btc-e must be able to see where the majority of those funds went. things like this piss me off, they continually refuse to work with customers in situations like this........
Correct! That is the point! I think that they saw that I have a great amount an my account and took it and made me to be blame of not installing 2FA! But if they know that not using it is not safe they should insist on using it! You are to blame though, and if you think anyone else is or that anyone else's privacy should be compromised because you didn't take security seriously you are seriously deluded. Why even bother with 1password if you don't even activate 2FA on an account that holds more than forty thousand USD? |
|
|
|
-Not having 2FA enabled = asking for money to be stolen - 2FA is safier probably (But there are cases when it is also hacked) if they don't demand it How can I know what other security measures were done. I can't know about them I do my business they do there. Safety of my money it is there business. All bitcoins is a question of trust! I chose to trust btc-e because I had to make such a choice otherwise I wouldn't earn my 40 K
-Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen - Where to keep 40 - Where to keep 40 k in bitcoins considering that exchange rate of the bitcoin can make 20 % a day?
-Acting as if macs can't get viruses = asking for money to be stolen - It can but I've checked it has not!
-Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen
-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc) - 2FA can be hacked as well as https if they mean that the password was stolen through that door, especially if an employee envolved.
My questions (please answer all of these so we can see what factors may have attributed to this situation):
-Were you using wifi? - Rarely most of the time I use private modem
-Were you using a wireless keyboard? - never
-What browser do you use? - tor over vpn
-Does anyone else use your computer? - no
-Do you share your wifi access with anyone else? - no
-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters. - of cause my passowrd is made by 1password
-Do you share the same password on ANY other service ANYWHERE - never
-Not having 2FA enabled because "it might be hacked" = inexcusable. You made the decision not to use an easy to use security feature, not your exchange. Safety of your cryptocurrency is 100% your business and 100% your responsibility--if you rely on anyone else for it you're probably going to get stung. It is a non-reversible transaction medium. Once someone can access your account with no safeguards in place, chances are slim that you will ever have recourse against said person.-That is the risk you take if you want to make that kind of money--you should be using better account security if you have that much at stake. -Viruses/malware/trojans can & do go undetected; someone who really wants to (especially when 40k is at stake) can easily write custom malware that is undetectable for a long time. This applies to all operating systems. -Yes it may well be possible to hack 2FA, but you didn't have it enabled in the first place so making that sort of accusation is completely baseless. You can only make that claim when you have 2FA enabled in the first place. You didn't.-If you've ever used your accounts over wifi it is possible someone has eavesdropped on your account details (although somewhat unlikely depending upon your exact situation) -Tor nodes can monitor/sniff/save your traffic. I would think it is a better idea to use a reputable VPS provider than tor for financial transactions. -Did you have 2FA enabled with your 1password account? If not then this is another possibility of where your password was copied from. As much as I feel bad for you, the reality is your money was not stolen--you didn't use 2FA, someone used your account to create unauthorized transactions and you are now demanding the exchange reveal confidential transaction data of its other customers (who probably had 2FA enabled) without a court/police order?Your thread title is inaccurate. Your money was not 'stolen'. You didn't use 2FA which helps to prevent unauthorized access. Someone gained unauthorized access to your account and made unauthorized trades. This can at least be partially attributed to your refusal to use 2FA, using Tor and a number of other factors that are completely outside of your exchange's control. If btc-e actually cooperated and provided any information of other customers in this situation (without a police/court order) it would set an alarming precedent and I am sure they would lose many customers over it. |
|
|
|
btc-e must be able to see where the majority of those funds went. things like this piss me off, they continually refuse to work with customers in situations like this........
From what I understand the funds never left the user's account. As such, identifying people/persons who profited from these unauthorized transactions would require revealing other users transactions. This would constitute a major invasion of other user's privacy--this should not be investigated without a police/court order for very obvious reasons. I sure as hell don't want my private transactions being shared with someone who didn't bother to use 2FA in the first place. |
|
|
|
|
Yes I realized you and OP were separate but I asked because most people jump onto websites saying "oh no everything has been stolen" and then don't provide any information about the situation.
All we know about the original poster so far is that he didn't even have 2FA enabled, my other questions would help readers understand what other factors could have contributed to the unauthorized access of his account.
If people want to blame particular services/exchanges then that is their right, but in doing so they should at least present their side of the story in a transparent manner and let readers know all possible contributing factors to their situation before trying to point the finger at an "inside job". I believe they can answer all the questions I've asked without compromising their personal privacy too, so there is no excuse to not provide this basic information to us, it just serves as a detriment to people who may want to investigate security issues now or at any time in the future.
As a community we should also be noting down the shortcomings of particular exchanges--part of this relies on knowing the customers side of the story too.
If they did take every conceivable precaution (such as activating 2FA, running regular antivirus/malware scans etc etc) then I wouldn't even need to ask these questions. As it is, anyone who is reading this thread and doesn't have 2FA enabled for their accounts should be dedicating the next few minutes of their life to start using it.
|
|
|
|
Another question I have is what email address/username was used in this situation, is it one that is shared among other websites of the same nature or was it a unique email address that was never actually used for email purposes?
If your email address even shows up on a Google search that means it is vulnerable. You should have a unique, unknown, unused (besides verification and sign up) email address/username that is not listed on any search engine to maximize security. If you don't have a unique username then you should have a super common one that shows up everywhere.
btc-e doesn't allow email-address as a login. Edit: and they lock your account after 3 failed login attempt. Thanks for the info. The same applies though, if you share the same username between services then it is relatively easy for someone to then find your email address and then expand from that to find other information about you. Anyone that engages with you in a conversation and provides a link could gather your IP address from your visit to said link (depending on what website it is obviously) or install malware directly onto your PC. It is a good practice to use a VPS when using these sites to mask your true IP address at all times. |
|
|
|
So you had $40K in your account and you didn't even set up 2FA?
Without 2FA there are so many ways an attacker can obtain your password.
If they have a thief inside a company, 2FA also will be hacked. So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e? Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you. 2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same. Any service that runs without these basic features is just asking for money to be stolen. btc-e does require email verification for withdrawals. Which is why this is probably OPs funds being stolen:  So its more a case of unauthorized trades rather than OP's claim that "40 000 USD was stolen". I guess it serves as a great lesson on why bothering to learn about 2FA (which takes about 2-3 minutes) could save your account from unauthorized access. Just because a mobile can also be hacked it doesn't make it any less useful of a security feature. Another question I have is what email address/username was used in this situation, is it one that is shared among other websites of the same nature or was it a unique email address that was never actually used for email purposes? If your email address even shows up on a Google search that means it is vulnerable. You should have a unique, unknown, unused (besides verification and sign up) email address/username that is not listed on any search engine to maximize security. If you don't have a unique username then you should have a super common one that shows up everywhere. |
|
|
|
and I'm still wondering how the hell they hacked into my email too.
The password I personally used was a complex one, but they still managed to enter and change it, and they even gone to my cex.io without issues and that password was one time used and they searched for any btc in it(luckily it was empty, I was only lurking there)
but still, they managed to reset some of many not bitcoin related websites/games password
But hell, I would never trust a website to hold 40K dollars, maybe only on my computer, inside a virtual machine.(If I break that virtual machine im damned to hell but, I would use that method.
Again if you're going to say your email address or any account was hacked please provide the following information: -What operating system? -What browser do you use? -Were you using wifi? -Were you using a wireless keyboard? -Does anyone else use your computer (at ALL)? -Do you share your wifi access with anyone else? -How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters. -Do you share the same password on ANY other service ANYWHERE? Windows 7 Firefox Yes No No, only me. No 15 chars, it was a mix of latin word number and special chars. No, that password was unique, at least for the email. I'm still wondering why he requested password change of a game "Trion Worlds", of an empty cex.io account, and another account of stellarix(empty too) and all those passwords were differents. Side Note, why he didn't asked to change passwords to my porn sites? maybe because they were all free accounts.  Using wifi isn't the greatest idea when money is at stake. |
|
|
|
and I'm still wondering how the hell they hacked into my email too.
The password I personally used was a complex one, but they still managed to enter and change it, and they even gone to my cex.io without issues and that password was one time used and they searched for any btc in it(luckily it was empty, I was only lurking there)
but still, they managed to reset some of many not bitcoin related websites/games password
But hell, I would never trust a website to hold 40K dollars, maybe only on my computer, inside a virtual machine.(If I break that virtual machine im damned to hell but, I would use that method.
Again if you're going to say your email address or any account was hacked please provide the following information: -What operating system? -What browser do you use? -Were you using wifi? -Were you using a wireless keyboard? -Does anyone else use your computer (at ALL)? -Do you share your wifi access with anyone else? -How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters. -Do you share the same password on ANY other service ANYWHERE? |
|
|
|
So you had $40K in your account and you didn't even set up 2FA?
Without 2FA there are so many ways an attacker can obtain your password.
If they have a thief inside a company, 2FA also will be hacked. So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e? Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you. 2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same. Any service that runs without these basic features is just asking for money to be stolen. Yes of course ,with the simple 2FA you have a "strong" level of security but as you told also the email for confirm the withdraw will add a much level of security. However as I always said, you will should never keep your money in an exchange (for 1-2 days) -instead- you have to deposit > make the exchange and then withdraw all your "coin" to your personal wallet. Exactly--this should be common practice. 40k USD isn't exactly pocket change for most people. There really should be a rating system for the various exchanges, what security measures they offer as well as a track record of their history (sort of like coinssource we need an exchangesource if such a thing exists) Email confirmation of transactions/withdrawals will at the very least prove the exchange is extremely unlikely to involved in theft from accounts and would point at the user's computer being compromised (or similar). |
|
|
|
So you had $40K in your account and you didn't even set up 2FA?
Without 2FA there are so many ways an attacker can obtain your password.
If they have a thief inside a company, 2FA also will be hacked. So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e? Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you. 2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same. Any service that runs without these basic features is just asking for money to be stolen. |
|
|
|
|
Before you go assuming your mac is perfect and your password alone is enough to protect you--it isn't. I've seen macs firsthand with viruses. Nowadays visiting a single website is enough to completely compromise your system.
My opinion:
-Not having 2FA enabled = asking for money to be stolen
-Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen
-Acting as if macs can't get viruses = asking for money to be stolen
-Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen
-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc)
My questions (please answer all of these so we can see what factors may have attributed to this situation):
-Were you using wifi?
-Were you using a wireless keyboard?
-What browser do you use?
-Does anyone else use your computer?
-Do you share your wifi access with anyone else?
-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.
-Do you share the same password on ANY other service ANYWHERE?
Regardless of you being slightly naive (my personal opinion anyway) with a lot of these, this service should still be assisting you (once they have identified you are the legitimate account holder).
|
|
|
|
|
I still can't understand how to create a retirement account, I don't see anything on the website mentioning it?
EDIT: I know it isn't launched yet, but how are other people already signing up for it?
|
|
|
|
Yes. that might seem weird, but we want a completed case before releasing a Press Release and tweeting about it. A "success story" rather than "it's up-and-running"  CF has been properly tested though - but this is, after all, the very first cases of crowdfunding on a blockchain (Automated Transactions/Smart Contract). It's not a proof-of-concept, it's the real thing/real coins, but we monitor everything very closely. The devs have also made sure no one can lose money even if it's the first case. Ahh understood (: |
|
|
|
|
Also I notice this donation drive isn't mentioned on the burst subreddit or twitter, maybe it would be a good idea to post it there to raise awareness.
bitcointalk thread is great for people who are very technically minded and continuously follow the conversation 24/7, for most people though keeping up to date on a 913 page thread isn't possible.
I would happily donate a bit for a marketing/communications budget (just simple stuff like turning these technical details into more understandable terms and making sure more people are aware of important events with the coin)
|
|
|
|
|
Have donated a small amount via BURST. Best of luck.
|
|
|
|
|
Thanks for the reply--one thing I don't understand is the "blocks to go" measurement of time, it would be a lot more straightforward if it gave an actual time estimate (you know using those hours and seconds things).
My blockchain is updating now, but I will be donating. Also a small amount to the zRMicroarray funding program too.
BTW, will this HTML file come as standard with BURST wallet in the future? Having to download a single HTML file is a bit ridiculous in 2015 if it could just be included?
EDIT: I accidentally donated twice, oh well. Hope the project works out. (when I hit ok the window didn't close so I clicked it again, I guess I should have waited for blockchain to update first?)
EDIT2: now my recent donations have disappeared? I'm very confused.
EDIT3: now it is showing 3 x donations. Oh well. I trust it has finally gone through now at least. 3 times the merrier.
|
|
|
|
|
Can someone explain in non-technical terms how I can go about donating to this cause? I don't have much to spare right now but I would love to at least give something.
|
|
|
|
|
Just to add to my previous comments regarding PoS on the wallet it seems to be working a lot more reliably now! I'm receiving PoS reward every 5 minutes or so.
|
|
|
|
Greetings TheTribesman, greetings all. Obviously I'm not a noob in the cryptosphere A friend from 'another coin' said this was worth taking a look at. I'm mining OK @ Supra - ~4.4 MH/s from my HD7990 but despite everything I can think of (including looking for nodes on the block explorer) my wallet won't pick up a single connection to the network. That's after nearly 3 hours  So, has anyone got a decent 'add node' list they're prepared to post here? I've never 'mined-to-market' since I started in DCs & I'd hate to have to start now - especially as I'm planning on staying around for the PoS-only days to come. Thanks in advance. the only node i know of is addnode=kobo.suprnova.cc you should try it , hopefuly it fixes your issue :> That was on the sample .conf in the OP, I added 87.121.52.172 from the explorer before I posted here, NADA I have 10 QTs on this PC, no probs with them. I'm hoping someone with many connections will use the wallet console to get a list of their IPs & post them here. (Command = getpeerinfo)  [ { "addr" : "178.33.126.221:9011", "services" : "00000001", "lastsend" : 1423857263, "lastrecv" : 1423857264, "conntime" : 1423857240, "version" : 60013, "subver" : "/Satoshi:2.0.0/", "inbound" : false, "startingheight" : 12710, "banscore" : 0 }, { "addr" : "94.23.32.118:9011", "services" : "00000001", "lastsend" : 1423857272, "lastrecv" : 1423857272, "conntime" : 1423857240, "version" : 60013, "subver" : "/Satoshi:2.0.0/", "inbound" : false, "startingheight" : 12710, "banscore" : 0 }, { "addr" : "45.56.108.177:9011", "services" : "00000001", "lastsend" : 1423857271, "lastrecv" : 1423857271, "conntime" : 1423857252, "version" : 60013, "subver" : "/Satoshi:2.0.0/", "inbound" : false, "startingheight" : 12710, "banscore" : 0 }, { "addr" : "87.121.52.172:9011", "services" : "00000001", "lastsend" : 1423857271, "lastrecv" : 1423857271, "conntime" : 1423857258, "version" : 60013, "subver" : "/Satoshi:2.0.0/", "inbound" : false, "startingheight" : 12711, "banscore" : 0 } ] |
|
|
|
One thing I can't seem to find on the dnotes or dnotesvault website is any sort of address or physical contact information. Particularly in the case of the dnotesvault, how can we trust (beyond seeing the wallets) that money would be repaid in the event of the website being hacked? What jurisdiction does the dnotes team operate under? Is it a company?
That is a very legitimate question and concern. It has indeed been a major pitfall of this industry and will likely remain as a major obstacle to mass adoption. From a legal perspective, DNotes is not an entity owned by a company, any individual or a group of individuals. Ownership is at will; meaning that anyone can own and disown DNotes. This is true with all crypto currencies including Bitcoin and DNotes. DNotes is not a company with a jurisdiction. In my personal opinion, it is ironic that an industry that thrives with pride on not needing a “trusted” third party is rampant with untrustworthy parties and bad actors which have literally walk away with investors’ hard earned money countless times. Nearly all of us have been a victim of that at one time or another. DNotes and its community recognized this serious weakness from the beginning and have been operating on the premise that the cornerstone of DNotes must be built on trust and integrity if we want DNotes to be successful. We can not tell anyone to trust us due to the nature of the industry and the legal structure. Everyone should do their due diligent and only invest to the extent that they can afford a complete loss. Digital currency is an emerging technology that has yet to be proven and although it has high potential returns, it also comes with high risks. It is prudent for everyone to exercise extreme caution before investing. Having said that, may Google “Alan Yong DNotes” and a number of other search terms to learn more about me. You are also welcome to PM me if I can be of further assistance. DNotes and its community have gone to great lengths to earn the trust of our supporters and that may be the primary reason why DNotes has been the most stable Digital currency in the industry. Hope this response has been helpful. Thanks for the response. I appreciate that none of these altcoins or bitcoin itself really have an office, it was more about the dnotesvault in particular (I suppose I should have clarified that more). I am satisfied so far with the information provided (because I did my own research) but I think for a newcomer to the website it may come off as slightly disconcerting that there is no information about any person/organisation associated with the dnotesvault website. I hope that in the future there is some more information provided because it would help a lot to reassure people of the vault's long term viability; I understand that due to regulatory limitations at this point it is a little difficult for that though. Many of the promising crypto projects I have invested in have a habit of hiding useful information deep within their bitcointalk threads. Presumably, most people will just visit the website and base their decisions off of that or some basic Google searches. |
|
|
|
|
Show Posts
