|
this is a laptop, accessing a wifi connection. wifi connection is provided, i live in corporate housing. is password protected, password is fairly complicated and is only given out to lease holders. maybe 10 people total would be using this network.
because of the variable signal strength, i most often use 3g data on my android device to surf the web/youtube/casual research. the old building eats the signal. the laptop, connected to an additional display in the living room, is stationary. it is not specced well enough for gaming/watching media.
this is, in all respects, a work computer.
i have only used this singular connection for the many months this computer has been tethered here
|
|
|
|
|
this password was specifically developed for this category of sites. i keep different sets of passwords (and variations of older passwords over time) for things i deem at different levels of risk. password is ten characters long with three numbers, one cap and 1 symbol. the gmail account doesnt even share the compromised password, in addition to 2fa. i left my android device at home for the holidays and was completely cut off from accessing my btc, so i know how hardcore google is about not letting you access your gmail from foreign ips/foreign devices.
but, every single service that was compromised, had the same password.
Slight, I believe you are correct, out of the services, one of the 4 had its database compromised, either by subversive, technological methods, or simple employee theft.
So lets narrow those vectors down to:
BTCE (10+ months old account)
HAVELOCK (6+ months old, most likely older)
CEX.IO (6+ months old, mst likely older)
BIT-MINING.CO (week old)
my activities are so habitual i can assure you i havent visited any sites with possible malware, nor opened any attachments. also, other passwords have been used on this system, recently, but havent been compromised. in fact, because of a tech error of bit-mining.co (wallet had to sync over two days before we could get withdrawals), i spent 2.5 days camped out in chat waiting for the resolution (most of my position was there, and trading as well as withdrawal was disabled/suspended) literally, checking the site every 15 minutes. i look at that, havelock and cex.io's orderbooks, and i browse the securities section of the forum for news. this is the only thing i do with this terminal. no gaming. no media creation. no youtube. i use my phone for all of this
The common link is the password.
|
|
|
|
|
also, do like, websites exist nowadays that dont record ip addresses of login attempts? or times? esp at a place where multiple password resets mean a required manual admin override to access ( he had to email me a password to get back into my account) i mean, not tech genius here, but there are websites with multiple user accounts that dont record ip information for that particular session? isnt that basic information a site admin/webmaster should have access to?
why cant i find a single password reset email?
|
|
|
|
got some of my trans log. requested the login times and ips of the time my account was compromised, they werent available. Hello Ljackson,
Unfortunately we don't log login activity (it is sort of pointless in many situations, especially with cookie stealing). We instead choose to monitor changes in account information, including trading, password reset, withdraw request, etc... Also, much of the log is hard to understand. You have to remember that we are a new system, and that we've been working on important features rather than making easily readable logs.
Here is the log for your account: note:(the bold activity is legit)
Buying ljackson0214@gmail.com 59 GHs at 0.013
Buy_Recur(ljackson0214@gmail.com, 0.013, 59)
Buy filled none for ljackson0214@gmail.com, save.
Crediting ljackson0214@gmail.com with 59.00000000 GHs
Selling ljackson0214@gmail.com 10.00000000 GHs at 0.034
Subbing ljackson0214@gmail.com for 10.00000000 GHs
Sell_Recur(ljackson0214@gmail.com, 0.034, 10.00000000)
Sell filled none for ljackson0214@gmail.com, save.
Selling ljackson0214@gmail.com 10.00000000 GHs at 0.0335
Subbing ljackson0214@gmail.com for 10.00000000 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0335, 10.00000000)
Sell filled none for ljackson0214@gmail.com, save.
Selling ljackson0214@gmail.com 10.00000000 GHs at 0.033
Subbing ljackson0214@gmail.com for 10.00000000 GHs
Sell_Recur(ljackson0214@gmail.com, 0.033, 10.00000000)
Sell filled none for ljackson0214@gmail.com, save.
Selling ljackson0214@gmail.com 25 GHs at 0.0327
Subbing ljackson0214@gmail.com for 25 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0327, 25)
Sell filled none for ljackson0214@gmail.com, save.
Buying ljackson0214@gmail.com 10 GHs at 0.0145
Buy_Recur(ljackson0214@gmail.com, 0.0145, 10)
Buy filled none for ljackson0214@gmail.com, save.
Buying ljackson0214@gmail.com 142 GHs at 0.0140000
Buy_Recur(ljackson0214@gmail.com, 0.0140000, 142)
Buy filled none for ljackson0214@gmail.com, save.
Canceling 1753 for ljackson0214@gmail.com
Buy order canceled for ljackson0214@gmail.com, refunded 1.988.
Buying ljackson0214@gmail.com 133 GHs at 0.015
Buy_Recur(ljackson0214@gmail.com, 0.015, 133)
Buy filled none for ljackson0214@gmail.com, save.
Canceling 1770 for ljackson0214@gmail.com
Buy order canceled for ljackson0214@gmail.com, refunded 1.995.
Buying ljackson0214@gmail.com 99 GHs at 0.0200001
Buy_Recur(ljackson0214@gmail.com, 0.0200001, 99)
Buy filled none for ljackson0214@gmail.com, save.
Crediting ljackson0214@gmail.com with 15 GHs (filled)
Crediting ljackson0214@gmail.com with 25 GHs (filled)
Canceling 1752 for ljackson0214@gmail.com
Buy order canceled for ljackson0214@gmail.com, refunded 0.145.
Selling ljackson0214@gmail.com 1.00000000 GHs at 0.0290000
Subbing ljackson0214@gmail.com for 1.00000000 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0290000, 1.00000000)
Crediting xxxxx@hotmail.com with 1.00000000 GHs
Sell filled complete for ljackson0214@gmail.com, finish.
Canceling 1725 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1724 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com
, refunded 10.00000000
Canceling 1705 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 25.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 25.00000000
Canceling 1617 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 20.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 20.00000000
Canceling 1701 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1703 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1704 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1792 for ljackson0214@gmail.com
Buy order canceled for ljackson0214@gmail.com
, refunded 1.1800059.
Selling ljackson0214@gmail.com 1.50000000 GHs at 0.0270001
Subbing ljackson0214@gmail.com for 1.50000000 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0270001, 1.50000000)
Sell filled complete for ljackson0214@gmail.com, finish.
Selling ljackson0214@gmail.com 177.07079376178 GHs at 0.0000003
Subbing ljackson0214@gmail.com for 177.07079376178 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 177.07079376178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 174.07079376178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 154.07079376178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 124.07079376178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 117.07079376178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 67.49811794178)
Crediting xxxx@hotmail.com with 1.00000000 GHs
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 66.49811794178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 63.49811794178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 62.49811794178)
Sell filled complete for ljackson0214@gmail.com, finish.
Buying ljackson0214@gmail.com 52.08 GHs at 0.0500000
Buying ljackson0214@gmail.com 32.1974668 GHs at 0.0500000
Buy_Recur(ljackson0214@gmail.com, 0.0500000, 32.1974668)
Crediting ljackson0214@gmail.com with 1.02070624 GHs
Buy filled incomplete for ljackson0214@gmail.com, recur.
Buy_Recur(ljackson0214@gmail.com, 0.0500000, 31.17676056)
Crediting ljackson0214@gmail.com with 1.00000000 GHs
Buy filled incomplete for ljackson0214@gmail.com, recur.
Buy_Recur(ljackson0214@gmail.com, 0.0500000, 30.17676056)
Crediting ljackson0214@gmail.com with 19.00000000 GHs
Buy filled incomplete for ljackson0214@gmail.com, recur.
Buy_Recur(ljackson0214@gmail.com, 0.0500000, 11.17676056)
Crediting ljackson0214@gmail.com with 11.17676056 GHs
Buy filled complete for ljackson0214@gmail.com, finish.
Selling ljackson0214@gmail.com 999.99999999 GHs at 0.0000003
Subbing ljackson0214@gmail.com for 999.99999999 GHs
ljackson0214@gmail.com did not have 999.99999999 GHs to sub
Selling ljackson0214@gmail.com 32.1974668 GHs at 0.0000003
Subbing ljackson0214@gmail.com for 32.1974668 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 32.1974668)
Sell filled complete for ljackson0214@gmail.com, finish.this indicates to me the person that compromised my account also has an account on the exchange, and had a buy/sell order filled. knowing how an orderbook works (demonstrated by the havelock/cex incursions), the thief did not attempt to liquidate the assets and withdraw the money, instead engaging in a pattern of buying/selling/buying selling that satisfied multiple orders over a period of time. this might also suggest multiple agents at work in cohesion (multiple account holders on the exchange) |
|
|
|
|
btce was the first account compromised for me chronologically, but out of the accounts compromised, it was the one i utilized the absolute least.
the only service ive signed up for in recent memory that shares this password is bit-mining.co . all the other accounts are very old/ not used (with the exception of cex, heavily used)
|
|
|
|
|
no other service i use has been compromised, including non btc accounts. only services with that common password
|
|
|
|
|
and yes, i should have used different passes, used to utilize 2fa on both havelock and btce, so was never an issue for me until i disabled it sometime later (stopped trading on those exchanges for a while).
this thief is a study in contrast. tech savvy enough to compromise 2fa gmail, intercept a password reset email, and delete it permanently.
while ignoring 4 other emails that show clear, unauthorized access to my accounts.
it seems obvious that the fact my cex.io balance wasnt withdrawn means my email wasnt compromised. withdrawing from cex.io requires email confirmation. my username/password was compromised out in the wild.
|
|
|
|
|
question to those you suspect my email was compromised...
why would the thief delete a password reset email ( supposedly to cover his tracks) and leave 3 trade notifications from havelock and a login successful email from btce?
so, this guy accesses my havelock account, sells my stuff and withdraws 1.07 btc (doesnt reset password) (account 6 months old)
goes to btce, nothing there, moves on (doesnt reset password) (account old as time, unused for months)
goes to cex.io, sells namecoins, doesnt withdraw anything though (no password reset) (account 6 months old)
and then goes to bit-mining.co, spends account balance buying assets, then sells assets off at absolute lowest price (password reset) (2 week old account)
from admin of bit mining:
As for access to the account, it appears as if it was done by resetting your password. There was multiple attempts made shortly before the trades were executed. Also, I would recommend changing your password on ALL other accounts, especially your email, bitcoin-related accounts, and any other accounts you recently accessed using the computer you last used to log onto bit-mining. Also, try to log off any other individuals accessing your gmail account (click details in the bottom right hand corner of any gmail page), because that is where the password reset emails went.
also from bitmining:
I'm not saying that necessarily gmail was the cause of your issue, but given what I know, it seems likely. The only other reasoning for why your account password could be reset so many times is if the hacker accessed your account, conducted the trades, then, unaware of how to change your password, simply reset it many times to the point where our system stops sending emails.
so, was my password reset then gmail used to access my account? or was my account accessed, then my password reset? because the reset occurred supposedly before the theft. which is odd, why reset a password you already had? to break into email to resteal it? also, if you have stolen credentials, why reset them?
so.. no deletion of any other emails that showed the account intrusion.
thief also didnt withdraw from the service that would need email verification to do so (cex.io)
seems to indicate my email wasnt compromised.
i cant store ghs/stocks in an offline wallet. hence being on the exchanges i use.
|
|
|
|
|
and i havent accessed btce ever from a mobile device, and not within the last 6 months on a terminal. i never verified with them.odd the first service to be compromised is the one i use the least.
|
|
|
|
Email for reset could have been trashed then permanently deleted.
true, but wouldnt the remote login show up in the google details tab? it indicates im the only one who has accessed my gmail. if they had, wouldnt a unique, distant ip show up on this list? Browser (Chrome) Show details * United States (SC) (24.31.11.165) 5:25 am (0 minutes ago) Browser (Chrome) Show details * United States (SC) (24.31.11.165) 4:20 am (1 hour ago) Browser (Chrome) Show details * United States (SC) (24.31.11.165) 3:37 am (1.5 hours ago) Browser (Chrome) Show details * United States (SC) (24.31.11.165) 2:49 am (2.5 hours ago) Browser (Chrome) Show details * United States (SC) (24.31.11.165) 2:06 am (3 hours ago) Browser (Chrome) Show details * United States (SC) (24.31.11.165) Jan 25 (23 hours ago) Browser (Chrome) Show details * United States (SC) (24.31.11.165) Jan 25 (1 day ago) Browser (Chrome) Show details * United States (SC) (24.31.11.165) Jan 25 (1 day ago) Browser (Chrome) Show details * United States (SC) (24.31.11.165) Jan 24 (2 days ago) Browser (Chrome) Show details * United States (SC) (24.31.11.165) Jan 24 (2 days ago) |
|
|
|
my gmail was never compromised. and the password reset of the bit-mining account occurred after they had gained access to the account. i was told the ip address appears to be that of a mobile phone. i cant even open bitmining on my android device since the site changes. trade log: (provided by admin) Canceling 1617 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 20.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 20.00000000
Canceling 1701 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1703 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1704 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1792 for ljackson0214@gmail.com
Buy order canceled for ljackson0214@gmail.com, refunded 1.1800059.
Withdrawing 0 BTC for ljackson0214@gmail.com
Can't withdraw 0 BTC for ljackson0214@gmail.com
Withdrawing 0 BTC for ljackson0214@gmail.com
Can't withdraw 0 BTC for ljackson0214@gmail.com
Selling ljackson0214@gmail.com 1.50000000 GHs at 0.0270001
Buying ljackson0214@gmail.com 52.08 GHs at 0.0500000
ljackson0214@gmail.com did not have 2.06 BTC to sell
Buying ljackson0214@gmail.com 32.1974668 GHs at 0.0500000
Selling ljackson0214@gmail.com 999.99999999 GHs at 0.0000003
ljackson0214@gmail.com did not have 999.99999999 GHs to sell
Selling ljackson0214@gmail.com 32.1974668 GHs at 0.0000003what motive would someone have to do this? and how did they get my password? im the only person with physical access to this comp. pass was not bruted. 2fa on gmail, no suspicious logins according to google. support at bitmining suggested this:
Hello Ljackson,
I am not aware how your email was accessed, and neither are you, so this is why I specifically recommend CHANGING it as soon and as fast as possible. Here are some ways in which hackers commonly bypass google auth:
(1) Cookie stealing: Once a device is logged in, no google auth is used, even if the device's location changes. If the google login cookie was stolen from your computer, it would look to google like your computer changed location, and thus not prompt for google auth.
(2) Device Passwords: Devices accessing your google account (such as phones, etc...) do not prompt for a google auth, but instead use a special device-unique login code. If that login code was stolen, then google wouldn't prompt for google auth.
(3) Trojans: If your account was logged onto gmail, and your computer had a trojan, the trojan can cause your own computer to execute commands on gmail in the background, without your being aware of it.
I'm not saying that necessarily gmail was the cause of your issue, but given what I know, it seems likely. The only other reasoning for why your account password could be reset so many times is if the hacker accessed your account, conducted the trades, then, unaware of how to change your password, simply reset it many times to the point where our system stops sending emails. also It looks to me increasingly unlikely that the original hacked account was Bit-Mining.
First: How would the username "mcnastyfilth" be obtained from your Bit-Mining account, so they would know to log into Cex with that username?
Second: The server time for the first trade on Bit-Mining was 2014-01-25 22:24:49. The server time for the BTC-E login was 26.01.14 06:25. Now, even taking into account the difference in server times (BTC-E and bit-mining don't operate in the same time zone), by subtracting off the current server time at each, the BTC-E login occurred prior to the compromising of your Bit-Mining account. The same goes for the cex.io login, as far as I can see.
Third: The user attempted to withdraw BTC from your bit-mining account by entering in the address 1BzbergrjuUShb927P3vUbtQZW1firSsjC at the amount prompt. This indicates that he wasn't familiar with the Bit-Mining system, and didn't know that you couldn't withdraw the BTC to a different BTC address.
If I were you, I would attempt to contact the BTC-E administrators (they seem to be the account that was accessed first). I will continue the investigation at Bit-Mining, however, just in case. |
|
|
|
|
im starting to think my email wasnt compromised at all.
|
|
|
|
|
capital letter, three numbers and a special character. i only use these credentials for my trading accounts. 10 characters total
|
|
|
|
|
is also posted in service discussion in case a mod wants to hit me. my bad.
I am at a loss.
I walk back to the chat window of bit-mining.co to notice an amazing market crash /rebound. Excited, i check my buy orders (placed at a premium spot). Refresh the page. 0 btc and zero ghs. Refresh the page again. Im logged out of my account with a changed pass.
Odd.
After contacting the operator via pm and email, I'm informed that I've had an unusual number of password reset attempts, and id need a manual password reset, which was provided.
So I'm in my account, not liking what i see
zero balances.
it seems someone compromised the account, then proceeded to purchase ghs at an unusually high price. then, having purchased as much ghs as they could with my balance, proceeded to sell all the rest of the ghs back to the market, closing my 7 btc position at .00000956btc. they purchased ghs at .05 per ( when the market rate is .015 all day, it crashed earlier) and attempted to sell 999.99999999, i only had 250~ which filled orders down to .001)
you see, you can only withdraw to one single address, supplied at account creation. i thought this would be a foolproof security feature, i didnt expect my account to be griefed. whats odd is that, according to the operator, they attempted to put a btc address in the withdrawal field, as if they werent familiar with the service. so i guess once they figured out they couldnt withdraw the btc (yet they were competent enough to utilize the orderbooks on havelock/cex), they decided to be a dick.
dont know why they purchased, then sold. seems a thief would just sell and go. would have been thwarted by the security feature, but this speculative thief is interesting.
and thats not all.
the got into my havelock account, sold my 330 neobee shares, and withdrew that bitcoin to a green address.
they also logged into my btce, nothing there to take, they also got into my cex account. sld my namecoins and i guess figured it wasnt worth it.
so, these three services all share the same pass user name. i know, im dumb. whatever. we are past that at this point, dont lecture me. what i cant figure out is how they got into my cex.io account (same pass, dif username). although i just realized that my username is in my ref link. that solves that.
they accessed btce around 9:25 est from IP: 50.136.152.85
got into havelock
2014-01-25 21:07:32 withdraw withdraw to: 1BzbergrjuUShb927P3vUbtQZW1firSsjC ฿1.07008294 ฿0.0010
and got into my bit-mining.co account, no time stamps because there is no trans history save an internal one support sent showing the odd account activity i had.
cex:
2014-01-26 02:26:56 0.00221686 BTC 0.00221686 BTC SELL Sold 0.3172 NMC at 0.00698785 BTC
details:
i havent installed any software. this comp is old and only used for trading.
i have fully updated antivirus with automatic scanning
i havent opened any email attachments/emails period. nor opened any programs save chrome.
i rebooted the computer once yesterday ( i reboot about once a week)
my gmail has 2fa, i have possession of the device, (had disabled 2fa on btce and havelock, kicks own ass)
didnt update any software, and the only pages i have visited today are this forum, havelock, cex.io, lmb-holdings and bitcoinmiami. using chrome. google details said im the only ip that has accessed my account.
bit-mining.co said
Hello ljackson, we have identified the individual on the other side of the order at 0.027. We are trying to determine if it's related; if it isn't, we shouldn't be giving you their email.
As for access to the account, it appears as if it was done by resetting your password. There was multiple attempts made shortly before the trades were executed. Also, I would recommend changing your password on ALL other accounts, especially your email, bitcoin-related accounts, and any other accounts you recently accessed using the computer you last used to log onto bit-mining. Also, try to log off any other individuals accessing your gmail account (click details in the bottom right hand corner of any gmail page), because that is where the password reset emails went.
i never received any email for a password reset though. its not in trash. also, it doesnt seem that anyone but myself has logged into my gmail for some days. only a single ip (mine) in the activity log. again, ive done no unusual activities in the last few days, ive even done less browsing than average, had been parked at the bit-mining chatroom waiting for trading to be enabled, was locked for two days waiting for bitcoind to sync so i could withdraw.
so, what the fuck happened?
all these services had a common password. 3 had the same username (bitming,btce,havelock), one had a username that could be determined by public information from me (cex,io, my signature).
No other service ive utilized on this computer (mtgx, bitstamp, lbc) was compromised. they all have different passwords. i dont think i was keylogged. and ive utilized these services extensively, with tabs open, for months with no problems. secure wifi i think (corporate housing, wifi has pass, know most if not all of neighbors in entire building personally, none with technical expertise for this)
|
|
|
|
|
all these services had a common password. 3 hade the same username, one had a username that could be determined by public information from me (signature).
No other service ive utilized on this computer (mtgx, bitstamp, lbc) was compromised. they all have different passwords. i dont think i was keylogged. and ive utilized these services extensively, with tabs open, for months with no problems. secure wifi i think (corporate housing, wifi has pass, know most if not all of neighbors in entire building personally, none with technical expertise for this)
|
|
|
|
|
I am at a loss.
I walk back to the chat window of bit-mining.co to notice an amazing market crash /rebound. Excited, i check my buy orders (placed at a premium spot). Refresh the page. 0 btc and zero ghs. Refresh the page again. Im logged out of my account with a changed pass.
Odd.
After contacting the operator via pm and email, I'm informed that I've had an unusual number of password reset attempts, and id need a manual password reset, which was provided.
So I'm in my account, not liking what i see
zero balances.
it seems someone compromised the account, then proceeded to purchase ghs at an unusually high price. then, having purchased as much ghs as they could with my balance, proceeded to sell all the rest of the ghs back to the market, closing my 7 btc position at .00000956btc. they purchased ghs at .05 per ( when the market rate is .015 all day, it crashed earlier) and attempted to sell 999.99999999, i only had 250~ which filled orders down to .001)
you see, you can only withdraw to one single address, supplied at account creation. i thought this would be a foolproof security feature, i didnt expect my account to be griefed. whats odd is that, according to the operator, they attempted to put a btc address in the withdrawal field, as if they werent familiar with the service. so i guess once they figured out they couldnt withdraw the btc (yet they were competent enough to utilize the orderbooks on havelock/cex), they decided to be a dick.
dont know why they purchased, then sold. seems a thief would just sell and go. would have been thwarted by the security feature, but this speculative thief is interesting.
and thats not all.
the got into my havelock account, sold my 330 neobee shares, and withdrew that bitcoin to a green address.
they also logged into my btce, nothing there to take, they also got into my cex account. sld my namecoins and i guess figured it wasnt worth it.
so, these three services all share the same pass user name. i know, im dumb. whatever. we are past that at this point, dont lecture me. what i cant figure out is how they got into my cex.io account (same pass, dif username). although i just realized that my username is in my ref link. that solves that.
they accessed btce around 9:25 est from IP: 50.136.152.85
got into havelock
2014-01-25 21:07:32 withdraw withdraw to: 1BzbergrjuUShb927P3vUbtQZW1firSsjC ฿1.07008294 ฿0.0010
and got into my bit-mining.co account, no time stamps because there is no trans history save an internal one support sent showing the odd account activity i had.
cex:
2014-01-26 02:26:56 0.00221686 BTC 0.00221686 BTC SELL Sold 0.3172 NMC at 0.00698785 BTC
details:
i havent installed any software. this comp is old and only used for trading.
i have fully updated antivirus with automatic scanning
i havent opened any email attachments/emails period. nor opened any programs save chrome.
i rebooted the computer once yesterday ( i reboot about once a week)
my gmail has 2fa, i have possession of the device, (had disabled 2fa on btce and havelock, kicks own ass)
didnt update any software, and the only pages i have visited today are this forum, havelock, cex.io, lmb-holdings and bitcoinmiami. using chrome. google details said im the only ip that has accessed my account.
bit-mining.co said
Hello ljackson, we have identified the individual on the other side of the order at 0.027. We are trying to determine if it's related; if it isn't, we shouldn't be giving you their email.
As for access to the account, it appears as if it was done by resetting your password. There was multiple attempts made shortly before the trades were executed. Also, I would recommend changing your password on ALL other accounts, especially your email, bitcoin-related accounts, and any other accounts you recently accessed using the computer you last used to log onto bit-mining. Also, try to log off any other individuals accessing your gmail account (click details in the bottom right hand corner of any gmail page), because that is where the password reset emails went.
i never received any email for a password reset though. its not in trash. also, it doesnt seem that anyone but myself has logged into my gmail for some days. only a single ip (mine) in the activity log. again, ive done no unusual activities in the last few days, ive even done less browsing than average, had been parked at the bit-mining chatroom waiting for trading to be enabled, was locked for two days waiting for bitcoind to sync so i could withdraw.
so, what the fuck happened?
|
|
|
|
|
surprised no one has commented on this, i was looking forward to the subsequent discussion/dissection of this offering.
this might be one of the few ways to skirt regulation in the states (regarding btc atms operating as MSBs), this was a particular approach to the problem I hadn't considered before.
about the btc reader/writer, is this product a nfc enabled payment point for btc transactions (like a Square/Paypal card reader, but nfc)? or does it function for storage?
Green
|
|
|
|
|
this is interesting.
have always thought that the integration of nfc + btc would effectively kill off all the other proximity based payment systems (paypass, paywave) once adopted.
does the particular approach to the situation (purchasing a pre auth with a credit card, that, after account verification, converts to a sale and then btc) eliminate some of the legal concerns with operating these machines like atms? kind of like selling a service subscription with a preloaded account credit?
~Green
|
|
|
|
its quite a few of us here, actually, no withdrawals made since 12:45ish last nite have hit any external wallets. there are about 5 or 6 of us here, waiting patiently. assistance appreciated  ! |
|
|
|
|
admin or support, can you pop over into chat for a sec? having a withdrawal issue. thanks!
Green
|
|
|
|
|
Show Posts
