pat25 (OP)
|
|
May 21, 2018, 04:43:22 PM |
|
Hello, I would like to stake my bitcoin address, but what will happen if someone steals my private key? Then, he can steal my bitcointalk account by sending signed message to moderators? Could he do that without email access?
I am writing this because I have an experience that my private key was abused.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
May 21, 2018, 04:51:20 PM |
|
Stake a SECURE address. Get an airgapped computer or a hardware device if you can't store something on a hot wallet without fearing your keys will be exposed.
Can you give any information a bit more specifically? Like how the key might have been taken.
|
|
|
|
Qartersa
|
|
May 21, 2018, 04:52:17 PM |
|
The admins must take action if he presents a signed message. If he doesn't have the password to your account or access to your email then he can't control it unless he signs the message and the admins gives him the login.
It is still good practice to stake an address and better secure your private keys.
|
|
|
|
mdayonliner
Copper Member
Sr. Member
Offline
Activity: 630
Merit: 420
We are Bitcoin!
|
|
May 21, 2018, 05:19:51 PM |
|
Hello, I would like to stake my bitcoin address, but what will happen if someone steals my private key? Then, he can steal my bitcointalk account by sending signed message to moderators? Could he do that without email access?
I am writing this because I have an experience that my private key was abused.
Well in that case you will lose your Bitcoin before even getting the bitcointalk account stolen by whoever do it LOL How can you not keep your private key secure? Wait... Before even asking the mods by sending the singed message, the theft will need your BitcoinTalk password too! Are you saying you will lose your Private key and bitcoinTalk password at the same time?(!) I guess the timing will be once in a Quattuordecillion time (10 42)
|
Be happy be at peace. Looking forward to BTC at $1M
|
|
|
LoyceV
Legendary
Offline
Activity: 3486
Merit: 17637
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
May 21, 2018, 06:04:17 PM |
|
I would like to stake my bitcoin address, but what will happen if someone steals my private key? Then, he can steal my bitcointalk account by sending signed message to moderators? I assume you'll have a backup, so the thief can't take away your access to the private key. That means you can still sign a message by yourself, so you'll have this scenario: -thief trying to steal your account: signs a message and posts it from a different account -you: sign a message and post it from your own account You should be fine. How can you not keep your private key secure? I accidentally copied the private key to my staked address into Google 2 years ago (don't ask how, but yes, I felt stupid!). It even has some funds at the moment, I don't think Google is going to abuse it. Update: I just looked at pat25's profile: I doubt anyone would want to steal it.
|
| | Peach BTC bitcoin | │ | Buy and Sell Bitcoin P2P | │ | . .
▄▄███████▄▄ ▄██████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ▀▀███████▀▀
▀▀▀▀███████▀▀▀▀ | | EUROPE | AFRICA LATIN AMERICA | | | ▄▀▀▀ █ █ █ █ █ █ █ █ █ █ █ ▀▄▄▄ |
███████▄█ ███████▀ ██▄▄▄▄▄░▄▄▄▄▄ █████████████▀ ▐███████████▌ ▐███████████▌ █████████████▄ ██████████████ ███▀███▀▀███▀ | . Download on the App Store | ▀▀▀▄ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▀ | ▄▀▀▀ █ █ █ █ █ █ █ █ █ █ █ ▀▄▄▄ |
▄██▄ ██████▄ █████████▄ ████████████▄ ███████████████ ████████████▀ █████████▀ ██████▀ ▀██▀ | . GET IT ON Google Play | ▀▀▀▄ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▀ |
|
|
|
pat25 (OP)
|
|
May 21, 2018, 06:37:30 PM |
|
Thank you guys! I am changing my password regularly to prevent hack, but I can´t regularly change my private key . But also do you know how hackers steal accounts? And how moderators find that the account is hacked? Because I see many red tagged hacked accounts. For me it is very interesting because I did not believe in malwares, hacker attacks until I used Bitcoin and Bitcointalk forum
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
May 21, 2018, 07:28:00 PM |
|
Thank you guys! I am changing my password regularly to prevent hack, but I can´t regularly change my private key . But also do you know how hackers steal accounts? And how moderators find that the account is hacked? Because I see many red tagged hacked accounts. For me it is very interesting because I did not believe in malwares, hacker attacks until I used Bitcoin and Bitcointalk forum The owner signs the address of that specific account to prove ownership and get red trust on it. Accounts can also be locked by using the change password link in your email. You can change private keys regularly if you particularly want to also, just make a new address, it won't do much but still. Hackers can steal accounts in many ways. There are ways to get hold of hashed account passwords and bruteforcing them to find users with simple passwords, like if someone uses the password "password" which, if they do, they deserve their account to be stolen IMO then that can be found in that way.
|
|
|
|
pat25 (OP)
|
|
May 21, 2018, 08:31:28 PM |
|
Thank you guys! I am changing my password regularly to prevent hack, but I can´t regularly change my private key . But also do you know how hackers steal accounts? And how moderators find that the account is hacked? Because I see many red tagged hacked accounts. For me it is very interesting because I did not believe in malwares, hacker attacks until I used Bitcoin and Bitcointalk forum The owner signs the address of that specific account to prove ownership and get red trust on it. Accounts can also be locked by using the change password link in your email. You can change private keys regularly if you particularly want to also, just make a new address, it won't do much but still. Hackers can steal accounts in many ways. There are ways to get hold of hashed account passwords and bruteforcing them to find users with simple passwords, like if someone uses the password "password" which, if they do, they deserve their account to be stolen IMO then that can be found in that way. But I don´t think that Hero and Legendary members are so stupid to have such simple passwords, or?
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
May 21, 2018, 08:48:17 PM |
|
Thank you guys! I am changing my password regularly to prevent hack, but I can´t regularly change my private key . But also do you know how hackers steal accounts? And how moderators find that the account is hacked? Because I see many red tagged hacked accounts. For me it is very interesting because I did not believe in malwares, hacker attacks until I used Bitcoin and Bitcointalk forum The owner signs the address of that specific account to prove ownership and get red trust on it. Accounts can also be locked by using the change password link in your email. You can change private keys regularly if you particularly want to also, just make a new address, it won't do much but still. Hackers can steal accounts in many ways. There are ways to get hold of hashed account passwords and bruteforcing them to find users with simple passwords, like if someone uses the password "password" which, if they do, they deserve their account to be stolen IMO then that can be found in that way. But I don´t think that Hero and Legendary members are so stupid to have such simple passwords, or? You'd be suprised... Anyone can come up with a bad password that hasn't been hacked (yet) and it's not sometimes that simple either to try to get a complex password. My forum account is much easier to crack than accounts that actually hold money in them for example. I always suggest, that if you deal with a high ranking member just off their trust, it's good to get their signature to ensure that it is them before you trade with them (it can't hurt).
|
|
|
|
LTU_btc
Legendary
Offline
Activity: 3234
Merit: 1375
Slava Ukraini!
|
|
May 21, 2018, 11:37:09 PM |
|
But I don´t think that Hero and Legendary members are so stupid to have such simple passwords, or?
I don't think that many users who got account hacked used simple passwords. The problem that many people are using same passwords pretty much everywhere. And if one website get hacked or sell login data of their users, hacker just need to try enter same login data on bitcointalk and voilaAnd another reason why there are so many hacked accounts - phishing website
|
|
|
|
pat25 (OP)
|
|
May 22, 2018, 08:21:00 AM |
|
But I don´t think that Hero and Legendary members are so stupid to have such simple passwords, or?
I don't think that many users who got account hacked used simple passwords. The problem that many people are using same passwords pretty much everywhere. And if one website get hacked or sell login data of their users, hacker just need to try enter same login data on bitcointalk and voilaAnd another reason why there are so many hacked accounts - phishing website Interesting. Thank you for the explanation. And how are the hacked accounts discovered? Only administrators can view the IP change or? Because I posted in my second thread probably hacked/bought accounts - swicth language, time gap and still they aren´t tagged, how DT moderators evaluate what is hacked/bought and what is not?
|
|
|
|
apoorvlathey
|
|
May 22, 2018, 09:00:27 AM |
|
And how are the hacked accounts discovered?
The person who gets hacked has to create a new account and prove that he is the real owner of the account and that it got hacked. The message containing message signed by staked address is sent to theymos / Cyrus which then look into your account recovery case. Only administrators can view the IP change or?
The only person that can get IP address related information is theymos (admin). Because I posted in my second thread probably hacked/bought accounts - swicth language, time gap and still they aren´t tagged, how DT moderators evaluate what is hacked/bought and what is not?
Apart from IP address, on the trust page anyone can view whether the password, email or both of the account was changed recently or not. When original user posts his signed message using stacked address publicly, DT or any other users can verify it and identify the hacked account.
|
|
|
|
LTU_btc
Legendary
Offline
Activity: 3234
Merit: 1375
Slava Ukraini!
|
|
May 22, 2018, 10:06:07 AM |
|
Interesting. Thank you for the explanation. And how are the hacked accounts discovered? Only administrators can view the IP change or? Because I posted in my second thread probably hacked/bought accounts - swicth language, time gap and still they aren´t tagged, how DT moderators evaluate what is hacked/bought and what is not?
apoorvlathey gave you good answers. I will only add few things. Only theymos can check IP addresses, but it's bad indicator. People are using Proxies, TOR, VPN, dynamic IP addresses, so it's proof that account was sold/hacked when IP address change. Language is one of indicators. If account owner posted only in English and then immediately starts to post in Russian for example, it's likely that account was bought/hacked. And if high ranked user with good history of posts start to make low quality posts - it's another sign of bought/hacked account.
|
|
|
|
Hektur
Member
Offline
Activity: 271
Merit: 10
|
|
May 22, 2018, 05:29:09 PM |
|
I would like to stake my ETH address because I don´t have BTC, is that possible? I think that ethereum could sign message too or?
|
|
|
|
|
pat25 (OP)
|
|
May 22, 2018, 05:32:47 PM |
|
Interesting. Thank you for the explanation. And how are the hacked accounts discovered? Only administrators can view the IP change or? Because I posted in my second thread probably hacked/bought accounts - swicth language, time gap and still they aren´t tagged, how DT moderators evaluate what is hacked/bought and what is not?
apoorvlathey gave you good answers. I will only add few things. Only theymos can check IP addresses, but it's bad indicator. People are using Proxies, TOR, VPN, dynamic IP addresses, so it's proof that account was sold/hacked when IP address change. Language is one of indicators. If account owner posted only in English and then immediately starts to post in Russian for example, it's likely that account was bought/hacked. And if high ranked user with good history of posts start to make low quality posts - it's another sign of bought/hacked account. Well, it is an indicator (language switch and low quality posts) but look at my thread: https://bitcointalk.org/index.php?topic=3761515 nobody wants to tag them all, why? It is tolerated that member could post low quality but Hero can´t?
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
May 22, 2018, 08:18:38 PM |
|
Only administrators can view the IP change or?
The only person that can get IP address related information is theymos (admin). Your IP address is stored everytime you post, moderators can also get hold of this information. Not sure whether they can get hold of registration IP, but, if you make a post, they can access that IP, and if you don't make a post - unless your username is really catchy - you don't need to recover the accoutn as it won't have any value. Also, if you do something like edit someone's trust or send a pm, your IP will also be stored. I would like to stake my ETH address because I don´t have BTC, is that possible? I think that ethereum could sign message too or?
Eth addresses can be signed, where is the eth address? I'd consider asking you to download an ethereum client rather that using an online client (as tryninja suggested above). It'll make your address, funds and this account a bit more secure.
|
|
|
|
LTU_btc
Legendary
Offline
Activity: 3234
Merit: 1375
Slava Ukraini!
|
|
May 22, 2018, 10:40:04 PM |
|
Well, it is an indicator (language switch and low quality posts) but look at my thread: https://bitcointalk.org/index.php?topic=3761515 nobody wants to tag them all, why? It is tolerated that member could post low quality but Hero can´t? As few person on your thread said, there aren't sufficient information which would prove that these accounts were bought or they are alts. Low quality posts aren't tolerated for all ranks. But spammers aren't getting red trust ratings. They just wont get Merit and will never rank up, if their posts extremely low quality - it will be deleted by mods. I would like to stake my ETH address because I don´t have BTC, is that possible? I think that ethereum could sign message too or?
It's possible, but there are no reasons to stake ETH address. If your account will be hacked and you will want to recover it - only Bitcoin signed messages are accepted by admins. So, I would recommend to create Bitcoin wallet (even if you don't BTC currently) and then try to stake your Bitcoin address with signed message. If you don't know how to do it, here is tutorial: https://bitcointalk.org/index.php?topic=990345.0
|
|
|
|
vit05
|
|
May 23, 2018, 12:59:42 AM |
|
You can have several other addresses used in the forum and prove with them still be the owner of the account. But I found your Trust summary curious. Lauda 2018-02-22 0.00000000 Reference Account sales encourage scams, spam, and account farming.
|
|
|
|
pat25 (OP)
|
|
May 23, 2018, 11:46:25 AM |
|
Only administrators can view the IP change or?
The only person that can get IP address related information is theymos (admin). Your IP address is stored everytime you post, moderators can also get hold of this information. Not sure whether they can get hold of registration IP, but, if you make a post, they can access that IP, and if you don't make a post - unless your username is really catchy - you don't need to recover the accoutn as it won't have any value. Also, if you do something like edit someone's trust or send a pm, your IP will also be stored. I would like to stake my ETH address because I don´t have BTC, is that possible? I think that ethereum could sign message too or?
Eth addresses can be signed, where is the eth address? I'd consider asking you to download an ethereum client rather that using an online client (as tryninja suggested above). It'll make your address, funds and this account a bit more secure. Understand, but a lot of people could have same IP address and also multiaccounts are allowed, so only way how to red tag them is when they sending tokens to each others, right? (This means abusing bounties)
|
|
|
|
|