Your only avenue of recourse seems to be reporting the matter to the police. No one else is going to be able to help you.

I'm glad that you have been swayed, as much as any security feature can be hacked they do actually exist for a reason and make a serious difference in protecting you.

Best of luck.

You should also link to some resources that cover how 2FA can help to stop unauthorized access.

Given that the exchange just had 7000+ BTC stolen you're probably never going to get help (even with a warrant).

Despite what some people say in this thread, allowing short gifs (or similar formats) in an unobtrusive manner is a HUGE selling point for a chat application and something that WhatsApp and several others don't think is worth the time of day.

They won't, there have been plenty of exchanges before this incident where the exact same thing has happened.

As soon as a viable decentralized exchange presents itself I assume that most of these exchanges (besides ones that actually integrate with your bank account) will disappear rapidly.

Wow absolutely amazing to see that you still shouldn't store coins on an exchange if you actually care about them!

Funny how the times change!

I don't personally think its someone making this up; but everything on here (whether from ranked members or new accounts) should be taken with a grain of salt until proven otherwise.

We should still, as a community, read what this person has said to offer advice etc--in this instance the original poster honestly believes that 2FA is pointless and does not want to be swayed the other way. Good for them.

You probably shouldn't use a site that does not match up to your expectations.
FWIW, most modern browsers can automatically translate different languages. Cryptocurrency is global, so it won't necessarily be delivered to your doorstep in your own language.

Read the thread fully. This is why I find the initial post to be misleading--nothing was theoretically stolen, just someone accessed this person's account and made unauthorized trades.

I never said it was orphaned; I believe you may be referring to another user who made that assertion.

Not to go off topic, but as far as I'm aware it is fairly standard for the odd PoS to be conflicted and isn't indicative of any problem.

I have 3 conflicted stake claims that are the same as described in this situation; the description that I placed emphasis on previously explains exactly why you didn't get it.

Basically you just got unlucky (that's what I understand anyway).

• From a legal standpoint I assume it would still be theft.
• From a literal standpoint, no money actually left his account--only unauthorized transactions took place.

Regardless of anyone's personal feelings the distinction between these two is vitally important is that he falls into the second category and is asking the exchange to reveal confidential information about other users of the service without a court order/warrant. The idea that any exchange or organisation would reveal such private information about its customers with no court order/warrant would basically never happen in a million years.

Even with a court order/warrant you're assuming that anyone who was "the other half" of his transactions is guilty and putting their privacy at stake--this is likely impossible to ascertain and sounds more like a matter for a legal investigation.

Should an exchange breach other user's privacy because some guy didn't bother to use 2FA? No, and if the answer was yes then no one would ever use that exchange ever again.

Personally I abhor people that steal or gain access to other users accounts and then proceed to do malicious things, I believe they should be persecuted to the fullest extent of the law. Having said that, in this instance the victim (i.e. the author of this thread) should realize how their naivety and laziness was likely the primary reason for their loss and also that no reputable organization on Earth would go about releasing information about other users in this same situation without a court order/warrant.

I strongly disagree with the title of this thread and the initial post as they are both greatly misleading to most readers who won't bother to be critical and will take it as face value (and no, I'm not associated with the exchange). I think the victim in this situation refuses to admit that their arrogance and naivety when it comes to security caused this issue and nothing else. If you have 40,000 USD on a website you should take security a lot more seriously.

It is also disheartening to see people learning about promising technologies like bitcoin etc while failing to adequately research basic account security. If anyone is reading this right now and has anything of worth stored on their exchange accounts, gmail/dropbox/banking websites and currently does not use 2FA I strongly urge you to start using it. It isn't some fantasia bullshit, it is the 6 digit code that stands between you accessing your account and some random on the internet being able to essentially rob you of 40k USD. Regardless of what anyone says about it being imperfect it still does a lot more to protect your accounts and private data than having nothing at all in place.

Bottom line:
Not having 2FA enabled = 40,000 USD mistake.

Sometimes it helps to read the message that you include with your post.

Its not any single point of failure that causes these situations.

Its a multitude of different problems (mostly attributed to people being lazy):
-not activating 2FA
-not activating logging features on their accounts
-sharing email addresses and/or passwords between accounts
-not running antivirus/malware scanner
-assuming your operating system is 100% immune to viruses or malware (dear mac users your operating system is not, has not and cannot be 100% immune to being compromised)
-sharing your computer with idiots
-installing stupid applications and/or opening stupid links
-assuming people you know won't steal your shit when it can never be traced back to them
-letting other people know how much money you have and where
-blindly trusting web-based wallets etc that aren't decentralized
-installing pirated software which can compromise your system
-using wifi, wireless keyboard/mice or stupid technology that could easily compromise your internet money (if you live in the jungle use wifi, if you live in a crowded urban area where anyone within 50 metres of you could sniff all your personal data then you're an idiot)
-keeping all your eggs in one basket; even if I was trading anything even remotely approaching 40,000 USD, let alone 1000 USD I would sure as shit not store it all on one exchange with no fucking 2FA.

You should not be storing 30 btc on a web wallet like blockchain. Period.
You should not be storing 40,000 USD worth of anything on any online account that doesn't have 2FA. Period.

Part of the responsibility does fall on this exchange for not requiring 2FA or not requiring authentication of transactions via email account, however the problem is that this user is basically incompetent (proven by the fact they refuse to believe 2FA is important) and they then go and write misleading statements regarding their account (no, your money wasn't actually stolen which is what prevents the exchange from helping you) and tries to brush off their own irresponsibility and laziness as not having attributed to the situation (if this user had 2FA enabled then I would be in no position to criticize as much).

I'd say more like 100% his fault. The best part is that because he didn't have 2FA enabled it is pretty much impossible to ascertain how much of his system/accounts are compromised. If he had bothered to use 2FA and this actually happened then he could be certain that 2FA was hacked (meaning his entire system is compromised).

Without 2FA he is going to have to get some scooby snacks and hire a crew of hippies to drive around the internet in a van looking for the criminal. Good luck with that.

BTW if you're still in doubt about 2FA you should check out the comments on the reddit post for this thread (someone submitted it to reddit):
http://www.reddit.com/r/Bitcoin/comments/2vv2ss/someones_complaining_on_bitcointalk_that_his_btce/

Almost all the comments mention the fact that you didn't use 2FA. You should be spending your time right now formatting your computer (or using another computer which is known to be clean) and then checking the security settings of all of your accounts.

Nice address.

It shouldn't. You should have logging etc enabled for instances like this so that you can know as much information about what has happened.

If you fail to enable logging etc, you are willingly asking for less information about what happens to your btc.

If you really feel that 2FA is that stupid then so be it, it feels like you're impossible to reason with on this point. Don't let the fact that Google/Gmail, Facebook, Lastpass, Dropbox, Steam and dozens of other prominent websites rely and promote 2FA to help increase account security greatly change your mind.

A bitcoin exchange is not a bank. Bitcoin and cryptocurrency itself aren't defined as actual currency in most places.

On the topic of whose responsibility security is you should probably try to better familiarize yourself with the terms of services that you use when it comes to cryptocurrency:

source: BTC-E Terms & Conditions ( https://btc-e.com/page/1 )

Because just by gaining access to your wifi network (which AFAIK is possible if you snoop enough) is the easiest way someone could compromise your computer. If someone has access to your computer then they don't even need to bother sniffing the traffic between you and a website.

http://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng-0148366/

Also--what wifi security did this user use (if any at all given they didn't bother with 2FA)?

And yes, wifi is probably an unlikely factor in this event but it is still a factor nonetheless.

Want to access your exchange account with $100 USD on it? wifi doesn't sound too bad.
Want to access your exchange account with $40,000 USD on it? I sure as hell wouldn't use wifi.

The country you reside in I would presume. You have to report the unauthorized access, the police then have to investigate the unauthorized access. How this happens depends upon what country you are based in; you should be aware that bitcoin and all cryptocurrencies don't really have many laws that cover their usage, so you are basically operating in a legal grey area (which is why activating things like 2FA is important).

There is no way any company is going to willy-nilly hand over other customers information without this process taking place. If they do they are completely incompetent.

I know it is frustrating to be told by a company that you are at fault--take it from someone who isn't associated with any exchange or bitcoin company: you didn't take your account security seriously enough and this is what can happen.

And yes, 2FA could be hacked, or your phone could be hacked. Does it mean you shouldn't take the precaution of using it? No.

My theory is you were probably targeted by someone who has access to your computer/accounts or watched you enter in your password. You may have been targeted specifically because you didn't use 2FA. Who knows.