Bitcoin Forum
November 10, 2024, 05:26:30 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen  (Read 1803 times)
rebel24 (OP)
Member
**
Offline Offline

Activity: 114
Merit: 10


View Profile
March 02, 2014, 06:13:09 AM
 #1

Just thought I'd let you guys know so you dont let it happen to you.
I never saw this coming and am pretty security conscious.

I lost about 2 bitcoins worth.. over $1000 worth at today's prices...

I have taken some new security precautions but I recommend you guys to do the same-
firstly, use a unique password for your main email account, that you dont use anywhere else.
also add a phone number for alerts to your phone if someone does pass a log-in verification

most my coins are offline... the only ones there were mainly ones I had open for trades....

but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well.


Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?)
philipmicklon
Full Member
***
Offline Offline

Activity: 176
Merit: 100


View Profile
March 02, 2014, 06:16:37 AM
 #2

2FA is a must when you're dealing with BTC.
rebel24 (OP)
Member
**
Offline Offline

Activity: 114
Merit: 10


View Profile
March 02, 2014, 06:27:05 AM
 #3

I believe it did have 2 factor authentication, because it emailed my email to confirm the transaction, and he had access to my gmail.

You make a good point, but the only way it should be done is via phone authentication.



I will also add, the only reason I caught it quickly was because he hacked into my secondary email, which has duplicates sent to my main email.
when I logged into my secondary email, those confirmation emails were deleted (I suppose to prevent me from knowing I was hacked)
rebel24 (OP)
Member
**
Offline Offline

Activity: 114
Merit: 10


View Profile
March 02, 2014, 06:45:27 AM
 #4

Just thought I'd let you guys know so you dont let it happen to you.
I never saw this coming and am pretty security conscious.

I lost about 2 bitcoins worth.. over $1000 worth at today's prices...

I have taken some new security precautions but I recommend you guys to do the same-
firstly, use a unique password for your main email account, that you dont use anywhere else.
also add a phone number for alerts to your phone if someone does pass a log-in verification

most my coins are offline... the only ones there were mainly ones I had open for trades....

but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well.


Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?)

You had you poloniex password saved on your computer somewhere?

Would this have been prevented if the only location of your passwords was written down on paper?

no it was not saved on my computer.. he initiated a password rest, then because he had access to my email, he accessed my account


the question is how did he get my email address login and password (and somehow know I used bitcoin too),
my idea is probably one of the smaller exchanges I signed up for (about half a dozen of em, nothing crazy), that is my guess..
Nathonas
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250

Knowledge is Power


View Profile WWW
March 02, 2014, 06:49:18 AM
 #5

2FA is a must when you're dealing with BTC.

2FA with google authenticator.

/endthread

All we have to decide is what to do with the time that is given us.
g27wr
Full Member
***
Offline Offline

Activity: 221
Merit: 100


I like guns.


View Profile
March 02, 2014, 06:51:47 AM
 #6

Just thought I'd let you guys know so you dont let it happen to you.
I never saw this coming and am pretty security conscious.

I lost about 2 bitcoins worth.. over $1000 worth at today's prices...

I have taken some new security precautions but I recommend you guys to do the same-
firstly, use a unique password for your main email account, that you dont use anywhere else.
also add a phone number for alerts to your phone if someone does pass a log-in verification

most my coins are offline... the only ones there were mainly ones I had open for trades....

but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well.


Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?)

You had you poloniex password saved on your computer somewhere?

Would this have been prevented if the only location of your passwords was written down on paper?

no it was not saved on my computer.. he initiated a password rest, then because he had access to my email, he accessed my account


the question is how did he get my email address login and password (and somehow know I used bitcoin too),
my idea is probably one of the smaller exchanges I signed up for (about half a dozen of em, nothing crazy), that is my guess..

You could be right. It may have been someone from an exchange. We really have no way of knowing who is behind the scenes. New passwords everywhere!!

Krona Rev
Full Member
***
Offline Offline

Activity: 129
Merit: 100



View Profile
March 02, 2014, 09:56:11 AM
 #7

OP: Sorry for your loss of 2btc. I'm glad to hear you keep most of your coins offline. I wish more people would.

Regarding 2FA, I would be very reluctant to trust google (either gmail or google authenticator) when it comes to security and/or cryptocurrency. No third party should be trusted, obviously, but at this point it is clear that trusting google means trusting the NSA and other dark forces in the US Govt. Don't do it. Please don't do it. One day this Mt. Gox fiasco could look minor compared to the damage someone could use google to do.

Just keep as many of your coins offline as possible, and be prepared to lose all coins that are online.

Promechard: Proprietary Metablock Chains for Arbitrary Data: https://bitcointalk.org/index.php?topic=411974.0
corebob
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
March 02, 2014, 10:48:50 AM
 #8

The problem with giving Google your phone number is that you also give NSA what they need to associate your telephone calls with your emails
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
March 02, 2014, 11:17:27 AM
 #9

Yubikey is your friend.

more or less retired.
Krona Rev
Full Member
***
Offline Offline

Activity: 129
Merit: 100



View Profile
March 02, 2014, 11:26:34 AM
 #10

Does any service offer 2FA via bitmessage?

Promechard: Proprietary Metablock Chains for Arbitrary Data: https://bitcointalk.org/index.php?topic=411974.0
freebit13
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500

I got Satoshi's avatar!


View Profile
March 02, 2014, 12:58:53 PM
 #11

Use Google.../endthread?

Stop trusting a central authority to secure your information... that's just not bitcoin Wink

Decentralize EVERYTHING!
p-webcorp
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
March 02, 2014, 01:18:23 PM
 #12

2FA is a must when you're dealing with BTC.

2FA with google authenticator.

/endthread
Oh, yes again a google product. Never ever use anything from google!
'g' give data, 'g' get protection for it, and the rest of the story is blablabla as the bitcoins are used by criminals etcetc, and the dollars are used only by honest people isn't it?
rebel24 (OP)
Member
**
Offline Offline

Activity: 114
Merit: 10


View Profile
March 02, 2014, 01:21:08 PM
 #13

I am pretty sure I have figured out what happened, I posted it in another thread so I thought I would share it with you guys-- apparently I am not the only one who has had coins recently stolen from them at poloniex--

what is going on is-
poloniex is being DDOS'ed, as well as cryptorush.io
I had the same robberies happen at both places. They are DDOS'ing the sites, taking the login info, and, for me, stupidly, I used the same login info for my email as my login there. So they logged into my email to confirm the withdrawls.

Now I have 2 way authentication and different passwords, I HIGHLY RECOMMEND EVERYONE DO THIS RIGHT NOW IF YOU HAVENT ALREADY
coinnewbit
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250



View Profile
March 02, 2014, 01:43:54 PM
 #14

I am pretty sure I have figured out what happened, I posted it in another thread so I thought I would share it with you guys-- apparently I am not the only one who has had coins recently stolen from them at poloniex--

what is going on is-
poloniex is being DDOS'ed, as well as cryptorush.io
I had the same robberies happen at both places. They are DDOS'ing the sites, taking the login info, and, for me, stupidly, I used the same login info for my email as my login there. So they logged into my email to confirm the withdrawls.

Now I have 2 way authentication and different passwords, I HIGHLY RECOMMEND EVERYONE DO THIS RIGHT NOW IF YOU HAVENT ALREADY
I just despoited into poloniex the day before. Crap
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!