* * * Bitstamp is a fraud company...beware!! * * *

[kmahesh]

Folks,

I just thought I'd share my experience so others don't make the same mistake.

I transferred $1500 from my HDFC bank to Bitstamp (www.bitstamp.net)

I received an email from them saying my funds were deposited. Within an hour of that, someone logged into my account, bought bitcoins, transferred them to their wallet AND THEN changed the password.

Clearly this wasn't an insider and NOT malware as I have no dodgy apps on my office laptop and also have Symantec Antivirus running.

See log (please read bottom-up):

2013-12-28 12:29:01 173.254.216.67 Logged in 
2013-12-27 17:34:47 209.222.8.196 Opened bitcoin withdrawal request for 0.025 BTC to 14hF8K4h7u4MAZsEJs5aRjXGVti6YBLTEn 
2013-12-27 17:33:55 209.222.8.196 Opened limit buy order (amount: 0.025 BTC, price: $718.00) 
2013-12-27 17:31:47 96.47.226.22 Changed user password 
2013-12-27 17:29:27 96.47.226.22 Opened bitcoin withdrawal request for 2 BTC to 14hF8K4h7u4MAZsEJs5aRjXGVti6YBLTEn 
2013-12-27 17:28:20 176.240.210.83 Opened limit buy order (amount: 2 BTC, price: $724.18) 
2013-12-27 17:26:07 96.47.226.22 Logged in
2013-12-27 10:32:48 122.172.192.2 Logged in 
2013-12-27 04:26:28 122.167.73.30 Logged in 
2013-12-26 12:16:25 122.178.240.51 Logged in 
2013-12-26 03:14:24 122.178.198.77 Logged in 

As you can see all 122.*.*.* are timestamps where I logged-in. Suddenly on 27th Dec, someone logs in from a diff IP, TRANSACTS in my account (buys/ transfers to wallet) AND THEN LATER changes password.

Here is where the fun begins. There is no support number provided on www.bitstamp.net So I logged a support ticket and then someone replies to my email with a phone number. I call that UK number & after a few attempts...somebody answers the phone & I speak to somebody called Marko Rogan who does not have an employee ID! Guess why?? They are are limited liability company (LLC) incorporated in UK with a capital of just 1000 pounds! The "director" is a 24 year old Slovenian who does not have a contact number that he can be reached on!

http://www.companiesintheuk.co.uk/ltd/bitstamp

Marko tells me that a password reset can be done & the temporary password will be mailed to the registered mail ID i.e. my email ID has been compromised. So I then raise a support request with Microsoft on www.outlook.com the mail ID that was "compromised" asking for details of all mails received/sent/deleted on 27th dec.

I have reported the crime to the UK police http://www.actionfraud.police.uk/ The crime reference number CRN is NFRC131200484131. I will also be reporting this to the cyber crime police in Bangalore.

Request you to please promote this post & ensure others don't fall prey. Also gather momentum to get the UK police to investigate this case and punish the guilty.

Please DO NOT send funds or transact on www.bitstamp.net

-Mahesh

[1714841157]

1714841157

[1714841157]

1714841157

[1714841157]

1714841157

[1714841157]

1714841157

[1714841157]

1714841157

[BTCIndia]

Welcome to quicksand called Bitcoin world!

[americandesi]

Hello Mate,

I feel for you. Hacking user accounts are rampant in bitcoin exchanges.
I don't think you had enabled 2-Factor authentication on your bitstamp account.

If you had, then this would not have been possible. Make sure you enable 2 factor auth on everything these days.
And if you done so, then there could have been only 2 people who could have accessed your account. Either yourself or someone from bitstamp.

I use them on almost everything and if a website doesnot offer that kind of security, then i think twice before signing up.

Just my 2 satoshis.
Thanks

[thenoblebot]

Sorry to hear about the situation bro .......... will keep in mind about what you said. I was considering the same about transferring some funds.

Maybe this is the wrong time to ask you, but what did you tell the HDFC bank officials when sending the money ? I mean the purpose ... just curious if they didn't frown when you wrote the purpose of transmitting the money .. cause I was thinking the same with another bank.

Anyways what happened was bad ..... try forgetting about it and concentrate on trading ... maybe you will make up for the loss ... whats gone is gone , especially true in the crypto world.

Good luck and cheer up.

[Amitabh S]

Sorry for your loss.. But we'd like to know more about what happened to help others in future.

Was your bitstamp account compromised? or was your email account compromised.

Please share more details.

[undeadbitcoiner]

Sorry to hear about your loss
But Did you activate your 2 Factor?
when you invest that money you must have activate your 2 Factor in Bitstam account and even in you Email.

I actually have some Damn Question
How you Deposit money in your Bitstamp Account from India its hard to transmit money (As i know and as i heard some news)
Quite Interesting point is for every small transaction bitstamp send SMS and even Email to verify transaction so how your account activated and how your transaction took place?

[Benson Samuel]

Sorry to hear about your loss
But Did you activate your 2 Factor?
when you invest that money you must have activate your 2 Factor in Bitstam account and even in you Email.

I actually have some Damn Question
How you Deposit money in your Bitstamp Account from India its hard to transmit money (As i know and as i heard some news)
Quite Interesting point is for every small transaction bitstamp send SMS and even Email to verify transaction so how your account activated and how your transaction took place?

Someone on reddit had also confirmed making a deposit into Bitstamp from India.

[kmahesh]

Amitabh: My bitstamp account was compromised. With a few minutes of me receiving an email from them saying they had deposited the funds in my account, bitcoins were purchased & withdrawn. I did not receive any email in my account. Yes I had enabled 2 factor authentication!!

Bitstamp is blaming it on malware...I'm using my office laptop which has no dodgy software on it and has Symantec running.

Clearly...bitstamp is to blame for my loss.

[undeadbitcoiner]

Sorry to hear about your loss
But Did you activate your 2 Factor?
when you invest that money you must have activate your 2 Factor in Bitstam account and even in you Email.

I actually have some Damn Question
How you Deposit money in your Bitstamp Account from India its hard to transmit money (As i know and as i heard some news)
Quite Interesting point is for every small transaction bitstamp send SMS and even Email to verify transaction so how your account activated and how your transaction took place?

Someone on reddit had also confirmed making a deposit into Bitstamp from India.

May be bitstamp have different activating option for different country.

Amitabh: My bitstamp account was compromised. With a few minutes of me receiving an email from them saying they had deposited the funds in my account, bitcoins were purchased & withdrawn. I did not receive any email in my account. Yes I had enabled 2 factor authentication!!

Bitstamp is blaming it on malware...I'm using my office laptop which has no dodgy software on it and has Symantec running.

Clearly...bitstamp is to blame for my loss.

2FA was activated but you didnt get any information? How is it possible?
If you really activated your 2FA still your account was compromised then its a big issuee.

[laserwolf]

Amitabh: My bitstamp account was compromised. With a few minutes of me receiving an email from them saying they had deposited the funds in my account, bitcoins were purchased & withdrawn. I did not receive any email in my account. Yes I had enabled 2 factor authentication!!

Bitstamp is blaming it on malware...I'm using my office laptop which has no dodgy software on it and has Symantec running.

Clearly...bitstamp is to blame for my loss.

I don't think you had enabled 2-factor authentication. Did you register your phone, and do you get a 6-digit code on it that you need to enter when logging on?

[escrow.ms]

Bitstamp is blaming it on malware...I'm using my office laptop which has no dodgy software on it and has Symantec running.

Clearly...bitstamp is to blame for my loss.

Symantec is worst anti-virus dude and no anti-virus can keep your pc safe.
Also are you sure that no one else except you accessed that laptop or your email id?  Possibly someone that knows you personally did this.
I will advice you to install malware bytes anti malware and scan your pc.  If you have downloaded anything recently scan it on virustotal.com  and btw do you have Java enabled in your pc? 

[ajax3592]

That's the first time I've ever heard a bad experience with Bitstamp.

If I were to buy a Bitcoin now, they are the ones I'll wire the money onto as first priority.

Gotta be more careful maybe.

I think we should maintain a thread here for buying/selling bitcoin - the old fashioned way. Everyone put's their buy sell orders and OP updates it on the first post.

[subvolatil]

That's the first time I've ever heard a bad experience with Bitstamp.

If I were to buy a Bitcoin now, they are the ones I'll wire the money onto as first priority.

Gotta be more careful maybe.

I think we should maintain a thread here for buying/selling bitcoin - the old fashioned way. Everyone put's their buy sell orders and OP updates it on the first post.

I had one running a  few months  back let me  bring it back  alive.

Edit : use this

https://bitcointalk.org/index.php?topic=194102.0

[dishwara]

With 2FA enabled its impossible to hack your account unless, some one also gains access to your mobile also.
Its really confusing.

[americandesi]

With 2FA enabled its impossible to hack your account unless, some one also gains access to your mobile also.
Its really confusing.

It is not impossible. It is still possible. What if the 2FA Seed file itself is compromised on the server database. Then the attacker can generate the OTP code. (Remember the famous RSA Secure ID hack from 2011.?)

Another possibility is, when you login with 2FA from your computer, then usually your browser cookie will be cached and if your computer has been infected with all the new bitcoin related malwares surfing up, then it is possible that the user's computer was a zombie in the hands of the hackers.

[kmahesh]

Just to be on the safer side I have raised a support request to Microsoft to provide me all IP addresses of successful logins from my email ID and all emails received/ sent/ deleted during the period 24 - 30 Dec '13.

I can confirm I haven't received an email for temporary password on bitstamp or the transaction verification email etc.

Something is very very strange.

[escrow.ms]

With 2FA enabled its impossible to hack your account unless, some one also gains access to your mobile also.
Its really confusing.

What if 2FA was enabled on a infected pc that was recording all keystrokes or grabbing forms.
XD

As americandesi said 2FA is useless if seed is already compromised by some hacker.

[kmahesh]

I'm 100% sure my laptop is not infected.

However there is just one possibility; I installed 2 bitcoin price tracker add-ons in Firefox...could this be logging key strokes? 

http://i44.tinypic.com/23kvgbc.jpg

-Mahesh

[dishwara]

With 2FA enabled its impossible to hack your account unless, some one also gains access to your mobile also.
Its really confusing.

What if 2FA was enabled on a infected pc that was recording all keystrokes or grabbing forms.
XD

As americandesi said 2FA is useless if seed is already compromised by some hacker.

I think you cant use same 2FA generated code many time. Its not password, its OTP. I think it expires after 5-10 mints, not sure.

Besides his logs says the log in happened in a 7 hours gap.

2013-12-27 17:26:07 96.47.226.22 Logged in
2013-12-27 10:32:48 122.172.192.2 Logged in

If seed in server database got compromised, then every ones account in Bitstamp is also compromised, not only his account & so far no one complained except him.

[nefron]

my guess is your email id has been compromised, as soon as you received the mail(to which he had access to) stating the funds are transferred, he logged in  made a buy and ran away.

am not sure whether microsoft provides list ip addresses from which user login took place like in gmail, if there is such option check those logs too, you might find a clue.