Bitcoin Forum
December 11, 2018, 10:33:28 AM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: ■■■My 2013 legendary account was hacked :( help me to find how and to recover it  (Read 1561 times)
Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 08, 2018, 04:38:33 PM
 #1

I don't know how, my account was hacked  Angry

I already blocked the account and sent to Cyrus a signed message, I hope it will be resolved soon.

The account should be locked now and I hope the hacker will do no harm, I opened this thread mainly to try to understand how I was hacked. Also, I am pretty sure I posted 2 addresses in the stake thread, but I am not able to find them. Any google master that can help me?

Here the signed message:

----BEGIN BITCOIN SIGNED MESSAGE-----
Hi,
Someone just hacked my original account (link https://bitcointalk.org/index.php?action=profile;u=154985 )
Please help me
Realerre
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: 1errednJJpXhbjgqby9xj8HSjwBci6d19

HJLmrt/iZeKEyuxNZtc6w6lnzhJYj2aqlJg5hRwv7k6DUl9UzdHxH1/BOMGuNT/7Cf5t7lz2JwDsO3CoRBeMnlw=
-----END BITCOIN SIGNATURE-----

Same message, signature form 13wZt74rDowJznv1TACrZVHiPywKAynYCe:

HEucCjcploRKHI3V3t0EF0TxOk90LB36gL3WJrN/5mujDMnMJanWiF3l123Ax5RVGf3Aa2/Syb0aDM2rORj1Ui0=

From 1SoGC63df4ueo1Zum21c9DwUuft5mkyyi:

HKqudeNrfYNnxeUWMyEBrFORgd7l6+gI93BvwW7P6XH1G6Nr+BU3XgHxqjEnuyiCxRE+M8Zys3Qae3+48RGxoTA=

1544524408
Hero Member
*
Offline Offline

Posts: 1544524408

View Profile Personal Message (Offline)

Ignore
1544524408
Reply with quote  #2

1544524408
Report to moderator
1544524408
Hero Member
*
Offline Offline

Posts: 1544524408

View Profile Personal Message (Offline)

Ignore
1544524408
Reply with quote  #2

1544524408
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
bitserve
Hero Member
*****
Offline Offline

Activity: 686
Merit: 542



View Profile
May 08, 2018, 05:04:17 PM
 #2

Here you are: https://bitcointalk.org/index.php?topic=996318.msg20945919#msg20945919

19VBmRQVqrtNTGiwngZutwREagcKxJgVZM
Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 08, 2018, 05:06:05 PM
 #3

Thank you very much, I will send you some merit when able Smiley
bitserve
Hero Member
*****
Offline Offline

Activity: 686
Merit: 542



View Profile
May 08, 2018, 05:07:15 PM
 #4

Thank you very much, I will send you some merit when able Smiley

np, good luck on prompt recovery of your account!

19VBmRQVqrtNTGiwngZutwREagcKxJgVZM
hilariousandco
Cupper Member
Global Moderator
Legendary
*
Offline Offline

Activity: 1862
Merit: 1403


Honorable Moderator Council Bitcontalk


View Profile
May 08, 2018, 07:52:03 PM
 #5

Here the signed message:

----BEGIN BITCOIN SIGNED MESSAGE-----
Hi,
Someone just hacked my original account (link https://bitcointalk.org/index.php?action=profile;u=154985 )
Please help me
Realerre
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: 1errednJJpXhbjgqby9xj8HSjwBci6d19

HJLmrt/iZeKEyuxNZtc6w6lnzhJYj2aqlJg5hRwv7k6DUl9UzdHxH1/BOMGuNT/7Cf5t7lz2JwDsO3CoRBeMnlw=
-----END BITCOIN SIGNATURE-----

Same message, signature form 13wZt74rDowJznv1TACrZVHiPywKAynYCe:

HEucCjcploRKHI3V3t0EF0TxOk90LB36gL3WJrN/5mujDMnMJanWiF3l123Ax5RVGf3Aa2/Syb0aDM2rORj1Ui0=

From 1SoGC63df4ueo1Zum21c9DwUuft5mkyyi:

HKqudeNrfYNnxeUWMyEBrFORgd7l6+gI93BvwW7P6XH1G6Nr+BU3XgHxqjEnuyiCxRE+M8Zys3Qae3+48RGxoTA=



They all verify.

The older the address the better:


10 erre KozmUeGrvc3Yfxs2X5F6gpGqCSRUzxHfG invalida


??

1SoGC63df4ueo1Zum21c9DwUuft5mkyyi

ps: dvdman es un genio

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 08, 2018, 08:09:20 PM
 #6

Yes the above addresses are spammed along all the forum, from 2013 Smiley
Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 09, 2018, 04:33:51 PM
 #7

I noticed that cyrus account posted the last time 1 month ago, he seems to go online daily and to be online now, but  looking at his post history makes me think he is not very active in this period.

I don't want to bother abusing PMs, so I will bump this thread daily hoping that it will help to get noticed by some admin.

Besides that, any idea about how I was hacked?

The day before the hack I noticed I logged out and so logged in using Google automatic compile. My password is unique for this site, it was 2 words and 3 numbers, 15+ characters long. No virus or keylogger installed as far as I know, and I was hacked only on bitcointalk.
hilariousandco
Cupper Member
Global Moderator
Legendary
*
Offline Offline

Activity: 1862
Merit: 1403


Honorable Moderator Council Bitcontalk


View Profile
May 09, 2018, 04:54:48 PM
 #8

When did you last change your password here? If you didn't chnage it after the forum hack on May 22 2015 then it was likely cracked. Did you download any alt coin wallets or accidentally log into any phishing sites?

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 09, 2018, 05:08:03 PM
 #9

When did you last change your password here? If you didn't chnage it after the forum hack on May 22 2015 then it was likely cracked. Did you download any alt coin wallets or accidentally log into any phishing sites?

I changed my password adding "123" at the end. I know, shame on me, but they were salted and all....

Usually I use only my android phone to login, but as I said it was necessary to re-log the day before the hack

...Also, It could be I logged in using my Windows laptop. That seems unable to update to the last version of Windows, I stopped updates from services.msc because it was looping downloading and installing "the last version of windows".

I use this pc only to mine deeponions so I didn't bother so much, an avira scan find no viruses and I still have my considerable amount of onions (but I never uncrypted my wallet since days).

Deleting this pc would be really painful to me, but I'm seriously considering to do it before digiting the wallet password again.
Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 10, 2018, 07:17:38 PM
 #10

I checked the laptop, seems that I never logged in in bitcointalk since months ago, and I also ran hjiackthis, so I suppose it is safe.

And they did not hacked my android device, because other sites remain untouched. I am pretty sure I did not login to any phishing site, and I use goggle chrome autocompile for passwords.

So how did they hacked me Huh
Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 12, 2018, 09:00:09 AM
 #11

After double-checking all i was albe to, i unlocked the wallet and made a tx.

All went smooth, thanks god Smiley

So...seems like they hacked me....maybe I remember wrong and I didn't change the password after the 2015 hack, can someone check this for me?

Regarding account recovery, two weeks are pretty a long time to wait to send a pm to theymos, but I think that spam won't help me, and I already sent 3 message to Cyrus due to wrong format too... what else I can do, besides waiting 2 weeks and upping this thread?
Thirdspace
Hero Member
*****
Offline Offline

Activity: 826
Merit: 611


Mixing reinvented for your privacy | chipmixer.com


View Profile
May 12, 2018, 11:38:21 AM
 #12

The day before the hack I noticed I logged out and so logged in using Google automatic compile.
I am pretty sure I did not login to any phishing site, and I use goggle chrome autocompile for passwords.
you mean Google Autofill/Autocomplete password?
did you re-log intentionally (open login page from bookmark) or were you re-directed to login page?
if the latter happened, you could be logging into a phishing site Undecided happened to me a few weeks ago
but luckily I noticed the wrong url, so I just closed the page and reopened the forum from my bookmark
can you remember the time you logging in and check your browser history to make sure you were on the real login page at that time
just in case there is a way to trick autocomplete to work with fake login page

Quote
May 08, 2018, 10:06:56 AM - erre - password reset via email
Quote
This user's password was reset recently.
This user's email address was changed recently.

Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 12, 2018, 12:43:21 PM
 #13

The day before the hack I noticed I logged out and so logged in using Google automatic compile.
I am pretty sure I did not login to any phishing site, and I use goggle chrome autocompile for passwords.
you mean Google Autofill/Autocomplete password?
did you re-log intentionally (open login page from bookmark) or were you re-directed to login page?
if the latter happened, you could be logging into a phishing site Undecided happened to me a few weeks ago
but luckily I noticed the wrong url, so I just closed the page and reopened the forum from my bookmark
can you remember the time you logging in and check your browser history to make sure you were on the real login page at that time
just in case there is a way to trick autocomplete to work with fake login page

Quote
May 08, 2018, 10:06:56 AM - erre - password reset via email
Quote
This user's password was reset recently.
This user's email address was changed recently.

Think You for the hint, i reviewed my chronology but I can't find anything suspicious... also, Google autofill shouldn't work on a phishing site....or not?
I think I login from the login button...because it seemed like I was logged out. I think I was not redirected, but I am not 100% sure
Welsh
Staff
Legendary
*
Offline Offline

Activity: 1442
Merit: 1384



View Profile
May 13, 2018, 11:08:21 AM
 #14

Think You for the hint, i reviewed my chronology but I can't find anything suspicious... also, Google autofill shouldn't work on a phishing site....or not?
I think I login from the login button...because it seemed like I was logged out. I think I was not redirected, but I am not 100% sure
If it autofills your password and username then yes. It's just like you typing it in. The way phishing sites work is that they make their site look identical to their target site and only have a different url and database. When you log in they'll see what you've tried to log in with, and will then try and use it on the actual site. I didn't even know autofill was a thing on modern browsers, but I would recommend taking that off right away.

Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 13, 2018, 06:07:54 PM
 #15

Think You for the hint, i reviewed my chronology but I can't find anything suspicious... also, Google autofill shouldn't work on a phishing site....or not?
I think I login from the login button...because it seemed like I was logged out. I think I was not redirected, but I am not 100% sure
If it autofills your password and username then yes. It's just like you typing it in. The way phishing sites work is that they make their site look identical to their target site and only have a different url and database. When you log in they'll see what you've tried to log in with, and will then try and use it on the actual site. I didn't even know autofill was a thing on modern browsers, but I would recommend taking that off right away.

When I went to a known site and I saved the password, both username and password would be autocopiled and in yellow background. I think this function will only work for known urls, I am pretty sure I used it, and I can't find any phishing link in my chronology (but searching is difficult because of mobile, I could have missed it).

Still, I'm wondering if I changed the password after the 2015 hack. I think I did so but I'm not 100% sure...
Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 17, 2018, 10:57:16 AM
 #16

Many days passed, still I didn't manage to understand how I was hacked, still no response from Cyrus.

Bump
coinlocket$
Sr. Member
****
Offline Offline

Activity: 392
Merit: 497



View Profile WWW
May 18, 2018, 02:36:21 PM
 #17

Some rules to avoid the hack

-Download untrusted wallets in a virtual machine
-Use a virgin email to the forum account
-Save the website on bookmarks
-Always check

Tip me: 12XUa8iczkvz2mdu4yBRDDeUB9nBfGFBaj
Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 18, 2018, 05:11:00 PM
 #18

Some rules to avoid the hack

-Download untrusted wallets in a virtual machine
-Use a virgin email to the forum account
-Save the website on bookmarks
-Always check


On the Admin side, they could require email verification for password change.
That would be great
Realerre
Member
**
Offline Offline

Activity: 108
Merit: 11


View Profile
May 20, 2018, 11:35:52 AM
 #19

Really, i don't know why email confirmation is not required to a password change, considering how much this forum is prone to hack attacks.

Still no answers from Cyrus, UP!
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1591
Merit: 1001



View Profile
May 20, 2018, 11:57:36 AM
 #20

Think You for the hint, i reviewed my chronology but I can't find anything suspicious... also, Google autofill shouldn't work on a phishing site....or not?
I think I login from the login button...because it seemed like I was logged out. I think I was not redirected, but I am not 100% sure
If it autofills your password and username then yes. It's just like you typing it in. The way phishing sites work is that they make their site look identical to their target site and only have a different url and database. When you log in they'll see what you've tried to log in with, and will then try and use it on the actual site. I didn't even know autofill was a thing on modern browsers, but I would recommend taking that off right away.

I always thought that autofills key the passwords to hostname or domain name contained in the canonical URL. They are not tricked by phishing sites where the domain name is mistyped or simply looks the same visually to the real site.
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!