Dorkie
Member
 Offline
Activity: 420
Merit: 13
|
 |
October 14, 2017, 06:07:14 AM |
|
I have no choice but to suspect the requirement to sign message with a bitcoin address is a way of tracking who is the owner of which bitcoin address, very much like what many exchanges are doing when they require submission of ID, driving license, etc for KYC/AML excuses/nonsense.
So if a user never posted his bitcoin address here (because he never sell anything here), that means he can NEVER recover his account?
How ridiculous.
I am a recent victim of an account hack.
Edit:
By right the system should be able to trace the change of IP addresses used before and after an account hack.
|
|
|
|
|
coolcoinz
Legendary
Offline
Activity: 2800
Merit: 1192
|
|
October 14, 2017, 10:17:13 AM |
|
I have no choice but to suspect the requirement to sign message with a bitcoin address is a way of tracking who is the owner of which bitcoin address, very much like what many exchanges are doing when they require submission of ID, driving license, etc for KYC/AML excuses/nonsense.
So if a user never posted his bitcoin address here (because he never sell anything here), that means he can NEVER recover his account?
How ridiculous.
I am a recent victim of an account hack.
Edit:
By right the system should be able to trace the change of IP addresses used before and after an account hack.
At least make the hacker's attempt not worth it. Follow your hacked account and if it joins any campaign or giveaway make sure people know it's hacked and not allow him in. I think there should be a thread with a list of all the hacked accounts that would work like SMAS, so that people can check accounts before sending them any money. |
|
|
|
real_generalt (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
October 14, 2017, 05:27:16 PM |
|
I have no choice but to suspect the requirement to sign message with a bitcoin address is a way of tracking who is the owner of which bitcoin address, very much like what many exchanges are doing when they require submission of ID, driving license, etc for KYC/AML excuses/nonsense.
So if a user never posted his bitcoin address here (because he never sell anything here), that means he can NEVER recover his account?
How ridiculous.
I am a recent victim of an account hack.
Edit:
By right the system should be able to trace the change of IP addresses used before and after an account hack.
I think the system can but the problem would be the resources (time being a resource) required to manually track all that information to try to confirm the identity of a person. Since there are so many scammers out there I can only imagine that they must get quite a few hacked account messages every day. I'm guessing that this is not their full time job so it is not like they can spend 8 hours a day dedicated to maintaining this forum. I believe at one point I saw a post about stake addresses and of course it wouldn't hurt to put a BTC address out there somewhere you can refer to just in case. 1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ |
|
|
|
|
Dorkie
Member
Offline
Activity: 420
Merit: 13
|
|
October 14, 2017, 05:30:58 PM |
|
Have you guys ever thought that all the hacking was actually an inside job?
In other words, whatever verification you use (stacking bitcoin address, 2 factor authentication, etc) is actually useless.
|
|
|
|
|
|
pixie85
|
|
October 14, 2017, 06:05:22 PM |
|
I have no choice but to suspect the requirement to sign message with a bitcoin address is a way of tracking who is the owner of which bitcoin address, very much like what many exchanges are doing when they require submission of ID, driving license, etc for KYC/AML excuses/nonsense.
So if a user never posted his bitcoin address here (because he never sell anything here), that means he can NEVER recover his account?
How ridiculous.
I am a recent victim of an account hack.
Edit:
By right the system should be able to trace the change of IP addresses used before and after an account hack.
This won't work because many people are using VPNs, so their IP is changing with every login. I know that some people don't, but it's only one of many things an admin should verify before blocking the account or giving it back to someone. I'd rather have my account locked than watch a hacker make money off it, so Theymos or Cyrus should at the very least block the accounts that people are claiming to be stolen. That is of course if these accounts have recently undergo a password and email change. |
|
|
|
|
Dorkie
Member
Offline
Activity: 420
Merit: 13
|
|
October 14, 2017, 06:15:04 PM |
|
This won't work because many people are using VPNs, so their IP is changing with every login. I know that some people don't, but it's only one of many things an admin should verify before blocking the account or giving it back to someone.
I'd rather have my account locked than watch a hacker make money off it, so Theymos or Cyrus should at the very least block the accounts that people are claiming to be stolen. That is of course if these accounts have recently undergo a password and email change.
Indeed, that is a good temporary fix. I would suggest that the system not allow any change to the email address at all. This will make sure no control of any account is possible. I still can't see any vulnerability in making the email immutable. In fact, I see it as a very good solution. |
|
|
|
|
real_generalt (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
October 14, 2017, 11:17:28 PM |
|
This won't work because many people are using VPNs, so their IP is changing with every login. I know that some people don't, but it's only one of many things an admin should verify before blocking the account or giving it back to someone.
I'd rather have my account locked than watch a hacker make money off it, so Theymos or Cyrus should at the very least block the accounts that people are claiming to be stolen. That is of course if these accounts have recently undergo a password and email change.
Indeed, that is a good temporary fix. I would suggest that the system not allow any change to the email address at all. This will make sure no control of any account is possible. I still can't see any vulnerability in making the email immutable. In fact, I see it as a very good solution. Perhaps a system that sends an email to the original email address with a link that gives the original owner a certain amount of time to click it to change the email back to the original. So if you did change it just ignore the email but if you didn't change it then you click the link and it reverts is back to the original email and forces a password change. |
|
|
|
|
Dorkie
Member
Offline
Activity: 420
Merit: 13
|
|
October 15, 2017, 01:00:24 AM |
|
Perhaps a system that sends an email to the original email address with a link that gives the original owner a certain amount of time to click it to change the email back to the original. So if you did change it just ignore the email but if you didn't change it then you click the link and it reverts is back to the original email and forces a password change.
Yes, another good solution. Simple solutions that work. And yet the bitcointalk insiders are squeezing their brains, thinking superman hard, trying to come up with some super revolutionary method to solve the problem. The insiders are working 3 to 4 years long trying to come up with the most novel way of account security in the hopes that they will win a Nobel prize. |
|
|
|
|
generalt
Legendary
Offline
Activity: 1096
Merit: 1021
|
|
October 17, 2017, 02:00:55 AM |
|
I got my account back!!! Thank you everybody for all your help in this matter. -----BEGIN BITCOIN SIGNED MESSAGE----- This is generalt and today is October 16th. This message is to verify that I do have my account back. Thank you all! -----BEGIN SIGNATURE----- 1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2 HMPcgKVShxs+F6Wokt43Z34xHOlZ/sdM1aMkL4LNYBOeVgmCED+fGSgvmKDR4E5HvuunZ2g71RjIee9xkZK0YOQ= -----END BITCOIN SIGNED MESSAGE----- I feel whole again!  |
BTC: 1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ
|
|
|
real_generalt (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
October 17, 2017, 02:04:52 AM |
|
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is generalt and today is October 16th. This message is to verify that I do have my account back. Thank you all!
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
HMPcgKVShxs+F6Wokt43Z34xHOlZ/sdM1aMkL4LNYBOeVgmCED+fGSgvmKDR4E5HvuunZ2g71RjIee9xkZK0YOQ=
-----END BITCOIN SIGNED MESSAGE-----
|
|
|
|
|
generalt
Legendary
Offline
Activity: 1096
Merit: 1021
|
|
October 17, 2017, 02:16:24 AM |
|
Also taking this opportunity to post a stake address 1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ
|
BTC: 1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ
|
|
|
philipma1957
Legendary
 Online
Activity: 4298
Merit: 8838
'The right to privacy matters'
|
|
October 17, 2017, 02:38:17 AM |
|
Also taking this opportunity to post a stake address 1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ
I will quote and I have done multiple sales with you . I also have met with you in person more then once. I will lift the neg trust I posted This is my really long term address 1JdC6Xg3ajT3rge3FgPNSYYFpmf53Vbtje this is my secondary account judypug1956 I truly fear getting hacked on this site. I am glad it was fixed. |
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
October 17, 2017, 05:16:23 AM |
|
I got my account back!!! Thank you everybody for all your help in this matter. -----BEGIN BITCOIN SIGNED MESSAGE----- This is generalt and today is October 16th. This message is to verify that I do have my account back. Thank you all! -----BEGIN SIGNATURE----- 1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2 HMPcgKVShxs+F6Wokt43Z34xHOlZ/sdM1aMkL4LNYBOeVgmCED+fGSgvmKDR4E5HvuunZ2g71RjIee9xkZK0YOQ= -----END BITCOIN SIGNED MESSAGE----- I feel whole again! Quoted and verified. Also taking this opportunity to post a stake address 1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ
Quoted. 1JdC6Xg3ajT3rge3FgPNSYYFpmf53Vbtje
this is my secondary account
judypug1956
Quoted. You should probably sign a message with it, but in this thread: https://bitcointalk.org/index.php?topic=996318.0.
OP, you should lock this thread now. |
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion) |
|
|
|
