Bitcoin Forum
May 26, 2019, 08:33:38 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: HAVE YOU HAD COINS STOLEN ON CRYPTSY?  (Read 4569 times)
AKAnotOutkast
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
January 18, 2014, 03:02:47 AM
 #1

I am filing a small claims suit against crypsty for not making a honest effort to verify my user identity and protect my deposits on file on their system. I really dont care if i win or lose, but a trip to delray is in my future. looking to see if anyone else has had the same problems and want to help me force cryptsy to make customer relation changes. I am filinf within a week, reply and tell me your story....   


from my cryptsy support ticket .. "

yes, that is the ip address that also hacked my gmail. my question is WHY would you allow such activity?  why would your site CODE not stop someone from resetting a password and within moments draining the account, all from a IP address that has never been used to log in before. see this is what pisses me off, i was logged on when that guy (or gal) reset my password, and it logged me off, but i didn't realized it as i was on another tab in IE. 2 minutes later i clicked back on the cryptsy tab and i had been logged out. I didnt know why but i tried to log back in. but it said wrong password, which at the time i didnt understand that the hacker had reset it with the "forgot password"  email reset. , so i had to reset my password again, and was able to log in, and then noticed my coins were gone.   

So my question is, DO YOU NOT THINK IT IS STUPID to allow an IMMEDIATE withdraw, directly after reseting a password, and from a UNKNOWN never used IP address?Huh do you not think it would be a good idea to lock all withdraws after a password reset for at least 1 hour or until identity can be confirmed? do you not think your system is very weak in letting anyone reset a password and sell off ALL the coins and then change the BTC withdraw address, all while logged in from a never before seen IP? I MEAN YOU HAD SEVERALSTEPS IN WHICH CRYPSY COULD HAVE HALTED the action!

I mean, really? i think my 2 year old son could write code that would recognize that as suspicious behavior! ALL YOU WOULD HAVE TO DO IS PUT some kind of delay in the system, had you delayed that withdraw 5 minutes i could have stopped it. but no. you have demonstrated #1 a lack of concern, #2 a lack of responsibility, #3 a lack of common sense!

SERIOUSLY this is MONEY WE ARE TALKING ABOUT! imagine if my (USD) bank aloud activity such as that, imagine how fast my bank would go out of business if it let anyone come in, flash any id that matches and withdrew all the money and leave. and the teller just said, 'oh, they musta stole your idenity, nothing we can do' i mean come on, if you are going to offer a , i will assume, professional service, on the web, to the whole world, don't you think you need to take the responsibility to make sure you handle peoples money professionally?

How about this, I know it was only $30, but look, it is the 4th time someone was able to steal coins from me, i have had paypal scam me, i have had someone lift a private key from a paper wallet and drain the coins, if we can figure out how to secure cryptocoins in some manner, they will never ever amount to anything main stream, i don't like using money that tends to disappear. So if your going to be involved in such a new exciting trend, then why not work to make it better? why no write some simple fucking code that makes you wait 1 hour to withdrawl your coins after resting your password? i mean duh?? how hard would it be for cryptsy website to figure out that if a user #1 resets a password, then #2 sells all coins and converts to BTC, then #3 changes the withdraw address to a new never seen BTC address, then #4 withdrawals every fucking dime, all while #5 logged in from a never seen IP address, = THEFT and stop or pause the transaction until you can confirm the users identity. I mean if your going to accept money and hold it in a 'account' then you suggest that you demonstrate the responsibility to handle that money in a secure manner.

NOW since i have made several attempts to get you to make positive changes to your services, and you have suggested that, there is really nothing you can do..... this is what i am thinking.... I really think i will just fucking SUE YOU for $30, plus damages, all on principle. See it all seems like common sense to me. And i think other people will see it my way. I don't think you have demonstrated an honest effort to protect my money. Now you may think i am not serious, you may think why would i spend $3000 in legal fees to teach you a lesson? well its because I think you need to be taught a lesson. I think you really don't know what your doing, business wise, I think you know some stuff about cryptocoins, but I bet you don't know much about legal issues and customer service, and a thing called implied security. You see, implied security is where my bank takes my money and I assume they are going to protect it. This is why i put it in a bank. I mean, i could leave my coins lay around anywhere and get them  stolen. But your service implies that you are making an honest effort to protect them. which when such obvious red flag behavior is allowed to go unchecked through your system, you obliviously have NO security. 

So now, we have 2 choices, you can work to correct this situation, or, I SWEAR TO GOD ON ALL THAT IS HOLY I WILL SUE THE SHIT OUT OF YOU. and I DONT CARE IF I WIN MY $30 back or not, I will spend $3000 to drag your name through the mud to get you to do what you should do. You see any good business would automatically take responsibility, and correct the situation to keep good PR, and it seems to me you could use ALOT OF GOOD PR. I mean really, I haven't found one good thing on any google search i have done, I mean there are litterally thousands of negative comments and feedback all over the WWW, hell just google cryptsy. goto the second page and start reading....

So do you want to fix this or do you want to set there and tell me how there aint shit you can do about it?
1558902818
Hero Member
*
Offline Offline

Posts: 1558902818

View Profile Personal Message (Offline)

Ignore
1558902818
Reply with quote  #2

1558902818
Report to moderator
PLAY OVER 3000 GAMES
LIGHTNING FAST WITHDRAWALS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558902818
Hero Member
*
Offline Offline

Posts: 1558902818

View Profile Personal Message (Offline)

Ignore
1558902818
Reply with quote  #2

1558902818
Report to moderator
1558902818
Hero Member
*
Offline Offline

Posts: 1558902818

View Profile Personal Message (Offline)

Ignore
1558902818
Reply with quote  #2

1558902818
Report to moderator
alani123
Legendary
*
Offline Offline

Activity: 1876
Merit: 1039



View Profile
January 18, 2014, 03:10:58 AM
 #2

It's the first time I hear about something like this...

I think contacting the support would be the best thing to do.



███             ▄▄▄███████▄▄▄          ████                   ████          ▄▄▄███████▄▄▄         
███         ▄███████████████████▄       ████                 ████       ▄███████████████████▄     
███       ▄██████▀▀       ▀▀██████▄      ████               ████      ▄██████▀▀       ▀▀██████▄   
███      █████▀               ▀█████      ████             ████      █████▀               ▀█████ 
███    ▐████▀                   ▀████▌     ████           ████     ▐████▀                   ▀████▌
███    ████▌                     ▐████      ████         ████      ████▌                     ▐████
███    ████                       ████       ████       ████       ████                       ████
███    ████                       ████        ████     ████        ████                       ████
███    ████▌                     ▐████         ████   ████         ████▌                     ▐████
███    ▐████▄                   ▄████▌          ████ ████          ▐████▄                   ▄████▌
███      █████▄               ▄█████             ███████             █████▄               ▄█████ 
███       ▀██████▄▄       ▄▄██████▀               █████               ▀██████▄▄       ▄▄██████▀   
███         ▀███████████████████▀                  ███                  ▀███████████████████▀     
███             ▀▀▀███████▀▀▀                       █                       ▀▀▀███████▀▀▀         
INTERNET OF VALUE OMNILEDGER
|
   
   
 
 
|


             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
M
 

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀
 

    ▄█████
   ████▀▀▀
   ████
   ████
██████████
▀▀▀████▀▀
   ████
   ████
   ████
   ████
   ████
   ▀▀▀▀
|
AKAnotOutkast
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
January 18, 2014, 03:13:57 AM
 #3

I have contacted support 4 times and they have told me pretty much it is my fault of "letting" someone hack my account, I have gotten no where with support so, guess what us good ol americans do?
DRain89
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
January 19, 2014, 08:43:55 AM
 #4

This just happened to me on Cryptsy, and also my Gmail. Lost 2BTC. Wasn't even my money, money some friends gave me to trade. Totally fucked me at the worst possible time right before school started.
Wipeout2097
Sr. Member
****
Offline Offline

Activity: 560
Merit: 250



View Profile
January 19, 2014, 08:55:01 AM
 #5

How the hell does an hacker get your password on both Cryptsy and Gmail?

Either:
1) You use the same username and password on both services
2) You have malware in your computer

I don't see this getting anywhere tbh

            ████████████████████
           ██████████████████████
          ████                ████
         ████   █████   ████   ████
        ████   ███████ ██████   ████
       ████   ████ ████   ████   ████
      ████   ████   ████   ████   ████
     ████   ████  ██ ████   ████ 
    ████   ████   ██  ████
    ████   ████   ███  ████
    ████   ████   ███
    ████   ████   ███
    ████   ████   ███
    ████   ████   ███    ███
     ████   ████   ████ ████ ████
      ████   ████   ████ ██ ████  ████
       ████   ████   ████ ████   ████
        ████   ██████ ██████    ████
         ████   ████   ████    ████
          ████                ████
           ██████████████████████
            ████████████████████
I N D X
AKAnotOutkast
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
January 21, 2014, 01:15:38 AM
 #6

read the details. all a hacker needs is your email password. once they are  in your email all they have to do is RESET you password, via the 'forgot my password' link, then DUH, they now have a link in your email to set your crypsty account password to anything they wish - which is what they did to me. THEN 2 seconds after resetting my password they sold all coins. then transferred to a BTC address I have never used. I always use the same BTC address. they did all this while logged in from a IP address that is 8000 Miles from my location. This is why I am mad ! why would crypsty let your account be drained 2 seconds after someone reset the password. why dont they make a 10 minute time limit, or something to confirm your identity before letting someone that has reset a password drain an account. OBVIOUSLY I am either really fucking smart or really dumb, because the actions the hacker took seem like they would set off red flags, and anyone writing site code ought to know that a reset password+new btc address+new IP address+SELL ALL COINS=HACKER and should lock the account until identity can be confirmed.
dmpotter
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
January 21, 2014, 01:49:04 AM
 #7

Also can't forget about the 2 stage authentication.. but I'm going to guess care wasn't taken on establishing the account. I'm not going to read that complete wall of text.

Techincally, though we consider BTC to have value, technically it isn't real. Just as real as that +1 uber sword of doom in warcraft.
AKAnotOutkast
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
January 21, 2014, 02:31:59 AM
 #8

2 STEP AUTH only works if you have constant access to a smart phone. #1 I dont have a SMART phone #2, I dont always have access to my cell phone, nor do i want to consult my phone everytime I log onto something. #3, crypsty has a EMAIL WITHDRAW CONFIRMATION SYSTEM. Why would they offer this if it offers ZERO security worthiness.

COME ON PEOPLE, I can keep my info safe as possibly but CRYPTSY has to offer help. I AM SO VERY TIRED OF EVERYONE TELLING ME IT WAS MY FAULT MY ACCOUNT GOT HACKED. I AM TIRED OF EVERYONE SAYING I SHOULD HAVE DONE THIS, I SHOULD HAVE DONE THAT. Why doesnt anyone consider that a site like crypsty can take steps to secure the account. 

I am not programmer, but even I know there is code that notices suspicious behavior and red flags an account. if cryptsy ASSIST in this security issue the we dont need 4 step authentication, if the site helps catch bad behavior then we don't need 40 character passwords with a note from my mom.


AM I responsible for my banks security? if someone robs the bank using my credentials, am I at fault? do I need to stand at the bank vault with a AR15? NO the banks security is the banks problem, this is why I put my money in a bank so they will take care of it. I assume the same with a online bank such as cryptsy. however i might as well gave it to my old lady..
dmpotter
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
January 21, 2014, 02:44:47 AM
Last edit: January 21, 2014, 03:09:02 AM by dmpotter
 #9

2 STEP AUTH only works if you have constant access to a smart phone. #1 I dont have a SMART phone #2, I dont always have access to my cell phone, nor do i want to consult my phone everytime I log onto something. #3, crypsty has a EMAIL WITHDRAW CONFIRMATION SYSTEM. Why would they offer this if it offers ZERO security worthiness.

COME ON PEOPLE, I can keep my info safe as possibly but CRYPTSY has to offer help. I AM SO VERY TIRED OF EVERYONE TELLING ME IT WAS MY FAULT MY ACCOUNT GOT HACKED. I AM TIRED OF EVERYONE SAYING I SHOULD HAVE DONE THIS, I SHOULD HAVE DONE THAT. Why doesnt anyone consider that a site like crypsty can take steps to secure the account.  

I am not programmer, but even I know there is code that notices suspicious behavior and red flags an account. if cryptsy ASSIST in this security issue the we dont need 4 step authentication, if the site helps catch bad behavior then we don't need 40 character passwords with a note from my mom.


AM I responsible for my banks security? if someone robs the bank using my credentials, am I at fault? do I need to stand at the bank vault with a AR15? NO the banks security is the banks problem, this is why I put my money in a bank so they will take care of it. I assume the same with a online bank such as cryptsy. however i might as well gave it to my old lady..


Personal Security is part of it, part of the EULA you agreed to when you signed up for the site. I'm sorry you don't want to/can't embrace 2 factor authentication.

However, I don't get hacked.

I'm also going to guess you used a password you made up. Have you ever considered looking into lastpass or another site to generate strong passwords. Banks do get robbed, thus why they are FDIC insurance. But I'll go back to point one, you agreed to keep your account secure sir when you signed up for the site. Then, I will also add, crypsy isn't handling MONEY. They are handling digital representations of something we have value for. What can you possibly sue them for?



This link may help too: Undertstanding BitCoin Contracts
AKAnotOutkast
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
January 29, 2014, 12:06:06 AM
 #10

however they wish, i will never in my life use crypsty again. f ur eula, f u. f u all! LOL  I UNDERSTAND ALL YOUR TELLING ME NO SHIT! HOWEVER ALL THAT SHIT WOULD BE COMPLETE UNNESSAASRY If crypsty helped keep shit secure. AND for all you cryptsy lovers. go google crypsty, show me one fucking link that has a good thing to say about that cursed wreck of a web site. you mother fuckers act like i pasted my password on the front of my house.
east shit and die
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1484
Merit: 1308


No I dont escrow anymore.


View Profile WWW
January 29, 2014, 12:20:11 AM
 #11

however they wish, i will never in my life use crypsty again. f ur eula, f u. f u all! LOL  I UNDERSTAND ALL YOUR TELLING ME NO SHIT! HOWEVER ALL THAT SHIT WOULD BE COMPLETE UNNESSAASRY If crypsty helped keep shit secure. AND for all you cryptsy lovers. go google crypsty, show me one fucking link that has a good thing to say about that cursed wreck of a web site. you mother fuckers act like i pasted my password on the front of my house.
east shit and die

I dont use their service, but all I read from you is

- you use IE (bad idea)
- you swear at them (bad idea if you want something)
- YOU got your gmail account hacked (bad password? maleware? anyway its a problem on your end)

"#1 a lack of concern, #2 a lack of responsibility, #3 a lack of common sense!"

fits you like a glove.


I understand that you are angry but you can only blame yourself.

- GeoIP services are unreliable. Your "solution" would probably make it impossible for people who use tor to use crypsty.
- the length of your password is not the problem as google wasnt hacked (afaik) and they have meassures to make brute force impossible. Again most likely your PC is infected and the password was stolen that way or you had an password that was easy to guess.
dmpotter
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
January 29, 2014, 01:20:59 AM
 #12

however they wish, i will never in my life use crypsty again. f ur eula, f u. f u all! LOL  I UNDERSTAND ALL YOUR TELLING ME NO SHIT! HOWEVER ALL THAT SHIT WOULD BE COMPLETE UNNESSAASRY If crypsty helped keep shit secure. AND for all you cryptsy lovers. go google crypsty, show me one fucking link that has a good thing to say about that cursed wreck of a web site. you mother fuckers act like i pasted my password on the front of my house.
east shit and die

I dont use their service, but all I read from you is

- you use IE (bad idea)
- you swear at them (bad idea if you want something)
- YOU got your gmail account hacked (bad password? maleware? anyway its a problem on your end)

"#1 a lack of concern, #2 a lack of responsibility, #3 a lack of common sense!"

fits you like a glove.


I understand that you are angry but you can only blame yourself.

- GeoIP services are unreliable. Your "solution" would probably make it impossible for people who use tor to use crypsty.
- the length of your password is not the problem as google wasnt hacked (afaik) and they have meassures to make brute force impossible. Again most likely your PC is infected and the password was stolen that way or you had an password that was easy to guess.

+1
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 29, 2014, 05:52:33 AM
 #13

however they wish, i will never in my life use crypsty again. f ur eula, f u. f u all! LOL  I UNDERSTAND ALL YOUR TELLING ME NO SHIT! HOWEVER ALL THAT SHIT WOULD BE COMPLETE UNNESSAASRY If crypsty helped keep shit secure. AND for all you cryptsy lovers. go google crypsty, show me one fucking link that has a good thing to say about that cursed wreck of a web site. you mother fuckers act like i pasted my password on the front of my house.
east shit and die

Wow - Is it worth getting this upset about?
Sonny
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
January 29, 2014, 05:15:43 PM
 #14

It seems to be a keylogger on OP's computer.
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 30, 2014, 04:39:04 AM
 #15

It seems to be a keylogger on OP's computer.

I worry about anyone still using IE but saying that  feels a bit "racist"
dailyarsenal
Member
**
Offline Offline

Activity: 98
Merit: 10

To The Moon!


View Profile
January 30, 2014, 06:34:57 AM
 #16

I've been using them for a very long time. You should check the integrity of your system. This is indeed your own fault. You cannot hold someone else responsible for you not taking measures to protect your credentials. my 2 cents

Cheesy

BTC: 13Yg1PwgBFTxyKpGY3393jDJeqNTFNijjH | HOBO: hXzbM3jzvYxrFts7y9zTwmLUJLyw2RYQM | WARNING: Pre-mine or IPO without escrow = SCAM
Loosoogooso
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
January 30, 2014, 07:59:13 AM
 #17

No but very slow and they have this terrible way of getting balances back, it's like everything is manual with them. Always seriously underpowered servers.
IrReAr
Sr. Member
****
Offline Offline

Activity: 742
Merit: 250



View Profile
January 30, 2014, 11:05:05 AM
 #18

I had 3.5 btc stolen from btc-e about month ago, still sad. You had to have 2 step authorization.
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 30, 2014, 11:33:42 AM
 #19

I had 3.5 btc stolen from btc-e about month ago, still sad. You had to have 2 step authorization.

I wouldn't complain if any site holding coins insisted on 2fa. Much less coin stealing then. A better community all round.
dmpotter
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
January 30, 2014, 12:23:45 PM
 #20

I had 3.5 btc stolen from btc-e about month ago, still sad. You had to have 2 step authorization.

I wouldn't complain if any site holding coins insisted on 2fa. Much less coin stealing then. A better community all round.

I agree +1
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!