|
Mallyx
|
 |
June 30, 2017, 01:25:37 PM |
|
No 2fa is like hiding your life savings under your bed.
It's safe, until a thief come.
|
|
|
|
|
|
|
|
The Bitcoin software, network, and concept is called "Bitcoin" with a capitalized "B". Bitcoin currency units are called "bitcoins" with a lowercase "b" -- this is often abbreviated BTC.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
Hueristic
Legendary
 Offline
Activity: 3808
Merit: 4896
Doomed to see the future and unable to prevent it
|
|
June 30, 2017, 01:40:50 PM |
|
No 2fa is like hiding your life savings under your bed.
It's safe, until a thief come.
 |
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
btcmaker21
Member
Offline
Activity: 71
Merit: 10
|
|
June 30, 2017, 02:24:16 PM |
|
everyone should do his best to protect your money soo i think it should be up to you if u use 2FA the exchange cant nothing really do about unsecure computers .... the "unsecure" thing is the user of the Computer  |
|
|
|
|
|
ethereumhunter
|
|
June 30, 2017, 02:29:32 PM |
|
i think not just in polo that we should do the best for our self because when we decide to make an account into every site, we need to make sure that our account is safe from the attacker. so if we are made an account in polo, then we need to activate 2fa before something bad is happen and we are only regret it because of that.
|
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
July 01, 2017, 02:21:22 AM |
|
everyone should do his best to protect your money soo i think it should be up to you if u use 2FA the exchange cant nothing really do about unsecure computers .... the "unsecure" thing is the user of the Computer Like what when I ran around warning people about GOX or Crypts or RawX or? OR how I did on the previous page? You see investards.. You are well aware of the risks but proceed anyway. You know better but shove your face in the ROI's beehive regardless. If all the exchanges run the same way and all pretty much have the same complaints what'd you do? Spoiler.. You leave dumb fucks.  .. Then you all chant well huh how am I supposed to make Bitcoin profits then? The answer? You Don't. So who is guessing 24 char long random passwords? Where are they getting the account names from? Who could do it and get away with it over & over? Easy questions guys  |
FUD first & ask questions later™ |
|
|
Peanutbutterpolka (OP)
Newbie
Offline
Activity: 40
Merit: 0
|
|
July 01, 2017, 05:21:21 AM |
|
At the end of may there was a polo ddos attack, the official story was too many new users. That is the time my account was hacked. I really feel that the attacker got a list of non 2fa accounts and just started going alphabetical. This other user had the exact same thing happen, A full fucking month later. Coincidence that both accounts started with an A? Doubt it. Polo was and is still compromised. My working theory is that the attackers hacked polo, got a list of non 2fa, then went manually through them alphabetical. The hacker has been able to do this for atleast a month and a half. The hacker drained my account nearly exactly like yours by setting counter trades. Yes polo should be able to track this, have they made any effort to call in authorities? I doubt it. Hence, I believe they should be opened to a lawsuit. In my case ,at the end of May, I booted fresh from a livelinux CD and used a new email address. The only thing I did different was I had to contact their help desk.
So I'm not sure how my account was compromised then.
Also my compromised account started with an A, so I assume hacker got access to polo database an went alphabetical.
Op did you previously contact the polo help desk for anything.
Also what letter did your account begin with?
My Account started with A as well (we may be on to something here)!! but not, I did not contact their help desk at all before that, Did you see any unauthorized activity on your account? |
|
|
|
|
Zadicar
Legendary
Offline
Activity: 1330
Merit: 1020
Seabet.io | Crypto-Casino
|
|
July 01, 2017, 05:54:00 AM |
|
How many deaths in traffic does it take for you to fasten your seatbelt?
I completely agree. This is the choice of everyone. And to force, does not make sense. Says the hacker.. Seriously, no 2fa, you might as well give the hacker your monies up front. Polo knows accounts keep getting hacked. They do nothing. Their complacency has opened them up to a lawsuit They wont do nothing even if they did make some investigations i will see that this thing would be a hard thing for them. This is the sole purpose of 2fa and as a user of the site and as a sensible person we would really use up this thing to secure our accounts and the funds inside it because if you dont set this up you are really making a hole into your account that can someone could able to bypass and stole funds inside of it. We should really be responsible and this is the main concern here. |
|
|
|
|
Pente
|
|
July 01, 2017, 06:34:06 AM |
|
Polo continually is getting hacked. User accounts without 2fa are the target. Value in said accounts is traded out to the attackers benefit.
Polo is complacent in this. They know and do nothing. They are enabling this to happen. Most likely they are insolvent and or are in on it. Very shaddy!
Its time for a class action lawsuit.
I found your polo password: https://www.youtube.com/watch?v=QcyeYFXdHNQ#t=1m17 |
|
|
|
|
TastyChillySauce00
Legendary
Offline
Activity: 2982
Merit: 1028
Leading Crypto Sports Betting & Casino Platform
|
|
July 01, 2017, 06:44:24 AM |
|
At the end of may there was a polo ddos attack, the official story was too many new users. That is the time my account was hacked. I really feel that the attacker got a list of non 2fa accounts and just started going alphabetical. This other user had the exact same thing happen, A full fucking month later. Coincidence that both accounts started with an A? Doubt it. Polo was and is still compromised. My working theory is that the attackers hacked polo, got a list of non 2fa, then went manually through them alphabetical. The hacker has been able to do this for atleast a month and a half. The hacker drained my account nearly exactly like yours by setting counter trades. Yes polo should be able to track this, have they made any effort to call in authorities? I doubt it. Hence, I believe they should be opened to a lawsuit. In my case ,at the end of May, I booted fresh from a livelinux CD and used a new email address. The only thing I did different was I had to contact their help desk.
So I'm not sure how my account was compromised then.
Also my compromised account started with an A, so I assume hacker got access to polo database an went alphabetical.
Op did you previously contact the polo help desk for anything.
Also what letter did your account begin with?
My Account started with A as well (we may be on to something here)!! but not, I did not contact their help desk at all before that, Did you see any unauthorized activity on your account? Pretty sure that the hackers got the lists of both accounts with 2fa or non 2fa but just can't access the 2fa enabled accounts so the hackers just went through the unenabled ones. Big chances the hackers themselves have the access to the database because phishing account especially an exchanger ones is kinda difficult. |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
July 01, 2017, 11:09:49 AM |
|
Wow you are all ultra fucking stupid.
Guess what?
Accounts with 2fa can still get hacked..
But it's rare because it puts the blame on guess whom?
If I had an exchange I could simply go through the accounts and take money from any with no 2fa..
Then simply imply it must have been "hackers"
And since there is no transparency or accountability it would 100% impossible to prove it wasn't.
So let's break it down stupid people..
If you had a 24 char random pass how does a guy guess it with only a few tries while not getting Blocked by the service?
Ever put in the password wrong some place before 3 times?
If they are allowing random people to brute force accounts then uhhh LOL
Further more I use a Password manager that creates deliberately hard passwords.
24 carefully designed chars that it says would take millions of years to crack.
And since I never reuse passwords I would blame 1 source if I got hacked.
Guess who?
Now on the other hand there is idiots out there that use basic simple passwords and also reuse them.
This would be target no. 1
Who could see password lengths of all users?
Mythical magic "hackers".. Or?
|
FUD first & ask questions later™ |
|
|
Hueristic
Legendary
Offline
Activity: 3808
Merit: 4896
Doomed to see the future and unable to prevent it
|
|
July 01, 2017, 04:36:12 PM |
|
At the end of may there was a polo ddos attack, the official story was too many new users. That is the time my account was hacked. I really feel that the attacker got a list of non 2fa accounts and just started going alphabetical. This other user had the exact same thing happen, A full fucking month later. Coincidence that both accounts started with an A? Doubt it. Polo was and is still compromised. My working theory is that the attackers hacked polo, got a list of non 2fa, then went manually through them alphabetical. The hacker has been able to do this for atleast a month and a half. The hacker drained my account nearly exactly like yours by setting counter trades. Yes polo should be able to track this, have they made any effort to call in authorities? I doubt it. Hence, I believe they should be opened to a lawsuit. In my case ,at the end of May, I booted fresh from a livelinux CD and used a new email address. The only thing I did different was I had to contact their help desk.
So I'm not sure how my account was compromised then.
Also my compromised account started with an A, so I assume hacker got access to polo database an went alphabetical.
Op did you previously contact the polo help desk for anything.
Also what letter did your account begin with?
My Account started with A as well (we may be on to something here)!! but not, I did not contact their help desk at all before that, Did you see any unauthorized activity on your account? Only a complete retard could be effected by that old hack that polo already made whole and patched. If you haven't changed your password in the years since they warned you to then I hope you lose your assets and that's not called a being hacked, that's called being stupid. |
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
|
xbiv2
|
|
July 01, 2017, 04:57:07 PM |
|
New support staff from moderators have to many rights on getting information. It the problem.
|
|
|
|
|
MRlong
|
|
July 01, 2017, 05:23:06 PM |
|
Polo continually is getting hacked. User accounts without 2fa are the target. Value in said accounts is traded out to the attackers benefit.
Polo is complacent in this. They know and do nothing. They are enabling this to happen. Most likely they are insolvent and or are in on it. Very shaddy!
Its time for a class action lawsuit.
Just by user not keep their account safe and not use 2FA when use exchange site, do that look like as they not seriously when keep their money. When use exchange site or other gate can send money, admin always recommend user use 2FA for safe and security when have hacker try hack your account. |
|
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
July 01, 2017, 10:20:32 PM |
|
You guys are missing the point..
Why should no 2fa be a problem if using a secure setup?
Think about it.
How would a hacker know your correct account name / email login
And on top of that manage to brute force guess a 24 char random password using a pro password creator?
It just wouldn't happen.. You would have better odds buying a lottery ticket..
Or guessing the private key to a BTC account with money on it.
You guys get it yet?
I don't think so by the replies..
And I also am not sure if Poloniex or Bittrex have a guard in place.
Do they lock out people who put in the wrong password too much?
If they don't do that it's Hella scammy!
And yeah of course some users are going to be easy pickin's.
Some have simple little passwords.. Reused etc.
And yeah you can get *some logins from other sources like say a pool..
But it comes down to probability and the stats / odds.
If no one has local access to my machine and I have not been hacked / infected...
And... I have a long unique random password..
The fucking exchange is to blame.. NOT HACKERS!
|
FUD first & ask questions later™ |
|
|
Hueristic
Legendary
Offline
Activity: 3808
Merit: 4896
Doomed to see the future and unable to prevent it
|
|
July 01, 2017, 11:32:00 PM |
|
Lets not forget they also give you an email notice if your account is accessed from a new IP as well as a confirmation email for withdrawals.
|
“Bad men need nothing more to compass their ends, than that good men should look on and do nothing.”
|
|
|
|
silvermetal
|
|
July 02, 2017, 06:23:29 AM |
|
Lets not forget they also give you an email notice if your account is accessed from a new IP as well as a confirmation email for withdrawals.
Let's not forget that the withdrawal is processed without clicking on the e-mail link after a hack. Checking recent activity of the e-mail account confirms the hacker had no access to the e-mail. That the withdrawal is processed without the e-mail confirmation after a hack is a known flaw by poloniex. And what can you do with the notification? It just shows you unauthorised access to your account but it doesn't prevent anything. The hack has already occured. |
|
|
|
|
Spoetnik
Legendary
Offline
Activity: 1540
Merit: 1011
FUD Philanthropist™
|
|
July 02, 2017, 08:30:50 AM |
|
Interesting replies..
Would be good if we had a wiki on known problems or policies.
For example.. Shouldn't they all lock you out after putting in the wrong password too many times?
Like which do that?
I'm not too sure..
I often avoid 2fa because it's a pain in the ass.
But i would be more inclined if I had money on a service.. Pool.. Online wallet.. Exchange etc.
Right now I might have a $100 on an exchange.. So I am not worried about it.
If I was risto with 2 million in xmr on Polo fuck yeah I would have 2 factor auth enabled.
But..
I just don't think it should be mandatory like this topic is about.
I am convinced exchanges can and do simply take our money though.
It's too easy for them and don't forget...
It's not illegal.
They can do what ever they want.. This stuff is not regulated.
For example if Polo says they are retiring and taking all our money then oh well..
They can.
It's there right to do it.
And we can bitch and moan about it but that is the price we pay for screaming the free market mantra for 8 years.
|
FUD first & ask questions later™ |
|
|
|
Pente
|
|
July 02, 2017, 08:37:45 AM |
|
2FA is actually less secure than a strong password. Phone accounts can be easily hacked via various methods. In fact, I am suspecting that OP is really a hacker that is trying to make Polo accounts less secure by getting them to require 2FA.
Accounts with 2FA allow a password reset using your phone, that is how Coinbase accounts get hacked all the time. If you don't use 2FA on your Coinbase account, you can't be hacked with a strong password.
2FA = hacker's wet dream
2FA is like requiring home owners to put multiple locks on their guns so that they can't quickly arm themselves if they get robbed.
I just used my Keepass to generate this 24 digit password: Ã:äPrQÕ¾+N=í©Sÿ3ƽ§«7Ùà2
I checked the generator and there are a potential of over a hundred different characters, so 100^24 = over 10^48 possible combinations.
There is no way OP can hack 10^48 possible combinations, so he wants to degrade security by using the 2FA back door method.
This is how you know OP is a hacker.
|
|
|
|
|
Salicorne
Newbie
Offline
Activity: 17
Merit: 1
|
|
July 02, 2017, 09:29:10 AM |
|
Bittrex forced it, and I am not sure if there is a lesser percentage of hacked accounts.
|
|
|
|
|
|
swissgang
|
|
July 02, 2017, 09:41:51 AM |
|
Over the last 3 month there are many newbie users who don't even about 2fa, there may be more hacked accounts.
|
|
|
|
|
