Bitcoin Forum
November 14, 2024, 04:11:10 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: Hackers Have Stolen Millions Of Dollars In Bitcoin -- Using Only Phone Numbers  (Read 2942 times)
eternalgloom
Legendary
*
Offline Offline

Activity: 1792
Merit: 1283



View Profile WWW
December 23, 2016, 08:42:11 PM
 #41

How safe would 2FA through Google Authenticator be?
I've considered using this wherever it's available, but I'm not sure if it's a safer option than 2FA via SMS/Text.

jobach
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile
December 23, 2016, 08:54:24 PM
 #42

paper wallets are the best option
monsanto
Legendary
*
Offline Offline

Activity: 1241
Merit: 1005


..like bright metal on a sullen ground.


View Profile
December 23, 2016, 09:44:03 PM
 #43

How safe would 2FA through Google Authenticator be?
I've considered using this wherever it's available, but I'm not sure if it's a safer option than 2FA via SMS/Text.

That's what the article is all about -- that SMS 2FA is bad.  Google authenticator is much better they say.  Apparently the main reason SMS is used still is because not everyone has a smart phone to run an authenticator.  But eventually they will phase out most/all SMS 2FA.
Tanic
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
December 23, 2016, 09:49:51 PM
 #44

paper wallets are the best option
First of all - can somebody explain what is 2FA? I have no idea about this slang.
Second is that paper wallets arenot the safest place in the world. The present of stealing money from ordinary wallets are higher than the present of hacked wallets. For now statistic is like that.
BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 1806
Merit: 1164



View Profile WWW
December 23, 2016, 10:11:28 PM
 #45

When you spend from a paper wallet your private keys are exposed briefly and bitcoin could be stolen if malware is waiting. Many early adopters used to use Armory and two computers for cold storage. That is still probably the most private way to do it and some still swear by it. Using two computers has largely been replaced by hardware wallets like Ledger Nano S and Trezor. There has never been a reported theft of bitcoin from a Trezor or Ledger. As a bonus using Nano S or Trezor you can use your hardware wallet for secure U2F login to a number of services like Google, Dropbox, Github, etc.

SmartIphone
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000



View Profile
December 25, 2016, 12:53:12 PM
 #46

You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.
The services are vulnerable too. 2FA isn't safe if you use it with your phone number.

How is 2FA not safe?
There two layers here, the password and the time password or 2FA which I consider the safest way when logging in somewhere.
As spoken by him 2FA is not so safe if you use 2FA through SMS verification. Didn't know whether 2FA which use software like google authenticator or similar could be compromised but news above in the main post is a proof that SMS verification could be compromised

I don't really think that some hackers can do things like this, tho this kind of method is not impossible, but this is very rare to happen, so everyone must be aware of this type of incident. Everyone must be careful especially to those who have huge funds with their web wallets.
Yeah you said some hackers can't do things like this but maybe the hackers which were mentioned in the news are the rest hackers who could

Then ok but I think that these two things are going together, first we put the phone number as a backup of the 2FA app
I use Authy and I have to give my phone number in case I forget the password or the password of this app (like Google Authenticator)
Paninotech
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile WWW
December 25, 2016, 01:08:31 PM
 #47

Because phone companies still think of themselves as phone companies, and not as gatekeepers to people's financial and personal property on a vast scale. They can't keep screwing up like this.
kanazawa
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500



View Profile
December 30, 2016, 01:56:41 AM
 #48

There are many ways to do a "social engineering" using a burning cell phone and a lotta courage. I'm really astonishing that the "agressive" methods are not in use yet. If few people knew about the benefits, the resources and the "easy way" few cryptocurrencies provides to let people "free", the world would be a completely chaos.


]░░░░░░▄▄███████████▄▄
░░░░▄███▀░░░░░░░░░░░▀▀██▄
░░░██░░░░░░░░░░░░░░░░░░░██
░░███▀░░░░░░░░░░░░░░░░░▀███
███░░░░░░░░░░░░░░░░░░░░░███
██░█░░░░░░░█▀▀▀█░░░░░░░░░█░██
█▌░█░░░░░░░█░░░█░░░░░░░░░█░▐█
█▌░░█░░░░░░██▀▀▀░░░░░░░░█░░▐█
█▌░▄▄░░░░░░█░█░░░░░░░░░░▄▄░▐█
███▀░░░░░░░█░░▀▄░░░░░░░░░▀███
██▄░░░░░░░░░░░░░░░░░░░░░▄██
░░██░░░░░░░░░░░░░░░░░░░░░██
░░░██░░░░░░░░░░░░░░░░░░░██
░░░░▀██▄▄█▄░░░░░░░▄█▄▄██▀
░░░░░░░▀▀███████████▀▀


]░░░░░░▄▄███████████▄▄
░░░░▄███▀░░░░░░░░░░░▀▀██▄
░░░██░░░░░░░░░░░░░░░░░░░██
░░███▀░░░░░░░░░░░░░░░░░▀███
███░░░░░░░░░░░░░░░░░░░░░███
██░█░░░░░░░█▀▀▀█░░░░░░░░░█░██
█▌░█░░░░░░░█░░░█░░░░░░░░░█░▐█
█▌░░█░░░░░░██▀▀▀░░░░░░░░█░░▐█
█▌░▄▄░░░░░░█░█░░░░░░░░░░▄▄░▐█
███▀░░░░░░░█░░▀▄░░░░░░░░░▀███
██▄░░░░░░░░░░░░░░░░░░░░░▄██
░░██░░░░░░░░░░░░░░░░░░░░░██
░░░██░░░░░░░░░░░░░░░░░░░██
░░░░▀██▄▄█▄░░░░░░░▄█▄▄██▀
░░░░░░░▀▀███████████▀▀

raaajlucky
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
December 30, 2016, 03:26:22 AM
 #49

You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.
The services are vulnerable too. 2FA isn't safe if you use it with your phone number.

How is 2FA not safe?
There two layers here, the password and the time password or 2FA which I consider the safest way when logging in somewhere.
As spoken by him 2FA is not so safe if you use 2FA through SMS verification. Didn't know whether 2FA which use software like google authenticator or similar could be compromised but news above in the main post is a proof that SMS verification could be compromised

I don't really think that some hackers can do things like this, tho this kind of method is not impossible, but this is very rare to happen, so everyone must be aware of this type of incident. Everyone must be careful especially to those who have huge funds with their web wallets.
Yeah you said some hackers can't do things like this but maybe the hackers which were mentioned in the news are the rest hackers who could

Then ok but I think that these two things are going together, first we put the phone number as a backup of the 2FA app
I use Authy and I have to give my phone number in case I forget the password or the password of this app (like Google Authenticator)
2FA accounts can not hack but still hackers will hack these accounts, I don't know how they will get verification numbers. And I heard as some online casinos were hacked, they will provide heavy security to their accounts but how hackers will hack their account?

The thing is we should secure our accounts to give high securities. Still, our account hacked means it's just our bad luck that's it. 
Zadicar
Legendary
*
Offline Offline

Activity: 1512
Merit: 1025


DGbet.fun - Crypto Sportsbook


View Profile
December 30, 2016, 03:32:06 AM
 #50

paper wallets are the best option
First of all - can somebody explain what is 2FA? I have no idea about this slang.
Second is that paper wallets arenot the safest place in the world. The present of stealing money from ordinary wallets are higher than the present of hacked wallets. For now statistic is like that.
2FA is acting like a secondary password on your account which means when you tend to log-in your account with your usual password after than it would require 2fa as second layer.Its either  on phone code or an email authorization that's why having 2fa on any account that has funds do really need this security and I don't know how those hackers could able to hack on 2fa.

Jafri101
Sr. Member
****
Offline Offline

Activity: 546
Merit: 250



View Profile
December 30, 2016, 10:28:49 AM
 #51

How safe would 2FA through Google Authenticator be?
I've considered using this wherever it's available, but I'm not sure if it's a safer option than 2FA via SMS/Text.

Yes google authenticator is the safer way to protect your accounts. Howevee while using google authenticator keep ine thing in mind that the device which has authenticator must be safe because if ull change device then 1st you have to disable authenticator. These are the minor things but creates big problems.
Mometaskers
Hero Member
*****
Offline Offline

Activity: 1764
Merit: 584



View Profile
December 30, 2016, 02:57:32 PM
 #52

Guys, read the article. (It is a good read.) The hackers are able to access PC's starting with the phone hacking. Sounds like a very ugly episode when everything - bank accounts, Windows login, desktop wallets, etc. - all get seized in one swoop. Because phone companies still think of themselves as phone companies, and not as gatekeepers to people's financial and personal property on a vast scale. They can't keep screwing up like this.

If the evidence that this operation(s) is based in the Phillipines is right... well, the hackers might not be too happy once Duterte catches up with them. If he treats them like he does drug dealers, they will have a _very_ short life expectancy.

It seems they haven't caught any of these hacking groups yet. IMHO they should tighten immigration here in the Philippines. Most of the crime syndicates here are from abroad and using the laxity of immigration to set up crime rings here. Most of the drug manufacturers are from mainland China, most of the ATM hackers are from Bulgaria, etc...

It's really a troubling thought that they would simply get all your bitcoins because the telcos are not doing enough.
SmartIphone
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000



View Profile
January 01, 2017, 02:50:49 PM
 #53

You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.
The services are vulnerable too. 2FA isn't safe if you use it with your phone number.

How is 2FA not safe?
There two layers here, the password and the time password or 2FA which I consider the safest way when logging in somewhere.
As spoken by him 2FA is not so safe if you use 2FA through SMS verification. Didn't know whether 2FA which use software like google authenticator or similar could be compromised but news above in the main post is a proof that SMS verification could be compromised

I don't really think that some hackers can do things like this, tho this kind of method is not impossible, but this is very rare to happen, so everyone must be aware of this type of incident. Everyone must be careful especially to those who have huge funds with their web wallets.
Yeah you said some hackers can't do things like this but maybe the hackers which were mentioned in the news are the rest hackers who could

Then ok but I think that these two things are going together, first we put the phone number as a backup of the 2FA app
I use Authy and I have to give my phone number in case I forget the password or the password of this app (like Google Authenticator)
2FA accounts can not hack but still hackers will hack these accounts, I don't know how they will get verification numbers. And I heard as some online casinos were hacked, they will provide heavy security to their accounts but how hackers will hack their account?

The thing is we should secure our accounts to give high securities. Still, our account hacked means it's just our bad luck that's it. 

The issue is not always on the 2FA or on the AES encryption nor the Https encryption but the implementation.
And here the hackers come and break the system and get the sensitive info, and the forum needs to implement 2FA as soon as possible.
Bitcoinpro
Legendary
*
Offline Offline

Activity: 1344
Merit: 1000



View Profile
January 01, 2017, 04:25:40 PM
 #54

The Bitcoins are traceable it's called IP address

WWW.FACEBOOK.COM

CRYPTOCURRENCY CENTRAL BANK

LTC: LP7bcFENVL9vdmUVea1M6FMyjSmUfsMVYf
SmartIphone
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000



View Profile
January 01, 2017, 05:52:32 PM
 #55

The Bitcoins are traceable it's called IP address

I don't think that always the bitcoin users are tracked when they use bitcoin by the IP addresses.
As far as I know the IP that is shown is not always the client's IP, or is it?
Daffadile
Hero Member
*****
Offline Offline

Activity: 1162
Merit: 500

CryptoTalk.Org - Get Paid for every Post!


View Profile WWW
January 01, 2017, 06:00:40 PM
 #56

I was wondering when the next big hack would happen. I hope things like this do not affect the price of bitcoin although maybe it is a good thing for bitcoin to go down so we can buy it and wait for it to go up again. ^^

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.YoBit AirDrop $.|.Get 700 YoDollars for Free!.🏆
valley365
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1003


View Profile
January 01, 2017, 07:20:31 PM
 #57

Man this is very scary. The fact they got the phone number can effectively reset all the passwords. Otherwise in 2FA they need to lnow both the passwords and the SMS code in order to enter the account. So only getting the phone would not be enough.
silversurfer1958
Full Member
***
Offline Offline

Activity: 474
Merit: 111



View Profile
January 01, 2017, 07:20:54 PM
 #58

at https://bitaddress.org The url is :-

https://www.bitaddress.org/bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html

I'd expect the Sha256 Hash of the downloaded file to be dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194

However, after downloading the file and checking it with a Sha256 CRC it gives a Sha256 Hash of

739DDD62F01F06DDA02E7E69AEA9AF7526AB2349F02372619B92C5A952E02E6B

Where did I make a mistake.


Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
January 01, 2017, 07:57:45 PM
 #59

In my country employees working for the service providers, work with syndicates to social engineer Sim swaps. The one moment your phone is working, and then the phone freeze. You reboot and then your Sim card is cloned and swapped. Many people here link their phone to online banking, so this is the main reason why they are doing this. Everyone just need to remember that this is not Bitcoin's fault, but a failure on a third party service using Bitcoin.  
The false assumption that 2FA provides very great security or is impenetrable is a myth that is going on among people which have limited technical knowledge (especially in the Security branch). This includes the majority of the posters in this forum, and almost all of the posters in this thread. There are plenty of different types of penetration for social attacks, e.g. spear phishing is very effective when used among a big number of employees of a certain company.

Man this is very scary. The fact they got the phone number can effectively reset all the passwords. Otherwise in 2FA they need to lnow both the passwords and the SMS code in order to enter the account. So only getting the phone would not be enough.
You will likely be able to trick most services to reset the password if you had a lot of personal information + the phone number used on the account.

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
fuathan
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 520


Aleph.im


View Profile
January 02, 2017, 03:34:36 AM
 #60

use a burner phone not in your name to have your codes texted to. dont even tell you wife.

Hahaha! It sounds like Breaking Bad. Lol.  Grin
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!