|
IYFTech (OP)
|
 |
December 09, 2013, 11:07:07 PM |
|
Thought I'd copy this over from the cex.io official thread so everyone could read it, seeing as nobody looks at their thread anyway - especially cex.io...... |
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
|
|
empoweoqwj
|
|
December 10, 2013, 04:43:28 AM |
|
Apart from the volatility of bitcoin, I see "hacking" as the number thing that could cause it to fail.
Barely a week goes by without another "several thousand" bitcoins going missing because a site has been "hacked".
I put "hacked" in quotes because in 90% of these "hacking" cases, I don't believe for a minute the site has really been hacked. Its just a convenient excuse for the site owner to run off with the coins.
Tip: never leave any more bitcoins that you have to on *any* bitcoin website. There are too many greedy people about. Keep your bitcoins offline.
|
|
|
|
|
|
HellDiverUK
|
|
December 10, 2013, 08:24:31 AM |
|
Huh, glad I emptied out my BTC from there yesterday. Still have a tiny amount of cloud hashing going on there (mostly to keep the referral freebies running).
|
|
|
|
|
|
helmax
|
|
December 10, 2013, 12:32:19 PM |
|
i am new in this pool
where is thread official for doughts ?
how i can put my address wallet in pool for withdrawn
|
looking job
|
|
|
Mitchell
Copper Member
Legendary
 Offline
Activity: 3920
Merit: 2198
Verified awesomeness ✔
|
|
December 10, 2013, 12:33:43 PM |
|
Apart from the volatility of bitcoin, I see "hacking" as the number thing that could cause it to fail. It's the same with every other online banking account. It takes a while to build up good security and people just have to be careful with their stuff. |
| | | .
Duelbits | | | ▄████▄▄
▄█████████▄
▄█████████████▄
▄██████████████████▄
▄████▄▄▄█████████▄▄▄███▄
▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███
██████▀▀▀▀████▀███▀▀▀▀█████
▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
▀███████████████████▀
▀███████████████▀ | | | | | .
▄ ▄▄▀▀▀▀▄▄
▄▀▀▄ █
█ ▀▄ █
▄█▄ ▀▄ █
▄▀ ▀▄ ▀█▀
▄▀ ▀█▄▄▄▀▀ ▀
▄▀ ▄▀ ▄▀
Live Games | |
▄▄▀▀▀▀▀▀▀▄▄
▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄ █ ▄ █ ▀▄
█ █ ▀ ▀ █ █ ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█
█ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | .
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▄ █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █
█ ▄▄ █ █
█ █ █
█ ▄▀▀▄▀▀▄ █ █
█ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄
▀████▄▄
██████▄
▄▄▄▄▄▄▄▄█▀ ▀▀█
████████▄ █
█████████▄ █
██████████▄ ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀ ████
█ ███
█ █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ]
AVAILABLE NOW | |
Advertisements are not endorsed by me. |
|
|
|
|
|
empoweoqwj
|
|
December 11, 2013, 01:18:02 AM |
|
Apart from the volatility of bitcoin, I see "hacking" as the number thing that could cause it to fail. It's the same with every other online banking account. It takes a while to build up good security and people just have to be careful with their stuff. Umm ..... how many stories have we heard from banks recently saying "oh sorry, we've got hacked, and all your money has gone". No, I'm not defending banks for a minute, just pointing out that you can have all the "good security" in the world but if the website owner decides to steal the coins, he can do so in 5 mins. Greed does funny things to people. Inputs.io claimed the most amazing levels of security, yet they claim they were hacked and had all their coins stolen. Make your own mind up  |
|
|
|
|
|
bkpduke
|
|
December 11, 2013, 01:59:27 PM |
|
If the user had setup two-factor authentication, this would not have happened.
I put more blame on the user here than CEX. Sorry, you just don't leave large sums of BTC unprotected.
|
|
|
|
|
|
|
|
IYFTech (OP)
|
|
December 11, 2013, 07:31:11 PM |
|
|
|
|
|
siameze
Legendary
Offline
Activity: 1064
Merit: 1000
|
|
December 11, 2013, 10:32:30 PM |
|
My criticism is free lol.  |
|
|
|
|
empoweoqwj
|
|
December 12, 2013, 01:02:46 AM |
|
Seriously? That explains all then ............. Nobody going to investigate him, the police I mean. This is giving a bad name to the .io domain space  Re: 2 factor authentication "solving all", it didn't stop all the coins disappearing from inputs.io, owned by "Mr" TradeFortress. he was unfortunately (cough cough) "hacked", even though he claimed the best security of any online wallet. Make your own mind up. |
|
|
|
|
johningreece
Member
Offline
Activity: 77
Merit: 10
|
|
January 05, 2014, 03:35:12 PM |
|
Earlier today my cex.io account was hacked and also my email. The hacker sold the GHS I had and withdrew the funds. I had deposited 10 btc into my cex account. My cex account is now frozen by cex and they are investigating - whatever that means. Does not cex have the obligation to make this right??
|
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3920
Merit: 2198
Verified awesomeness ✔
|
|
January 05, 2014, 04:12:51 PM |
|
Earlier today my cex.io account was hacked and also my email. The hacker sold the GHS I had and withdrew the funds. I had deposited 10 btc into my cex account. My cex account is now frozen by cex and they are investigating - whatever that means. Does not cex have the obligation to make this right??
If it was their fault, they should. If you fucked up, they don't have to. |
| | | .
Duelbits | | | ▄████▄▄
▄█████████▄
▄█████████████▄
▄██████████████████▄
▄████▄▄▄█████████▄▄▄███▄
▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███
██████▀▀▀▀████▀███▀▀▀▀█████
▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
▀███████████████████▀
▀███████████████▀ | | | | | .
▄ ▄▄▀▀▀▀▄▄
▄▀▀▄ █
█ ▀▄ █
▄█▄ ▀▄ █
▄▀ ▀▄ ▀█▀
▄▀ ▀█▄▄▄▀▀ ▀
▄▀ ▄▀ ▄▀
Live Games | |
▄▄▀▀▀▀▀▀▀▄▄
▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄ █ ▄ █ ▀▄
█ █ ▀ ▀ █ █ ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█
█ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | .
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▄ █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █
█ ▄▄ █ █
█ █ █
█ ▄▀▀▄▀▀▄ █ █
█ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄
▀████▄▄
██████▄
▄▄▄▄▄▄▄▄█▀ ▀▀█
████████▄ █
█████████▄ █
██████████▄ ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀ ████
█ ███
█ █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ]
AVAILABLE NOW | |
Advertisements are not endorsed by me. |
|
|
|
empoweoqwj
|
|
January 06, 2014, 03:12:39 AM |
|
Earlier today my cex.io account was hacked and also my email. The hacker sold the GHS I had and withdrew the funds. I had deposited 10 btc into my cex account. My cex account is now frozen by cex and they are investigating - whatever that means. Does not cex have the obligation to make this right??
If it was their fault, they should. If you fucked up, they don't have to. Several reports of lost funds from cex.io these last few days. Hope its not another .io site getting "hacked". |
|
|
|
|
johningreece
Member
Offline
Activity: 77
Merit: 10
|
|
January 08, 2014, 07:08:33 AM |
|
Cex.io said "sorry for your loss"
|
|
|
|
|
rammy2k2
Legendary
Offline
Activity: 1974
Merit: 1003
|
|
January 08, 2014, 12:08:39 PM |
|
i doubt cex.io is hacked ... i bet users have fallen for phising sites or keyloggers
|
|
|
|
|
|
empoweoqwj
|
|
January 08, 2014, 01:45:59 PM |
|
i doubt cex.io is hacked ... i bet users have fallen for phising sites or keyloggers
You can't possibly know that. I haven't heard of of any cex.io phishing emails going around, but I have heard of several cex.io accounts being emptied recently ......... |
|
|
|
|
streetlogics
Newbie
Offline
Activity: 4
Merit: 0
|
|
January 16, 2014, 09:06:36 PM |
|
Was just logged in to cex.io chat and got 2 javascript alerts minutes apart with simply the text "1". I logged back in a few minutes later to investigate, and discovered this in the "russian" tab of their chat window: z66 : 20:25
“><img src="#" onerror="alert(1)"
Ramirez : 20:26
><img src="#" onerror="alert(1)"
Ramirez : 20:26
doesnt work
kickbit : 20:27
xe2x80x9c><img src="#" onerror="alert(1)"
Ramirez : 20:28
-->
Ramirez : 20:29
-> They have been alerted via twitter by others that noticed the problem too: https://twitter.com/chrisfarms/status/423913046512128001 https://twitter.com/vvedma/status/423920180750610432As a professional web developer, this is deeply concerning. I am not sure that this is necessarily related to people having their accounts cleaned out, but it is certainly something to consider regardless as a "possibility". Anyone who has studied computer information security knows how serious the potential for an XSS attack is, and it certainly should not be taken lightly. You are free to draw your own conclusions, but personally I withdrew all my BTC from there a while ago. |
|
|
|
|
|
Kenshin
|
|
January 16, 2014, 09:07:44 PM |
|
Good job I left them yesterday.  |
|
|
|
|
|
empoweoqwj
|
|
January 17, 2014, 04:21:31 AM |
|
Now you have me really worried! With all I've heard, multiple account "hacks" etc. at cex.io, I wouldn't put a single bitcoin in a wallet with them. I don't trust any wallet service with domain ending in .io, scared of who the real owner might be  |
|
|
|
|
Maidak
Legendary
Offline
Activity: 1876
Merit: 1058
The OGz Club
|
|
January 20, 2014, 06:18:03 PM
Last edit: January 20, 2014, 06:40:41 PM by Maidak |
|
Was just logged in to cex.io chat and got 2 javascript alerts minutes apart with simply the text "1". I logged back in a few minutes later to investigate, and discovered this in the "russian" tab of their chat window: z66 : 20:25
“><img src="#" onerror="alert(1)"
Ramirez : 20:26
><img src="#" onerror="alert(1)"
Ramirez : 20:26
doesnt work
kickbit : 20:27
xe2x80x9c><img src="#" onerror="alert(1)"
Ramirez : 20:28
-->
Ramirez : 20:29
-> They have been alerted via twitter by others that noticed the problem too: https://twitter.com/chrisfarms/status/423913046512128001 https://twitter.com/vvedma/status/423920180750610432As a professional web developer, this is deeply concerning. I am not sure that this is necessarily related to people having their accounts cleaned out, but it is certainly something to consider regardless as a "possibility". Anyone who has studied computer information security knows how serious the potential for an XSS attack is, and it certainly should not be taken lightly. You are free to draw your own conclusions, but personally I withdrew all my BTC from there a while ago. I'm going to clear some things up regarding this. I do work for support with cex.io and have been for months I was on shift during the execution of this XSS vulnerability immediately called our technical department and had the hole patched within under a minute. No user data was compromised during this failed attack. The reason for this is because what he tried to download was blocked by our censor in the trollbox. Now the reality on why the users are getting compromised over 99% of them are because of our users are not securing their emails with 2factor authentication nor securing their cex.io accounts. I've seen countless tickets where people have downloaded trading bots and lost all of there BTC and GHS, going to a site like c-cex.com and submitting their information. It all starts with the users email account being compromised. 10 out of 10 times every user who has been hacked has not had their 2 factor authentication enabled which would have prevented the withdraw from ever happening. Also be aware its not very hard to stick a remote administration tool and keylogger on any PC if you are not properly protecting your PC and downloading a trading bot which could very well work it just comes with an added feature. I have suggested to numerous people if you plan on keeping financial assets online do it on a freshly imaged PC use strong password and always use the added security precautions that the site does provide. We are also looking into adding yubikeys as well which was my personal suggestion to the company since I love the security a yubikey offers over 2FA. Now you have me really worried! With all I've heard, multiple account "hacks" etc. at cex.io, I wouldn't put a single bitcoin in a wallet with them. I don't trust any wallet service with domain ending in .io, scared of who the real owner might be This is a registered company check the SSL and the contact us page https://cex.io/support and search the company number. Just because tradefortress used an .io domain does not mean that its a domain owned by tradefortress.. |
|
|
|
|
maverick528
|
|
January 29, 2014, 04:55:59 PM |
|
Two days ago I could not access my CEX.IO account anymore. Says username or password wrong, but when I tried to reset the password (even knowing I am entering it right), it replies that the username or email address are wrong. I use always same email adress and username, never requested to change the email address. Contacted CEX support. First reply goes like "you are retarded, please remember usernames are case sensitive" and then THEY write the wrong way my username, (it is all lowercase) with a capital first letter. And they ask the email I used to register (it is the one I am using to write the emails to them!!) Second reply (24 hs later) they "inform" me what MY username and email is (I already knew that, kids!). They ask me if I changed my email address and to check all the mails from CEX.IO. No, no email change address by me, and no email from CEX telling about any change. Third reply (24 hs more). I must now send a photograph of myself holding a government-issued ID (can I hang the ID somewhere instead of holding it?  ) The verification process is going to take two weeks. Meanwhile I can not get the funds I OWN, I can not trade, etc. I must take a loss because they can not fix their security holes. CEX.IO sucks. Unfortunately a pair of days ago I bought another voucher for more GHashes on CEX. And it is not on paper so it can not be used for cleaning purposes.  |
|
|
|
|
maverick528
|
|
January 29, 2014, 05:10:08 PM |
|
By the way, I do not use any trading bot. And my password was never typed, so that keyloggers can not harm me. And I can not use 2FA because my cellphone is a Motorola C115  |
|
|
|
|
empoweoqwj
|
|
January 30, 2014, 04:34:20 AM |
|
Two days ago I could not access my CEX.IO account anymore. Says username or password wrong, but when I tried to reset the password (even knowing I am entering it right), it replies that the username or email address are wrong. I use always same email adress and username, never requested to change the email address. Contacted CEX support. First reply goes like "you are retarded, please remember usernames are case sensitive" and then THEY write the wrong way my username, (it is all lowercase) with a capital first letter. And they ask the email I used to register (it is the one I am using to write the emails to them!!) Second reply (24 hs later) they "inform" me what MY username and email is (I already knew that, kids!). They ask me if I changed my email address and to check all the mails from CEX.IO. No, no email change address by me, and no email from CEX telling about any change. Third reply (24 hs more). I must now send a photograph of myself holding a government-issued ID (can I hang the ID somewhere instead of holding it? ) The verification process is going to take two weeks. Meanwhile I can not get the funds I OWN, I can not trade, etc. I must take a loss because they can not fix their security holes. CEX.IO sucks. Unfortunately a pair of days ago I bought another voucher for more GHashes on CEX. And it is not on paper so it can not be used for cleaning purposes. Don't you love it when companies remind you passwords are case-sensitive. Assuming we are morons who've never used the web before .... |
|
|
|
|
|
