Bitcoin Forum

So a guy I do not know sent me a message on Telegram saying that someone is trying to sell my account.

He has not revealed the name of the user.

I just checked BPIP and indeed there was a password reset last month. I don't know how this happened.

My email was hacked in April when I lost some significant amount of money, I'm suspecting this is probably a result of that.

I'm making this post here just as a warning to let everyone know, I do not intend to sell my account, EVER! Even if I die, this account will die with me.

Maybe this could be helpful:

[Guide] Bitcointalk account security (https://bitcointalk.org/index.php?topic=4920096.0)
[GUIDE] How to Create a Strong/Secure Password (https://bitcointalk.org/index.php?topic=5132378.0)

If you have already staked your address, it will also really be helpful if you can still sign a message with the address staked. You may know this, but just saying.

That doesn't sound good. But the warning/info here was certainly not a mistake.
There is a page that shows you the visits of the last 30 days.
Maybe this will help you to confirm your suspicion: https://bitcointalk.org/myips.php

I need to change the staked address as that one is compromised during the April hack that I mentioned above.

I already have a strong password. Always did.


I don't have any merits to give you but I would if I had. Thank you.

---

Suspicion confirmed.

https://i.imgur.com/JNECuC9.png

[moderator's note: consecutive posts merged]

You are quite lucky that the hacker didn't completely lock you out of your account by changing your email address after the password change or use it to scam unsuspecting members.

Try to keep your email address very secure. 2FA should be a must. Once your email address is compromised. Every account linked to it including exchange accounts could easily be accessed by the hacker through password resets.

Is there anything in your PM or outbox? Of course that could have been deleted so you can't know for sure.

No posts were made: loyce.club/archive/members/9/93844.html (https://loyce.club/archive/members/9/93844.html).

Actually (https://bpip.org/Profile?p=legendster), the reset was today, a month ago it was only "changed":

I assume you're the one who reset it, but doesn't that mean the attacker must have entered your old password in order to change it?
Any chance you can sign a message from an old staked address (https://ninjastic.space/addresses?author=legendster)?

Based on legenster's weird-ass accusation against Maidak, which he posted after he created this thread:

https://bitcointalk.org/index.php?topic=5359785

There is a non-negligible chance that he tried to scam Maidak and is now trying to pretend that he was hacked.

Even if your staked address is “compromised” you should still be able to sign it..
Sign it and stake a new address if this is true..

How do we know the hacker/buyer isn’t making this whole story up as if he were the real legendster?

How did you log in of their was a password change?

He reset the password today. The bigger question is - like LoyceV mentioned - how did the "hacker" access the account without resetting the password, and why did the presumably real legendster needed to reset it if...

Is it possible that some random individual messaged you on Telegram about selling your account? How? How did the account selling bot warn you on telegram if you don't have a telegram ID on your profile? And how did he know you weren't the one attempting to sell the account?

Cause it never existed. :)


How did you get access to the account today and reset the password without your mail? You lost access to your mail in April, and your password was reset last month. I don't believe your theatrics; pay off your debt and stop acting like a victim.

you should definitely confirm ownership of the account by signing a message on one of your oldest addresses used here on the forum. I guess not all of them is compromised and only you have access to them.

Your oldest (used 11 April 2013) 1C5voy2et9odzmocDxirb4S6GrTJ6MeqsW (https://blockchair.com/bitcoin/address/1C5voy2et9odzmocDxirb4S6GrTJ6MeqsW) here  (https://bitcointalk.org/index.php?topic=173966.msg1809993#msg1809993)
Or 3JHJKATezUpeGs9JeobzY7U2Fo6iybZ6yL (https://blockchair.com/bitcoin/address/3JHJKATezUpeGs9JeobzY7U2Fo6iybZ6yL) which you used (in 2018) to apply in signature campaigns. here (https://bitcointalk.org/index.php?topic=4737831.msg47551900#msg47551900), here (https://bitcointalk.org/index.php?topic=4509006.msg47603351#msg47603351), here (https://bitcointalk.org/index.php?topic=5065737.msg47721555#msg47721555)


the reason is that it must be determined that you are the original owner of the account. But obviously is not enough strong.

I remembered when I saw your topic Hiring Telegram Managers (https://bitcointalk.org/index.php?topic=5339376.msg57070909#msg57070909) and I contacted you via Telegram.

It is since late of May and you almost inactive since May. What happened recent weeks?

If anyone is still not aware, this story was created to scam Maidak - https://bitcointalk.org/index.php?topic=5359785.0

bu i think the attacker using some IP guard like VPN or proxy because my account that im using right now is one victim and i regain on 2020

for now i think is good to change your email first and then change the password

maybe the reason my account got hacked is because i have same password and account

 you must not do what im doing

If you scroll back into my posts you'll see I've been increasingly inactive on Bitcointalk since late 2019.

I've been focusing my energy on my work on Telegram and Discord.

---

The MeqsW wallet was from some third party exchange / platform. I don't even remember where.

I have access to the later ones as those would be from my Greenwallet wallet account. I'll have to install the desktop app and find a way to sign from there. Will do that later today or whenever I find some time.

The password itself was a strong alpha numeric 26 character pw with special characters and all..

I am suspecting the hacker got access to my Firefox sync account as well which would enable him to get passwords of different accounts. Of course I've reset that pw along with all the old important passwords. (and still resetting the unimportant ones)

---

Yes I was the one who reset it and the one before was 'changed'.

Which implies the hacker must have had my BTT password from the April email breach (which would have given him access to Firefox sync where I store a bulk of my passwords) and he simply tried to log in and changed the pw last month.

There have been a number of attempts since April to log into my exchange accounts but since I reset them no one has gotten in but I did get a bunch of emails from Binance and other exchanges where there were some failed attempts to log in.

And no, nothing in the outbox.

And yes I can sign from some of the old addresses but they won't mean anything as the hacker would have access to them as well.

---

That is what boggles my mind that someone got in DESPITE 2FA being active on ALL my accounts.

And google defaults to the new way of 2fa where you get a notification screen where you have to approve that you're signing in from a new device - I didn't get any of that when the hacker got into my email in April.

I was only notified when my DDIM tokens were being unstaked and I got that notification on Telegram. But It was already around 50 minutes late.

PS: I was stupid enough to have saved my master priv key sheet in the drafts of my email around Feb when I was doing a PC OS upgrade. And didn't care enough to delete it later. Because in the back of my mind I knew no one could bypass my 2fa. I was wrong.


After the hack, I did make a post on Linkedin and perhaps Twitter, seeking advice from security experts.

https://i.imgur.com/7rzlA1j.png (https://www.linkedin.com/feed/update/urn%3Ali%3Aactivity%3A6788875475822379008/?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6788875475822379008%2C6789294845975437312%29&midToken=AQHx-eMKBZXLAQ&midSig=2vHE9wpMZsGFI1&trk=eml-email_notification_single_also_commented_on_this_01-notifications-1-hero%7Ecard%7Efeed&trkEmail=eml-email_notification_single_also_commented_on_this_01-notifications-1-hero%7Ecard%7Efeed-null-mdo7l%7Eknmwqqv7%7Eq6-null-voyagerOffline)

[moderator's note: consecutive posts merged]

Wait, you stored your passwords in the cloud? :o Why on earth would you do that? Cloud storage is a terrible idea for passwords. I don't even dare use the same account on more than one device, because each device increases the risk of getting compromised, let alone give each device access to everything!

I'm a complete idiot when it comes to tech, and even I know not to do that.  I'm not trying to rub salt in any wounds here, legendster, but damn.  I use Firefox, but don't use the sync function.

And I'm not even sure why e-mail is required on this forum.  I get that some people want the 2FA security, but for me it's just another piece of data that can be hacked, and personally I don't care to enter anything but a throwaway e-mail address.

Why didn't the hacker reset the password is the better question.  And if legendster did indeed get hacked and the hacker didn't change it, I understand why legendster would change it--unless I'm missing something obvious.  I'm assuming the hacker got access to it from the Firefox data in which it was stored and presumably still has it.  No idea why a hacker wouldn't change a password on an account they just hacked, but hey....I'm not a hacker.

That means someone might be able to access that email address. Yopmail users for instance have had their account compromised that way.

See:
Further reading here (https://bitcointalk.org/index.php?topic=5150936.0).

Which 2FA method?

Google has several different options for 2FA, there is one where you open the Gmail app on your mobile phone, another uses Google authenticator, and I believe there is also an SMS verification also. So which one were you using at the time of the hack?

legendster's account has been hacked ???! I am so much scared to see it. legendster is a very reputed and skilled person on our Indian board.
When I joined the forum, I was not very careful about email :(, I have created my account with a random email address, will I have a problem? What do I have to do now? please suggest me.

Change it (https://bitcointalk.org/index.php?action=profile;u=1045367;sa=account) :)

Even how many security levels that you put into your account or even your email address if you didn't care about it, it's useless.  As long as you've used an email address that's not associated with your personal and daily use account, then, you'll be fine.  If you're the only one who knows your password and your email address used, you're safe from a possible scam or being a compromised account.

Threat your account as you valuable stuff and avoid it sharing with anyone.
I'm on this rank now but I never change my password even at once or email the address because I know that I'm the only one who uses it 'till now.

I suspected that this was probably a cause of sharing an account or might use it as collateral in exchange for something valuable than this, IMO, and CMIIW.

I'm afraid that it will ask verification code when I will change it?





I just used a random email like abcd@example,com, even it does not exist.

I haven't shared it with anyone publicly, but maybe forums staff knows that.
when I randomly go to report on other's posts and it warned me that email is revealed to the forum staff, then I stopped reporting their post cause I don't want to reveal the address.

https://i.imgur.com/VWIYZM0.png

After spending a lot of time now feeling better, Successfully I've secured everything with a strong password, :)
I also set google authentication app to secure my email.  8)
Now no one will be able to hack my email like legendster without authentication code.  8)

This guy is a hacker. Please give negative trust to this account. I am the  owner of this account and he changed email address signature affiliate code and Bitcoin wallet address today.

The thing is screenshot aren't 100% verifiable to proof of your ownership, you need to sign a messages (but you said the address you used are from exchange) tagging without verifiable proof isn't correct.

If the hacker has access of your phone (which the same phone you get the 2FA code) you can still get hacked.

Hi! I bought legendster ID from him last May,
He sold the ID to me for 500+ usdt and now recovered his ID.
This person is liar and totally fake. please stay away from him.

I will send telegram chat photo.

What's going on here? lol

If he sell his account only for 500 USDT, he's stupid enough since his account is more worth around 0.05 BTC or more (worth 2300 USDT right now). Even you've send the Telegram chat I doubt other people would trust it (include me)

---

@legendster I hope you could sign a messages of your Greenwallet address as you said previously, otherwise this case will be more complicated.

He scammed me 500 usdt and took the account back again last monday. I also have the old password, forum moderator can verify that.

Can you send a signed message that proves you bought the account? I don't trust screenshots, they can be doctored.

What do you base that number on?

No, forum moderators can't see your password.
There's a flaw in your story: legendster's email address was never changed (https://bpip.org/Profile?p=legendster).
Why would you buy an account and not use it for 4 months?

.
.
.
These three person are involved into this trading, two of them are from India & last one is from (Vietnam/Indonesia):
https://i.ibb.co/VBX5pj7/Capture-2021-09-15-10-31-12.png
https://i.ibb.co/4407KFB/Capture-2021-09-15-12-27-52.png
https://i.ibb.co/4sMBCmN/Capture-2021-09-15-12-27-15.png

First guy, the actual legendster or the hacker or bounty manager came to sell his account and offered the account to (2nd & 3rd guy, or other team member- they are reseller team)
2nd & 3rd guy are reseller and middleman as well, they have a huge team member.
I bought the ID from the reseller team on May without email address they refused to give email address:
https://i.ibb.co/b3mqw0p/20210915-121142.jpg
https://i.ibb.co/3yCs5h2/20210915-121138.jpg


Then I tried to contact with the 1st guy and offered money for BTC/ETH address, but he disagreed to sell, He need huge money otherwise don't want to give BTC/ETH address.
https://i.ibb.co/JdNRxPJ/Capture-2021-09-15-10-12-57.png
https://i.ibb.co/XSRrKHr/Capture-2021-09-15-10-14-49.png
https://i.ibb.co/F3rn83V/Capture-2021-09-15-10-18-47.png

Then last monday 1st guy suddenly started dancing and texted the reseller team and wanted back his account but don't want to pay back, but I disagreed to give.

I gave all evidence with old password too, forum moderator can verify the old password, from May to "September 13, 2021" that account was in under my control and now he recovered the account without giving me back 500 usdt.

Video link of the chat: https://drive.google.com/file/d/1Vs0mFlQp0Zoz7rpqEilCs3Jwzd9E9vhS/view?usp=sharing

Quoting for images:

I also added video of the chat, hope it will help to understand you. If "@TheUnnamed1"  is the legendster's Telegram then the first guy is he. see the video.


I bought the account cause the reseller team gave me confidence, they are well known each other, all guys are from India and they are well known each other.
They have multi accounts that's why they fear me to scam but I don't want to reveal all of the names.

My own speculation and his trading history.

So, you are the guy who takes a $3000 loan from Maidak? https://bitcointalk.org/index.php?topic=5359785.msg57931790#msg57931790
If you know some other names, better explain everything otherwise you are also part of a fraudulent group.

btw. your video proves that someone wanted to buy a private key from an eth address. nothing more.

I recognize that Dimitry motherfucker.

Yes, he did contact me out of the blue and listed one of the hacked addresses (the one which had the most funds) and wanted to buy it.

I have an old friend from the forum who's known me for quite a few years.

We talk almost on a daily basis.

I immediately confided in him regarding the issue that some unknown dude who knows that this address is of no use to me pinged me and wants to buy it. (how does he know it?)

https://i.imgur.com/vgo23hE.png

Here is a clearer shot of the Dimitry chat as I took it that day.

https://i.imgur.com/LIo3n8Z.png

My intention was clear to fish for more information and go for the wait and watch approach. Apparently I failed.

---

---

Now this is new information to me, about this Raj Rj guy. Never seen him. Dunno him. But boy if I get a hold of him..!! He'll be in some deep shit!!

New hypothesis.
The people that originally hacked me in April must have acquired my password from that saved draft / firefox sync account and must have sold to these reseller guys. From where, this Dimitry guy might have purchased and gained access to my account. And quite possibly be the same guy that might have scammed Maidak.

The people that hacked me in April could not have been the same person as Dimitry or Maidak because then they'd easily be able to sign a message with that Bc1 address.

PS: Raj is a very common name and earlier this year I have interacted with at least a dozen of them for various AMAs. But I do not recognize this picture that was shared.

---

Now, prior to this Dimitry guy messaging me out of the blue, I have never interacted with him, nor have I ever reached out to anyone to sell my account, or my wallets.

---

I must emphasize.

I do not remember writing down the password to my BTT account anywhere. I use Chrome / Firefox's password manager to store these.

---

Just to repeat once more. I have NEVER sold my account. And I have NEVER sold any of my wallets.

I'm gonna fucking change EVERYTHING now.


If anyone knows how these assholes are able to get behind the 2Fa let me know. Google defaults to that new clicking approve interface 2fa rather than the old school sms 2fa which was way more secured.. Could my mobile be compromised?

---

The irony here is

1. Maidak got scammed by Dimitry who was pretending to be me.

2. But Dimitry got scammed by whoever was pretending to be me when they sold my compromised account.

I don’t want to argue cause it won’t help me achieve anything, and I don’t believe this story.
It seems, dozens of people have been in contact with him for the past few months, he knew everything but took zero action, I don't know why! Now, 5 months later, he remembers that he has a bitcointalk account and his potential email was hacked.

Telegram idiocy at its best. Now the participants (how many are there? 3? 4?) of this telenovela will be posting screenshots cut/edited to fit their narrative.

Don't turn-off your tv just yet, it's just getting interesting, we are waiting for first female character to show up and new plot twist.
We have all important countries including Vietnam, Indonesia, India and now probably Russia, to make it internationally.
Both of these guys should be on ~ list.

I am more than happy to forward the email from bitcointalk to anyone who would like to verify. The wallet addresses provided by me are from two three years before. I have no control over them now. But admins from Stake signature campaigns can vouch for me as I am still in contact with them.

The above message is posted by the hacker.

Note: He has no access of my phone. My email and facebook account got hacked after I tried to install a pirated software on my computer from torrent. Once he changed password of my facebook account I got the notification and locked it. For Bitcointalk he knew that I would get the notification when he change password. So, he sent a signed wallet address on another thread and quoted some posts like the one mentioned above then changed password the next day.

You should open another topic for your case.

Well to be honest I think this story makes sense, but its a bit strange that you wouldn't think to log in to your account for over three months, until you were contacted by Maidak... your activity was a bit more consistent previously. But anyways. Sounds like Maidak realizes he was scammed by an impostor.

Correction. I was not contacted by Maidak to rejoin here. I was contacted by an unknown stranger on Telegram, who was one of the people who were offered my account for sale.

Besides, I had 'remember me' turned on for my BTT account. Even if I did visit the forums for viewing shit and what not, I would not have noticed the log in until the password was changed by whoever that had access.

And thanks to the toxicity of BTT from users like suchsucker and his hermaphrodite gang members, this place isn't as bright and fun as it used to be. Which is why I don't actively participate in the forum any more.

Maybe I will again.

---

In any case, I have created a flag (https://bitcointalk.org/index.php?action=trust;flag=2837) against Maidak for trying to blackmail me by scaring me into sending him money by being afraid of how he'd tarnish my 'reputation' here.

I guess he didn't know that suchnobrainer and his/her numbnut posse have already taken care of that years ago.

I don't see how keeping this thread alive is needed anymore.

I will shut this one and the other one within 24 hours. If anyone has to get any words in between now and then. Feel free to.

Once again. I have never, and I will never, ever sell my account. So if you see that message from me. Then its not me.

Sounds a bit schizo TBH. Creating a flag against someone who got scammed by your impersonator, if we were to believe anything you say.

I'm neither Supporting nor Opposing this Flag. This whole case is a clusterfuck of mistakes on both sides.

All I see is a tag from 2 years ago for something shady you did 5 years ago. That wouldn't stop me from trading with you.

This is the real problem:
It means you can be anyone now.

And there's this:
I'm still waiting.

Sure, I am the hacker now. I hacked legendster. Killed him. Peeled off his skin and now I'm wearing his skin like those MIB movies and living his life and posing for pictures and attending events as him.



 ::)

That is exactly what the hacker would say ;)

Account locked.

Hacker logged in using my secret question.. feeling very compromised right now.

In the process of changing everything.

https://i.imgur.com/ly81bo3.png


I can still be reached on my Telegram.

They tried many times.
Seclog (https://bitcointalk.org/seclog.php):

Quoting for visibility. Now the real owner has to follow instructions in Recovering hacked/lost accounts (https://bitcointalk.org/index.php?topic=5089777.0) and convince Cryptios (https://bitcointalk.org/index.php?topic=5138349.0).

@alanst @3dOOm @Rizzrack: please consider this when deciding who's the real owner of account legendster:

---

---

"Secret questions" are a terribly insecure method to restore access, it's (often) easy to "hack" using information publicly accessible through social media.

Definitely will ! These things are rarely straightforward anyway  :P


Reset via secret queation does NOT reset the password. It Locks the account and user need to go through the account recovery process...

I knew that, my comment was meant in general ;) I've disabled my secret questions, nobody can lock my account that way.

That really is the recomend approach. It was easier to repurpose than to remove I guess and also be sure it doesn't break anything else


Reminds me of this: https://youtu.be/opRMrEfAIiI

Can say maybe the person in question knows your login details, because for someone trying to hack someone account or an account their is every tendency that the account details has been reviewed to the hacker weather through the email information, the user login the details of he or her account to different or numerous system that can cause ot result out weakness of password for easier assessment or penetration.

After a few days of checking every foreseeable aspect of this case (email, private keys, synced browser passwords, secret questions and what not, seem to have been compromised at some point), we've come to the conclusion that the hacking extent is way to big to determine the ownership correctly so it will be better if the account remains locked indefinitely.

Well, case closed. Lol.
Is this a first for a user who can sign a message? Or does it happen more often?

Theoretically, he can, but never did nor did we feel the need to ask for one as it wouldn't have meant much since the private keys seem to have been kept on a possibly compromised email address. There were a lot of question marks that wouldn't have been answered even with the help of a signed message in this case.

There is one problem with this though. Someone hacks an account, burns it with a scam of some sort, and then on the way out says "by the way, my account got hacked and the hacker got private keys too". Then the real owner shows up, who possibly never really lost those private keys, and signs a message. I hope you have a bit more to go on than just a word of a (potential) hacker.

We sure do, and I'm certain you understand the reason why we're not able to disclose any more than this. There was a combination of factors that made us come to this decision. It's never easy to leave an account locked, more so a legendary account such as this one and we've said many times that, even if there's a 1% possibility that we're not returning the account back to it's original owner, we'd rather have it remain locked instead of it ending up in the wrong hands.

https://i.pinimg.com/originals/d1/1b/82/d11b82a417f58d955905efb98e24af0c.gif


That's understandable but it would have evidenced the possibility that Legendster was telling the truth. Without it, there's no reason to believe whoever has the account is currently capable of doing it, and it could have just been part of a story.

I would have signed the message first and then disclosed that its possible the hacker had the private key. It's a weird statement to make without backing up but not completely relevant to what's at stake.

In any case, its a moot point now.

I somehow still think that the person behind Legendster account is still the same and was the one trying to recover his account. If someone here has some brain cells and can even notice he still has the same tone of words to lash out on anyone as he had previously.

You are nowhere near justice to the real owner here.

#BitcointalkRecoveryTeam.

It seems the person is the same but he sold his account to many people and
1) he gave the password to one party.
2) he gave the private key to other parties.
3) he gave the email address to another party.
....
4..5...6....

he sold the account to 3/different persons and convince each party not to change the information of a sudden and then he went on hibernation for some days.

he got email notifications, and when he realized something is going bad and was over control, then he came back again and took the control.

Among the above 3 parties, one party is very intelligent and set a security question silently, and the real owner didn't notice that after taking control, cause he reset the password from email address, he didn't check the setting menu. that intelligent party is now coming and change the password via secret question.

this is my notion, everyone has his own perspective. So legendster fans please don't jump on me :'(. Here I see many legendster fans. :-X

There is too much complexity in this case and since no one is willing to or can sign the message, the account will be locked forever.

So the James bond movie had a sad ending for everyone.
If legendster was true than he have lost his account. The hacker also jumped in the conversation, so if he was true, then he also lost his 500$ because he does not have an account for which he paid.

Can you tell how to disable secret questions ?

Go to Account Related Settings (https://bitcointalk.org/index.php?action=profile;u=2385552;sa=account), and remove them.

I never set my security questions. So its blank by default. This means its disabled already and i am safe ?

Yes, that should be OK.



So this account lockout attempt was from Nigeria. Multiple countries continents involved in this  :o

https://i.imgur.com/XWJtgTG.png

Well I see 4 whole pages of talkings here, but unfortunately no DT bothered to leave a feedback to the OP account, at least neutral, saying it's very likely to have been hacked, and the likely true account owner admitted that some of his private keys could have been compromised. What will happen, if the hacker one day manages to recover the account, deletes the last posts regarding the hack and uses it to scam people trough PM or subsections not used by people remembering the case ?

Bpip doesn't even say that the account is still locked https://bpip.org/Profile?id=93844

How will he recover the account minus getting noticed? The same people who indefinitely locked his account are the same people who do account recoveries and they very much well contributed in this thread.

Relax, account is not going to be used to scam anyone if it's locked  ;)

Because such data may not be publicly available for the third-party sites to scrape.

I don't think BPIP knows: bans are published in modlog (https://bitcointalk.org/modlog.php), "locks" aren't published.

How about you read the topic before shitposting?

---

---

This topic should be locked. OP won't be coming back.

TL;DR:

It's a fair point. I also find it surprising that there was no neutral feedback left regarding this back in 2021. Despite the OP being inactive since then, if they had their account hacked before then it remains possible to be hacked again (at least in my mind). I've also left neutral feedback referencing this thread, in case the account is hacked again and/or sold, even if remains unlikely at this time.


Agreed topic should now be locked, but I wouldn't be surprised to see the OP's account hacked and/or sold in the future.

It's locked. If sold, it still can't post.