Bitcoin Forum
November 02, 2024, 04:23:18 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 ... 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 [218] 219 220 221 222 223 224 225 226 227 228 229 230 »
  Print  
Author Topic: C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees  (Read 254650 times)
Bitbobb
Hero Member
*****
Offline Offline

Activity: 1134
Merit: 525


Less hops. More wins.


View Profile
November 06, 2018, 12:28:33 AM
 #4341

criminal scam exchange.


Saulich_Fedorovich
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
November 10, 2018, 12:32:11 PM
Last edit: November 10, 2018, 02:17:51 PM by Saulich_Fedorovich
 #4342

Sorry c-cex, but you don't seems to care about bug reports tickets.

Normally, even when you go on coinexchange.io, it's hard to find something vulnerable.
But with c-cex, it's hard to find something protected on client side. For starting, everything is vulnerable to CSRF even with 2FA enabled:

Wanna change the user's chatname of someonelse? It's possible to do it by making cliking a link which trigger a POST to http://c-cex.com/?id=profile&rett=chat_b.
Wanna write a chat message with an account you don't own?  It's possible to do it by making cliking a link which simply works through a GET request.
You hacked the e-mail account linked to a c-cex account? Just make the target user click a link and you'll receive the confirmation link. You also don't need to login to confirm the withdrawal (an other vulnerability combined).

In that case, the only thing protected against CSRF I found is posting limit orders. And even then it's still performed through GET requests.
I also found making someone losing all funds through clicking https://c-cex.com/?id=funds&dump=btc requires an origin matching c-cex.com. Though that’s still possible to hide and trigger the target through a redirect.

There is also their internal captcha systemhttps://c-cex.com/cp.html?s=385353503 which is easy to solve fully automatically through things like IBM Watson or Google Cloud vision with high sucess rates.

There are many ways to bypass users completely and steal funds directly from servers like with the recent attack (though I failed to see the vulnerabilty recently used by the attacker).

The exchange is definitely less secure than Mt.Gox. There are even known bugs used in the past elsewhere that aren't fixed on the exchange (1 task when you are in charge of security is to read the news about recent discovered attacking methods). Maybe they also run outdated third party libraries else too, but that's something to invastigate.
The only thing postive over Mt.Gox is funds are correctly managed manually outside the lack of fund audits: they can't "find" a forgotten wallet like it happened with Mt.Gox since no wallet are susceptible to be forgotten.

In some way, the bugs users are noticing with unexecuted withdrawals or disappearing deposits as well as disabled account is only the top of the iceberg.
milewilda
Legendary
*
Offline Offline

Activity: 3290
Merit: 1156



View Profile
November 10, 2018, 05:52:58 PM
 #4343


But with c-cex, it's hard to find something protected on client side. For starting, everything is vulnerable to CSRF even with 2FA enabled:

Wanna change the user's chatname of someonelse? It's possible to do it by making cliking a link which trigger a POST to http://c-cex.com/?id=profile&rett=chat_b.
Wanna write a chat message with an account you don't own?  It's possible to do it by making cliking a link which simply works through a GET request.
You hacked the e-mail account linked to a c-cex account? Just make the target user click a link and you'll receive the confirmation link. You also don't need to login to confirm the withdrawal (an other vulnerability combined).

In that case, the only thing protected against CSRF I found is posting limit orders. And even then it's still performed through GET requests.
I also found making someone losing all funds through clicking https://c-cex.com/?id=funds&dump=btc requires an origin matching c-cex.com. Though that’s still possible to hide and trigger the target through a redirect.

There is also their internal captcha system which is easy to solve fully automatically through things like IBM Watson or Google Cloud vision with high sucess rates.

These are indeed serious bypass that you had mentioned but it doesnt really matter at all yet this exchange do already fallen to scam anyone.Im reading once in a while
into this thread.I havent seen any response of OP on whats happening and also reading up continuous complaints about account disabled and lost funds.
Remembering C-cex glory days but they do end up like this after on that 3 months vacation alibi.

Saulich_Fedorovich
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
November 10, 2018, 07:41:20 PM
Last edit: November 10, 2018, 10:23:12 PM by Saulich_Fedorovich
 #4344

These are indeed serious bypass that you had mentioned but it doesnt really matter at all yet this exchange do already fallen to scam anyone.Im reading once in a while
Outside this, there are also weak practices like using MD5 based session cookies and don't change it across requests.

into this thread.I havent seen any response of OP on whats happening and also reading up continuous complaints about account disabled and lost funds.
What's happenning? Do you remember how they were hacked in February 2014? Please notice how the last 9 september and the Februrary 2014 are similar (both repeated the same withdrawal several time).
Well it might not be the same guys as in 2014, but I think the hackers just found a variant of the same vulnerability in order to bypass the February 2014 protection which was put after the first attack.

Without C-cex explaining how it exactly happenned. We'll won't know.
Remembering C-cex glory days but they do end up like this after on that 3 months vacation alibi.
What glory days? Trust me, you can be sure even by 2014 security standards, that you wouldn't see GET requests on Facebook or Paypal.
You can be sure those weakness exists since the beggining and aren't the result of a code update.
BazilOK
Member
**
Offline Offline

Activity: 226
Merit: 34


View Profile
November 11, 2018, 06:25:12 PM
 #4345

Пoxoдy cocкaмилиcь. SCAM!!
IconFirm
Hero Member
*****
Offline Offline

Activity: 1438
Merit: 574


Always ask questions. #StandWithHongKong


View Profile WWW
November 12, 2018, 02:31:55 PM
Merited by MicroGuy (10)
 #4346

@MODS:  Isn't it about time this entire thread was moved to the scam section where it belongs?  This would help stop noob users being scammed any further.

No support.
Customers accounts being closed.
Customers funds vanishing.
No withdrawals.
Missing funds.
Page after page after page of complaints.


PIA went evil: https://bitcointalk.org/index.php?topic=5203968.msg53160131#msg53160131 Unofficial & Uncensored SYSCOIN thread: https://bitcointalk.org/index.php?topic=4748031.0    Do not trust Yobit/HitBTC/BiteBTC/coinsbit/p2pb2b/Mercatox/C-cex/Poloniex/WEX/KuCoin/LiveCoin/TheRockTrading/Bitfinex/ADAB/Okex/TradeSatoshi/Gate.io/Changelly/Freewallet.org/crex24 scam exchanges or ICO's by known scammers like HashCoins/Ambisafe/Bountyhive - they WILL scam you! Use diligence & research. Buy coins, sell coins - don't invest in stupid shit. If your questions aren't answered - don't touch it.
MicroGuy
Legendary
*
Offline Offline

Activity: 2506
Merit: 1030


Twitter @realmicroguy


View Profile WWW
November 12, 2018, 03:57:55 PM
 #4347

@MODS:  Isn't it about time this entire thread was moved to the scam section where it belongs?  This would help stop noob users being scammed any further.

No support.
Customers accounts being closed.
Customers funds vanishing.
No withdrawals.
Missing funds.
Page after page after page of complaints.



Finally something we both agree on! Cheesy
pokerowned
Legendary
*
Offline Offline

Activity: 1282
Merit: 1051


View Profile WWW
November 13, 2018, 05:35:42 AM
 #4348

One of the worst exchange i have seen

Bad support and delisting coins without any proper time

Shame on Ccex team
carlfebz2
Hero Member
*****
Offline Offline

Activity: 3122
Merit: 739


DGbet.fun - Crypto Sportsbook


View Profile
November 13, 2018, 06:27:56 PM
 #4349

@MODS:  Isn't it about time this entire thread was moved to the scam section where it belongs?  This would help stop noob users being scammed any further.

No support.
Customers accounts being closed.
Customers funds vanishing.
No withdrawals.
Missing funds.
Page after page after page of complaints.



Finally something we both agree on! Cheesy
Agree on this one too since this thread have been already abandoned maybe this would suit out to be put up on
scam accusations where there are lots of people continue to come here complaining that accounts been blocked
other after another.

Is there any possible action with this?

KFEHF
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
November 14, 2018, 08:46:37 PM
 #4350

Taкaя жe бeдa,Я HE MOГУ

ПOПACTЬ B MOЙ AККAУHT Увaжaeмый C-cex,

«Пoльзoвaтeль нe нaйдeн или oтключeн aккayнт». Я нe мoгy пoлyчить дocтyп к cвoeй yчeтнoй зaпиcи.
Ecть ли пpoблeмы c мoeй yчeтнoй зaпиcью?

Пoжaлyйcтa, пoмoгитe мнe peшить этy пpoблeмy. 
pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 10994


Crypto Swap Exchange


View Profile
November 15, 2018, 05:14:56 AM
 #4351

what happened to c-cex?
it used to be a decent place to trade despite the shadiness. now it seems to have turned into a full on scam. i tried accessing my account and it says it is not found! did they nuke their own database? luckily i had less than 0.01BTC there but it still sucks to lose that and an exchange that i used from time to time.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
fearfighter
Newbie
*
Offline Offline

Activity: 109
Merit: 0


View Profile
November 15, 2018, 08:49:47 PM
 #4352

what happened to c-cex?
it used to be a decent place to trade despite the shadiness. now it seems to have turned into a full on scam. i tried accessing my account and it says it is not found! did they nuke their own database? luckily i had less than 0.01BTC there but it still sucks to lose that and an exchange that i used from time to time.

maybe the 6 months of vacations when no one could withdraw their funds caused c-cex to lose touch with reaaaaaaaallllllllllllllity
cointron
Hero Member
*****
Offline Offline

Activity: 896
Merit: 500


View Profile
November 16, 2018, 03:29:41 AM
 #4353

Any estimate of how much they stole? I left there 6.5 BTC and 1.5 BTC in alts.-
pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 10994


Crypto Swap Exchange


View Profile
November 16, 2018, 05:10:19 AM
 #4354

what happened to c-cex?
it used to be a decent place to trade despite the shadiness. now it seems to have turned into a full on scam. i tried accessing my account and it says it is not found! did they nuke their own database? luckily i had less than 0.01BTC there but it still sucks to lose that and an exchange that i used from time to time.

maybe the 6 months of vacations when no one could withdraw their funds caused c-cex to lose touch with reaaaaaaaallllllllllllllity

it sounds more like running away to me Cheesy
c-cex is a business not some hobby to take a 6 months vacation from and not come back. not to mention that it was a 24/7 market which also is global. you can't just shut it down and go have fun!

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
zthomasz
Member
**
Offline Offline

Activity: 489
Merit: 12


View Profile
November 16, 2018, 01:23:19 PM
 #4355

Any estimate of how much they stole? I left there 6.5 BTC and 1.5 BTC in alts.-

ouch!

is there any legal recourse to recover it?
fearfighter
Newbie
*
Offline Offline

Activity: 109
Merit: 0


View Profile
November 16, 2018, 01:28:28 PM
 #4356

what happened to c-cex?
it used to be a decent place to trade despite the shadiness. now it seems to have turned into a full on scam. i tried accessing my account and it says it is not found! did they nuke their own database? luckily i had less than 0.01BTC there but it still sucks to lose that and an exchange that i used from time to time.

maybe the 6 months of vacations when no one could withdraw their funds caused c-cex to lose touch with reaaaaaaaallllllllllllllity

it sounds more like running away to me Cheesy
c-cex is a business not some hobby to take a 6 months vacation from and not come back. not to mention that it was a 24/7 market which also is global. you can't just shut it down and go have fun!

a year ago they took a 3 month vacation and i couldn't withdraw any coins. 90 days later they did it again, fortunately i had already withdrawn  all coins by then.

3 months on, 3 months off, rinse and repeat

I don't see how they stay in bizness
pogadaev
Copper Member
Newbie
*
Offline Offline

Activity: 201
Merit: 0


View Profile
November 16, 2018, 02:04:28 PM
 #4357

Dear system administrators!!! TELL me how can I enter the address https://c-cex.com/t/api_pub.html?a=getmarketsummaries without DDOS test? my service that sends requests https://calcminer.info / IP 176.120.29.140 Huh Huh Huh
cointron
Hero Member
*****
Offline Offline

Activity: 896
Merit: 500


View Profile
November 16, 2018, 06:47:09 PM
 #4358

Any estimate of how much they stole? I left there 6.5 BTC and 1.5 BTC in alts.-

ouch!

is there any legal recourse to recover it?


I have no idea. I've searched for information, everywhere they talk about Mt.Gox, Bitfinex, Bitgrail, but nothing about C-Cex. In addition to taking everything, they have deleted the databases, they disappeared completely. It would be interesting to know how much they took and if a lawsuit can be initiated.-
wincoinofficial
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile WWW
November 16, 2018, 09:55:17 PM
 #4359

https://c-cex.com/i/c-cex_logo.svg

https://c-cex.com

BTC, Ethereum, NXT, NXT assets, Omnicore, Omnicore properties friendly exchange

Our exchange is very fast and easy to use. We have very effective and responsive support team.
It is possible to get fast support by tickets or in chat.


http://c-cex.com/i/security.pngSecurity
2FA (e-mail, sms, google authenticator), e-mail confirmations, SSL, DDoS protection, anti-theft protection, hot/cold storage.
   
http://c-cex.com/i/fast.pngFast deposits / trades / withdraws
You do not have to wait hours to see Your deposits. They shown in realtime and credited instantly after needed confirmations. BTC needs only 2 confirmations!
   
http://c-cex.com/i/merchant.pngMerchant service
C-CEX merchant service let's You to sell Your goods and services for any Bitcoin RPC compatible coin we have. https://c-cex.com/?id=merch

http://c-cex.com/i/referral.pngReferral program
Earn 5% from our BTC earning for all referrals trades fee 3 levels deep.
   
http://c-cex.com/i/trade.pngTrade between any coin pair
Choose from 100+ coins to trade for BTC/USD and between it.
   
http://c-cex.com/i/transfer.pngTransfer funds instant directly between accounts without comission
We have a mechanism to instantly transfer any funds between accounts via "C-CEX codes".
   
http://c-cex.com/i/supp.pngActive Dev/Support team
We have very responsive support team - You can contact us via skype or "Support" section.
   
http://c-cex.com/i/webcam_b.pngWebcamera QR-code reading support
You can easy scan Your wallet address or C-CEX code from paper / smartphone / tablet or other computer using You integrated or plugged web camera.
   
http://c-cex.com/i/chat.pngChat live with fellow traders
Find much of useful information from our chat box.
   
http://c-cex.com/i/coins.pngVote for new coins to be added
We have voting system for adding new coins. You can vote free or by depositing small amount of BTC.

You can deposits and withdraw USD with low commission using many options. (Payee gate with lots of options. Visa/MC deposits possible, PayPal withdraws included)!

Our USD vouchers (C-CEX USD codes) are traded on following fiat exchanges:

https://www.xmlgold.eu
http://money-change.biz

Trading fee: 0.2%

Welcome and have a good trades!

RU thread: https://bitcointalk.org/index.php?topic=420342.0

Twitter: https://twitter.com/CryptoCurrEncyX (main news source)
Facebook: https://www.facebook.com/pages/C-CEXcom/1453754041506448
Google Plus: https://plus.google.com/u/0/110094298275211579915/posts


Hi C-Cex Team, can we know an official channel to get in touch with you or we can connect throught email?

Thanks
wklalen
Sr. Member
****
Offline Offline

Activity: 525
Merit: 250

ibuku adalah segalanya(my mother is the best)


View Profile
November 18, 2018, 01:17:16 PM
 #4360

hi admin ccex
hi admin why account disable
i dont have problem with exchange
my account user name=robocop
email = inot.syah@gmail.com
20minutes ago i can still trade and now i can not log in again

Bitcoin=>1PGhTxdVUWe5VYQ4CwLRbFmVi1uuMzqzCR




Who want rich lets try here https://bc.game/i-41rqo2sb-n/
Dice BTC/doge/ltc/eth/xmr
Pages: « 1 ... 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 [218] 219 220 221 222 223 224 225 226 227 228 229 230 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!