CEX.IO user just got hacked. User loses $7000 USD

[Mentaso]

Just when we get emails from CEX.IO that they have great security, this dude gets his account hacked and all his GHS gets converted to Bitcoin and withdrawn.

[grue]

The account holder had a randomly generated password which would have been difficult to Brute Force, so there is a very good possibility that the hacker has access to the database. With all due credit, CEX.IO does have 2 stage authentication which the user could not access as he did not have a smart phone to perform the security. So far, no comment fro CEX.IO

or his computer was keylogged, which is far more likely because there's no large number of hack incidents.

[DeathAndTaxes]

So no 2FA and limited to a single account and your conclusion is it must be someone with access to the database?  Unless CEX is utterly incompetent passwords are stored hashed so a long random password would be beyond brute force even if the password table was leaked.  

It is far more likely the attacker stole the password from the users computer (keylogger) but then again who needs facts.  

Note I have been highly critical of CEX and the insane prices for hashpower but a spade is a spade and your article is weak.

[rayfloyd]

Very misleading title, FUD.

"Streets of the wolrd unsecure, someone got hit today!"

[crazy_rabbit]

Could a mod please change the title to "Maleware/user error leads to theft. Again."

[Mentaso]

I dont think malware of keylogger could have accessed a password management tool... Is that possible?

His security setup
1. Password management software randomly generated a 10 plus digit password, using numbers, letters, Caps, no Caps, special characters
2. At no time was the password every keyed in. This eliminates the "key-logger" issue
3. The password was never used elsewhere and was unique to this one account.

[tysat]

Updated title and moving to the correct section!

[Micky25]

so without a smartphone you can't use 2FA? Ohkay, wonder how it works for me all the time.

No offense, but the whole story sounds like complete BS to me.

[escrow.ms]

I dont think malware of keylogger could have accessed a password management tool... Is that possible?

His security setup
1. Password management software randomly generated a 10 plus digit password, using numbers, letters, Caps, no Caps, special characters
2. At no time was the password every keyed in. This eliminates the "key-logger" issue
3. The password was never used elsewhere and was unique to this one account.

Formgrabber 1 : Security 0

[cnblue]

if that person really got hacked where is the detail of the information? screenshot ?
and detail about him contacting support? and what the support did about it?

i think this is a bogus story.

i wonder how "DeathAndTaxes" know that person didnt had 2FA on.
maybe he did, maybe he didnt. he havnt hearing anything other than he lost his money.

again this rumor on reddit was just trying to attract traffic. my 2 cents.
i know people who have over 100BTC on Cex.io for months on trading.


my first incident i had with CEX.io was my withdraw problem. i try to withdraw. its say i didnt had enough fund to withdraw when i did. i contact support and they fixed it within 24hrs.

my second incident when i successful withdraw fund, i waited 24hrs and the funds wasn't transfered yet. it say it was transfer from my history but i never got it. i contact support they took care of it within 12hrs.

  so far only good experience from cex.io

[daudi123miner]

I am a new miner.
I Have a Question. what does it mean when you keep getting message from the [CEX.IO]  stating "Successful authorization" with a time stamp like - 2014-04-04 17:37 (GMT) and your IP address?

should I be worried?