Bitstamp bruteforce attack on 2FA

Bitcoin Forum

November 02, 2024, 04:25:20 PM

Welcome, Guest. Please login or register.

News: Latest Bitcoin Core release: 28.0 [Torrent]

Home

Help

Bitcoin Forum > Economy > Marketplace > Service Discussion > Bitstamp bruteforce attack on 2FA

Pages: [1]

« previous topic next topic »

Author

Topic: Bitstamp bruteforce attack on 2FA (Read 923 times)

somenick (OP)

Legendary

Offline

Activity: 1286
Merit: 1004

Bitstamp bruteforce attack on 2FA

May 07, 2014, 10:59:19 PM

Bitstamp doesnt have protection against bruteforce attack on 2FA

poordeveloper

Hero Member

Offline

Activity: 896
Merit: 527

₿₿₿₿₿₿₿

Re: Bitstamp bruteforce attack on 2FA

May 07, 2014, 11:03:23 PM

Quote from: somenick on May 07, 2014, 10:59:19 PM

Bitstamp doesnt have protection against bruteforce attack on 2FA

Have you contacted them prior to posting this here?

🎰 Bitcoin Casinos ⭐⭐⭐⭐⭐

🔵 Buy Bitcoin (Visa / Mastercard / SEPA / Bank Transfer / Western Union / MoneyGram / RIA)

somenick (OP)

Legendary

Offline

Activity: 1286
Merit: 1004

Re: Bitstamp bruteforce attack on 2FA

May 07, 2014, 11:05:24 PM

Quote from: poordeveloper on May 07, 2014, 11:03:23 PM

Quote from: somenick on May 07, 2014, 10:59:19 PM

Bitstamp doesnt have protection against bruteforce attack on 2FA

Have you contacted them prior to posting this here?

its not fatal
yes today contacted

somenick (OP)

Legendary

Offline

Activity: 1286
Merit: 1004

Re: Bitstamp bruteforce attack on 2FA

May 31, 2014, 01:45:57 AM

i send 100 request per minute
to break bitstamp login 2fa you need only 7 days

Sukrim

Legendary

Offline

Activity: 2618
Merit: 1007

Re: Bitstamp bruteforce attack on 2FA

May 31, 2014, 09:09:48 AM

The code changes every 30 seconds, so you can try the same 50 codes every 30 seconds and hope to get lucky over time.

https://www.coinlend.org <-- automated lending at various exchanges.
https://www.bitfinex.com <-- Trade BTC for other currencies and vice versa.

arbitrage001

Legendary

Offline

Activity: 1067
Merit: 1000

Re: Bitstamp bruteforce attack on 2FA

June 01, 2014, 03:17:47 AM

They should freeze account login after 3-5 failed attempts.

Otsu

Full Member

Offline

Activity: 546
Merit: 100

Re: Bitstamp bruteforce attack on 2FA

June 01, 2014, 03:22:17 AM

That's problematic, they need to set up more parameters to prevent access. Agree, lock out should be implemented.

BigBoy89

Legendary

Offline

Activity: 1512
Merit: 1011

Re: Bitstamp bruteforce attack on 2FA

June 01, 2014, 04:06:30 AM

this is horrible if there's no limit from bitstamp for failed attemps
someone could get lucky after several tries, and get BTC from user balance
freeze account login after several failed attemps is must implement in bitstamp

Quote from: somenick on May 31, 2014, 01:45:57 AM

i send 100 request per minute
to break bitstamp login 2fa you need only 7 days

what is 7 days? the google code change every 30 seconds
no fixed time to break it, just pure luck

▄▄███▄▄ ▄▄████▀▀▀████▄▄ ████▀▀▄▄███▄▄▀▀████ █▄▄ ▀▀███▀▀ ▄▄█ █████▄▄ ▄▄████▀ ██▌▀█████▄ ▄█████▀▄▄█ ██▌ ██▌▀██ ███▀▄▄███▀ ██▌ ██▌ ██ ██████▀▀▄█ ▀█▌ ██▌ ██ ███▀▄▄███▀ ▀▀▀█▌ ██ ██████▀▀ ▄▄ ▀█ ██▀▀▄▄ ████▄▄ ▄▄████ ▀███████████▀

.^AMEPAY.

...DIGITALIZING THE WORLD THROUGH....
..CRYPTO PAYMENTS IN RETAIL STORES..
.
█ ██ ███ FAST ● CONVENIENT ● SECURE ███ ██ █

▄▄█████████▄▄ ▄█████████████████▄ ▄█████████████████████▄ ▄█████████▀▀▄▀▀█████████▄ ▄████████▄▄█▀ ▀█▄▄████████▄ ████████ ▀▀█▄██▀▀▄████████ ████████ █ ▄ █ ▄▀▀▄████████ ████████ █ █ █ ▄▀▀▄████████ ▀█████████▄█ █ ▄██████████▀ ▀████████ ▀▀▀ ████████▀ ▀█████████████████████▀ ▀█████████████████▀ ▀▀█████████▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

│▌

AMEPAY IEO

▄██████▄ ▀██████▄ █████████ ▀█████ ███████▀ ▀███ ██████▀ ▄█▄ ▀██ ██████▄ ▀█▀ ▄██ ███████▄ ▄███ █████████ ▄█████ ▀██████▀ ▄██████▀

BKEX

AMEPAY LISTING

▐███▄ ████▌ ▐██████████▄ █████████████ ████▌ █████ ▐████ ▄████ ██████████▀ ▀█████▀▀

bithumb
─ GLOBAL ─

▐│

somenick (OP)

Legendary

Offline

Activity: 1286
Merit: 1004

Re: Bitstamp bruteforce attack on 2FA

June 01, 2014, 07:47:46 AM

Quote from: BigBoy89 on June 01, 2014, 04:06:30 AM

Quote from: somenick on May 31, 2014, 01:45:57 AM

i send 100 request per minute
to break bitstamp login 2fa you need only 7 days

what is 7 days? the google code change every 30 seconds
no fixed time to break it, just pure luck

yes 7 days its mean

100 random codes in minute its 1000000/100 minutes = 7 days
7 days - average value

somenick (OP)

Legendary

Offline

Activity: 1286
Merit: 1004

Re: Bitstamp bruteforce attack on 2FA

June 01, 2014, 07:49:48 AM

#10

Quote from: Sukrim on May 31, 2014, 09:09:48 AM

The code changes every 30 seconds, so you can try the same 50 codes every 30 seconds and hope to get lucky over time.

you just need generate random codes
30 sec has no effect its just probability theory

somenick (OP)

Legendary

Offline

Activity: 1286
Merit: 1004

Re: Bitstamp bruteforce attack on 2FA

June 01, 2014, 07:50:39 AM

#11

Quote from: arbitrage001 on June 01, 2014, 03:17:47 AM

They should freeze account login after 3-5 failed attempts.

or freeze 2FA on 1 hour after 3 failed attempts

somenick (OP)

Legendary

Offline

Activity: 1286
Merit: 1004

Re: Bitstamp bruteforce attack on 2FA

June 01, 2014, 07:52:12 AM

#12

They are in no hurry to correct obvious bugs
it is very bad for their reputation

smoothie

Legendary

Offline

Activity: 2492
Merit: 1474

LEALANA Bitcoin Grim Reaper

Re: Bitstamp bruteforce attack on 2FA

June 01, 2014, 07:55:21 AM

#13

easy fix for users for this problem:

1. Don't keep any funds or BTC on bitstamp

2. Change your password when you plan to send funds to your account. (before you send)

3. When you do send funds to bitstamp either buy or sell and withdrawal immediately.

. ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ .
LEALANA BITCOIN GRIM REAPER SILVER COINS.

Pages: [1]

Bitcoin Forum > Economy > Marketplace > Service Discussion > Bitstamp bruteforce attack on 2FA

« previous topic next topic »

Jump to: