Kryptox (OP)
Member
 Offline
Activity: 98
Merit: 10
|
 |
April 27, 2013, 03:42:36 AM
Last edit: April 27, 2013, 11:07:52 AM by Kryptox |
|
Logged into my account today and found the payout address changed and payout threshold changed to 1. LTC from my account are gone - thankfully they only got about 17 LTC.
I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while. Not sure if it's related, but I was also getting close to 10% on some of my rigs. (one was 30%). Either way, I've switched pools now and am getting less than 1% rejects now.
Anyone else get hacked? My account credentials couldn't be guessed. Either I have a keylogger on my system or Coinotron's database got hacked.
|
|
|
|
|
|
|
|
|
|
I HATE TABLES I HATE TABLES I HA(╯°□°)╯︵ ┻━┻ TABLES I HATE TABLES I HATE TABLES
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
Nolo
|
|
April 27, 2013, 03:46:52 AM |
|
Logged into my account today and found the payout address changed and payout threshold changed to 1. LTC from my account are gone - thankfully they only got about 17 LTC.
I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while. Not sure if it's related, but I was also getting close to 10% on some of my rigs. (one was 30%). Either way, I've switched pools now and am getting less than 1% rejects now.
Anyone else get hacked? My account credentials couldn't be guessed. Either I have a keylogger on my system or Coinotron's database got hacked.
If it was coinotron, we probably would have already heard about it by now. Some big hashing dudes mine there. I would take immediate steps to secure any coins that you have in wallets on that machine. |
Charlie Kelly: I'm pleading the 5th. The Attorney: I would advise you do that. Charlie Kelly: I'll take that advice under cooperation, alright? Now, let's say you and I go toe-to-toe on bird law and see who comes out the victor? The Attorney: You know, I don't think I'm going to do anything close to that and I can clearly see you know nothing about the law.
19GpqFsNGP8jS941YYZZjmCSrHwvX3QjiC
|
|
|
|
503guy
|
|
April 27, 2013, 04:21:18 AM |
|
Logged into my account today and found the payout address changed and payout threshold changed to 1. LTC from my account are gone - thankfully they only got about 17 LTC.
I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while. Not sure if it's related, but I was also getting close to 10% on some of my rigs. (one was 30%). Either way, I've switched pools now and am getting less than 1% rejects now.
Anyone else get hacked? My account credentials couldn't be guessed. Either I have a keylogger on my system or Coinotron's database got hacked.
Can you post the address that the 17 LTC were sent to? |
|
|
|
|
jt7382
|
|
April 27, 2013, 04:35:13 AM |
|
You may want to put a ? after your title.
|
|
|
|
|
|
wmikrut
|
|
April 27, 2013, 04:47:28 AM |
|
I checked all my accounts and balances.
I am happy to report -- everything is right where it should be.
|
I will NEVER ask for any kind of funds up front in a buy/sale of anything on bitcointalk.
BM-2cTFihJKmSwusMAoYuUHPvpx56Jozv64KK
|
|
|
Kryptox (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
April 27, 2013, 05:37:57 AM |
|
Looks like it's just me then which is good. I'm assuming then that my system was compromised somehow. I've run several scans and nothing has been found though. Wish I knew, but I'll probably be doing a full reformat now if I end up finding nothing.
I did have Java installed so it could have just been an attack using Armitage or CobaltStrike. Thankfully wallets are all offline.
|
|
|
|
|
skyangel
Sr. Member
Offline
Activity: 301
Merit: 260
FLO dev
|
|
April 27, 2013, 08:04:43 AM |
|
Looks like it's just me then which is good. I'm assuming then that my system was compromised somehow. I've run several scans and nothing has been found though. Wish I knew, but I'll probably be doing a full reformat now if I end up finding nothing.
Same thing happened to me about a month ago on Coinotron. I contacted Coinotron and they found a login from an IP from a different continent I'm in. Make sure you use different passwords (even different user names) on the different sites. |
|
|
|
coinotron
Legendary
Offline
Activity: 1182
Merit: 1000
|
|
April 27, 2013, 08:48:32 AM |
|
Looks like it's just me then which is good. I'm assuming then that my system was compromised somehow. I've run several scans and nothing has been found though. Wish I knew, but I'll probably be doing a full reformat now if I end up finding nothing.
I did have Java installed so it could have just been an attack using Armitage or CobaltStrike. Thankfully wallets are all offline.
Coinotron db is safe, not compromised. There are no suspicious payouts. So it seeems that it is related only to your account. Lately there was quite a few attacks on LTC pools, BTC pools. Maybe you used same password in two places? PM me your username. I checked out user Kryptox, and it doesn't look like it is yours. |
|
|
|
Kryptox (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
April 27, 2013, 10:22:18 AM |
|
Realized afterwards it was only 8 LTC that was redirected. I actually received the previous payout.
Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again. I can't find any holes in my system.
Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.
Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi
|
|
|
|
|
coinotron
Legendary
Offline
Activity: 1182
Merit: 1000
|
|
April 27, 2013, 10:55:39 AM |
|
Realized afterwards it was only 8 LTC that was redirected. I actually received the previous payout.
Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again. I can't find any holes in my system.
Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.
Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi
It seems that attacker had your password or simply was really lucky. It took him only 2 attemps to log in as you. |
|
|
|
|
bushstar
|
|
April 27, 2013, 11:05:49 AM |
|
Realized afterwards it was only 8 LTC that was redirected. I actually received the previous payout.
Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again. I can't find any holes in my system.
Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.
Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi
Not sure what tools you are using but the following is what I use to disinfect most computers that come into the office. ComboFix, TDSS Killer, Malwarebytes Antimalware and ADWCleaner However think about where else you have signed up with the same credentials as Coinotron, it could be that one of those sites is malicious. |
|
|
|
Kryptox (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
April 27, 2013, 11:19:20 AM |
|
Cheers Bushstar. I'll check out those tools. It's hard to find good ones with a light footprint that also provide you with an amount of control as to what is flagged for removal.
Seems that the attacker either brute forced or had my password.
Lesson learned.
|
|
|
|
|
|
