Bitcoin Forum
November 12, 2024, 07:55:10 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: My CEX.IO account has been hacked and has been drained dry.  (Read 3823 times)
bornkiller
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
January 05, 2014, 04:57:24 PM
 #21

Earlier today my cex.io account was hacked and also my email. The hacker sold the GHS I had and withdrew the funds. I had deposited 10 btc into my cex account. My cex account is now frozen by cex and they are investigating - whatever that means. Does not cex have the obligation to make this right??

My account was hacked too on 3 of jan about 21.30. But I don't run anything. It was about 5 BTC in GHS ant BTC. My account is frozen now.
There is no viruses on my pc, i've just checked it out.

I think that somebody has been stolen db with logins and e-mail from cex.io...
johningreece
Member
**
Offline Offline

Activity: 77
Merit: 10


View Profile
January 05, 2014, 05:02:12 PM
 #22

I am hoping that cex will make this right, either erstore the btc or provide enought temporary GHS to remine the lost btc.  What have they told you?
not.you
Legendary
*
Offline Offline

Activity: 1726
Merit: 1018


View Profile
January 05, 2014, 05:14:02 PM
 #23

Java is a huge malware vector.  I do not run it on my PC's for reasons such as this.  This is the first time I have heard of it being used for BTC related hack stuff but it has long been used to make your webmail accounts send spam for the malware writers that wind up encouraging your friends to click malicious links since the email comes from you.  It is also frequently used to install trojans and other crap on your PC.  There is a reason java has updates almost bi-weekly.  Don't install java on any computer unless it is essential to some app you use and then don't use that computer to surf the web.
Frost000
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
January 05, 2014, 06:22:36 PM
 #24

Earlier today my cex.io account was hacked and also my email. The hacker sold the GHS I had and withdrew the funds. I had deposited 10 btc into my cex account. My cex account is now frozen by cex and they are investigating - whatever that means. Does not cex have the obligation to make this right??

Did you have 2-FA enabled for your account?

Cex.io has been a mixed bag in the past, it seems, when it comes to hacked accounts. On the site's troll box, there have been users explaining that they had their funds withdrawn as well, with Cex.io doing nothing about it. So who know...
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 06, 2014, 02:54:48 AM
 #25

I have lost a bit more than 0.5 BTC in total.
I had 11 GH/s and had enough to buy another 1.5.
I have sent the files dumped in my TEMP folder to another CEX user, he will pull it apart and help to discover what and how he managed to get it done.
The webpage listed above ran a JAVA plugin, which I stupidly agreed to run.
What got my attention at first was btc-e loaded in another web browser that was closed.
It also ran an app called mtgox_bot.exe.
The Scumbag has managed to get into my account and change my password, I am locked out.
I was able to see my worker on ghash.io with 0 GH/s just before I was locked out of there.
I'm SAD.

Lesson for everyone. Never run a Java plugin. Sorry for your loss

Java is ok from trusted places or sandboxed. The best one is http://www.sandboxie.com/

I did download whole site as mirror and  applet.jar on the website. Anyone who knows java could look in that what's acctually this script doing.

Zip file is here: http://www38.zippyshare.com/v/80049771/file.html

I suggest any one to run it sundboxed.

You've lost me ..... what Java are you encouraging people to download and run given that the thread was about someone who ran some Java and got hacked because of it ?

My intention was to provide applet which trying to load by visiting site given by OP, to someone who can check what's that plugin doing. I done it sundboxed and plugin done nothing to my laptop.
Someone who knows Java can check it and can provide info how cex account was emptied.
By downloading zip and unpack it nothing will happen. U have to applet.jar to have effect.
I did check this file by opening in editor but cannot find anything-i dont know what im looking for anyway.

You don't know what you are looking for? So why look?

Leave security analysis to people that know what they are doing. They don't need advise about sandboxes either Wink
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 06, 2014, 02:56:21 AM
 #26

I think cex.io need to comment about this.

How many accounts have been hacked in the last week and funds stolen? Is cex.io safe at all now?
johningreece
Member
**
Offline Offline

Activity: 77
Merit: 10


View Profile
January 06, 2014, 08:26:19 AM
 #27

read this:

http://mentaso.com/bitcoin-news/cex-part-2-the-hacked-account-and-children-playing-grownups.html
Justin00
Legendary
*
Offline Offline

Activity: 910
Merit: 1000


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
January 06, 2014, 09:30:47 AM
 #28

hmm.. so if im understanding correctly... the hacker can easily get someones username/btc address and the hack.. part is the finding the persons email address ?

empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 06, 2014, 10:14:04 AM
 #29

another bitcoin site with iffy security - what a shock
s1lverbox
Legendary
*
Offline Offline

Activity: 2324
Merit: 1039


View Profile
January 06, 2014, 11:17:38 AM
 #30

I have lost a bit more than 0.5 BTC in total.
I had 11 GH/s and had enough to buy another 1.5.
I have sent the files dumped in my TEMP folder to another CEX user, he will pull it apart and help to discover what and how he managed to get it done.
The webpage listed above ran a JAVA plugin, which I stupidly agreed to run.
What got my attention at first was btc-e loaded in another web browser that was closed.
It also ran an app called mtgox_bot.exe.
The Scumbag has managed to get into my account and change my password, I am locked out.
I was able to see my worker on ghash.io with 0 GH/s just before I was locked out of there.
I'm SAD.

Lesson for everyone. Never run a Java plugin. Sorry for your loss

Java is ok from trusted places or sandboxed. The best one is http://www.sandboxie.com/

I did download whole site as mirror and  applet.jar on the website. Anyone who knows java could look in that what's acctually this script doing.

Zip file is here: http://www38.zippyshare.com/v/80049771/file.html

I suggest any one to run it sundboxed.

You've lost me ..... what Java are you encouraging people to download and run given that the thread was about someone who ran some Java and got hacked because of it ?

My intention was to provide applet which trying to load by visiting site given by OP, to someone who can check what's that plugin doing. I done it sundboxed and plugin done nothing to my laptop.
Someone who knows Java can check it and can provide info how cex account was emptied.
By downloading zip and unpack it nothing will happen. U have to applet.jar to have effect.
I did check this file by opening in editor but cannot find anything-i dont know what im looking for anyway.

You don't know what you are looking for? So why look?

Leave security analysis to people that know what they are doing. They don't need advise about sandboxes either Wink
stop being cocky. I just trying to help plus the fact I have cex account and want to understand how its done. if I knew I have to deal with idiots I wouldn't wright anything at all.
Wassupia
Member
**
Offline Offline

Activity: 106
Merit: 10


View Profile
January 06, 2014, 12:46:51 PM
 #31

I have lost a bit more than 0.5 BTC in total.
I had 11 GH/s and had enough to buy another 1.5.
I have sent the files dumped in my TEMP folder to another CEX user, he will pull it apart and help to discover what and how he managed to get it done.
The webpage listed above ran a JAVA plugin, which I stupidly agreed to run.
What got my attention at first was btc-e loaded in another web browser that was closed.
It also ran an app called mtgox_bot.exe.
The Scumbag has managed to get into my account and change my password, I am locked out.
I was able to see my worker on ghash.io with 0 GH/s just before I was locked out of there.
I'm SAD.

Lesson for everyone. Never run a Java plugin. Sorry for your loss

Java is ok from trusted places or sandboxed. The best one is http://www.sandboxie.com/

I did download whole site as mirror and  applet.jar on the website. Anyone who knows java could look in that what's acctually this script doing.

Zip file is here: http://www38.zippyshare.com/v/80049771/file.html

I suggest if any one, to run it sundboxed.

I do not encourage anyone to download and open this file.

Files provided to analyse what contains that plugin and how they taking info from machine.

You can decompile with http://jd.benow.ca/

It's a regular java driveby, with a reg to disable uac and taskmanager (I think). I found 1 valid url inside, of which the domain expired on December 20.
http:**www.mundoonlinejava.com*cgi.bin*uploads*update2.jar

On http://web.archive.org  I see it was hosted by https://pt-br.facebook.com/KingHost.Brasil

whois:
http://whois.domaintools.com/mundoonlinejava.com
It's probably registered with the email-address of the hosting comp, not sure.

If someone could get the ip-adress the domain pointed to before it expired, you might be able to download the update2.jar to get more info.

I know there have been silent javadriveby's that would run without requiring permission.
You should disable the java plugin by default...
This way Jars won't even ask for permission, so you can't 'accidently' press 'run/allow', and silent driveby's don't have a chance.


My BTC-address: 1JtgnB6UC5j9gMYzLftVaCmwdPL4PrWeYB
pasikisu
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
January 06, 2014, 06:11:02 PM
 #32

you dont need a phone to use it.

https://github.com/gbraad/html5-google-authenticator

take care.
Just remember to not run that on the same computer. The point of 2fa is that the OTPs come from another source, so if your main computer is hacked all is not lost.
doltek
Newbie
*
Offline Offline

Activity: 12
Merit: 0



View Profile
January 08, 2014, 09:41:53 AM
 #33

My account was hacked too. Cex.io doesn't seem to care. Making me feel it my fault. Huh Shocked
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 08, 2014, 02:01:08 PM
 #34

My account was hacked too. Cex.io doesn't seem to care. Making me feel it my fault. Huh Shocked

Did you have 2fa on?
doltek
Newbie
*
Offline Offline

Activity: 12
Merit: 0



View Profile
January 09, 2014, 09:02:13 AM
 #35

My account was hacked too. Cex.io doesn't seem to care. Making me feel it my fault. Huh Shocked

Did you have 2fa on?

I do now. I have never been hacked before this.
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 09, 2014, 11:04:49 AM
 #36

My account was hacked too. Cex.io doesn't seem to care. Making me feel it my fault. Huh Shocked

Did you have 2fa on?

I do now. I have never been hacked before this.

I mean when you were hacked.
maverick528
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile WWW
January 29, 2014, 09:35:46 PM
 #37

Me too. Cry

https://bitcointalk.org/index.php?topic=365103.msg4821269#msg4821269

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!