Bitcoin Forum

delete

What accounts got hacked? I haven't heard of any.

I think the way theymos is handling this currently is fine. You either can prove in a very specific way that you used to own a certain account or you cant. If you cant make that PM¹ just make a new one.

He even offered a way² to make sure you have a BTC address that can not be deleted by a hacker.


[1] https://bitcointalk.org/index.php?topic=497545.0
[2] https://bitcointalk.org/index.php?topic=642008.msg7169449#msg7169449

I was wondering this too. Maybe they're downloading crapcoin wallets with keyloggers in or something or logging into fishing sites?


There's three hacked account requests on the first page of Meta alone:

https://bitcointalk.org/index.php?topic=644198.0
https://bitcointalk.org/index.php?topic=643713.0
https://bitcointalk.org/index.php?topic=623415.0

That would be my guess

Using the same user/password combination on multiple websites is the primary reason, in my opinion.
Phishing would be the number two reason I guess.

It seems to usually be people with very weak secret questions/answers. Like "What kind of pet do you have?", which has only very few possible answers.

When doing those questions, I tend to make the answer unrelated to the question.

Why not change the questions then?

The question box is blank. It is created by the user.

But then there's a good chance you'll forget what it was. If you make it something very personal that only you could know then you should be ok... Or just don't use a secret question.

It's good to have a secret question 'password'. That is something which follows the basics for a good password. It doesn't necessarily have to be something really strong, but something that is out of the ordinary, but password like so you commit it to memory.

That's what I do anyway.

Just a good passphrase will do, I see no need for random symbol there. Okay, maybe one :D

Yeah, it needs to be memorable that's for sure, else you're screwed - well not always. People who actually answer their secret question with the appropriate answer make me weep.

Guys I've been trying to let people know all day, including alerting the admins here, Honorcoin is the culprit. They send people to their website to register for 'free' coins and as part of the registration process they ask for the Bitcointalk forum name, a password and an email address.

Some people have used the same password there as for their accounts here. Bitcoin_Mafia for one admitted to me after opening a thread to say her account had been compromised, that she had used the same password on the Honorcoin website as here and a number of users in the Honorcoin thread have registered accounts today to say their proper accounts have been compromised, only to be screamed at by the idiots in the Honorcoin thread!

Bitcoin_Mafia's thread about it: https://bitcointalk.org/index.php?topic=643807.msg7199245#msg7199245

My first post in the Honorcoin thread to warn them: https://bitcointalk.org/index.php?topic=639043.msg7195985#msg7195985

If you check Honorcoins website and go through to the section listing the premine registrants forums names you will see Bitcoin_Mafia listed there: http://honorcoin.co/2-free-distribution/

I registered my forum name but used a random password and shortly afterwards received a pm here from a zero-post account with an attached file related to something called RPG-Coin to download and 'test for them. It clearly was part of the Honorcoin attempt to compromise everything they could.

http://honorcoin.co/2-free-distribution/

The useraccount that pm'd me a file https://bitcointalk.org/index.php?action=profile;u=337252

It's actually even easier than that. There are several trustworthy clients that allow you to sign messages easily, like Electrum or Multibit.

Honorcoin? The irony. I'll never understand why people clamour for all these free yet always worthless crapcoins, especially when this is what you end up getting.

People expect free money. But as you can see here, nothing comes free except cheese in a mousetrap.

This still doesn't prove anything.  I registered at the site also and just to test it out I entered my password that I use here and I didn't get any message to download a game and my account here wasn't compromised.  Should really check your system for trojans/malware...

Wouldn't it just be smartest to include a PGP signed thread, like mine? https://bitcointalk.org/index.php?topic=340642.0

While the Heartbleed OpenSSL exploit existed, weren't passwords compromised? We were told to change passwords. I imagine a lot of the less active or inactive people did not bother.

I believe we were told to change our passwords as a precaution. I don't necessarily think sensitive user info was compromised to be honest.

I would say RATs or keyloggers of some sort. A person tried to get a hold of my account through that.

FFS what is wrong with your critical thinking skills? The fact that your account wasn't compromised wouldn't prove anything as they obviously wouldn't do this to everyone's account because that would be too obvious. Let me put it this way, a number of people who have announced in the last 48 hours that their accounts have been compromised and/or have received a forum pm with a file attached from a zero post account.

These people confirmed that they registered on the Honorcoin website, a website that specifically asked for their forum account name, a password and and email address. This doesn't strike you as highly likely a way to target users who are likely to either use the same password (which happened) or be so keen for 'free money' that they'll download and run a 'game' pm'd to them (which happened)?

Oh, btw, I would also find it suspicious that you would claim to have gone and registered on that website after hearing these allegations only to, supposedly, use the same password with the same forum name in order to find out if your account would be compromised? That's like checking to see if a gun is loaded by pulling the trigger.

Either you're immensely stupid or you are posting from a compromised account as a sock puppet in order to try and play down the exposed scam.

Haha, plus if they'd just been publicly exposed/found out they're unlikely to keep hacking into people's accounts this way as it could easily be verified by creating a new one and signing up.

lol :D

Use a password manager btw, http://keepass.info/download.html

its possible people were exploiting heartbleed issue long before it was released/made public.

however i suspect alot of users sign up to lame bitcoin websites, newsletters and anything else were they need to enter user/pass... that seems much more likely.. I have seeen a number of 'zomg our newsletter tells you when to sell/buy' sites and you sign up and nothing happens...which is kind of odd.

My accout got hacked few hours after I filled up my info on the honorcoin link mentionned on the quote. Unfortunately my email and this website had the same password and they were able to access all my coins on Mintpal, bittrex and bter. That really sucks.

They close my previous bitcointalk accout so I had to create a new one and look like a brand new poster on this forum so I have no credibility. I use to post on dafrank9. Is there any way I can get my account back at least?

You need to sign a message from a Bitcoin address known to be associated with that account.

https://bitcointalk.org/index.php?topic=497545.0

Follow all the instructions at the above link and PM theymos.

Guys, that Honorcoin thread needs locking, the compromised accounts are still trying to convince people that everything is fine so they can dump whatever they are still holding in the meantime.

https://bitcointalk.org/index.php?topic=639043.msg7213878;topicseen#new

need locking? lol you are the only person, referring to another account of yours screaming close, dump, close. no one else has claimed this. there would be hundreds of hacks if that was true.

A good idea is to stay away from porn sites and sites that download any type of exe only to your computer. No matter how updated your AV is there's always gonna be someone who's coding 24/7.

Nothing of mine was compromised, I didn't fall for the scam. You, however, are clearly posting from a compromised account.

When the evidence is stacking up all around you, with multiple people all acknowledging that they had registered for the Honorcoin website and then suffered compromised accounts across forums, emails and exchanges, admitting they had used the same password, anyone who is still trying to discredit the exposing of the scam is part of it.

Give me one piece of evidence that proves me wrong scammer.

I for one will say, I registered on honorcoins site but never got any emails, or pm's as such. But I also didn't use the same password nor the same email on there site either.

Yeah a number of people tried to claim the, "hey it didn't happen to me so it must be FUD" fallacious reasoning on that thread too.

Either genuinely unable to apply critical thinking, or just compromised accounts posting BS as cover.

well Im not a microshit user either not new to the internet and the great glories and dis-heartening things one can do with the power of a keyboard. But with that said HonorCoin thread should be locked to end the madness.

Maybe it has to do with the security flaw that was found a few weeks back that affected hundreds of sites?

:rolleyes: Or maybe it is to do with the Honorcoin website, a website which specifically asked for Bitcointalk forum usernames and a password and email to register? You know, the very same website used by the multiple people who said their accounts had been compromised and who had admitted they used the same password on the Honorcoin website as here?

But, sure, maybe its something entirely unrelated to that glaringly obvious connection. Let's talk about what else it might be other than the one thing that it has most definitely proven to be connected to.

OK, now I know what happened...

I also filled in my details at honorcoin website, never received an email, which I thought was strange and even asked about it in their thread.

What they did:

- Emptied out my Bittrex account
- Traded my valuable coins for shitcoin at Mintpal and bought high and sold low. These &#&&# bastards knew they couldn't withdraw any money due to email verification, so they simply decided to make sure my balance was as close to zero as possible by buying high and trading low.
- Tried to access my email account as I received a 2FA SMS from Google while I was sleeping, luckily they didn't get in.
- Cryptsy had email 2FA, so no problems there

I am mostly SHOCKED by the second item, that they knew very well it was impossible to withdraw money and therefore just kept on buying high and selling low so my balance would go as close to zero as possible.

Truly unbelievable BASTARDS!

I never understood how they could both have my email and username, as my email is not visible anywhere to anyone, but now I understand...

Since I absolutely hate smartphones and besides, I am behind my laptop for 16 hours a day anyway, I never bother to have true 2FA. This, together with indeed using the same password, was of course foolish of me and let me to have to buy a smartphone yesterday, or actually got one from my wife as I was understandably upset and complaining.

Hopefully this will not happen again and I do advice everybody to use 2FA. If you don't have a smartphone, you can also use https://winauth.com/
Whatever option you choose, remember to write down the very first code the exchanges give you as with this code you can always use another program or another computer or another phone when it gets lost and still login and trade at the exchanges.

HONORcoin, the irony and the #@&$#*&#&# bastards!

Jesus Christ, people. Giving some anonymous website owner the email address AND password you've also used for your exchange accounts where you're storing lots of money? Seriously?

It was posted by someone who looked like a well know member, Dminer69. But yes I feel pretty fishy posting my BTCtalk password now after I changed my email password temporary few days ago

It happens more than you think it does. Shocking actually.

they were probably trading against themselves,
so they took your money sir