My Crypsty Account was just hacked

[EvertonFan]

Just to let you know someone has logged in, changed my password and tried to process a withdraw of my coins...

heads up if anyone has btc/ltc sat in a cryptsy account - i would suggest you remove it!

[Xaltotun]

How did they get past your 2 factor authorization?

[tokyoghetto]

you said "tried".

I assume that when they "tried" to withdrawal coins, they needed to confirm via your email. So unless they had access your email account, they can't withdrawal any coins.

Cryptsy stays winning.

[kelsey]

but they could dump your coins on the cheap......oh then with the fees cryptsy stays winning 

you said "tried".

I assume that when they "tried" to withdrawal coins, they needed to confirm via your email. So unless they had access your email account, they can't withdrawal any coins.

Cryptsy stays winning.

[evoked22]

- Create a 2 step authentication (requires your password + your google authentication code)

In this case it would be extremely hard for someone to hack your account. The email confirmation on top of that ensures a third step to finalise the transaction.

In all those three steps should keep you fairly safe. Please let anyone who is using crypty know to do that. The safer we are the safer the world feels about it all

Cheers

[EvertonFan]

2 step will be done in as soon as i have cleared this up, they tried to withdraw not sell, so i havent clicked the link - im hoping it will get resolved...glad it was only a small amount from todays trading! but i will not be leaving things on there anymore!

[tokyoghetto]

but they could dump your coins on the cheap......oh then with the fees cryptsy stays winning 

you said "tried".

I assume that when they "tried" to withdrawal coins, they needed to confirm via your email. So unless they had access your email account, they can't withdrawal any coins.

Cryptsy stays winning.

Very true. If I was the hacker I would just sell the coins into my account.

[Thorgrim]

I didn't even know cryptsy had 2fa. Guess I am not very observant.

[KeyserSozeMC]

SMS 2nd auth ftw.

Use it, it's useful.

[Mortimer452]

Coin exchange accounts are pretty popular with hackers.  Coin transfers take seconds and are irreversible.   I use a ridiculously complex password on all the exchanges, more complex even than my bank passwords.

[Thorgrim]

I have a question. Can I use google authenticator at cryptsy or just Authy?

[xaml]

Me too.All my coins has trades to cat and doge,and withdraw to doge and cat wallet,buy not mine.
I think it's safe,so i have not set 2 step auth.

Withdrawals
Currency   Send to Address                              Conf   Request Date
CatCoin   9nsVQXE8tf3JLnVFuxKvAaV1oWLymehZEt       Yes   2014-01-11 13:08:31
Pending
Dogecoin   DP9913E7xSKwkjMkBBoswq6hBgCMVuysBp       Yes   2014-01-11 13:07:45

[Mr.V]

but they could dump your coins on the cheap......oh then with the fees cryptsy stays winning 

you said "tried".

I assume that when they "tried" to withdrawal coins, they needed to confirm via your email. So unless they had access your email account, they can't withdrawal any coins.

Cryptsy stays winning.

your scenario is not possible because you have to dump on the higher buy orders first and by the time you would get to your cheap buy order the coins would be all spent