Bitcoin Forum
November 13, 2024, 12:02:02 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: bitmarket.eu  (Read 4996 times)
M4v3R
Hero Member
*****
Offline Offline

Activity: 607
Merit: 500


View Profile
October 09, 2012, 12:27:47 PM
 #41

I'm investigating this. Something's definately not right, and I'll get back to you as soon as I sort this up. Withdrawals are halted, so there is no way to get funds out of bitmarket now.
narousberg
Legendary
*
Offline Offline

Activity: 1753
Merit: 1007



View Profile
October 09, 2012, 12:42:13 PM
 #42

strange activity is continuing....

this user hacked my offer: CoonBreakair

He  canceled my offer for 11€, then placed sell offer for 12€, but in trnasaction log i see that bitcoins was sold for 18€

I dont understand how it was maked.

Thats the same account where my coins was sent. Hacker canceled all my orders and placed offer for 10 Eur for all 3.459 BTC.

This all could not happen, if bitmarket would use email confirmations about every deal placed and confiramtions.

yes, i agree. Bitmarket need email confirmation, and i need my bitcoins back.

somebody know another way to contact admin of bitmarket?

I AM NOT SELL MY BITCOINTALK ACCOUNT !!!
narousberg
Legendary
*
Offline Offline

Activity: 1753
Merit: 1007



View Profile
October 09, 2012, 12:44:11 PM
 #43

I'm investigating this. Something's definately not right, and I'll get back to you as soon as I sort this up. Withdrawals are halted, so there is no way to get funds out of bitmarket now.

super to hear this. Hope you sort this soon)))

I AM NOT SELL MY BITCOINTALK ACCOUNT !!!
monstrs
Hero Member
*****
Offline Offline

Activity: 555
Merit: 504



View Profile
October 09, 2012, 01:02:40 PM
 #44

I am glad that account is frozen for that hacker.

It's good to know that admin is avare of this. I hope that we get our coins back soon.
M4v3R
Hero Member
*****
Offline Offline

Activity: 607
Merit: 500


View Profile
October 09, 2012, 01:26:36 PM
 #45

To everyone involved: please notify me if your BitMarket password was used on any other site. If yes, please post which one (after changing it naturally). Also, if you have had any other similiar incidents in the last days/weeks, please tell me this too.
monstrs
Hero Member
*****
Offline Offline

Activity: 555
Merit: 504



View Profile
October 09, 2012, 01:56:05 PM
 #46

To everyone involved: please notify me if your BitMarket password was used on any other site. If yes, please post which one (after changing it naturally). Also, if you have had any other similiar incidents in the last days/weeks, please tell me this too.

I had unique password only for bitmarket, before that i had week password.
M4v3R
Hero Member
*****
Offline Offline

Activity: 607
Merit: 500


View Profile
October 09, 2012, 03:14:09 PM
 #47

Any new updates will be posted here.
la chignole
Full Member
***
Offline Offline

Activity: 123
Merit: 100



View Profile
October 09, 2012, 06:41:42 PM
 #48

On Friday, October 5th at 0:53 am my offer of sale of 10 btc was accepted by a buyer and at night the confirmation of purchase was confirmed without my authorization. I had made the day before  on Thursday, October 04th the offer of sale. I do not know which and how this transaction was validated !

My password was unique and I have no account on mtgox.
narousberg
Legendary
*
Offline Offline

Activity: 1753
Merit: 1007



View Profile
October 09, 2012, 06:46:08 PM
 #49

On Friday, October 5th at 0:53 am my offer of sale of 10 btc was accepted by a buyer and at night the confirmation of purchase was confirmed without my authorization. I had made the day before  on Thursday, October 04th the offer of sale. I do not know which and how this transaction was validated !

My password was unique and I have no account on mtgox.

welcome in club...

I AM NOT SELL MY BITCOINTALK ACCOUNT !!!
Auris 1.6 vvt-i
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
October 09, 2012, 07:59:41 PM
 #50

Withdrawals are halted, so there is no way to get funds out of bitmarket now.
The attacker used TOR (anonymous) network, so even though I have the IPs, their not traceable. Only a few users were affected, since most people have unique passwords for their accounts.

Unfortunately there isn't a way to get the coins back, because attacker managed to withdraw them before I was notified about this. The withdrawal lock is in place to secure any further frauds, because I have no way to know if anyone's else account is compromised. I could force a password reset on everyone, but that would be highly annoying to everyone that have good password practices.

So, since coins are blocked in Bitmarket and there is a withdrawal lock, does this mean I will get my 15.047xxxx BTC back?

I was logged in Bitmarket today and my coins were there (I had canceled my offers yesterday). I was just about to place a new offer but I decided to withdraw the bitcoins from Slush's pool. Logged on to Slush and this is when I got an email (I receive all e-mails on my smart phone as soon as they arrive - thank God and Google for push functionality). By the time I go back to BitMarket's account, coins were gone and transaction confirmed and even my country of residence was changed from Bulgaria to Bahamas. The same user who stole your coins stole mine! I e-mailed the Bitmarket Admin right away and he responded within 30 minutes. I have been using the same password for Deepbit, Slush pool, Paypal and my Gmail - had no issues with any of them, even though it would have been even more painful! Of course, all of them are now changed.

M4v3R, please tell me our coins are safe and have not left Bitmarket and will be returned to us, otherwise this would be a huge disappointment not only for me and would lead to loss of trust and customers. Everyone needs to feel safe and secure where he trades and spend/receive money.
narousberg
Legendary
*
Offline Offline

Activity: 1753
Merit: 1007



View Profile
October 09, 2012, 08:08:31 PM
 #51

Withdrawals are halted, so there is no way to get funds out of bitmarket now.
The attacker used TOR (anonymous) network, so even though I have the IPs, their not traceable. Only a few users were affected, since most people have unique passwords for their accounts.

Unfortunately there isn't a way to get the coins back, because attacker managed to withdraw them before I was notified about this. The withdrawal lock is in place to secure any further frauds, because I have no way to know if anyone's else account is compromised. I could force a password reset on everyone, but that would be highly annoying to everyone that have good password practices.

So, since coins are blocked in Bitmarket and there is a withdrawal lock, does this mean I will get my 15.047xxxx BTC back?

I was logged in Bitmarket today and my coins were there (I had canceled my offers yesterday). I was just about to place a new offer but I decided to withdraw the bitcoins from Slush's pool. Logged on to Slush and this is when I got an email (I receive all e-mails on my smart phone as soon as they arrive - thank God and Google for push functionality). By the time I go back to BitMarket's account, coins were gone and transaction confirmed and even my country of residence was changed from Bulgaria to Bahamas. The same user who stole your coins stole mine! I e-mailed the Bitmarket Admin right away and he responded within 30 minutes. I have been using the same password for Deepbit, Slush pool, Paypal and my Gmail - had no issues with any of them, even though it would have been even more painful! Of course, all of them are now changed.

M4v3R, please tell me our coins are safe and have not left Bitmarket and will be returned to us, otherwise this would be a huge disappointment not only for me and would lead to loss of trust and customers. Everyone needs to feel safe and secure where he trades and spend/receive money.

+1, whant to know too

I AM NOT SELL MY BITCOINTALK ACCOUNT !!!
la chignole
Full Member
***
Offline Offline

Activity: 123
Merit: 100



View Profile
October 09, 2012, 09:17:46 PM
 #52

You were able to get in touch with your buyer of bitcoin? I was able to get in touch with my buyer. He told me not to have understood why transfers it had so quickly been validated. I explained him the validation of the transaction without my authorization.
In his e-mail he announced me to have proceeded to the sending of the payment under 3 days.
The pirate did not make the offer of sale for me. The offer of sale was mine, the pirate has or bought and validated the transaction or he is just made the validation of the transaction.

This is buyer of good time either does he play with me?
Do I have to deal with the pirate either with the fair buyer?
In my case it is not about the buyer CoonBreakair but of jlcducky.

Thank you
disclaimer201
Legendary
*
Offline Offline

Activity: 1526
Merit: 1001


View Profile
October 09, 2012, 10:02:00 PM
 #53

I believe having the same password for more than one money related website is more than careless. Therefore, as a user, honestly I don't think you would have a right to claim your money back really. You were not careful with the one most important thing concerning bitcoins: password security.

However, in the other thread I have made a plead for Bitmarket to open a donation account and ask every user (have some info on this on the webpage as well) to voluntarily send some bitcents or bitcoins to it in order to at least partly compensate those users affected. If someone stole from me, I would be super glad to receive whatever tiny fraction of the loss I could get back. Actually, I know how it feels since I lost a lot of coins at Bitcoinicascamgo.
Auris 1.6 vvt-i
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
October 10, 2012, 10:10:58 AM
 #54

I believe having the same password for more than one money related website is more than careless. Therefore, as a user, honestly I don't think you would have a right to claim your money back really. You were not careful with the one most important thing concerning bitcoins: password security.

However, in the other thread I have made a plead for Bitmarket to open a donation account and ask every user (have some info on this on the webpage as well) to voluntarily send some bitcents or bitcoins to it in order to at least partly compensate those users affected. If someone stole from me, I would be super glad to receive whatever tiny fraction of the loss I could get back. Actually, I know how it feels since I lost a lot of coins at Bitcoinicascamgo.

And I believe that having the same password is not the issue (I had a strong password), since none of my other accounts were cracked (if they were, this guy would have had a lot more to take than my 15 BTC). No, the only account hacked was the one on Bitmarket.eu.

I also believe that the measures taken by the admin were too late - there have been breaches on the 6th of this month and not only hasn't he taken the measures he took now - confirming transactions from your e-mail, not just the marketplace, resetting the passwords and so on, but he also never put a warning on the website, like they did on MtGox last year, when they got hacked. If he had put a message just after the first hack attacks, many people's coins would not have been stolen!

I also believe that resetting all passwords right after the first stolen coins would have been a lot smaller inconvenience to anyone than losing their hard-earned bitcoins!

I also believe that this makes it his fault too and he needs to reply to those concerned what is going on with their coins, otherwise people will lose trust in BitMarket.eu, which is irreversible!
Wekkel
Legendary
*
Offline Offline

Activity: 3108
Merit: 1531


yes


View Profile
October 10, 2012, 10:49:30 AM
 #55

I also believe that this makes it his fault too and he needs to reply to those concerned what is going on with their coins, otherwise people will lose trust in BitMarket.eu, which is irreversible!

I believe the world is a bad, bad place and if you have your password stolen, not due to security breaches of Bitmarket.eu, you should consider your online password strategy instead of demanding payback for a site that costs you nothing to use.



If you don't want to lose it, keep it save. This is Bitcoin, remember?

Auris 1.6 vvt-i
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
October 10, 2012, 11:08:09 AM
 #56

I believe the world is a bad, bad place and if you have your password stolen, not due to security breaches of Bitmarket.eu, you should consider your online password strategy instead of demanding payback for a site that costs you nothing to use.

If you don't want to lose it, keep it save. This is Bitcoin, remember?
I believe that if there has been a halt, like the admin said, my coins should not have left the Bitmarket.eu, therefore I should at least get a note when will I receive them. If my coins have been halted and are not returned to me, then who has them...? Doesn't this lead to conclusions, that are not in favour of the site and administration...? If coins have been stolen 3 days earlier and no measures have been taken to prevent those future thefts, doesn't this again lead you to conclusions that are not in favour of the site and its administration? Not only that, but it also implies, that they MIGHT be involved too... Don't get me wrong - I am not saying they are, but if they haven't taken the measures necessary, or if they are not returning coins that they know that have been stolen and they claim they have been halted, this is just what it looks like...  Sad


P.S. I just hope it all turns out for the best and we can all gain our trust in the site back again and go back to normal! I have been trading only on Bitmarket.eu eversince I stirted mining and I don't want to shift to another place Sad
Wekkel
Legendary
*
Offline Offline

Activity: 3108
Merit: 1531


yes


View Profile
October 10, 2012, 11:46:26 AM
 #57

The deciding factor for blaming an admin is: facts

It is not ruled out that security has been breached but until such has not been established, it makes no sense to blame the admin. Even if security was breached, it is still a free website. I use it occassionally and at my own risk. It is basically the same premise as with Bitcoin: you are on your own.

For those not affected, it is a great moment to reconsider your password strategy.

Auris 1.6 vvt-i
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
October 10, 2012, 12:26:32 PM
 #58

Even if security was breached, it is still a free website.
Quote from: BTCurious link=topic=5441.msg1261917#msg1261917
This is a serious issue, I repeat, my password is cryptographically generated and not used anywhere else, and not typed in on a keyboard either.
We have put our trust into the website and the administration, running this site. As it turns out, there are people, having unique, strong, cryptographically generated passwords, that have not been used anywhere else and still got ripped off. This is a significant indication that the breach occurred on Bitmarket.eu and not elswhere! And talks like this, that it's a free site and you are on your own would only make those who lost coins more paranoid and also cause other users of the service to start thinking if this is not an inside job and if their money is safe! Does this mean that if I open a service like this, which is free, I can rip you off of your coins, because my service was free? Does it mean that the people running the site can just close it down with everybody's coins in there and split...? ('cause withdrawals have been halted, remember?)
M4v3R
Hero Member
*****
Offline Offline

Activity: 607
Merit: 500


View Profile
October 10, 2012, 12:29:44 PM
 #59

@Auris: I did my best to explain the situation in the official Bitmarket thread. If you want more details:

- First hack happened on 5th october. Two accounts were involved then. While it didn't alarm me much (from time to time these kind of things happened because people were careless with their passwords), I did set up a withdrawal hold feature. It worked like this: when you withdrawed more than 5 BTC from your account, it would hold it until I accepted it manually.
- Yesterday (9th october), presumably same hacker struck for the second time. This time, he accessed a bunch more accounts (around 15). Everytime he got something in his fraudulent account (CoonBreakair, jlcducky and probably hellonona) he would withdraw it immediately to his private BTC address. First, he tried to withdraw larger sums of BTC, which were held by the mechanism described above. These were returned to their respective owners. Then he probably noticed what's wrong and began to withdraw smaller sums, like 1-5 BTCs at time, which ultimately allowed him to drain ~182 BTC, until I was alarmed by users and stopped him. I immediately put all withdrawals on hold, even small ones, banned him and then disabled the site. So after that he couldn't do any more damage, but he still managed to withdraw aforementioned 182 BTC to his private BTC address.

I hope this explains it all.

Edit:

Quote
there are people, having unique, strong, cryptographically generated passwords, that have not been used anywhere else and still got ripped off.

Few members affected had not-reused passwords, majority acknowledged that they reused their login details elsewere (Mt. Gox, Intersango, among others). So while it's puzzling how passwords of these two members were cracked, it could be just about anything. One of these members has changed his password and few hours later attacker accessed his account again! It looks like a classic trojan/keylogger attack if you ask me.
Auris 1.6 vvt-i
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
October 10, 2012, 12:36:02 PM
 #60

I immediately put all withdrawals on hold, even small ones, banned him and then disabled the site. So after that he couldn't do any more damage, but he still managed to withdraw aforementioned 182 BTC to his private BTC address.

I hope this explains it all.
OK, so since I notified you less than 10 minutes from the sale, does this mean that you have been able to stop him from withdrawing my 15 BTC? As far as I know it takes at least an hour to get a few confirmations and be able to get the coins... Would you please care to explain if I can hope to get my coins back or no? I was really counting on this money - for most of the users here 150 euro is probably not a whole lot, but in my country this is more than a minimum wage and a little over half of my monthly income. Sad
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!