Bitcoin Forum

With this message, I want to put up a warning to everyone participating in the beta test of Bitdaytrade.com

Please excuse me in case I am overreacting --
it is not clear yet, if bitdaytrade.com had a breach, is just malfunctioning, or if just my account got hacked.


Anyway, when logging into the site right now, I've found that earlier this day 3 withdrawals had been initiated (now in processing state), which would result in removing all of the BTC in my underlying currency account. I've allerted the Bitdaytrade support, requesting to halt these transfers, if possible (they manually approve withdrawals).


The withdrawals where initiated at
2012-08-02 11:44:10
2012-08-02 09:15:56
2012-08-02 03:16:57

I am absolutely sure these weren't initiated by me. My PC was off during that time. I'm using secure passwords, access from a linux box, and changed my password just yesterday.

I'll follow up if I find out any new information


Update
Further investigation uncovered a bug in the display of withdrawals at Bitdaytrade.com
So these withdrawals turned out to belong to another customer, and just summed up to the size of my currency account by coincidence.

Keylogger? Just an idea. Dont blast me... I am just trying to help :o

of course anything is possible. Investigating my system right now.

Must have been an rather skillful and dedicated attempt. I won't claim that I'm running a high security system, but its for sure not the "average windows box"

• Bitdaytrade support was very responsive and helpful
• They didn't approve those suspicious withdrawals at first place, which indeed protected my BTC for now. Thanks!
• I didn't find any obvious signs of suspicios activity on my system (processes, logins, sudo). But need to have a more close look

Btw, if someone captured my password, this trojan must have hooked into my X server and capture the X clipboard, since I never type in those passwords. Does anyone know if this is a likely / typical / probable attack vector? How would an attacker correlate the contents of the clipboard with the specific website I'm accessing? Any thoughts?

You have been warned that would happen.

Whom do you mean with "you"?

As far as I am concerned, I am rather relaxed, but want to find out if indeed, and in case where the weak spot would be on my side.

You alas Ichthyo alas possible bitdaytrade shill.  :P

hey, come on. Would a shill point out possible technical problems as I did in the past? Doesn't make any sense for me.

Looks like he is seeing ghosties all around. ::)

Wouldn't surprise me, makes sense from a controlled opposition perspective.

Alberto has found and is fixing an issue that could be related to what Ichthyo is seeing.

You keep using that word. I do not think it means what you think it means.

ah hai grammar nazi, tell me.

kthxbye

The issue was caused by a bug in the Withdrawal history panel, it was simply showing withdrawals not pertaining to the logged in account and gave the impression of an account compromission. We fixed all the issues at the moment of writing. Apologizes for all the troubles caused.

BDT

Agreed, the spurious withdrawal entries in the history are gone.
There are some additional details only exchanged in PM with Bitdaytrade. Especially I didn't mention on this public forum thread is that I didn't receive any confirmation mail for those withdrawals. This would line up with the explanation that these where just withdrawals belonging to another account.

Bottom line: seems to be a false alarm, Problem solved

Maybe you should update the title of the thread, to use something like "[SOLVED] Discrepancies in withdrawals listing" so that people don't freak out when they see it in the list of topics.

Thanks for the hands-up!