adding mail confirmations for withdraw will be solution
If the 'hacker' has access to the account, this means your email address could got compromised as well if he knows what your email address which is linked to the PD account is. The simplest solution to this is to force a 2FA for every account , this is the simplest yet the toughest thing to break for the hacker
yes if they hacked highly possible their mail got hacked too but at least they will see confirmation mail on their mail or they will see their mail password changed too so they wont doubt someone at pd staff got their coins
It would seem to me it would be very difficult to hack, considering the captcha on the login now, just noticed that.
I would suspect the user may have a keylogger type virus on their system, and not know it. While the keylogger would be relatively useless for things like a BTC wallet on your local machine, because they wouldnt have access to it, it would allow them to get into sites they log into.
When I ran my business years back, my staff abused the hell out of AIM and other chat application. Writing up didnt work. Installed a baracudda system, costing $8000, didnt stop them. So, one night, after consulting our lawyers of course-- and that it was ok to do so, we installed a paid for program to log specifically mouse movements, in what programs, what windows, and capture screenshots every 10 seconds.
Only for one reason, the abuse of employees not working and chatting literally all day was costing a fortune.
The program was incredibly stealth, it did not show up on the hard drive, it did not show up anywhere using any detection method as a running service. It was impossible to see.
The only way you could "get" into it, was to type your "keycode" into notepad, which was something obscure... like 4f8behe9e$$b6b4b
Then a window would appear. My point- it was undetectable. Even with Windows defender. MS Security Essentials. Etc.
It literally emailed out the data on a interval basis, over a vpn, so even if the user analyzed the traffic, it was encrypted first, then sent encrypted again over an obscure port via VPN.
That said: If a user has a keylogger on their computer. They could gain access to the users PD Account. Then they could find the deposit address.
With the deposit address, using Blockchain.info, set up a watch, with audio alarm- the second a deposit hits, pre-confirmation.
So they hear it, then wait for confirm. Login, and the moment it hits, withdraw.
I'm totally freaked out by keyloggers. For that reason, I sandbox nearly everything I run, and run VMs. My root system I keep highly protected.
There are so many viruses out there. Its insane.
Be safe guys, and be very careful what you install. As well as the websites you visit.
Cheers!
Strato