Jeg har ikke personlig hatt nevneverdige problemer med btc-e.com, men det er en del støy rundt dem, så ta dine forhåndsregler.
F.eks. her:
https://bitcointalk.org/index.php?topic=173354.0Ikke klikk suspekte linker i trollboksen, og ikke ha oppe andre browservinduer mens du bruker siden, og sørg for å ha e-mail verifisering på withdrawals.
Noe av det mest skumle er at en del hevder at noen av forsvinningsnumrene er en inside job.
Supporten deres er meget dårlig.
Jeg spurte dem:
Are you going to support 2-factor authentication ?
De svarte
yes
Jeg spurte:
Thank you for the response, do you have any timeline as to when it will be deployed?
De svarte:
soon
og samme visa med mange andre, ikke morro med ettordssvar når du har alvorlige problemstillinger. Heldigvis ikke tapt noen gryn der.
Sitater fra lenken over:
I had a total of 200BTC stolen from my account last night! The same thing happened to me where I was locked out of my account and the email was changed so I could not reset my password.
Never, ever, under any circumstance, keep your cryptocurrency sitting in an exchange wallet. BTC-e is the same exchange that people have lost thousands of coins too, has been hacked, and the 'owner' was the central authority in the NVC scam. You shouldn't trust them. Only keep enough coins in any online wallet that you will be using or trading with that day.
you guys, antichat.ru hackers and fraudsters are constantly posting links in the trollbox to get you to click them. when you do your passwords all kept in browser are leaked, or worse you get 0day java exploit. if you didn't click anything in trollbox and you're not running a zombied botnet computer and you're still getting funds stolen, then yes, btc-e is insecure either it's API is cracked or owner possibly stealing (unlikely, why would they do this). if you clicked trollbox links you owned yourself there's nothing they can do. there's a guy in trollbox right now pasting in exploit links inside imgur pics
This was obviously a simple SQL injection attack. If it was XSS how would they change the email without a verification email being sent. According to btc-e changing the email has always required a verification email to the previous address first!
All the attacker has done is found an SQL injection exploit which they use like so "UPDATE users SET email='
f6a7b84c9a7c7f6e8@somespammymailer.com' WHERE username='theuser'"
Then they simply reset the password on the account and log in wiping out funds.
Mer:
https://bitcointalk.org/index.php?topic=170592.60https://bitcointalk.org/index.php?topic=173067.0;topicseenhar fått meg til å bli rimelig skeptisk til btc-e.com
