Bitcoin Forum
December 26, 2024, 02:14:28 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Cryptsy, BTC-E and Hotmail account hacked  (Read 3083 times)
11danman11 (OP)
Member
**
Offline Offline

Activity: 80
Merit: 10


Cryptocurrency, best creation ever!


View Profile
December 09, 2013, 09:25:42 AM
 #1

Today I found out that my Cryptsy, BTC-E and Hotmail account have been hacked. I first tried logging into my Cryptsy account to find that my password had been changed, so I tried logging into my email account to see if maybe I had made a mistake. To my surprise, my Hotmail password had also been changed, but I was able to change it because it is linked to my mobile number. So I sent a password recovery to Cryptsy and was able to login. All my coins had been sold off and withdrawn to this bitcoin address: 1CYehmoJN3sxgW3U8JvQrPTWMBy7yNv42V  I was freaking out so then I went to my BTC-E account to find that the hacker had sold off my Litecoins for Euros, and I don't know why he sold them for Euros when he simply could have sold them for Bitcoin and done the same thing as my Cryptsy account. I loss in total about 6.75 BTC, I am greatly saddened, although it is not much of a loss to me due to that all these coins were bought a while ago for a small amount of money. I have no idea how the hacker gained access to my information, I had run a virus scan only yesterday, and I have not entered my information on any strange websites. My BTC-E and Cryptsy password are the same, but my email password is slightly different to it. If anyone has any information on what I can do (I doubt anything can be done lol) please post here, or if you have a similar story.
Thanks for reading,
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
December 09, 2013, 09:36:42 AM
 #2

Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.

11danman11 (OP)
Member
**
Offline Offline

Activity: 80
Merit: 10


Cryptocurrency, best creation ever!


View Profile
December 09, 2013, 09:40:54 AM
 #3

Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.

Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago...
ajax3592
Full Member
***
Offline Offline

Activity: 210
Merit: 100

Crypto News & Tutorials - Coinramble.com


View Profile
December 09, 2013, 09:57:42 AM
 #4

Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.

Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago...

That could exactly be the case if you used the same password here on any of your mail or on Cryptsy!

Crypto news/tutorials >>CoinRamble<<                            >>Netcodepool<<                >>My graphics<<
davedx
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile WWW
December 09, 2013, 10:17:03 AM
 #5

I think the biggest lesson is don't store coins or fiat in exchanges. Use them to exchange then withdraw back to your wallet straightaway. The only reason you shouldn't do this is if you want to day trade or do inter-exchange arbitrage.

Also, of course, encrypt your local wallet with a very strong password.

Bitcoin is one piece of a larger puzzle to promote liberty, prosperity and democracy.
Support the EFF with your Bitcoins. https://supporters.eff.org/donate
kik1977
Hero Member
*****
Offline Offline

Activity: 593
Merit: 505


Wherever I may roam


View Profile
December 09, 2013, 10:33:56 AM
 #6

Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.

Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago...

What kind of 2FA do they implement?

We are like butterflies who flutter for a day and think it is forever
raskolnikovx
Full Member
***
Offline Offline

Activity: 186
Merit: 100


View Profile
December 09, 2013, 10:47:24 AM
 #7

https://bitcointalk.org/index.php?topic=364251.msg3889134#msg3889134
11danman11 (OP)
Member
**
Offline Offline

Activity: 80
Merit: 10


Cryptocurrency, best creation ever!


View Profile
December 09, 2013, 10:54:48 AM
 #8

Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.

Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago...

What kind of 2FA do they implement?

They send a unique code to your email address.
yenom
Full Member
***
Offline Offline

Activity: 187
Merit: 100


View Profile
December 09, 2013, 10:57:17 AM
 #9

Use Lastpass to generate a 30 char password for every website you have. I don't know any of my passwords because all my usernames and all my passwords are different on every site I have registered on.
raskolnikovx
Full Member
***
Offline Offline

Activity: 186
Merit: 100


View Profile
December 09, 2013, 11:01:30 AM
 #10

Use Lastpass to generate a 30 char password for every website you have. I don't know any of my passwords because all my usernames and all my passwords are different on every site I have registered on.

And where do you store your passwords?
bryant.coleman
Legendary
*
Offline Offline

Activity: 3794
Merit: 1219


View Profile
December 09, 2013, 11:25:01 AM
 #11

Use Lastpass to generate a 30 char password for every website you have. I don't know any of my passwords because all my usernames and all my passwords are different on every site I have registered on.

But then how will you store your passwords? Storing them by writing down in paper is not safe.
raskolnikovx
Full Member
***
Offline Offline

Activity: 186
Merit: 100


View Profile
December 09, 2013, 11:30:19 AM
 #12

Use Lastpass to generate a 30 char password for every website you have. I don't know any of my passwords because all my usernames and all my passwords are different on every site I have registered on.

But then how will you store your passwords? Storing them by writing down in paper is not safe.

Exactly ...
http://en.wikipedia.org/wiki/Single_point_of_failure
unfly
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
December 09, 2013, 11:55:19 AM
 #13

Yeah...upon reading this I've changed my Cryptsy password and added 2fa with my phone number.  Sorry to hear that happened to you OP.
yenom
Full Member
***
Offline Offline

Activity: 187
Merit: 100


View Profile
December 09, 2013, 11:57:48 AM
 #14

Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.
whiskers75
Hero Member
*****
Offline Offline

Activity: 658
Merit: 502


Doesn't use these forums that often.


View Profile
December 09, 2013, 12:04:46 PM
 #15

Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.
No, but they could add custom JS, being non-open source.
Use KeePass.

Elastic.pw Elastic - The Decentralized Supercomputer
ELASTIC ANNOUNCEMENT THREAD | ELASTIC SLACK | ELASTIC FORUM
raskolnikovx
Full Member
***
Offline Offline

Activity: 186
Merit: 100


View Profile
December 09, 2013, 12:34:22 PM
 #16

Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.

So you say that you trust this Lastpass service with all of your passwords.
Ok. I just cannot do that. I handle passwords to access Wallets, Email, Dedicated Servers, Shared servers, Homebanking, etc, etc.
No, I cannot afford to trust nobody but me.
I use a set of different passwords for my stuff. They are all well formed and will never be part of any dictionary.
And I can remember my passwords because I must do so.
People rembered complete books for years.
yenom
Full Member
***
Offline Offline

Activity: 187
Merit: 100


View Profile
December 09, 2013, 12:59:15 PM
 #17

Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.

So you say that you trust this Lastpass service with all of your passwords.
Ok. I just cannot do that. I handle passwords to access Wallets, Email, Dedicated Servers, Shared servers, Homebanking, etc, etc.
No, I cannot afford to trust nobody but me.
I use a set of different passwords for my stuff. They are all well formed and will never be part of any dictionary.
And I can remember my passwords because I must do so.
People rembered complete books for years.


If you cannot be bothered to look at it then fine. If you did you would realize all your concerns are addressed. Anyway it seems I'm wasting my time, a bit like trying to explain bitcoin to Peter Schiff..
thecoinjournal
Hero Member
*****
Offline Offline

Activity: 490
Merit: 500



View Profile WWW
December 09, 2013, 01:20:14 PM
 #18

Learn a lesson, use 2fa and different passwords. Go relax it could have been more. Also it's probably the person closest to you if not a hacker.

Yeah I had 2fa for Cryptsy. Just had another thought, Bitcointalk got hacked recently and passwords were stolen... I had same/similar passwords it is possible they could have performed an alphabet brute force? Oh well no point worrying about it, you're right I could have loss waaay more. Read a post here were a guy lost 25,000 BTC 2 years ago...

Always use different username/password combinations on different sites. For me, I use 10minutemail in most cases, even the account got compromised it won't be associated with my other accounts.

raskolnikovx
Full Member
***
Offline Offline

Activity: 186
Merit: 100


View Profile
December 09, 2013, 01:26:36 PM
 #19

Go and research Lastpass. It is TNO (Trust No-One) and PIE (Pre-Internet Encryption). The encrypted password vault is replicated to all the browsers you have it installed in, and the Lastpass servers. They cannot decrypt it. There is an iPhone App too. It's really an amazing product if you can be bothered to look.

So you say that you trust this Lastpass service with all of your passwords.
Ok. I just cannot do that. I handle passwords to access Wallets, Email, Dedicated Servers, Shared servers, Homebanking, etc, etc.
No, I cannot afford to trust nobody but me.
I use a set of different passwords for my stuff. They are all well formed and will never be part of any dictionary.
And I can remember my passwords because I must do so.
People rembered complete books for years.


If you cannot be bothered to look at it then fine. If you did you would realize all your concerns are addressed. Anyway it seems I'm wasting my time, a bit like trying to explain bitcoin to Peter Schiff..

Dude, relax!
I did check the website and know the service and others like this one.
I just cannot trust nobody with this kind of data.
Thats all.
yenom
Full Member
***
Offline Offline

Activity: 187
Merit: 100


View Profile
December 09, 2013, 02:49:58 PM
 #20

Dude, relax!
I did check the website and know the service and others like this one.
I just cannot trust nobody with this kind of data.
Thats all.

Hehe, it's fine. I just get annoyed that people leap to conclusions without first seeking to understand, something common to the bitcoin space. As I mentioned the Lastpass system addresses precisely that point - TNO. Trust No-One. You are sensible to consider that, and if open source only fits your criteria then great.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!