Bitcoin Forum

I have noticed several accusations that they have not asked me for any loan but they have not changed their password. Unfortunately, I have accepted one of them. I am worried about the access of those accounts without changing the password. How is the hacker processing like this?

Case 1: https://bitcointalk.org/index.php?topic=5459055
Case 2: https://bitcointalk.org/index.php?topic=5478004.msg63344637#msg63344637
Case 3: https://bitcointalk.org/index.php?topic=5030169.msg63440375#msg63440375
I think there might be many more though I can't remember and do not know how many people are facing problems like this. And how long we may keep safe ourselves.
Case 4: https://bitcointalk.org/index.php?topic=5030169.msg63543020#msg63543020

reserve

Not sure about two other cases but for case 2, it seems a terrible practice was made (at least it is what the user told us).

Teleporting an account from Bitcointalk to Altcoinstalks, and using a same password. It breaks an important principle, don't reuse password on different platforms.
No requirement to use the same password for the process!

I don't know it is a reason or just a fake one, used by the user to fool us but let's say, reuse password is bad practice.
I don't believe admin of Altcoinstalks forum plays bad and do something like this with his forum members but who knows. And let's take this case to make a warning, again

Don't reuse password.
Password must be unique, best if randomly generated, and strong.

Sound like too much of a stretch, if anyone with access to that data would have had really malicious intents he wouldn't have opened a loan request from an active user, they would have ta lot of other things too and for sure not acted just as soon as they got the pass for $300 knowing they will be the fist to have the fingers pointing at them. But leaving altcoinstalk side, another compromised platform might be indeed plausible, all the users should check if their email isn't already on some pawned list , with so many scam shitty offers around here I wouldn't be surprised if more haven't already entered the same credentials to dozens of sites.

Of course, there are a few other explanations for this but I'm not going to create a shitstorm by mentioning them, I'm leaving that to some other unlucky bastard!


Will be a bit of pain in the ass for the eons asking for a loan but make it mandatory to ask for a loan with a signed message from an used address on this forum, at that point you don't have to look for suspicious activity and waste your time wondering every moment if this is the real guy while siding hundreds of "is this really you?" messages.

Plus there won't be any kind of 'it wasn't me" situations where you get scammed of some $.

Maybe someone else in their surrounding had access to their accounts, so there was no need to rest password and take full ownership of account.
Weak passwords are easy to crack but in most times users made mistake with sharing password, or keeping browser opened with logged in account.
I looked at examples you posted and I would not fully trust what those members are saying.

Exactly. Just because someone claims their account was hacked doesnt mean its true. That tjtonmoy character looks particularly suspicious. He has a history of lying and cheating in contests and bounties. I do not believe in his story.

Although, you're right with your doubts but the story he shared seems a little bit informative at least for the ones who use same password on many platforms. It's always better to use different passwords for different platforms and one should avoid using same password or similar passwords on different platforms. I'm not saying that whatever the guy claimed might be correct exactly but it's a matter of concern and that's why I believe others should learn from it.

In 3rd case I also found something strange and I believe that someone else might have used his account to place that loan request as in the 1st case, but in 3rd case the user's account wasn't compromised at all, and I believe someone around him might knows his computer's password and that person might have asked for a loan instead of the real owner of the account.

Easy guess. But we can only speculate.
Probably some accounts that grew to become reputable haven't actually change their passwords in a good while and it must have been caught on a compromise.
Someone with malicious intent was just testing accounts and got access to these.

It might be a good idea from now on to require loan requests to be done with a staked address or signed by one.

I don't think it is due to a generalized problem, considering that the first case occurred six months ago, the second one a month ago and the third one yesterday. And even more so if we question any of the three stories. As you have been told repeatedly, by asking for a signed message you avoid problems, and as I see you already did yesterday in the case of ryzaadit.

READ FULL POST HERE: https://bitcointalk.org/index.php?topic=5478004.msg63344637#msg63344637

I have shared non-blurred ip address screenshot with shasan too... If you want to know then you can ask him.

Account hacks without changing passwords have been happening before, mostly afterward the accounts would be used to spread malware. Perhaps the hacker has noticed it is profitable to get no collateral loans using those active accounts.

I would like to reecho this

Could all be that 1 user claimed hacked and didn't get tagged and was given time to pay, so others came up with their own story along the same lines. They could be telling the truth, but they could be full of shit too.

For example, the teleport to altcoinstalk story. There are a load of us who have teleported and have faced 0 problems.

Here's the thing: you could also have been using a VPN to pretend your account was being accessed from somewhere else. However unlikely, we have no way of knowing what happened for sure.

If shasan had lent you (your account) any amount of money, you would be 100% responsible for paying him back. So even though nobody should lend to you ever from now on, I hope you at least learned a lesson about account security.

I must say, I'm one of the victims.

My passwords have not changed for more than 2-3 years, I have discussed this with my friends as well for these cases. The possibility for my case is by:
- Reused password.
- The password getting leaked due reused password.
- Saved password (google) getting leaked (my friend says).

I have not done anything regarding bitcointalk and discussions with strangers for the past month.

---

Based on the hacker requesting a loan, seems like they're overview activity from the original owner. I checked my Bitcointalk IP, I have 4 activities and the first one on (18th December). at that time I still had a loan of around 300$ with shasan, I and him have a successful loan with 7-10+ of course with the same address.

I finished my loan more early, paid all back on 30th December. Then, the hacker had activity yesterday 3-4x times and requested a loan with the 300$ (the most amount can pay, around 300-400$) mark.

Luckily shansan knew the address differently and rejected the loan.

IP Log from My Account
Yesterday
https://talkimg.com/images/2024/01/05/smhi1.png

18th December (First Activity)
https://talkimg.com/images/2024/01/05/sm4wm.png

I change my password after these 2x time to make sure + add my account with 2FA as well.

Did you teleport to altcoinhack forum with the same password or not?

My guess: accounts getting compromised is nothing new. But since you (OP) have handed out loans before without asking for a signed message, I guess the attacker just tries his luck with you again.

@shasan, if I can remember correctly then in the past someone [may be more members] suggested you to ask for signed message from the borrowers. I hope you are practicing it in your business.

No one is hack proof but reusing password deserves to be hacked or you will not learn lessons.

If anything happen to an account and the account takes any loan then the original account holder is responsible for it. There are no escape.

I prefer a combination of common sense and signed messages:

A small loan to recover any accidental situation is fine. It's not a bad thing but when a person become a regular on lending board and taking loans, repaying it then repeating it for long time, I see two reasons for it:
[1.] Trust farming
[2.] Waiting for a good opportunity to scam a large amount and never come back.

I had to make an Announcement (https://bitcointalk.org/index.php?topic=5480506.0) LOL

I can't go back in time to change my ip with vpn. See the date and login info. If you thik that it's edited or something like that you can ask me in dm i can screen record refresh every page and show you.
Drop a dm if you want any further info.

You actually can. Not sure but my common sense tells me that when a system will use clients end date-time then the client can set a previous date to show such logs.

Well don't say you can before you try and do it. If you can show proof that you can use client end time and date to change forum time then share it with us. Let's se if this is actually possible or not. As far as i know it's not possible.
Also i have screen recorded the ips which shows live proof. You can call me to see too.. I'll share my screen with you. But for now i will send a google drive link containing the screen record. It's uploading amd when it's done I'll dm you

You locked it, so I'll reply here: anyone with access to your account can edit that post, and any potential trade partner won't easily find it back. If you unlock it, I can quote you there, and link my quote in neutral feedback.

Please read what I wrote. You are here to justify that you are innocent, not me. I am an speculator, I don't have time to set which player should play in which position, how fast to move, how to defend, how to attack and finally to win the match.

For the record I would like to say that I do not think you are lying but I can not say that you are 100% telling the truth too.

Wise thinking! Unlocked.

Actually teleporting the account was not the issue.. i used the same password for the account. Maybe that's why. I said that could be a reason and i am not sure myself. I used that same password on vk steam and many other platform also discord. When i tried to log in few days ago ( i installed new windows too, so i had to relogin) and they asked me to change my password. Saying "You are using a compromise password. We have prevented the login for having 2FA. please change password to proceed.
So it was hacked for sure i can tell you. Don't know when it got compromised but now i have changed every password and different password for each platform including forum password.

I have checked the time-changing issue. I have set the time manually also used VPN and then reverted everything to normal. Despite all of this, the forum time remains the same. It is embedded in the forum which can not be changed by using something from outside. Not just you but if anyone want's to try, they can do it. Just saying.

That's not what I'm saying at all. You don't have to go back in time to use a VPN... Its weird that you would even suggest that. But I suppose its a moot point now.

So you are using a VPN? You see, thats why your IP proof means nothing. Anyone can change their IP address whenever they want. And thats probably what happened when you planned all this, but for some reason you changed your mind and now you claim that your account was hacked.  How convenient.

Of course, there is a remote possibility that you are telling the truth, but as I stated earlier, I still have no reason to trust you, given your prior record of lying and cheating on this forum. Just saying...

Asking for a signed message from a known address of the one who asks for a loan should be a compulsory point. If wasn't asked, it is a negligence of a lender.

We don't even have to be sure in that stories about different kind of account hacks are true. Since there are any of these stories, asking for a signed message should be a must. It is not anything too complicated, but it gives an additional level of sequrity.

I never ask and will never ask for a loan on this forum and I don't want that someone will give a potential hacker everything basing on my reputation. Check and recheck is what expected from a lender.

You are good that you can guess about your future but personally I can not tell what is waiting for me in future. But my current situation is good enough that I can tell that I may not need a loan, at the same time I can not tell that I will never need a help from someone else in the future.

I just downloaded a vpn extension called touch vpn on chrome just to test that. Just because i said that means i was using that all along? Come on... I am not that smart to plan all this... Trust me when i say this. I am not capable of planning so far ahead.
Here's what i want to say in the end... You can trust me or you can't. That's up to you. I know i said the truth and my account was compromised. That's all. Now you do whatever you feel right. I have no way to prove myself. So why even try?
If you know a way to prove it, tell me. I'll try to follow the instructions.

And thats another blatant lie. You really cant help yourself, can you?  :D

Just a few months ago, you claimed that you were regularly accessing the Bitcointalk forum through a VPN (you even purchased a subscription) because you were worried about your government tracking you.

All I would say is that it takes a lot of time to build some trust in a community but a few wrong steps are going to be enough to ruin that trust. This happened to you and to two other users and I have also noticed that a few weeks ago a good user with almost 16k posts had faced some account hacking related issues, a malware link was posted from that user's account and which caused problems for him. Now 2FA is added to the site and I believe it's a better security feature to protect your account from unauthorized access.

You have been a very controversial user for sometime and that's another reason why others aren't able to trust you. I would say that be a good member of the forum and try to take all security measure that you can and also try not to make any mistakes intentionally or unintentionally in order to get some trust. But, I fear that lost trust can't be regained easily, you'll have to prove yourself and stick with your statements.

Just putting it out there
https://i.ibb.co/XsCkD83/Screenshot-20240105-203044.png (https://ibb.co/2tkYSNs)

Edit 1

https://i.ibb.co/CVGtN5n/Screenshot-20240105-203714.png (https://ibb.co/9y5vz9q)

OK so it appears the actual problem is you downloaded some malware that is designed to steal passwords. I hope you ran something like Malwarebytes on your computer and got rid of it. You should just assume that all your passwords are compromised... For anything important, change your password immediately.

https://socradar.io/malware-analysis-lummac2-stealer/

Since when is OpenAI able to detect if same password is used on another website?  ::)
Using same password on multiple website is worst thing someone can do, and you won't believe how many people are doing that every day.

You obviously have some malware on your computer and I would urgently reinstall OS and install fresh Linux, maybe even consider that everything you used is now compromised, including your bitcoin keys and financial stuff  :P
Lummac2 stealer wont work on Linux.

Yeah, creepy.  Obviously they don't hash the password. 

Can you tell us what did you download to get infected? And how conveniently it all happened after you joined altcoinhack forum, not to mention that they knew exactly how to operate around here, where to go to ask for a loan etc.
These kids. 😂

Because - There are plenty of sites that will show many/these breaches and all the data in them has now been fed to open.ai. Simple teaching. ::)

https://haveibeenpwned.com/

I know about haveibeenpwned website but this website is not showing each individual email address that was pwned, just websites with leaks and dates.
Knowing who is behind open.ai I would never use their tool for anything nor would I ever trust them :P

Once I had a creepy experience.

I bought a domain using the full name of one of my client, the client was lucky that I found the domain which contained the exact letters of his full name. After purchasing the domain I was curious to know what OpenAI think about the name [not the domain]. I asked and it answered me with the domain name too, there were other details which I can not verify but when I saw that OpenAI knew the domain name which was registered not even an hour ago, I freaked out.

OpenAI is taking notes of every key you are pressing on your keyboard.

If you are typing your seed then type it offline. Even better after setting up the seed, reset the windows to make it a new computer.

 :-\

In a future where OpenAI implants blockchain enabled pacemaker wallets, and decrease your balance in time (https://www.imdb.com/title/tt1637688/), being able to to buy/trade/scam bitcoin will be literal life or death. 

I think you are missing something basic here - Most data on that site is all pulled from public pastebin dumps by hackers -

115,766 pastes
228,881,584 paste accounts

Also, whoever owns it obviously has all the emails, not to mention the other sites out there aggregating similar data like this.

Youre dodging the question.  Why do you have a persistent habit of lying?  Specifically, your use of a VPN to access this forum.  Have you become so bold as to believe that your government can no longer track you?

And, all the promises you made last year were just empty words?

I am avoiding because there's no point in saying anything. Whatever I say you will blame all on me. So go on then.
Haven't used VPN for 3 months because I moved out from my old house and now using a new wifi. Also my subscription ran out. So i thought i won't use it.

Now you will say i am making up stories. I have said that i moved out from my old place. Go search that on my profile too.
But yeah. You'll blame me again so I'm just gonna ignore you. There's no point. I have already submitted all the proof and I don't think i need to give that proof to you....

Dm sent to people i thought i can trust. It ain't you buddy.sorry.

Stop ask others, make your own research so you don't regret your decision. Now when mixers are banned I am positive many people will try a exit scam. If I was you I should pause all loans for like 2-4 months and take a break.
Trust me it will save you from losing money and then you will see who still is left and are real, and the fake one's will be gone by then.

Good luck Sashan with your service.

Most of you were asking about the legitimacy of my claims and whether my account was hacked or not. Here is some research I did based on my profile's IP address from which my account was accessed.
This is the list of IP addresses with dates:
2023-12-14 14:01:22   2023-12-14 14:01:22     185.220.100.253   Haßfurt, Germany
2023-12-14 12:50:39   2023-12-14 12:50:39     185.220.102.249   Dresden (Neustadt), Germany
2023-12-14 11:49:24   2023-12-14 11:49:24     185.220.101.71    Berlin, Germany
2023-12-14 01:48:02   2023-12-14 01:48:02   185.220.101.30    Berlin, Germany
2023-12-14 00:28:39   2023-12-14 00:28:39     185.220.101.19       Berlin, Germany
2023-12-13 23:27:22   2023-12-13 23:27:22   192.42.116.195    Amsterdam (Amsterdam-Centrum), The Netherlands
2023-12-13 22:12:45   2023-12-13 22:12:45     185.220.101.27    Berlin, Germany
2023-12-13 21:04:44   2023-12-13 21:07:45     185.220.102.4       Dresden (Neustadt), Germany

This is the service I found after doing some research and you can check that out.
https://www.abuseipdb.com/check/185.220.100.253
https://i.postimg.cc/vmZhPFL6/Screenshot-2024-01-07-144437.png (https://postimages.org/)

I have checked all the IPs with this link to see and all of them were the same. Either SQL injection, web attack or Brute force. They are all related to the same thing.


I have done the same thing by connecting a VPN and this is the result.

https://i.postimg.cc/T2SxTZtd/Screenshot-2024-01-07-144750.png (https://postimages.org/)
https://i.postimg.cc/m2fbQvCd/Screenshot-2024-01-07-144932.png (https://postimages.org/)

This is my actual IP address which shows a similar report to VPN. (some parts are hidden for privacy reasons)

https://i.postimg.cc/k48TSNvj/Screenshot-2024-01-07-145115.png (https://postimg.cc/tZqdQxfP)
https://i.postimg.cc/BnrDKr70/Screenshot-2024-01-07-145559.png (https://postimages.org/)

This is my IP address when I use mobile data to access the forum.

https://i.postimg.cc/Z5tKFJmV/Screenshot-2024-01-07-145954.png (https://postimages.org/)

All the data are collected from my profile's data log for logged-in IPs. @BitcoinGirl.Club, @nutildah can confirm this as I have provided video proof in their dm.

I have also shared the same thing with @shasan too.

I have provided everything from my side after doing my own research but if you don't trust me, you can check that on your own if you like.

And one more thing I want to say here. @JollyGood, you have recently given me a red tag for something I did 1 year ago. I have lied which is 100% true and for that, I have publically apologised to everyone and asked for a 2nd chance. @yahoo62278 sir can confirm that. I have also talked with him personally about the issue. He didn't forgive me but gave me a warning that if I do something similar in the future, he will change his neutral tag to a negative tag. So if I may ask, is it possible to make your tag neutral as well, please? I am just doing some signature campaigns and building up my reputation. It's not about the signature campaign either. I have a reputation here. Not much but whatever I have is at stake right now. I have been kicked out of the campaign for your red trust.
I asked for a 2nd chance and I did not do anything wrong. I was desperate just because someone close to me was dying. I just asked for help in this forum. And instead of helping, you guys have dragged me here and accused me of something that I did not do.

After the merit incident, all I have done is good. I have not done anything wrong. If you keep on doing this to me after giving all kinds of proof, then this is the end of my journey here in this forum.
I am just trying to be here with you guys. Maybe I get some money from doing signature campaigns. But that's not a crime. I am doing my job and getting paid for that. And you guys are just trying to take that away from me.
Well if you are happy with that then I have nothing to say.

Hope others can find some kind of solution from this who are also wrongly accused.

A small question if someone teleported their account but does not log out can this issue happen? What I understand is that if a user is logged in continuously it is not that easy for a scammer to hack the account as they would first need to hack the email account. I do not think changing the password will help anyone and I do understand that by using free VPNs you can get an IP address from Europe. I am not pointing any fingers at anyone what I am asking and suggesting is simple logic.

I am using the VPN now and will update you with a screenshot if I am correct you might be able to see the same IP address. Although there is no guarantee as to how the IPs will show up. Free VPNs do not give special protection as paid VPNs. I am now using the US and tomorrow I will be using Germany, as I have said earlier I am not pointing fingers at anyone. It is just a try to substantiate someone's claim and if everything goes well it would be proved.

What I don't understand, what is the correlation between tjtonmoy' case of getting hacked with something he did a year ago for him to get tagged now?

In my opinion, if someone didn't scam and steal money, they can be forgiven for just about anything. Anything that the forum doesn't deem illegal anyways. So, whether Jollygood wants to give you a 2nd chance is up to him, but don't try to force him by saying well so and so gave me a warning. Ask and respect the decision. It may or may not go the way you wish, but that's what you have to deal with.

I feel sorry for you, I remember a month ago you were also scammed by another con artist using these forums. And that person looked legitimate as well. Personally I wouldn't continue loaning out money to these complete strangers online after all these horrifying experiences.

I am not forcing anyone, sir. And sorry to bring up your name here. I asked him politely through DM and he didn't reply to me yet. Maybe he's busy so I thought to bring that topic to the public.
As I said, if someone feels like I don't deserve a 2nd chance, then so be it. I will stop my journey here.
Thank you for your response.

Okay!, I didn't notice this thread before. My suggestion to Shasan bro, you should always ask users to confirm by signing a message with their Bitcoin wallet or they should confirm in another way. It is your responsibility to check who is taking the loan. Or at least you should check if they have used the same address before or not. The account getting compromised is nothing new here.


Look, you didn't have to reply to every one of them once they wrote. You don't have to show too much respect and call them sir. Only answer when it's too necessary.

---

@JollyGood, I guess I have always agreed with you in the past. But, the tag you left to tjtonmoy isn't worth it. The reference you gave is one year old and a neutral would have fit better. I would say; don't make the negative tag worthless. Leaving negative feedback for merit abuse isn't the correct use of the feedback system. I am not sure If he had many accounts or if he cheated with those accounts. If he has, then do your own investigation gather the proof in one place, and then leave a negative tag. Your tags are losing value over time. Don't make yourself another TL. Don't take it as a weapon to take down others. Just a friendly advise.

With all respect but this is on you both and not anyone else.This can easy be changed by using a VPN so what I see is two users trying to fool people that they didn't do it. and ALSO This is so easy to fake and I could do it in less then 10 minutes in paint.
With that said I don't say you're lying but its for sure YOUR RESPONSIBILITY, YOUR ACCOUNT YOUR RESPONSIBILITY TO HAVE IT SECURE! I just saying posting this and call it proofs is just bullshit and not any proof at all.
Scammers always do this, using fake slip and things I have no idea how many times same thing happen me o when I see this I only think negative and trust your less.

But even if it wasn't you that took the loan it's still your account and your responsibility. Often in this cases it's someone close to you that did this (if it wasn't you) a hacker don't just log in with your password, someone have stolen it because you have been careless or trusted wrong person. In my opinion this is on you and nobody else. So this is not even something to discuss, take your damn responsibility.

Notice: I don't say you're are lying or are a scammer. I just pointing out real proofs. What you posted is not proofs at all and If you would be more careful this would never happen. So conclusion? It's YOUR FAULT.
So pay back the money, take the loss as a human, and learn from the mistake and be more careful in the future and come back stronger. We are not kids here.

Example: If you visit a website that is unsafe and they steal your information and steal your login information to Bitcointalk and then take a loan, then it's your fault and nobody else's. You both need to be smarter and more careful.
And yes, I feel sorry for you both. I understand this sucks big big time, but it's nothing else to do then pay back and after that move on. It's called life.


And also @Sashan I see some people say you should ask for signed message, I don't know how that works but if that can make a end of this shit, you should start using that, its a win/win for everyone but most important for you! Or just stop lend out money to dishonest cunts. I feel sorry for you and I hope you recover, I hate when nice people like you get used by poor cunts that are to lazy to earn their own money. Stay strong! 🙏


EDIT: Now ryzaadit explained the situation and thank you for that ryzaadit I apologize if I was to fast to post but I just wanted to be as clear as possible but still. Your account your responsibility
Good Peanutstar paid back the money, that shows he is a human that know how to behave respect to you Peanutstar! Also good that the "scammer" did not success to get a loan from your account ryzaadit.
My message was nothing personal to anyone of you, I just wanted to point out the word "responsibility".
But also, this is your words even that I believe you now it could also be a possibility that you tried to use another address and that Peanutstar regret the scam attempt and paid back instead, right?
But I don't think so for now, now I trust you and what you just said, it sounds logic. I just saying it could be a possibility. How ever, thank you for explaining and have a good week.
And for what it's worth after you explained as I said previous I trust what you just said it sounds logic and honest IMO.


But if this (Sign-Message) can pretend this, why not always do this before pay out a loan? or maybe it does not work anyway? or maybe he do it all the time? As I understand if you use same address no need to do it, but if you use a new address or loan for the first time this is or at least should be number one rule?

The challenge here is not about changing the password to that account that necessarily matters first, this hackershave developed more strong resistance that could make them hack and yet make it appear they didn't, the easiest way for them to do so is by having access to the device we are using to browse or access the forum, then they try to use our same logins details already backed up on the google and copy them to log in, two of them will be using the account together, the user will not be suspecious because he's still having access to the account, but attrocities like loan, spamming, or change of wallet address could be initiated by the hackers on the user's behalf, we have to watch well all our devices and avoid any third party access on them.

@Peanutstar case has been solved, he paid back the money. Meanwhile, for me, the scammer failed to get the loan due to the address change. I with @Shansan already have multiple successful loans around 150-300$ not only with him but also with @Darkstar_. The sign message is the simplest thing to prove the ownership of your account, however, you need to (Stake) your address first (Unless the hacker compromises your address and is being used for the stake) I can tell the fault is on you.
----
None of us want these happening, this business requires both sides. Usually, the lender will ask you to (Sign Message) at the time you ask loan (If this is your first time requesting a loan). Then, If you ask for a loan again with the lender (As long you use the same address you're using from the previous loan) they will not ask you to (Sign-Message) again (Unless) is changed. Well, the hacker asked with his fresh address not the same address I was using with Shansan so he declined the request unless he can make some sign message to prove the request was by the real owners who asking loan with a different address.

In addition red tags are for failed trade, you covered the proven scam thing anyway.

How many inappropriate feedback you will need to see before you make the decision that it's enough with the respect? You are not supporting the reason for the red feedback but you are fine with having JollyGood on your trust list (https://loyce.club/trust/2024-01-06_Sat_05.07h/1016855.html).

If the hack happened for using the same password and teleporting the account then only the admin/moderators of that site may know the password. If the hack happened for teleport then the scammer is the admin/moderator. Though I do not know who is the admin/moderator and whether they have any intention to be a hacker or not I think they won't do this. I think the hack might have happened for another reason not for using the same password. One more important fact is that others happened same the hacker (which they said) those are not confirmed about the using of same password.

I also don't know actually who's the admin of that forum and where is he from but I don't think that he would do something like this. Their forum is getting more users each day and most of the users of this forum are already on that forum, that's why they would never do something that would harm their reputation. I think that tjtonmoy used same password on multiple platforms and that can be the reason for his account getting compromised.

I believe that tjtonmoy also created a post where he shared some information about databases where his IP address was found. And, I believe if that's true then his accounts on other platforms might be at risk because hackers often share such databases with other users who can easily copy the details and login with those details. Most of the members aren't aware of such things but that's happening.

It's not a good practice to use the same passwords on different platforms and the one who does that often gets targeted by the hackers. It's always better to use different passwords for different platforms and one should also enable 2FA if it's present. During my research I have also found that some people use their e-mail's original password on other platforms but they don't know that they can easily lose all of their accounts on other platforms if an hacker successfully get logged in to their e-mail accounts.

You have guessed the perfect way to be such a hacker if it really happened. Also, there might be another reason if his laptop/computer/mobile phone is used by his friends then the occurrence might happen by one of his friends who does not require anything change.

I read the word "teleporting" several times, and it turns out to be something offered by a shitcoin forum. Are people dumb enough to share their password with them for extra "perks"? If so, that's not even a hack, it's just giving it away.

Don't be subtle: it's stupid :P
Get a password manager, don't store your password database in the cloud, and make regular backups. It takes a while to set up and change passwords for everything, but it's worth it.

That's why computers have user accounts. Nobody uses my account, but I don't mind creating new accounts for friends. There's no need to give others access to your data.

No, that's not how it works. Not even the shitcointalk admin would be that foolish to put its members at such risk. To "teleport" your account, all you need to do is to use the same username and add a link to your altcoinstalk profile on your bitcointalk forum profile (e.g., under your website link) to verify ownership.

But I guess there might be users who are "dumb" enough to think they have to use the same password too.

As for forum admins (or mods) knowing your forum password, that shouldn't happen either. Generally, passwords are stored in a database in a hashed format, which makes it difficult to reverse back into the original password. However, this doesn't mean that people should blindly trust every online platform to have honest intentions.


I agree. Also, use 2FA wherever possible.

That could also happen but for doing something like that the other person who has access to his device be aware of Bitcointalk and its lending board. Most of the people still don't know about this forum and that's why it's unlikely that someone friend could done any harm to someone's account. But, still that's a possibility which we can't avoid.
That altforum and it's admin has never asked for someone's password to give them extra perks. Most of the users who teleported to that forum used completely new password and so far no one of them were forced to use the same password that they have on Bitcointalk or on someone else. In fact they were giving good opportunity to the users who already had ranked on Bitcointalk, I don't think anything is wrong in that. It's a win-win situation for all the users but if someone uses the same password due to his/her own irresponsibility then we can't blame that forum or someone else for that thing.

It's only foolish people that will sign up another website and use same password or having a regular password they do use, I have also teleported my account but there no hack or someone using my account to go collect loan and claims it was a hack or something similar. It is unwise for someone to go teleport their account and still use the same password as the previous place and again, for Shasan he doesn't accept loan immediately. For few times I have applied for loans it took me almost about 18hrs to 24hrs before accepting my loans and as then the real account owner might have come online to noticed the evil going on his account then he could call for cancellation.

I think have also told him to always request for a signed a massage from the wallet the used in their current campaign because I believe he wouldn't release any loan if that person is not in campaign so, even though they come claiming is not them with the sign messages it could be very tough for them to apply loan, except that hacker have access the bitcoin wallet as well. And note one thing, when someone also complained about this then you should know that is a lie, after all the discussion going on here you think we could be so loss about our phrase key and private keys after regularly involving in discussion that says not your key not your coin.

Another hacking issue without changing email and/or passord.

Yes, the hacker did not change anything, he is using my login information.
Now you have changed the password and activated two-factor protection
It is good that two-factor protection has been added to the forum
Thank you

Can you confirm that you used your Bitcointalk password on Altcoinstalks?

I am not judging you. Just trying to find the root of the problem.

If it was a different password, I recommend running a virus scan on your computer.

Sorry for off-topic but the I took time to catch a trust abuser at the same time.


So little Nut's can maybe come up with proofs before accusing other people? And be honest what you believe or think is totally irrelevant same a what I believe or think.
And I talk about proof's not the nonsense shit you accused me of first time even tho we NEVER interact Are you human enough to do that?

Why did you get so angry so you had to give me feedback when I discussed with the mega liar Alterra57? When I asked him for proof's for he's totally sick lies about me he instant locked the thread and started insult me instead  and you supported it very strange. Can be read here: https://bitcointalk.org/index.php?topic=5480375.msg63492761#msg63492761
That thread was fast to lock and disappear when asking for proof's came up to the table. Why was you so fast to back him up and change my message you quoted?

Just a normal question: I wonder who is in need of money the most. You or Me. Who do you think? You or Me?

---

Now back to topic

It's terrible that people need to loan money in first place from strangers online. That's not what a forum should offer but Sashan obvious is a good guy and offer it any many cunts take advance of it and I think it's many alt accounts that doing this shit. I can only speak from what I think, but my voice matter's as much as all others here.

But lets be honest (this maybe will be laughed at since it a sensitive subject, and a few rep-members don't like to talk about that)  But who cares? This is a free to speech forum right?
How hard is it for a REP-member to create an ALT just throw it with merits and pretend it's somebody "new"?? I am not saying this is the case, but it's not hard at all if you being here long time enough and know people and if you are a merit source you are home and can do whatever you want, and it's so easy to blame a new user and just switch focus, bet be realistic how will a new member rank up compare to a already know member that can get 100 merits in 10 days if he/she wish.

I think it's something strange at this place, something very strange but I don't throw mud at someone personal I just saying what I am seeing and think.  :)
And as fast you open your mouth and share opinions you shall be overflooded with Feedback like: "troll" "idiot" "loser" "scammer" "multi account". and bl.a bl.a bl.a
It's sad people don't know what other opinions and constructive criticism here is.

Yes maybe I am an idiot in your eyes but you know what I am isn't? You! and I am so happy for that.
And yes, if you got life exp you can see things and a path after six months.

Best regards
BabyBandit

No, it's completely different. I use a unique password for each of my accounts

My device has already been infected with a virus, and I have formatted and erased all of the disks, and I am now in the process of changing the passwords for all my accounts.
Thank you

So the issue seems to be infostealer malware targeting Bitcointalk users. But not only that, whoever is paying for it (its a Malware-as-a-Service subscriber) knows how to apply for loans on Bitcointalk and do so in such a manner that does not arouse suspicion. Very sophisticated, and somewhat of a new phenomenon on the forum (going back to the case of Peanutswar who seems to be the first victim).

​
Yes, definitely, this is a new and literal way to steal by requesting a loan after hacking the account and not changing anything. If it were not for the notification that came to me via the Telegram bot, I would not have known that my account had been hacked and that someone was submitting a loan request through my account. It is likely that the hacker is a member of Bitcoin Talk and knows how to use the forum well.

Fortunately, Shasan has great experience in loans and acted very professionally, otherwise I would have been exposed to a difficult situation, either repaying a loan that I did not obtain or obtaining negative trust.

It is also good that two-factor protection has been added in the forum to increase security, now I have changed the password and enabled two-factor protection.

How do they get infected? If it's targeted attacks, they must know how to get the user to install the malware.

https://socradar.io/what-is-stealer-as-a-service/

There may be something that these users all have in common:

- Peanutswar
- tjtonmoy
- ryzaadit
- yhiaali3

I don't think it has to do with altcoinstalks b/c it happened to Peanutswar before the account teleport option was a thing, and I'm not sure they are all members of that forum...

Could be any number of things. It could even be somebody buying stolen login credentials from the malware service subscribers.

I don't think it has anything to do with the AltcoinTalk forum, I personally used a completely different password from my BitcoinTalk account.

I guess that my problem started after downloading a crack for a video format converter program. Although the site from which I downloaded the file is usually reliable, it may have contained a Trojan.

No one sent me a link or a suspicious email. I downloaded the file personally at my own risk. It was a big mistake for which I unfortunately paid dearly.

hello bitcoiners.
Altcoinstalks admin does not need your money to hack your accounts.
the software operating on Altt is similar to the one used on btt >>> in both cases the passwords are encrypted!

The crypto community is full of dishonest people and scammers. Everywhere ...

Altt admin does not need your money to scam you, and honestly have no idea what half the shit you have here on btt is (including loaning)!

here's a topic to read : https://www.altcoinstalks.com/index.php?topic=312821.0

People still do that? :o
I barely dare install official wallet software on my main systems. Why don't you run those cracks in an isolated environment instead of giving them access to your passwords?

https://i.imgur.com/V7zECKQ.png

altt TL users are asked to have different pwd - just in case.

What do I do? I am not happy with what I do, but when you live in a country like Syria where everything is banned, you have no choice but this one.

I know this is very dangerous but I have no choice but to install the cracked software. I tried looking for a way to buy through Crypto but unfortunately my country is banned from all payment services.

You can install the second system on VirtualBox or another virtual machine and perform all operations with cracks there. If we talk about the fact that you needed to convert a video from one format to another, having done all this in Virtualbox, the output would be the desired file that can be transferred to the host system, of course, having first checked the file again, at least on VirusTotal.
Another option may be to install a second system on a hard drive. I would advise installing Linux to work with the forum and installing your favorite Windows as the second system.

I can think of many different things, but none of them includes installing untrusted (hacked) software on your main system. You could for instance:

• use an open source video converter
• use a VM
• use another system
• forget about converting videos
• use an online video converter

That's a weird excuse to install compromised software. I only use open source software and nobody can ban that as long as I have an internet connection.

Thank you for the valuable advice.

After the harsh experience, I decided to use only open source software and install Linux on a bootable flash drive
I think it's the best way to avoid running into this problem again.

Perhaps a somewhat late decision, but it is better late than never.

Passwords are encrypted on Altt : https://www.altcoinstalks.com/index.php?topic=316088.0

That doesn't mean anything. If the site owner wants, he can store all passwords and the users won't know about it.

I was perplexed based on how the OP has presented the case of no possible email or password change and yet, we have claims of user’s account making loan requests but having no idea of these actions been taken by whom is thought to be the owner of the account.

One of the possible interpretations would have been that these were accounts that have changed hands but it’s hardly the case as, these are well known reputable users that have built a name behind there accounts still. Also, these are accounts that spans through 2017 - date and there haven’t been any serious attacks on the forum that I know of that could have result in account compromise. Hence, it’s easy to rule that off.

The possibility of a friend or siblings, I don’t know but, it’s hard to have this sort of fowl play.

This brings to light a security risk that might have been undermined on password and email usage on other platforms. It then means, you should identify risk when making associations on a testing platform and that which you have deemed important.

Like you’ve said @tranthidung, just maybe but,
This also brings to light a means to loan approval that could clear doubt which is, signing message from a current address and it becomes reassuring on whom.

If you are in an authoritative country, they absolutely can you.  DNS and VPN restrictions.

dude, the software is exactly the same as this forum, even newer version, the answer you got in the link, official statement, passwords are encrypted.
can the software be modified to store unencrypted passwords, probably possible, but then again everything is possible, statoshi being trump is also possible.

I am not going to even entertain stupid insinuations. just because you dislike altcoinstalks, it does not make it suspicious.
Either way, a message is being displayed to all teleported members now on altt to have a different password.

And as i mentioned previously, altt admin does not need the money, altt admin distributes few hundred dollars monthly, every week there is at least a giveaway or raffle or revenue share ...

cheers, and have a nice day.

It's literally one line of code to store the original password before hashing it.    For all we know, the bitcointalk hack was just another way Theymos scammed; selling the unhashed passwords under a pseudonym.   (Edit:  probably not though, he scammed much more coin pretending to develop bitcoin)

You, on the other hand, copied this forum so I'd be more likely to believe you have unsalted passwords as well.

Dude!

None of that is relevant. When it comes to handling passwords, it comes to trusting the forum owner does what he says he does. Your "evidence" is a link to your own site, that doesn't prove anything. And it's impossible to prove.

You're turning a serious thing into something ridiculous. Is that to distract the reader?

I've seen it many times: wannabe scammers respond to serious concerns with name calling. Honest people would do all they can to convince readers with facts.

Of course it's suspicious! Just like altcoins, ICOs, NFTs, DeFi and Ordinals, your forum is also created to make money for the creator. And like many others, you need Bitcointalk to promote your little scheme.
Let's try the other way: the fact that I don't like your forum doesn't mean it should be trusted.

Why? Are you assuming your users are that dumb? Everyone knows by now not to reuse passwords, and reading it again won't make the people who do it change their ways.

Revenue without needing the money. Right.

there are something called software, both these forums rely on open sourced software, this software used by thousands of forums, thus "copied" is a bit too much ...
anyway, altt forum exists since 2017, that's almost 7 years, with thousands of members. You guys just to argument for argument sake ...

---

you have trust issues bro
you admit also distrusting ethereum, bnb, xrp ...

from altt perspective, users are asked to use unique passwords, these passwords are encrypted , if you believe the admin or not, it does not matter.
- i am not gonna reply, enough time wasted on too far fetched arguments.

cheers and have a nice day




[moderator's note: consecutive posts merged]

It's funny how you mention 3 centrally controlled shitcoins and then say I'm the one with issues. Is that the best argument you have?

To add to everything that LoyceV suggested, a dual boot setup seems like a solid idea here too. With that, you'd have Windows and Linux both installed on your computer, and when booting up, you'd just select which one you feel like going with that time.  This lets you benefit from the software options of Windows and the security of Linux in the same machine. Dual boot gives flexibility if you ever find yourself needing something only one OS provides, and is generally a more optimized solution compared to VM, because it requires less resources.

With this setup, malware installed on Windows can still access your Linux partition. I have no idea how likely this is (but I wouldn't want Windows to ever touch my partitions).

The direction in which this thread went, shows that not everyone knows that it is not a good idea to use the same passwords on different forums. It is obvious that this mantra should be repeated everywhere and always, like the one "Not your keys, not your coins". No matter how many times it is repeated, there will be those who make such a mistake again.

Of course they know, they just don't care. And even if they use different passwords, chances are they're very alike anyway. Password1234 and Password4321 for instance. It would be more useful to promote a password manager, because most people have more accounts than they can remember.
And even if they use different passwords, chances are they forget which one belongs to which site. To enter, they "try" all passwords they know, thereby compromising all of them :D

Not if Linux is using one of it's proprietary file systems, like ext4.

That would be like Jeff Goldblum writing a virus to take over the mother ship.  :P

Ext4 can be mounted on Windows. I was more thinking about encrypting the entire filesystem to avoid accessing it.

I've never seen the word "proprietary" used for an open source filesystem.

First for everything!   I'm wrong, though.  :(

From an interesting point of view, dual booting is a fantastic choice for anyone who wish to combine the security of Linux with the software variety of Windows. For those who are unfamiliar with Linux and would like to learn more about it, this is an excellent option because they can easily switch back to Windows if necessary. Although dual booting does involve a little additional preparation, the flexibility and optimization it offers usually make it worthwhile.

Then it's better to have Linux as main operating system and install Windows as a guest machine on that system using a software like Virtual box. We really need some features of the Windows and some of the applications are mainly created for Windows OS and that's why we need to have Windows operating system installed on a virtual machine to perform those task.

I think that way we and our files are safe even if Windows operating system gets infected with malware. I'm very sure that it would be a tough task for malware developers to access the files of the host system when their malware is installed in the guest system.

It is still possible for malware to infect your host system, if you transfer infected files directly between the guest and host operating systems or use shared folders.

My main worry with using virtual machines and sandboxes to execute suspicious software is that it can give a false sense of security.  An increasing number of malwares can identify whether they are running inside a VM or sandbox and keep their malicious payloads from executing and  this implies you may run compromised software in a VM and without even knowing, but when you run it on your main system, it could unleash its full potential. 

Sorry AlttAdmn, I confused your forum with another.  Your forum obviously is different from this one, and I take back my copied comment.

Most of the malware is made to attack Windows operating system users and even if you transfer files between the host and guest you may still be safe to some extent. Windows malware can't do any harm to Linux as they have different kernels.

However, if the malware developer intentionally made the malware in a way that it can penetrate Linux operating system as well then it might work if the Host allows file transfer from guest to host and host to guest. 

In most scenarios, one can be safe with a virtual machine than by duel booting Windows and Linux. In the later case the malware developer has complete control over the file-system and he can do anything he likes with the files that are present in the compromised system.

Really? Like what? I'm thinking of games, but that won't work well in a VM anyway.

Copying a file doesn't mean you're going to execute it.

Obviously, you shouldn't run untrusted software outside the VM. If you do that, you could just as well not have used the VM.

In this day and age, why are you still facilitating loans but not accepting collateral to protect yourself?

He is relying on members' reputation and their signature payments. If he stops approving loans without collateral, only a few people will take loans from the service. He is doing good already with his service. But as you may know, several people scammed him before and some hacked accounts also tried to abuse his service. But, it is good that he started asking for a signed message from the user's known wallet which already saved him in the last case of account hacks. I hope he will continue to ask for a signed message. I understand that it's not enough to save from being scammed by forum members. But, scamming him means they will ruin their reputation as well.

I agree with you, the games won't work properly on virtual machines because they don't have dedicated GPUs. However if someone is a casual gamer then there's no problem in running those games. If someone is a gamer then that person won't get any benefits from a virtual machine.

I think you can play some good games on Linux these days with Steam. I personally don't play games these days on my PC but surely if someone play games then they could either build a separate PC dedicated for gaming or might play the games that are available for Linux users.

Dump windows asap. Windows itself is dangerous and a malware enabler.

Use a linux distribution. There are many free video edit/converter software in the linux ecosystem.

The era of cracks has ended long time ago. Never think they will give you the crack without taking away something precious from you. The most innocent one would be a hidden crypto miner and it will fry your gpu/cpu

I don't think that's true.  There are still plenty of people out there that give.

I don't think Windows is that bad. The popularity of Windows users is much more than Linux because it is easy to use, so most hackers dedicate their malware to Windows.

The crack that I downloaded was detected by Windows Security and blocked immediately, but I disabled the protection for the crack to work. If you do not disable the protection, Windows will not allow it to run and the crack will be deleted immediately.

Of course, Linux is much better in terms of security and protection, but frankly, the main problem is not in Windows, but in downloading the crack files and giving them permission to work.

That’s why I said

“a malware enabler”

When you use a linux distribution, you don’t look for a crack to pirate software. You look for freeware instead and there are plenty.

When you search video editing software on google, it will return only paid software or crippled fake freeware. That’s how they get to you.

Your goal is to get your job done  for free.

Windows won’t give you that.

Yes, Linux is far better than Windows and surely there will come a time when all software developers and brands will make Linux versions of their software. Companies like Adobe, Autodesk and others can easily shift their software on Linux but they intentionally won't do that because they won't get many users on Linux platform.

Even though they don't officially release their software for Linux but I'm quite sure that most of their servers and webservers are still hosted on Linux based operating systems. I think for video editors Windows is still a better option than Linux but for the ones who are concerned about security, Linux is the only safe operating system that they can choose.

Let's compare (https://www.statista.com/statistics/543185/worldwide-internet-connected-operating-system-population/): there are 1.57 billion Windows users, 48 million Linux users and 2.26 billion Android users. If popularity would be the main thing, there would be more malware for Android. But Android is Linux-based.
I can only conclude Windows is indeed that bad.

These bitchez don't make their software available for the linux users because they are in cahoots with Microdicksoft. There are lots of other good companies that make a linux version of their software and they don't care if many people using linux or not.

These are probably the only software (adobe/autodesk) that are worth pirating and still, you'll 99% get pwned doing it so I don't recommend it. Especially after crypto became a thing, cracking for free died mostly. I automatically distrust any cracking software that came after ~2010.

If you really have to use Adobe or something similar for some reason, you must own a business which generates money.

Then either pay, or find a free alternative...

No bro, cracking isn't dead yet, many people still love to crack the software to show how skillful they're as reverse engineers. But, surely trusting those cracks isn't a good choice either as many of those can come with obfuscated code which might have malware in it. I'm not an advocate of using crack software but still if someone wants to use those for educational purpose then he/she should do that at his/her own risk.

I'm basically a gimp user and I almost stopped using Adobe photoshop in 2014 but Gimp is still way behind  Photoshop however with each new version we are getting some improvements. For video editing I use Kdenlive it's a good and open-source video editor and it does the job very well. But, it's not as good as Adobe After Effects or any other industry top level video editors. However, we should forget about those features and enjoy what we are getting for free.