 Show Posts
|
|
Pages: [1] 2 »
|
Greetings!This thread is simply to inform members of the crypto space of a newly surfaced data breach which has widespread implications across this community. Many people on here are users of hardware wallets such as Ledger/Trezor/Keepkey, seeing them as safer alternatives to traditional software wallets, however as this leak goes to show, there should never be any point within the chain of acquisition that you let your guard down and avoid actively taking measures to ensure your financial safety. So what actually happened?Many months before the initial release of the database to the public, the ledger database was breached by an unknown entity, the database spent a good amount of time in limbo, trading hands a couple of times, being sold for the nearly unfathomable but still justified amount of BTC20. On 20th December, 2020 the database was dumped publicly on a forum which I will not be naming, the breach contains just over 270,000 user records of people who have purchased products from the ledger website. The leak includes a lot of extremely sensitive data that the publication of could lead to excessive financial damage to those involved. Some events that have already taken place from this database leak are sim swapping attempts, phishing emails & phishing phone calls, and even threats of physical harm. This is all the info that was compromised: email | real name | physical order address | country | phone number This is just the info in the buyer's info dump, the dump also contains up to 1,000,000 emails of people who were subscribed to the ledger cryptocurrency newsletter, however this data leak is far less significant as less people will be trying to saturate this list for their own gain, as the chances of finding a significant amount of wealth from anyone in the secondary list is far less than the primary one, which will be saturated to shit over the coming months. How can I check if my info was leaked?For the safety of the other forum members here who have themselves purchased ledger products and been impacted by the recklessness of this company, I will NOT be linking the database leak anywhere on this thread, nor will I be privately messaging people with the info. The database is not hard to find for yourself if you do your own independent research, however this will only be required if you want to see exactly what information was leaked to begin with. If you only want to check if your info was included in this leak, and not what specifically was leaked, a good avenue to take is to use the "HaveIBeenPwned" website, which has just recently published the ledger data dump. This website will only tell you if you are in a database leak, it will not tell you the exact data that has been published. https://haveibeenpwned.com/I was in the leak, what can I expect in the coming months?If you are one of the people unfortunate enough to be covered in this datadump, I would spend a lot of time over the next couple of months preparing for a metric shit ton of phishing emails and scam phone calls, there will be active attempts by hundreds of people to steal your data and steal your crypto, you should be constantly vigilant about any calls or emails you receive regarding any type of cryptocurrency product. Another avenue to take if you are in a region that is impacted by the following is to change your phone number, or to remove any phone number based 2FA codes from any crypto exchange or financial custody service (such as binance). One thing that this leak will most definitely lead to is increased attempts at simswapping ( https://bitcointalk.org/index.php?topic=5172591). Since phone numbers were part of this leak, if you have significant holdings you can definitely expect to have at least one attempt of simming to impact you, which has a good chance to compromise very sensitive accounts. I was in the leak, what can I do to mitigate the damage?Unfortunately, due to the nature of the leak and ledger's irresponsibility in not disclosing the full extent of the data leak sooner, there isn't much that can be done, people have been abusing this database to target people in the crypto community for many months now, and since the database has now been made public, this can only be expected to increase exponentially in it's frequency. First steps that you can begin taking to ensure you aren't one of the people that is caught off guard by this leak is to start by changing the email and passwords on all of your important accounts. The next logical step would be to disconnect your phone number and acquire a new number to mitigate the risk of being simswapped or having SMS phishing codes sent to you. The final thing that you can do is be exceptionally cautious with how you present your crypto holdings in public avenues, if you have previous posts under the same alias or email that was present in the ledger database, delete all posts that indicate your holdings or wealth, discussing how much money you have in crypto online following this leak is essentially the equivalent of painting a bright red fluorescent target on your back with bolded text saying "ROB ME!" painted above it. Appendixhttps://cointelegraph.com/news/ledger-data-leak-a-simple-mistake-exposed-270k-crypto-wallet-buyershttps://www.investopedia.com/hackers-leak-customer-info-from-crypto-wallet-ledger-5093577https://cryptonews.com/news/ledger-database-dump-was-my-data-leaked-and-what-to-do-next-8680.htmhttps://cryptobriefing.com/ledger-breach-clients-data-leaked/
|
|
|
|
|
Even though I'm personally down ~2 ETH on this site, I have to say that it is very refreshing to see a dice game like this come from an established brand with competent and trustworthy ownership, congrats on the launch! Excited to see how the site progresses over the next few months.
|
|
|
|
If your device is already compromised, you already lost. Caring about phishing in that case is the last thing you should do..
The idea behind malware like this is that its much more difficult to detect, both by observation and by antivirus software, hostjacking require modifies one OS file, it doesn't need to constantly run in the background, it doesn't need to launch on startup, it can literally edit the hosts file and then delete itself and the damage is already done. |
|
|
|
|
Gave you a merit because this genuinely made me cackle and I'm really not proud of that...
Memes aside if you're actually intending to explain the meaning of the terminology to someone who was previously unaware, I think that you've done a decent job, if they need any more context just link them the kymeme page and maybe the urban dictionary page for it.
|
|
|
|
If your security and privacy is something of such grand value to you, I'd advise you look in to alternatives. https://www.reddit.com/r/degoogle/ - This is an excellent resource to begin detaching yourself from google technology. If you mean just GMAIL as an email service, I advise you look in to alternative mail such as riseup.net & gmx.com, I personally have used both and can attest to the fact that just functioning as email, either of those are better than gmail. |
|
|
|
How about: Rather than purchasing a dog from a breeding kennel, you adopt an existing dog from a shelter? It would be better to give a street dog a second chance at life. Also, please know exactly what you're getting in to, living breathing pets aren't like digital neopets, they are extremely high maintenance and require lots of love, affection and care, please do not get a high maintenance pet if you aren't willing to accept the responsibility that accompanies owning one  |
|
|
|
|
I'd very much like to say that COVID has had little impact on my perception of the outside world, but if I were to say that I would be lying. I would consider myself fairly antisocial, I prefer the comfort of my own bed over being outside. Even though community transmission in my region of residence is quite minimal, if ever I do go out, I try my best to keep to myself and to put distance between myself and other people. I think its going to be a while before people adjust to the measures that they need to take to keep themselves and people around them safe.
|
|
|
|
|
It is despicable to say the least to see the injustice that was carried out by the MN police, however you can't expect a simple change.org petition to change shit, if every issue could just be addressed with public outcry then we'd be living in a flawless utopian society, unfortunately that just isn't the way the world works.
|
|
|
|
|
The chance of it "disappearing" are very low, you have to remember that around 400,000 people have already died from this and there are ~6 million cases, I think that the fallout from this will be longl asting, we will likely recover within the next few years / next decade, but until then we will 100% be able to see the impact that corona has had on us, both in terms of how we interact with each other and how we interact with our governments.
|
|
|
|
|
Crypto is ideal for direct P2P (Peer to peer) transactions, having stuff like payment gateways increases the chances of hiccups for transactions. But don't fret, if you use adequate fees and exercise due diligence while buying and selling with crypto, these occurrences are few and far between.
|
|
|
|
|
As a general rule of thumb, pretty much all exchanges (legal, regulated ones at least) will quite strictly enforce KYC for any payments done with credit card due to the high risk nature of accepting them. The chance for fraud to occur is much higher with a credit card, especially when you're talking about using cards to buy crypto, since many people try to liquidate carded/illegitimately obtained funds through crypto.
|
|
|
|
If I may add on MacBook user, another option is:
After finding the suspicious link on your etc/hosts file, you can type the following command:
1. sudo nano /etc/hosts and press Return
2. Enter your password
3. Remove suspicious link
4. Press Ctrl-O to save
Was aware of this and was originally planning to add this however I felt that using a commandline interface text editor would be slightly too complex for some users so I opted to go the simple route of just manually changing it though, but for anyone else do note that this is a completely viable method of deleting host strings and you are free to use this if you wish |
|
|
|
don't work using cmd C:\Windows\System32\Drivers\etc\hosts' is not recognized as an internal or external command,
operable program or batch file. it's work in computer folder, paste command into search box then select notepad to execute.  Edited in to the OP that people should check your reply rather than doing the method I posted, thanks! |
|
|
|
Greetings!Recently, I have stumbled upon this concept, I have not seen any other threads warning people on this forum of this specific branch of malware and I feel that this is most certainly something everybody should be very aware of. To my knowledge there is no widespread infection from these viruses as there was for the clipboard jacker malware last year, but this is still something should know exists & how to prepare for. As with all my posts, if you have any other information regarding this, please leave a comment with it and I will append it to the original post. What is Hostjacking?Hostjacking is when a malicious program overwrites a critical system file known as the "Hosts" that is present on all operating systems to redirect traffic from one website to the malicious attacker's clone of that website to intercept logins and steal sensitive data. To understand how this is performed, we must first understand what the hosts file is, what it's primary functions are, and how hackers manipulate the data present in this file. What is a host file?A host file is a file that is present on Mac, Windows and Linux operating system file that maps hostnames to IP addresses, the standard function of these that we would see applied in less malicious circumstances are web administrators (such as at a school or university) using the hosts file to restrict access to certain websites, by making said websites redirect to 127.0.0.1 (Localhost IP address), meaning that it would be inaccessible. An example of such mapping is as follows: To put it in layman's terms, this line of code in hosts redirects all traffic when you access instagram.com to localhost, meaning you will be unable to access the original IP address for Instagram. How do hackers access it?The hosts file is a file of the operating system, meaning more often than not it requires that whichever program attempts to make changes to it have administrative rights, I will not detail the methodologies that people use to acquire administrative access from a user, all that is required to be known is that it is a plaintext file that hackers gain administrator privileges to overwrite with their own malicious code. The Attack VectorAs for how this can be exploited, do remember that the IP address doesn't have to be localhost, the attack vector in this is that a malicious attacker can map a different site (lets say, binance.com) and redirect it to their own server's IP, which would contain a phishing page that imitates Binance. And rather than requiring kernel level access to evade antivirus, the malicious program used to deliver the payload would need essentially 0 complexity. The only thing that a malicious actor would need to do once you've opened a piece of their malware is to write over plaintext file, and they would instantly be able to redirect all your traffic to one site to their own malicious site. This does not even require lots of obfuscation to subvert detection by any antivirus software, the "program" could literally be a batch file that writes over the hosts file, if the user enters their admin password or provides the application with administrative access, which most installer wizards request anyway, they have full access to the hosts file, meaning they have full control over your network and where your traffic is headed towards. I have went ahead and demonstrated this in video form by redirecting the Binance.com website to a generic DataCamp server IP address, the video is not of the best quality and you will have to put up with my insufferable keyboard sounds (I forgot to mute my microphone) until the video is fully processed and my keyboard sounds are replaced with an even more insufferable Royalty free audio track. > DEMONSTRATION HERE <As is visible in the video, the search bar still retained the "Binance.com" address while displaying the content of the page we set it to, since it is very difficult to tell at a glance, this becomes a very deadly attack to users who are unfamiliar with other detection methods, which I will be detailing in the next section of this post. How to Detect Hostjack Phishing (And how to prevent it)Checking your hosts fileMac OSX - How to check hosts
There is a very simple way to check your hosts on MAC without actually requiring any administrative permissions
1. Launch terminal.app (You can find it by pressing CMD+SPACE and entering "Terminal"
2. Enter the following code: "cat /etc/hosts" (Remove the quotation marks)
3. Hit Enter
4. Look for any suspicious entries
Windows - How to check hosts
Blue snow has left a better method in the replies to this thread **
If you find any suspicious entries on your hosts file: MacOSX - Removing host entries
1. Open finder
2. In the top of the screen, click Go > Go to folder
3. Enter "/etc" (Remove the quotation marks)
4. Open the hosts file in any text editor, remove the line then save
5. Enter your admin password when prompted to by the text editor
Windows - Removing host entries
1. Press your Windows Key
2. Type "Notepad"
3. When you see the Notepad icon, RClick > Open as Administrator
4. In Notepad, File > Open
5. Navigate to "type C:\Windows\System32\Drivers\etc\hosts" (Remove the quotation marks) in the File Explorer popup
6. Once the document is open, just delete the entries and CTRL+S
If you locate any suspicious entries on your host file, deleting them might not be enough, if you are absolutely certain that you didn't write the entries on to the host file, then it is very likely that your system has been compromised by a piece of malware, use a tool such as MalwareBytes to scan your system for any malware. If all scans turn up empty on multiple antivirus softwares and the host file keeps being edited to display a spoofed/separate page, it is advisable to back up your important files on a USB and factory reset your machine. Checking the SSL certificate of the website.If you believe that you are being hostjacked, it never hurts to check the SSL certificate of the website you believe may have been compromised. Most websites belonging to large companies such as Binance will have an SSL certificate which can be viewed by clicking the lock on the left side of the URL in your browser's navigation bar: A Valid CertificateYou should not enter any sensitive data on any website if it does not have a valid SSL certificate, most phishing websites will display as "Not Secure" when you click the lock icon, and Hostjacked phishing sites are no exception.
|
|
|
|
Bad time to join bustabit I guess. Started then down for 4 hours then down again after i started up again. Is this common practice?
Not usually, bustabit normally has near perfect uptime, this seems to just be an anomaly/scheduled maintenance gone slightly wrong. I'm confident that the site will be up within an hour or two, or whenever daniel wakes up. |
|
|
|
bustabit is back online!
andddd now neither bustabit or dice are. Any ETA on reopening? |
|
|
|
UPDATE: Next time when you're trying to dump off your shitcoins, make sure to ask the guy who sold you the account to not leave a trust rating on you for the deal. Under Hassan02's trust ratings, in the non-DT section, a trust rating left on Hassan by UltraFRS reveals that my initial assumption about the property being sold in this thread was correct. https://i.imgur.com/c2GkxLz.pngUltraFRS
2019-09-23
Bought my YoBit account, Initial offer was too low but after some reasoning we settled on a reasonable deal. Buyer remained in contact with myself and the escrow at all times and promptley sent payment earlier than expected. This user is indeed trying to sell a YoBit exchange account. My best assumption as to why is that he purchased this from UltraFRS, realised what a financial hole he dug for himself by purchasing an account with an expected return over a very long time period, and now he is trying to dump his shitcoins on some poor unsuspecting fool by being intentionally vague in the title and original post about the nature of the property. Unless you are willing to bet 6.8 Bitcoin that a documented scam exchange will not exit scam in the next 6 years, stay the fuck away from this guy and do not purchase this! |
|
|
|
How strange that this user is offering to sell these coins worth 13 BTC for only 6? How strange is it that these are the exact figures for value/amount as i have seen (13.X / 6.X) in a previous thread advertising the sale of a user's YoBit account, holding 13 BTC worth of YoToken, which can only be sold/withdrawn over a period of years?
Do not deal with this user nor purchase this "Guaranteed Growth Coin". This user is selling his YoBit account with YoTokens inside it.YoBit is a documented scam exchange which is notorious on this forum for its Ponzi "InvestBox" scheme, shitty support and not properly paying out to their users. Their shitty spammy signature campaign has also damaged the quality of posts on here. But you don't have to take my word for YoBit being a scam, how about this excerpt from Adolfinwolf's thread about the YoBit scam exchangeIn the absolutely minute instance that this user is selling something different than what I have strong reason to believe he is selling, he is welcome to openly state or prove to me/any other reputable member that this isn't just him trying to discard of his shitty scam exchange tokens, rather that he is actually selling what is advertised in the title, a "Guaranteed Growth Coin from a Top Exchange"! Until this user is more transparent about this ""rare opportunity"" that he is proclaiming to bring, steer as far clear of this thread as you can, as for the time being, this does nothing but scream SCAM! |
|
|
|
D) You would report him to daniel whenever you got the chance. Also, you talking about honor is quite convenient as you seem to lack it the most out of anyone here.
To add to that, he made literally 80% of his funds from bab & ec.
But you're right. Maybe both parties at fault here.
The thing is, Enzo is already muted on all of his bustabit accounts that I know of, Daniel doesn't mute scammers unless they're directly phishing in the chatbox, or if they're spamming or being overly obnoxious. Daniel has said numerous times that he will not intervene in user deals and suggests not to transact with any other bustabit users. I do not respect Enzo for his scamming, in the same way I do not respect you for refusing payout and profiting off of stolen accounts. |
|
|
|
Oh, so you know he's a scammer? Great. Then I'm sure you will agree that if Elifeur owes Enzo money, then said money should go straight to the victims of Enzo's scams.
I don't know what arrangement would be made, nor do I really care, because it is not my position to care, all that I know or care about is that Elifeur owes someone 1000$ and that the website busts.io is not to be considered trustworthy in it's current state of leadership and site content. My goal with this post is to make people aware of this site's shady actions, if a donation to victims or whatever needs to be made, then so be it. I will be content when busts's leadership pays out to someone + issues a formal apology to Daniel of Bustabit for the plagiarism of its code, however I believe the latter has already been done to *some* extent. |
|
|
|
|
