ToxicDartFrog
|
|
September 01, 2017, 12:46:09 AM |
|
That leads us to ask, how would they have obtained a complete, up-to-date decrypted database for their customers?
I don't know how their back-end is written but my assumption is user logins never actually decrypt the password and check, they encrypt the user login attempt and compare with the encrypted stored value. If someone had obtained a copy of the site/db with the salt + public key, in theory users could log in and successful attempts could have their unencrypted passwords logged. Not saying it's the case but it is absolutely possible. As a precaution, until I hear people claiming they can actually do something on the site aside from simply log in, I'm not going to provide my credentials yet. That said, this is quite exciting and I have more faith now than before that I'm finally going to get access to my coins soon!!! Watching this thread closely now
|
|
|
|
thedreamer
Legendary
Offline
Activity: 1694
Merit: 1002
Go Big or Go Home.....
|
|
September 01, 2017, 01:02:46 AM |
|
That leads us to ask, how would they have obtained a complete, up-to-date decrypted database for their customers?
I don't know how their back-end is written but my assumption is user logins never actually decrypt the password and check, they encrypt the user login attempt and compare with the encrypted stored value. If someone had obtained a copy of the site/db with the salt + public key, in theory users could log in and successful attempts could have their unencrypted passwords logged. Not saying it's the case but it is absolutely possible. As a precaution, until I hear people claiming they can actually do something on the site aside from simply log in, I'm not going to provide my credentials yet. That said, this is quite exciting and I have more faith now than before that I'm finally going to get access to my coins soon!!! Watching this thread closely now Ding ding ding.. We have a winner..
|
Go Big or Go Home.
|
|
|
hua_hui
Legendary
Offline
Activity: 1386
Merit: 1016
|
|
September 01, 2017, 01:12:29 AM |
|
I just logged in, the balance was exactly how I left it when the site went down, I had a screen shot of the old site just in case as proof to compare. BCH has been credited as promised. Trade/Deposits/Withdrawals are all disabled. The login forces you to set a new password. The Troll Box is working So far looking good. Yah. I am very delighted despite all these, they fight to come back and even never forget user about their bch. I am still very impressed for what they did and never go the mtgox way. They could have done that and ran away with money. Can see that they are proud of their product and i do see long term stability in this exchange.
|
|
|
|
OMlite
Newbie
Offline
Activity: 55
Merit: 0
|
|
September 01, 2017, 01:13:42 AM |
|
As a precaution, until I hear people claiming they can actually do something on the site aside from simply log in, I'm not going to provide my credentials yet. That said, this is quite exciting and I have more faith now than before that I'm finally going to get access to my coins soon!!!
To be honest, your precaution can work in either way. Let's assume the site is legit (old btce domain, posted on the forum, on the twitter account, it has the complete database ecc). But let's also assume that it has been somewhat compromised, as per statement by admins. The longer you wait to change your credentials, the longer a scammer can work to obtain your account And then... patiently waiting for withdraws to be enable again. So, there is really no valid precaution right now. I actually logged and changed my credentials (the site had my correct pass and my original 2fa key, along with my balance, transactions ecc). The reason is this: the site seems legit, a lot of proofs sustain this. But if it is a scam, it means that all the btc-e ecosystem has been compromised. Forum, twitter, domains, database, balances, passwords and so on... Therefore, is not a simple scam... it means that all BTC-e belongs to some entity (FBI or someone else). Therefore our coins are gone. But if this is the case, there was no point to put the site up again. we do not own the private keys for the wallets. There is no reasons to steal our credentials, when you have the entire BTC-e already in your hands. Logging and changing the password was the more conservative choice.
|
|
|
|
ToxicDartFrog
|
|
September 01, 2017, 01:28:27 AM |
|
Let's assume the site is legit (old btce domain, posted on the forum, on the twitter account, it has the complete database ecc).
Ok to be honest I missed that they even posted it on their Twitter. This leans me further towards yeah they are legit. I'm getting a cloudflare at the moment right now anyway but I'm certainly less skeptical now.
|
|
|
|
OMlite
Newbie
Offline
Activity: 55
Merit: 0
|
|
September 01, 2017, 01:40:23 AM |
|
Let's assume the site is legit (old btce domain, posted on the forum, on the twitter account, it has the complete database ecc).
Ok to be honest I missed that they even posted it on their Twitter. To be totally honest (and be the devil's advocate) I have been surprise from the very beginning that the FED did not seize BTCe twitter account... I mean twitter is in US, the feds could simply ask for the password and having it delivered in a couple of minutes. Therefore, two options: -everything is in FEDs hands. -BTCE is back.
|
|
|
|
larkinvain
Member
Offline
Activity: 1120
Merit: 13
|
|
September 01, 2017, 02:11:23 AM |
|
To be totally honest (and be the devil's advocate) I have been surprise from the very beginning that the FED did not seize BTCe twitter account... I mean twitter is in US, the feds could simply ask for the password and having it delivered in a couple of minutes.
I think they only seized stuff that would be useful for their investigation. No transactions were done on twitter so would be of little use to them.
|
|
|
|
Potent
|
|
September 01, 2017, 02:26:05 AM |
|
I think their English is terrible like me.
|
|
|
|
ToxicDartFrog
|
|
September 01, 2017, 03:00:30 AM |
|
To be totally honest (and be the devil's advocate) I have been surprise from the very beginning that the FED did not seize BTCe twitter account... I mean twitter is in US, the feds could simply ask for the password and having it delivered in a couple of minutes.
Therefore, two options: -everything is in FEDs hands. -BTCE is back.
Honestly I don't even care if the feds own the site now if I can get my NMC withdrawn. I was only concerned about someone tricky trying to harvest logins. I've never once attempted to take cash back so don't even have concerns over taxes. All I got to lose at this point is the coins themselves (and they're already in limbo) hence the caution with logging into a site that isn't quite functional yet.
|
|
|
|
thiec
|
|
September 01, 2017, 03:20:40 AM |
|
Nobody is worried that this is just a complete snapshot of the 'old' BTC-E with the chatbox and the database before it went down and nothing else (considering the trading backend/withdrawal system is not active). What if it's just exactly as I mentioned in the first sentence and everyone logging in is actually giving their complete login info to people that want to have full access to your BTC in those accounts?
After couple simple test with incorrect password didnt get thorugh which mean the site HAVE OUR PASSWORD, so they do have our data, login or not is nothing different. Just dont provide new data just to withdraw the fund, this might be a flag if they really do request it.
|
|
|
|
ToxicDartFrog
|
|
September 01, 2017, 05:40:25 AM |
|
After couple simple test with incorrect password didnt get thorugh which mean the site HAVE OUR PASSWORD, so they do have our data, login or not is nothing different.
Just dont provide new data just to withdraw the fund, this might be a flag if they really do request it.
I don't disagree with most of what you are saying but it needs to be pointed out, again, that user logins are a comparison of the result of a salted(?) and hashed password against the salt+hash stored in the DB. They are NOT decrypting your stored password to compare with what you typed. In theory this means if a rather sophisticated operation was going on (meaning BTCe had their twitter etc compromised) a bad actor could still have a functional login and NOT actually know your password (but log it when the hashes match). I am not suggesting this is what's happening and tbh I think the .nz site is most likely legit but let's not spread misinformation about how user authentication works.
|
|
|
|
thiec
|
|
September 01, 2017, 06:44:17 AM |
|
After couple simple test with incorrect password didnt get thorugh which mean the site HAVE OUR PASSWORD, so they do have our data, login or not is nothing different.
Just dont provide new data just to withdraw the fund, this might be a flag if they really do request it.
I don't disagree with most of what you are saying but it needs to be pointed out, again, that user logins are a comparison of the result of a salted(?) and hashed password against the salt+hash stored in the DB. They are NOT decrypting your stored password to compare with what you typed. In theory this means if a rather sophisticated operation was going on (meaning BTCe had their twitter etc compromised) a bad actor could still have a functional login and NOT actually know your password (but log it when the hashes match). I am not suggesting this is what's happening and tbh I think the .nz site is most likely legit but let's not spread misinformation about how user authentication works. I dont know the complex things about login and password operated. I do know that i can see all my things there as it was. If the critical data store in different kind of database, how they have that. I dont have any penny there so if you have doubt about the site, dont touch it, as i have nothing to lose just to share my thought.
|
|
|
|
Martisor-Sobru
|
|
September 01, 2017, 06:58:10 AM |
|
Mighty iron testicles confirmed
Official Scores just it: Russia 1:0 America
I have told you all BTC-e would return. I hereby request tribute
BTC-E reborn. This episode proved to me that the Russians are terrible people. Stalingrad was not an exception. That's what the Russians are. Because the name of Victory is Russia. Eternal glory for their!
|
|
|
|
Error 522
|
|
September 01, 2017, 07:24:03 AM |
|
Hi Mayax, please give us an update with your opinion of current situation, we all greatly respect your opinion.
|
|
|
|
stingray454
Member
Offline
Activity: 86
Merit: 10
|
|
September 01, 2017, 07:35:19 AM |
|
Just checked, my old login and 2-factor authentication worked. I also had all my funds (LTC and USD) visible on my user. Will they later remove 45% of the funds and replace it with random crapcoins, or what's the deal now?
|
|
|
|
Error 522
|
|
September 01, 2017, 08:22:48 AM |
|
Will they later remove 45% of the funds and replace it with random crapcoins
yes - replace the 45 percent with tokens
|
|
|
|
Sukovsky
Member
Offline
Activity: 107
Merit: 10
|
|
September 01, 2017, 08:55:03 AM |
|
So If I have 1k fiat and 1k NMC for example, I will get 550USD and 550 NMC. And probably 450 USDET and 450 NMCET. USDET and NMCET = Future payment obligation.
Or at least thats how I think they will do it, seeing that every currency has it's own separate token market.
|
|
|
|
Wunderwuzzi007
Newbie
Offline
Activity: 24
Merit: 0
|
|
September 01, 2017, 09:15:56 AM |
|
Hey guys,
So what is the deal with the PAMM accounts. I had very little on BTC-E. Most of my funds were tied up in PAMM. Obviously gone for the moment.
Any infos?
Cheers
WW
|
|
|
|
SEELE^^01
|
|
September 01, 2017, 09:23:49 AM |
|
So If I have 1k fiat and 1k NMC for example, I will get 550USD and 550 NMC. And probably 450 USDET and 450 NMCET. USDET and NMCET = Future payment obligation.
Or at least thats how I think they will do it, seeing that every currency has it's own separate token market.
exactly, thats the way it is. not all is lost
|
|
|
|
1Referee
Legendary
Offline
Activity: 2170
Merit: 1427
|
|
September 01, 2017, 10:19:20 AM |
|
Just checked, my old login and 2-factor authentication worked. I also had all my funds (LTC and USD) visible on my user. Will they later remove 45% of the funds and replace it with random crapcoins, or what's the deal now?
My balance is restored in full, to how it was just before they went down. I think in the next couple of days BTC-E will take the time to incorporate their debt tokens, and from there indeed remove 45% of your initial funds, and replace them with these debt tokens. After that it's up to you to do whatever you want with these tokens. I personally will not mind taking a hit of 10% in case I end up selling these tokens below their supposed issue value. I just want to get everything of value off that exchange as soon as possible. Added benefit is that they at least are fair enough to hand us over our BCC's as well. In my case it's 5BCC, which at their current market value equals 0.625BTC.
|
|
|
|
|