passphrase. It is not also an encryption but a seed extension.

Try to correct when appropriate, what are you talking about? You mean all private key wallet sign a message? What about the private key wallets that do not have the software to sign a message like atomic wallet and many other wallets, only few private key wallets sign a message. Do not correct what is right.

Can atomic wallet sign a message, is it not a private key wallet, you need to understand about wallet before commenting about them because you are absolutely wrong and saying someone is wrong.

Corrected, typo error.

Trying to recover your old account of Member rank is just a waste of time and effort in my opinion.
You can easily get to member rank within a few months of good effort. You will need just 10 merits and that's not such a difficult job if you put in some efforts.
I see that you have staked your address already which is a good thing. Just make sure to put in some efforts and you will reach Member rank in no time.
All the best and will definitely see you around the forum  ;)