whatda45 (OP)
Newbie
 Offline
Activity: 5
Merit: 0
|
 |
June 19, 2011, 10:01:12 PM |
|
Just wanted to let everyone know.
My slush pool account was hacked a little after the Mt Gox announcement.
I lost 0.9btc that was sent to the hackers address, and the payout and notifications settings were changed.
The address that was changed to was 1EUyvF8cPPnzAd4uvhTMfL3guxm1oBz4Qa
I understand a Bitcoin address doesn't mean much since you could generate new ones, but I already saw another victim's 0.8btc after my stolen btc on blockexplorer.
I don't think I used the same password but both sites were the first I signed up to so I might have made that mistake. Hope changing my password is enough, since I can't change my email address, otherwise I would be forced to create a new account with a new email.
It just pisses me off. That's the second time I've been hacked since I started mining, the first thing hacked was my external mining running linux. got hacked via f'ing SSH.
I'd probably never login to the IRC channel ever again, since that seems like the only way someone could get my IP. God damn it. 0.9btc is not much, but its a day's work I lost.
Anyway, just wanted to let everyone know that accounts other than MtGox HAVE been compromised... so change your passwords.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
SoggyMoggy
Newbie
Offline
Activity: 15
Merit: 0
|
|
June 19, 2011, 10:05:50 PM |
|
"I don't think I used the same password but both sites were the first I signed up to so I might have made that mistake"
I'm sorry to hear about your loss. I too have an MtGox account (with BTC in it..) that I hope is restored to the pink of health in due course.
I suspect that the trouble here is using the same username/password on other sites. It seems reasonable to assume that if you have captured a username/password combination that one (bad person) would attempt to use the same credentials at similar sites - it's an easy fix.
Is there a way to report that wallet address as a potential "bad" one? Some form of reputation for addresses might help reduce the affect of stealing currency, even if slightly (every little helps!)...
|
|
|
|
|
whatda45 (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 19, 2011, 10:16:20 PM |
|
Well, I just found out my BTCGuild account was also compromised, which I KNOW had a different password. So I'm starting to get paranoid. There's a good chance my email was compromised as well. Anyone know a good email service with a fast web interface and an RSS feed? (thats not gmail  ) |
|
|
|
|
User-name
Newbie
Offline
Activity: 19
Merit: 0
|
|
June 19, 2011, 10:18:48 PM |
|
Bummer. Should definitely look into a password manager that will generate a password for each site you use. LastPass, KeePass or the many others available.
edit: Did you use the same password on your email as any Bitcoin site?
|
|
|
|
|
Dimsum
Member
Offline
Activity: 82
Merit: 10
|
|
June 19, 2011, 10:20:03 PM |
|
thanks for the info and sorry to hear about your situation. Sucks to have found my email on that csv file! Rushed around to change my passwords on all the pools etc.
|
|
|
|
|
whatda45 (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 19, 2011, 10:23:49 PM |
|
Deepbit account also seems to have been compromised, also different password.
Both deepbit and BTCGuild addresses were changed to:
1EUyvF8cPPnzAd4uvhTMfL3guxm1oBz4Qa
Fortunately both accounts were empty so no btc stolen.
I have to start making new account with a new email address.
Not what I wanted to do a 1:30am
BTW, I can't log in to my Mt Gox account since it uses my email address that was probably changed. I know I used that email address since thats the one I got my announcement on.
|
|
|
|
|
SoggyMoggy
Newbie
Offline
Activity: 15
Merit: 0
|
|
June 19, 2011, 10:28:18 PM |
|
Does anyone have a link to the .csv file in question? I'd like to look myself up on it...
I'm sorry to hear about all your losses :-(
|
|
|
|
|
|
Fjordbit
|
|
June 19, 2011, 10:35:30 PM |
|
Is it possible that you have a keylogger on your home system? It is a little strange that they were able to go out to all of these systems, although if they got your email, that would explain it.
|
|
|
|
|
whatda45 (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 19, 2011, 10:43:01 PM |
|
I would also like to see that CSV
NEWS: My slush pool wallet keeps changing. Makes me think its a bot.
PLEASE someone give me a good webmail provider with RSS feeds.
Tried GMX and Lavabit, no go.
|
|
|
|
|
SoggyMoggy
Newbie
Offline
Activity: 15
Merit: 0
|
|
June 19, 2011, 10:51:46 PM |
|
Direct link to CSV is in this forum thread: http://forum.bitcoin.org/index.php?topic=19576.0It's not pretty. I'm about half way down - that means that MtGox user accounts pretty much doubled in the last couple of weeks. |
|
|
|
|
whatda45 (OP)
Newbie
Offline
Activity: 5
Merit: 0
|
|
June 19, 2011, 11:00:36 PM |
|
Yes, I'm in there.
Good to know anyone now has access to the compromised addresses.
Hope I wasn't compromised BECAUSE of the CSV...
BTW, I'm gonna keep asking in every reply.
I need a good free email service that has RSS feeds, what I mean is not for it to read RSS feeds, but send have an RSS feed so I can get notification with an RSS client. RSS. RSSsssss. (2am now)
So far I've checked out GMX, Lavabit, Hushmail, Zoho, Bigstring, Fastmail and Gawab.
I'm begging you.
|
|
|
|
|
|
