Hackers Have Stolen Millions Of Dollars In Bitcoin -- Using Only Phone Numbers

[eternalgloom]

How safe would 2FA through Google Authenticator be?
I've considered using this wherever it's available, but I'm not sure if it's a safer option than 2FA via SMS/Text.

[jobach]

paper wallets are the best option

[monsanto]

How safe would 2FA through Google Authenticator be?
I've considered using this wherever it's available, but I'm not sure if it's a safer option than 2FA via SMS/Text.

That's what the article is all about -- that SMS 2FA is bad.  Google authenticator is much better they say.  Apparently the main reason SMS is used still is because not everyone has a smart phone to run an authenticator.  But eventually they will phase out most/all SMS 2FA.

[Tanic]

paper wallets are the best option

First of all - can somebody explain what is 2FA? I have no idea about this slang.
Second is that paper wallets arenot the safest place in the world. The present of stealing money from ordinary wallets are higher than the present of hacked wallets. For now statistic is like that.

[BitcoinNewsMagazine]

When you spend from a paper wallet your private keys are exposed briefly and bitcoin could be stolen if malware is waiting. Many early adopters used to use Armory and two computers for cold storage. That is still probably the most private way to do it and some still swear by it. Using two computers has largely been replaced by hardware wallets like Ledger Nano S and Trezor. There has never been a reported theft of bitcoin from a Trezor or Ledger. As a bonus using Nano S or Trezor you can use your hardware wallet for secure U2F login to a number of services like Google, Dropbox, Github, etc.

[SmartIphone]

You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.

The services are vulnerable too. 2FA isn't safe if you use it with your phone number.

How is 2FA not safe?
There two layers here, the password and the time password or 2FA which I consider the safest way when logging in somewhere.

As spoken by him 2FA is not so safe if you use 2FA through SMS verification. Didn't know whether 2FA which use software like google authenticator or similar could be compromised but news above in the main post is a proof that SMS verification could be compromised

I don't really think that some hackers can do things like this, tho this kind of method is not impossible, but this is very rare to happen, so everyone must be aware of this type of incident. Everyone must be careful especially to those who have huge funds with their web wallets.

Yeah you said some hackers can't do things like this but maybe the hackers which were mentioned in the news are the rest hackers who could

Then ok but I think that these two things are going together, first we put the phone number as a backup of the 2FA app
I use Authy and I have to give my phone number in case I forget the password or the password of this app (like Google Authenticator)

[Paninotech]

Because phone companies still think of themselves as phone companies, and not as gatekeepers to people's financial and personal property on a vast scale. They can't keep screwing up like this.

[kanazawa]

There are many ways to do a "social engineering" using a burning cell phone and a lotta courage. I'm really astonishing that the "agressive" methods are not in use yet. If few people knew about the benefits, the resources and the "easy way" few cryptocurrencies provides to let people "free", the world would be a completely chaos.

[raaajlucky]

You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.

The services are vulnerable too. 2FA isn't safe if you use it with your phone number.

How is 2FA not safe?
There two layers here, the password and the time password or 2FA which I consider the safest way when logging in somewhere.

As spoken by him 2FA is not so safe if you use 2FA through SMS verification. Didn't know whether 2FA which use software like google authenticator or similar could be compromised but news above in the main post is a proof that SMS verification could be compromised

I don't really think that some hackers can do things like this, tho this kind of method is not impossible, but this is very rare to happen, so everyone must be aware of this type of incident. Everyone must be careful especially to those who have huge funds with their web wallets.

Yeah you said some hackers can't do things like this but maybe the hackers which were mentioned in the news are the rest hackers who could

Then ok but I think that these two things are going together, first we put the phone number as a backup of the 2FA app
I use Authy and I have to give my phone number in case I forget the password or the password of this app (like Google Authenticator)

2FA accounts can not hack but still hackers will hack these accounts, I don't know how they will get verification numbers. And I heard as some online casinos were hacked, they will provide heavy security to their accounts but how hackers will hack their account?

The thing is we should secure our accounts to give high securities. Still, our account hacked means it's just our bad luck that's it. 

[Zadicar]

paper wallets are the best option

First of all - can somebody explain what is 2FA? I have no idea about this slang.
Second is that paper wallets arenot the safest place in the world. The present of stealing money from ordinary wallets are higher than the present of hacked wallets. For now statistic is like that.

2FA is acting like a secondary password on your account which means when you tend to log-in your account with your usual password after than it would require 2fa as second layer.Its either  on phone code or an email authorization that's why having 2fa on any account that has funds do really need this security and I don't know how those hackers could able to hack on 2fa.

[Jafri101]

How safe would 2FA through Google Authenticator be?
I've considered using this wherever it's available, but I'm not sure if it's a safer option than 2FA via SMS/Text.

Yes google authenticator is the safer way to protect your accounts. Howevee while using google authenticator keep ine thing in mind that the device which has authenticator must be safe because if ull change device then 1st you have to disable authenticator. These are the minor things but creates big problems.

[Mometaskers]

Guys, read the article. (It is a good read.) The hackers are able to access PC's starting with the phone hacking. Sounds like a very ugly episode when everything - bank accounts, Windows login, desktop wallets, etc. - all get seized in one swoop. Because phone companies still think of themselves as phone companies, and not as gatekeepers to people's financial and personal property on a vast scale. They can't keep screwing up like this.

If the evidence that this operation(s) is based in the Phillipines is right... well, the hackers might not be too happy once Duterte catches up with them. If he treats them like he does drug dealers, they will have a _very_ short life expectancy.

It seems they haven't caught any of these hacking groups yet. IMHO they should tighten immigration here in the Philippines. Most of the crime syndicates here are from abroad and using the laxity of immigration to set up crime rings here. Most of the drug manufacturers are from mainland China, most of the ATM hackers are from Bulgaria, etc...

It's really a troubling thought that they would simply get all your bitcoins because the telcos are not doing enough.

[SmartIphone]

You can't outsource your computer/cryptocurrency security to a 3rd party like your phone carrier. It's a recipe for disaster.

The services are vulnerable too. 2FA isn't safe if you use it with your phone number.

How is 2FA not safe?
There two layers here, the password and the time password or 2FA which I consider the safest way when logging in somewhere.

As spoken by him 2FA is not so safe if you use 2FA through SMS verification. Didn't know whether 2FA which use software like google authenticator or similar could be compromised but news above in the main post is a proof that SMS verification could be compromised

I don't really think that some hackers can do things like this, tho this kind of method is not impossible, but this is very rare to happen, so everyone must be aware of this type of incident. Everyone must be careful especially to those who have huge funds with their web wallets.

Yeah you said some hackers can't do things like this but maybe the hackers which were mentioned in the news are the rest hackers who could

Then ok but I think that these two things are going together, first we put the phone number as a backup of the 2FA app
I use Authy and I have to give my phone number in case I forget the password or the password of this app (like Google Authenticator)

2FA accounts can not hack but still hackers will hack these accounts, I don't know how they will get verification numbers. And I heard as some online casinos were hacked, they will provide heavy security to their accounts but how hackers will hack their account?

The thing is we should secure our accounts to give high securities. Still, our account hacked means it's just our bad luck that's it. 

The issue is not always on the 2FA or on the AES encryption nor the Https encryption but the implementation.
And here the hackers come and break the system and get the sensitive info, and the forum needs to implement 2FA as soon as possible.

[Bitcoinpro]

The Bitcoins are traceable it's called IP address

[SmartIphone]

The Bitcoins are traceable it's called IP address

I don't think that always the bitcoin users are tracked when they use bitcoin by the IP addresses.
As far as I know the IP that is shown is not always the client's IP, or is it?

[Daffadile]

I was wondering when the next big hack would happen. I hope things like this do not affect the price of bitcoin although maybe it is a good thing for bitcoin to go down so we can buy it and wait for it to go up again. ^^

[valley365]

Man this is very scary. The fact they got the phone number can effectively reset all the passwords. Otherwise in 2FA they need to lnow both the passwords and the SMS code in order to enter the account. So only getting the phone would not be enough.

[silversurfer1958]

at https://bitaddress.org The url is :-

https://www.bitaddress.org/bitaddress.org-v3.3.0-SHA256-dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194.html

I'd expect the Sha256 Hash of the downloaded file to be dec17c07685e1870960903d8f58090475b25af946fe95a734f88408cef4aa194

However, after downloading the file and checking it with a Sha256 CRC it gives a Sha256 Hash of

739DDD62F01F06DDA02E7E69AEA9AF7526AB2349F02372619B92C5A952E02E6B

Where did I make a mistake.

[Lauda]

In my country employees working for the service providers, work with syndicates to social engineer Sim swaps. The one moment your phone is working, and then the phone freeze. You reboot and then your Sim card is cloned and swapped. Many people here link their phone to online banking, so this is the main reason why they are doing this. Everyone just need to remember that this is not Bitcoin's fault, but a failure on a third party service using Bitcoin.  

The false assumption that 2FA provides very great security or is impenetrable is a myth that is going on among people which have limited technical knowledge (especially in the Security branch). This includes the majority of the posters in this forum, and almost all of the posters in this thread. There are plenty of different types of penetration for social attacks, e.g. spear phishing is very effective when used among a big number of employees of a certain company.

Man this is very scary. The fact they got the phone number can effectively reset all the passwords. Otherwise in 2FA they need to lnow both the passwords and the SMS code in order to enter the account. So only getting the phone would not be enough.

You will likely be able to trick most services to reset the password if you had a lot of personal information + the phone number used on the account.

[fuathan]

use a burner phone not in your name to have your codes texted to. dont even tell you wife.

Hahaha! It sounds like Breaking Bad. Lol.