aarons6 (OP)
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
October 10, 2015, 10:13:25 PM Last edit: October 11, 2015, 02:34:42 AM by aarons6 |
|
so i had a few purchases up and i was waiting for a buyer when i just received an email saying i requested to withdraw all of my funds. now, in this email it says to click the link or use the code to complete the withdraw, or email support.. which i did contact support.. a few seconds later i get an email saying thanks for withdrawing my funds.. WHAT?? i didnt click any links or typed in any codes.. i contacted SUPPORT.. which wasnt a website LINK its support@purese.ionow my account with PURSE has EVERY security thing turned on.. even 2fa.. so it looks like someone has figured a way to generate these links.. probably a security flaw or something.. EDIT.. it seems they are working to fix the issue.. they also say the coins were sent to a safe wallet.. and not lost.
|
|
|
|
oli123123
Legendary
Offline
Activity: 1445
Merit: 1000
|
|
October 10, 2015, 10:23:29 PM |
|
I've used Purse.io a few times and I haven't had any problems but i don't know maybe your computer has been compromised?
|
|
|
|
aarons6 (OP)
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
October 10, 2015, 10:24:24 PM Last edit: October 10, 2015, 10:43:29 PM by aarons6 |
|
I've used Purse.io a few times and I haven't had any problems but i don't know maybe your computer has been compromised?
nope.. the site is down for maintenance now.. it uses google authy to log in.. so i cant see how my computer would generate the withdraw link and then use my phone to authenticate it.. i might add that my google authy phone is NOT my current in use phone but a backup phone that i use just for google authy. it has no sim card in it.
|
|
|
|
saturn643
|
|
October 10, 2015, 10:49:44 PM |
|
I've used Purse.io a few times and I haven't had any problems but i don't know maybe your computer has been compromised?
nope.. the site is down for maintenance now.. it uses google authy to log in.. so i cant see how my computer would generate the withdraw link and then use my phone to authenticate it.. i might add that my google authy phone is NOT my current in use phone but a backup phone that i use just for google authy. it has no sim card in it. Well that's a problem, isn't it? The site itself is up, but when I try to log in, I get an error "Server down for maintainence. Please check back shortly"
|
|
|
|
aarons6 (OP)
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
October 10, 2015, 10:53:30 PM |
|
I've used Purse.io a few times and I haven't had any problems but i don't know maybe your computer has been compromised?
nope.. the site is down for maintenance now.. it uses google authy to log in.. so i cant see how my computer would generate the withdraw link and then use my phone to authenticate it.. i might add that my google authy phone is NOT my current in use phone but a backup phone that i use just for google authy. it has no sim card in it. Well that's a problem, isn't it? The site itself is up, but when I try to log in, I get an error "Server down for maintainence. Please check back shortly" yes and my bitcoins were withdrawn from my account on that site.. per the email i got, that i didnt do. logo Withdrawal You withdrew 171.152 mBTC. 34208cb232c35717820c72ea7b1c76f6874b6cda6f12a946f91e628754719ccb View transaction i checked the transaction and its real.
|
|
|
|
nrd525
Legendary
Offline
Activity: 1868
Merit: 1023
|
|
October 10, 2015, 10:56:30 PM |
|
|
Digital Gold for Gamblers and True Believers
|
|
|
pereira4
Legendary
Offline
Activity: 1610
Merit: 1183
|
|
October 10, 2015, 11:02:24 PM |
|
Well this is weird then. I would have called this a classic "my computer got hacked but I blame the service provider" scenario but it's unlikely that you all got compromised at the same time so im calling a security issue on their part. This, or its an inside job and someone inside purse is running with your money.
|
|
|
|
aarons6 (OP)
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
October 10, 2015, 11:06:48 PM |
|
Well this is weird then. I would have called this a classic "my computer got hacked but I blame the service provider" scenario but it's unlikely that you all got compromised at the same time so im calling a security issue on their part. This, or its an inside job and someone inside purse is running with your money. yep. specially since they took the site down.. usually when you email support and say hey someone stole my password they email you back saying too bad.. not pull the plug
|
|
|
|
saturn643
|
|
October 10, 2015, 11:11:44 PM |
|
yep. specially since they took the site down.. usually when you email support and say hey someone stole my password they email you back saying too bad.. not pull the plug I don't know if they're pulling the plug. The site itself is still up. I think they are just trying to fix the problem. What I am concerned is the lack of a public notice that they have been hacked. At this point, it looks a little scammy.
|
|
|
|
TheGr33k
|
|
October 10, 2015, 11:14:23 PM |
|
This sounds like a very serious security flaw and I'm willing to bet that all your bitcoins wind up in the same wallet. I would suggest we all sit back and watch cautiously at Purse, because this is no slight issue . OP I am sorry for your loss, and everybody else who's experienced loss. thank you for informing the community!
|
|
|
|
aarons6 (OP)
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
October 10, 2015, 11:18:57 PM |
|
yep. specially since they took the site down.. usually when you email support and say hey someone stole my password they email you back saying too bad.. not pull the plug I don't know if they're pulling the plug. The site itself is still up. I think they are just trying to fix the problem. What I am concerned is the lack of a public notice that they have been hacked. At this point, it looks a little scammy. it just happened.. like literally 5 minutes before i posted.. i watched my bitcoins leave my wallet
|
|
|
|
aarons6 (OP)
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
October 10, 2015, 11:21:40 PM Last edit: October 13, 2015, 09:04:06 PM by aarons6 |
|
This sounds like a very serious security flaw and I'm willing to bet that all your bitcoins wind up in the same wallet. I would suggest we all sit back and watch cautiously at Purse, because this is no slight issue . OP I am sorry for your loss, and everybody else who's experienced loss. thank you for informing the community!
the wallet that my coins went to has just 2 transactions. https://www.blocktrail.com/BTC/address/1fZisbHc6rGRoWmMet7n15Sficng5YWbQlooks like they both came from purse hot wallets.
|
|
|
|
Phildo
Legendary
Offline
Activity: 1526
Merit: 1000
|
|
October 11, 2015, 12:35:17 AM |
|
I'm shocked that this carders paradise would eventually steal everyone's coins get hacked.
|
|
|
|
saturn643
|
|
October 11, 2015, 12:41:05 AM |
|
it just happened.. like literally 5 minutes before i posted.. i watched my bitcoins leave my wallet I guess that's not enough time for them to put up an official response.
|
|
|
|
btcjamtom
Newbie
Offline
Activity: 3
Merit: 0
|
|
October 11, 2015, 12:51:45 AM |
|
from Reddit:
We have received word today of unauthorized password reset notification emails. We are aware of the issue and have secured all funds. All user balances are accounted for and upon completing our investigation, service will resume shortly.
|
|
|
|
Mickeyb
|
|
October 11, 2015, 12:53:38 AM |
|
yep. specially since they took the site down.. usually when you email support and say hey someone stole my password they email you back saying too bad.. not pull the plug I don't know if they're pulling the plug. The site itself is still up. I think they are just trying to fix the problem. What I am concerned is the lack of a public notice that they have been hacked. At this point, it looks a little scammy. Well maybe it's not fair to blame them yet for the lack of communication. In the midst of the crisis you are trying to save what you can save, and you leave public notices for later. At least I would do it like this. When you get hacked, every second is important. Edit: There you go a post above mine, a public notice!
|
|
|
|
Phildo
Legendary
Offline
Activity: 1526
Merit: 1000
|
|
October 11, 2015, 12:58:21 AM |
|
from Reddit:
We have received word today of unauthorized password reset notification emails. We are aware of the issue and have secured all funds. All user balances are accounted for and upon completing our investigation, service will resume shortly.
All accounted for, even though the transaction ids in the emails appear to be legitimate. Of course.
|
|
|
|
aarons6 (OP)
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
October 11, 2015, 01:10:17 AM |
|
from Reddit:
We have received word today of unauthorized password reset notification emails. We are aware of the issue and have secured all funds. All user balances are accounted for and upon completing our investigation, service will resume shortly.
All accounted for, even though the transaction ids in the emails appear to be legitimate. Of course. yeah, i guess we will see.. its good news tho..
|
|
|
|
Phildo
Legendary
Offline
Activity: 1526
Merit: 1000
|
|
October 11, 2015, 01:19:40 AM |
|
from Reddit:
We have received word today of unauthorized password reset notification emails. We are aware of the issue and have secured all funds. All user balances are accounted for and upon completing our investigation, service will resume shortly.
All accounted for, even though the transaction ids in the emails appear to be legitimate. Of course. yeah, i guess we will see.. its good news tho.. That was sarcasm. How can all the coins be accounted for if the transaction of your coins leaving your account i real?
|
|
|
|
aarons6 (OP)
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
October 11, 2015, 01:32:06 AM Last edit: October 11, 2015, 02:35:03 AM by aarons6 |
|
from Reddit:
We have received word today of unauthorized password reset notification emails. We are aware of the issue and have secured all funds. All user balances are accounted for and upon completing our investigation, service will resume shortly.
All accounted for, even though the transaction ids in the emails appear to be legitimate. Of course. yeah, i guess we will see.. its good news tho.. That was sarcasm. How can all the coins be accounted for if the transaction of your coins leaving your account i real? wonder if they say the coins are safe were to those that didnt lose any
|
|
|
|
|