Bitcoin Forum
November 14, 2024, 10:47:49 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Purse.io HACKED..  (Read 4057 times)
aarons6 (OP)
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006


View Profile
October 10, 2015, 10:13:25 PM
Last edit: October 11, 2015, 02:34:42 AM by aarons6
 #1

so i had a few purchases up and i was waiting for a buyer when i just received an email saying i requested to withdraw all of my funds.
now, in this email it says to click the link or use the code to complete the withdraw, or email support.. which i did contact support..

a few seconds later i get an email saying thanks for withdrawing my funds.. WHAT?? i didnt click any links or typed in any codes.. i contacted SUPPORT.. which wasnt a website LINK its support@purese.io


now my account with PURSE has EVERY security thing turned on.. even 2fa..


so it looks like someone has figured a way to generate these links.. probably a security flaw or something..


EDIT.. it seems they are working to fix the issue.. they also say the coins were sent to a safe wallet.. and not lost.
oli123123
Legendary
*
Offline Offline

Activity: 1445
Merit: 1000



View Profile
October 10, 2015, 10:23:29 PM
 #2

I've used Purse.io a few times and I haven't had any problems but i don't know maybe your computer has been compromised?
aarons6 (OP)
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006


View Profile
October 10, 2015, 10:24:24 PM
Last edit: October 10, 2015, 10:43:29 PM by aarons6
 #3

I've used Purse.io a few times and I haven't had any problems but i don't know maybe your computer has been compromised?
nope.. the site is down for maintenance now..


it uses google authy to log in.. so i cant see how my computer would generate the withdraw link and then use my phone to authenticate it..


i might add that my google authy phone is NOT my current in use phone but a backup phone that i use just for google authy. it has no sim card in it.


saturn643
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
October 10, 2015, 10:49:44 PM
 #4

I've used Purse.io a few times and I haven't had any problems but i don't know maybe your computer has been compromised?
nope.. the site is down for maintenance now..


it uses google authy to log in.. so i cant see how my computer would generate the withdraw link and then use my phone to authenticate it..


i might add that my google authy phone is NOT my current in use phone but a backup phone that i use just for google authy. it has no sim card in it.
Well that's a problem, isn't it? The site itself is up, but when I try to log in, I get an error "Server down for maintainence. Please check back shortly"
aarons6 (OP)
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006


View Profile
October 10, 2015, 10:53:30 PM
 #5

I've used Purse.io a few times and I haven't had any problems but i don't know maybe your computer has been compromised?
nope.. the site is down for maintenance now..


it uses google authy to log in.. so i cant see how my computer would generate the withdraw link and then use my phone to authenticate it..


i might add that my google authy phone is NOT my current in use phone but a backup phone that i use just for google authy. it has no sim card in it.
Well that's a problem, isn't it? The site itself is up, but when I try to log in, I get an error "Server down for maintainence. Please check back shortly"

yes and my bitcoins were withdrawn from my account on that site.. per the email i got, that i didnt do.


 logo
Withdrawal

You withdrew 171.152 mBTC.

34208cb232c35717820c72ea7b1c76f6874b6cda6f12a946f91e628754719ccb
View transaction

i checked the transaction and its real. Sad
nrd525
Legendary
*
Offline Offline

Activity: 1868
Merit: 1023


View Profile
October 10, 2015, 10:56:30 PM
 #6

My bitcoins were also withdrawn, as was another person on reddit/r/bitcoin.

https://www.reddit.com/r/Bitcoin/comments/3o9ju8/my_purseio_account_was_compromised/

Digital Gold for Gamblers and True Believers
pereira4
Legendary
*
Offline Offline

Activity: 1610
Merit: 1183


View Profile
October 10, 2015, 11:02:24 PM
 #7

My bitcoins were also withdrawn, as was another person on reddit/r/bitcoin.

https://www.reddit.com/r/Bitcoin/comments/3o9ju8/my_purseio_account_was_compromised/
Well this is weird then. I would have called this a classic "my computer got hacked but I blame the service provider" scenario but it's unlikely that you all got compromised at the same time so im calling a security issue on their part. This, or its an inside job and someone inside purse is running with your money.
aarons6 (OP)
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006


View Profile
October 10, 2015, 11:06:48 PM
 #8

My bitcoins were also withdrawn, as was another person on reddit/r/bitcoin.

https://www.reddit.com/r/Bitcoin/comments/3o9ju8/my_purseio_account_was_compromised/
Well this is weird then. I would have called this a classic "my computer got hacked but I blame the service provider" scenario but it's unlikely that you all got compromised at the same time so im calling a security issue on their part. This, or its an inside job and someone inside purse is running with your money.


yep. specially since they took the site down..

usually when you email support and say hey someone stole my password they email you back saying too bad..
not pull the plug Sad
saturn643
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
October 10, 2015, 11:11:44 PM
 #9


yep. specially since they took the site down..

usually when you email support and say hey someone stole my password they email you back saying too bad..
not pull the plug Sad

I don't know if they're pulling the plug. The site itself is still up. I think they are just trying to fix the problem. What I am concerned is the lack of a public notice that they have been hacked. At this point, it looks a little scammy.
TheGr33k
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
October 10, 2015, 11:14:23 PM
 #10

This sounds like a very serious security flaw and I'm willing to bet that all your bitcoins wind up in the same wallet. I would suggest we all sit back and watch cautiously at Purse, because this is no slight issue .
OP I am sorry for your loss, and everybody else who's experienced loss. thank you for informing the community!
aarons6 (OP)
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006


View Profile
October 10, 2015, 11:18:57 PM
 #11


yep. specially since they took the site down..

usually when you email support and say hey someone stole my password they email you back saying too bad..
not pull the plug Sad

I don't know if they're pulling the plug. The site itself is still up. I think they are just trying to fix the problem. What I am concerned is the lack of a public notice that they have been hacked. At this point, it looks a little scammy.

it just happened.. like literally 5 minutes before i posted..

i watched my bitcoins leave my wallet Sad
aarons6 (OP)
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006


View Profile
October 10, 2015, 11:21:40 PM
Last edit: October 13, 2015, 09:04:06 PM by aarons6
 #12

This sounds like a very serious security flaw and I'm willing to bet that all your bitcoins wind up in the same wallet. I would suggest we all sit back and watch cautiously at Purse, because this is no slight issue .
OP I am sorry for your loss, and everybody else who's experienced loss. thank you for informing the community!

the wallet that my coins went to has just 2 transactions.
https://www.blocktrail.com/BTC/address/1fZisbHc6rGRoWmMet7n15Sficng5YWbQ

looks like they both came from purse hot wallets.
Phildo
Legendary
*
Offline Offline

Activity: 1526
Merit: 1000



View Profile
October 11, 2015, 12:35:17 AM
 #13

I'm shocked that this carders paradise would eventually steal everyone's coins get hacked.
saturn643
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
October 11, 2015, 12:41:05 AM
 #14

it just happened.. like literally 5 minutes before i posted..

i watched my bitcoins leave my wallet Sad

I guess that's not enough time for them to put up an official response.
btcjamtom
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
October 11, 2015, 12:51:45 AM
 #15

from Reddit:

We have received word today of unauthorized password reset notification emails. We are aware of the issue and have secured all funds. All user balances are accounted for and upon completing our investigation, service will resume shortly.

Mickeyb
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000

Move On !!!!!!


View Profile
October 11, 2015, 12:53:38 AM
 #16


yep. specially since they took the site down..

usually when you email support and say hey someone stole my password they email you back saying too bad..
not pull the plug Sad

I don't know if they're pulling the plug. The site itself is still up. I think they are just trying to fix the problem. What I am concerned is the lack of a public notice that they have been hacked. At this point, it looks a little scammy.

Well maybe it's not fair to blame them yet for the lack of communication. In the midst of the crisis you are trying to save what you can save, and you leave public notices for later. At least I would do it like this. When you get hacked, every second is important.

Edit: There you go a post above mine, a public notice!
Phildo
Legendary
*
Offline Offline

Activity: 1526
Merit: 1000



View Profile
October 11, 2015, 12:58:21 AM
 #17

from Reddit:

We have received word today of unauthorized password reset notification emails. We are aware of the issue and have secured all funds. All user balances are accounted for and upon completing our investigation, service will resume shortly.



All accounted for, even though the transaction ids in the emails appear to be legitimate. Of course.
aarons6 (OP)
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006


View Profile
October 11, 2015, 01:10:17 AM
 #18

from Reddit:

We have received word today of unauthorized password reset notification emails. We are aware of the issue and have secured all funds. All user balances are accounted for and upon completing our investigation, service will resume shortly.



All accounted for, even though the transaction ids in the emails appear to be legitimate. Of course.
yeah, i guess we will see.. its good news tho..
Phildo
Legendary
*
Offline Offline

Activity: 1526
Merit: 1000



View Profile
October 11, 2015, 01:19:40 AM
 #19

from Reddit:

We have received word today of unauthorized password reset notification emails. We are aware of the issue and have secured all funds. All user balances are accounted for and upon completing our investigation, service will resume shortly.



All accounted for, even though the transaction ids in the emails appear to be legitimate. Of course.
yeah, i guess we will see.. its good news tho..


That was sarcasm. How can all the coins be accounted for if the transaction of your coins leaving your account i real?
aarons6 (OP)
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006


View Profile
October 11, 2015, 01:32:06 AM
Last edit: October 11, 2015, 02:35:03 AM by aarons6
 #20

from Reddit:

We have received word today of unauthorized password reset notification emails. We are aware of the issue and have secured all funds. All user balances are accounted for and upon completing our investigation, service will resume shortly.



All accounted for, even though the transaction ids in the emails appear to be legitimate. Of course.
yeah, i guess we will see.. its good news tho..


That was sarcasm. How can all the coins be accounted for if the transaction of your coins leaving your account i real?


wonder if they say the coins are safe were to those that didnt lose any Sad
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!