Bitcoin Forum
November 12, 2024, 10:31:25 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: My CEX.IO account has been hacked and has been drained dry.  (Read 3823 times)
0zman (OP)
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
January 04, 2014, 02:16:59 PM
 #1

Hello all,
My cex.io account has just been hacked and drained dry.
I am in contact with Admin and they are investigating it.
The offender used the following weblink as his means of doing so.
mineramicasa.com/minera/
I am doing this as a means of helping others avoid this same trap.
I am a bit SAD because the BTC's that I had invested in the site are on loan to me, and I do not have any means of paying it back.
But I have some faith in the CEX.IO Admin team to hopefully recover my now empty account.
Imagine a world without SCUMBAGS, wouldn't it be nice?
Thanks.

0zman
bryant.coleman
Legendary
*
Offline Offline

Activity: 3766
Merit: 1217


View Profile
January 04, 2014, 02:26:58 PM
 #2

Saddened to hear this. How much did you lose? Do you have any idea how it happened? i.e compromised system, key logger, stolen passwords.etc?

0zman (OP)
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
January 04, 2014, 02:34:41 PM
 #3

I have lost a bit more than 0.5 BTC in total.
I had 11 GH/s and had enough to buy another 1.5.
I have sent the files dumped in my TEMP folder to another CEX user, he will pull it apart and help to discover what and how he managed to get it done.
The webpage listed above ran a JAVA plugin, which I stupidly agreed to run.
What got my attention at first was btc-e loaded in another web browser that was closed.
It also ran an app called mtgox_bot.exe.
The Scumbag has managed to get into my account and change my password, I am locked out.
I was able to see my worker on ghash.io with 0 GH/s just before I was locked out of there.
I'm SAD.
Frost000
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
January 04, 2014, 02:38:53 PM
 #4

Did you have 2-FA turned on for your account?

Either way, sorry for your loss... This seems to happen a lot more than it should.
0zman (OP)
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
January 04, 2014, 02:44:14 PM
 #5

No I didn't. My Smartphone has been out of order. I pick it up tomorrow.
Was going to do exactly that when I got it back, too late.
I feel very much like this guy.  Cry and his mate  Embarrassed.
All I hope to do now is stop him from draining anyone else's account.
I think he needs a good poke in the EYE.
BunworthBanshee
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
January 04, 2014, 02:50:47 PM
 #6

Oh man that sucks. so sorry to here that.

It seams that most people that are getting hacked did not have 2factor on there accounts. and there have been a good few.

So do you think it was the bot or the java that you ran?

0zman (OP)
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
January 04, 2014, 02:58:31 PM
 #7

I'm no coder, but I feel that it was the JAVA.
One of the dumped files was LOGIN_DATA
I opened it in Notepad only to see all of my web login account names + a lot of other code.
I'm lucky that I don't have an online wallet.
So far my CEX account is the only one that has been compromised. But that could change.
Unfortunately CEX is where all of my BTC were.
I'm just waiting on Admin now. I will reply later with updates on status of this.
0zman (OP)
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
January 04, 2014, 03:34:43 PM
 #8

UPDATE:

CEX Admin have managed to get me back online and my funds are 100% still there.
Good work CEX.IO resolved quickly. Now I can sleep. It is 2:30 am here in Australia.
Good night all.
 Grin Grin Grin Grin Grin

0zman
Frost000
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
January 04, 2014, 03:40:53 PM
 #9

Glad to hear it! I'm really happy for you! Looks like you'll have some peaceful sleep... Smiley

Once you get your phone back, remember to activate 2-FA!
0zman (OP)
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
January 04, 2014, 03:47:35 PM
 #10

Thanks,
Yes it will be priority number 1.
Have a good day to everyone, wherever you are on this Beautiful blue planet.
I'm off to the land of NOD.
s1lverbox
Legendary
*
Offline Offline

Activity: 2324
Merit: 1039


View Profile
January 04, 2014, 04:52:21 PM
 #11

Hello all,
My cex.io account has just been hacked and drained dry.
I am in contact with Admin and they are investigating it.
The offender used the following weblink as his means of doing so.
mineramicasa.com/minera/
I am doing this as a means of helping others avoid this same trap.
I am a bit SAD because the BTC's that I had invested in the site are on loan to me, and I do not have any means of paying it back.
But I have some faith in the CEX.IO Admin team to hopefully recover my now empty account.
Imagine a world without SCUMBAGS, wouldn't it be nice?
Thanks.

0zman

So my understanding is that your machine been injected with java from website and this way someone sucked all info from webrowser or computer.
No spyware or good antyvir installed?? What browser you using?

My browser blocking this plugin to run, so u had to click on it.
Safest way is to disable java in browser
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 05, 2014, 02:20:34 AM
 #12

I have lost a bit more than 0.5 BTC in total.
I had 11 GH/s and had enough to buy another 1.5.
I have sent the files dumped in my TEMP folder to another CEX user, he will pull it apart and help to discover what and how he managed to get it done.
The webpage listed above ran a JAVA plugin, which I stupidly agreed to run.
What got my attention at first was btc-e loaded in another web browser that was closed.
It also ran an app called mtgox_bot.exe.
The Scumbag has managed to get into my account and change my password, I am locked out.
I was able to see my worker on ghash.io with 0 GH/s just before I was locked out of there.
I'm SAD.

Lesson for everyone. Never run a Java plugin. Sorry for your loss
Frost000
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
January 05, 2014, 03:02:18 AM
 #13

Lesson for everyone. Never run a Java plugin. Sorry for your loss

That and turn on 2-FA as soon as you can, while making sure to keep your keys in a safe place. Obviously, it's not 100% foolproof, but it can save you from a lot of trouble a lot of the time.
rudrigorc2
Legendary
*
Offline Offline

Activity: 1064
Merit: 1000



View Profile
January 05, 2014, 06:50:24 AM
 #14

you dont need a phone to use it.

https://github.com/gbraad/html5-google-authenticator

take care.
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 05, 2014, 06:55:48 AM
 #15

you dont need a phone to use it.

https://github.com/gbraad/html5-google-authenticator

take care.

Thanks for that. I was worrying about that last night. Got 2fa on so many sites now. What if my phone disappeared ...... now I know what to do Smiley
rudrigorc2
Legendary
*
Offline Offline

Activity: 1064
Merit: 1000



View Profile
January 05, 2014, 06:59:45 AM
 #16

you dont need a phone to use it.

https://github.com/gbraad/html5-google-authenticator

take care.

Thanks for that. I was worrying about that last night. Got 2fa on so many sites now. What if my phone disappeared ...... now I know what to do Smiley

youre welcome
s1lverbox
Legendary
*
Offline Offline

Activity: 2324
Merit: 1039


View Profile
January 05, 2014, 10:18:36 AM
Last edit: January 05, 2014, 12:52:17 PM by s1lverbox
 #17

I have lost a bit more than 0.5 BTC in total.
I had 11 GH/s and had enough to buy another 1.5.
I have sent the files dumped in my TEMP folder to another CEX user, he will pull it apart and help to discover what and how he managed to get it done.
The webpage listed above ran a JAVA plugin, which I stupidly agreed to run.
What got my attention at first was btc-e loaded in another web browser that was closed.
It also ran an app called mtgox_bot.exe.
The Scumbag has managed to get into my account and change my password, I am locked out.
I was able to see my worker on ghash.io with 0 GH/s just before I was locked out of there.
I'm SAD.

Lesson for everyone. Never run a Java plugin. Sorry for your loss

Java is ok from trusted places or sandboxed. The best one is http://www.sandboxie.com/

I did download whole site as mirror and  applet.jar on the website. Anyone who knows java could look in that what's acctually this script doing.

Zip file is here: http://www38.zippyshare.com/v/80049771/file.html

I suggest if any one, to run it sundboxed.

I do not encourage anyone to download and open this file.

Files provided to analyse what contains that plugin and how they taking info from machine.
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 05, 2014, 11:27:06 AM
 #18

I have lost a bit more than 0.5 BTC in total.
I had 11 GH/s and had enough to buy another 1.5.
I have sent the files dumped in my TEMP folder to another CEX user, he will pull it apart and help to discover what and how he managed to get it done.
The webpage listed above ran a JAVA plugin, which I stupidly agreed to run.
What got my attention at first was btc-e loaded in another web browser that was closed.
It also ran an app called mtgox_bot.exe.
The Scumbag has managed to get into my account and change my password, I am locked out.
I was able to see my worker on ghash.io with 0 GH/s just before I was locked out of there.
I'm SAD.

Lesson for everyone. Never run a Java plugin. Sorry for your loss

Java is ok from trusted places or sandboxed. The best one is http://www.sandboxie.com/

I did download whole site as mirror and  applet.jar on the website. Anyone who knows java could look in that what's acctually this script doing.

Zip file is here: http://www38.zippyshare.com/v/80049771/file.html

I suggest any one to run it sundboxed.

You've lost me ..... what Java are you encouraging people to download and run given that the thread was about someone who ran some Java and got hacked because of it ?
s1lverbox
Legendary
*
Offline Offline

Activity: 2324
Merit: 1039


View Profile
January 05, 2014, 12:46:01 PM
 #19

I have lost a bit more than 0.5 BTC in total.
I had 11 GH/s and had enough to buy another 1.5.
I have sent the files dumped in my TEMP folder to another CEX user, he will pull it apart and help to discover what and how he managed to get it done.
The webpage listed above ran a JAVA plugin, which I stupidly agreed to run.
What got my attention at first was btc-e loaded in another web browser that was closed.
It also ran an app called mtgox_bot.exe.
The Scumbag has managed to get into my account and change my password, I am locked out.
I was able to see my worker on ghash.io with 0 GH/s just before I was locked out of there.
I'm SAD.

Lesson for everyone. Never run a Java plugin. Sorry for your loss

Java is ok from trusted places or sandboxed. The best one is http://www.sandboxie.com/

I did download whole site as mirror and  applet.jar on the website. Anyone who knows java could look in that what's acctually this script doing.

Zip file is here: http://www38.zippyshare.com/v/80049771/file.html

I suggest any one to run it sundboxed.

You've lost me ..... what Java are you encouraging people to download and run given that the thread was about someone who ran some Java and got hacked because of it ?

My intention was to provide applet which trying to load by visiting site given by OP, to someone who can check what's that plugin doing. I done it sundboxed and plugin done nothing to my laptop.
Someone who knows Java can check it and can provide info how cex account was emptied.
By downloading zip and unpack it nothing will happen. U have to applet.jar to have effect.
I did check this file by opening in editor but cannot find anything-i dont know what im looking for anyway.
johningreece
Member
**
Offline Offline

Activity: 77
Merit: 10


View Profile
January 05, 2014, 04:44:08 PM
 #20

Earlier today my cex.io account was hacked and also my email. The hacker sold the GHS I had and withdrew the funds. I had deposited 10 btc into my cex account. My cex account is now frozen by cex and they are investigating - whatever that means. Does not cex have the obligation to make this right??
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!