coinmarket.io (OP)
Member
 Offline
Activity: 98
Merit: 10
|
 |
January 25, 2014, 05:44:06 PM |
|
It's on its way. Cant speed it up anymore. |
|
|
|
|
kalnas
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 05:59:19 PM |
|
In wallet page it would be nice to see total amount of all coins in BTC, like cryptsy shows.
|
|
|
|
|
mrbildo
Member
Offline
Activity: 102
Merit: 10
|
|
January 25, 2014, 06:02:31 PM |
|
Hi admin, I am having a serious problem with my account, please contact me. I logged in today and my balances are completely different from how they were last night, all my NOBL, Klondike, DGB and USDe are all gone and for some reason I have a load of doges I should not have.
It looks like I have either been hacked or the wrong account has been given to me.
Please contact me about this ASAP, thanks.
From looking at trade history it seems that someone has used my account to buy 50k doges at 900 satoshie each.
This wasn;t me, is there any way trade can be rolled back here? I have lost a lot of money here...
|
|
|
|
|
lulu2029
Newbie
Offline
Activity: 21
Merit: 0
|
|
January 25, 2014, 06:16:43 PM |
|
Coinmarket.io Hello friend to help me solve
|
|
|
|
|
cryptohunter
Legendary
Offline
Activity: 2100
Merit: 1167
MY RED TRUST LEFT BY SCUMBAGS - READ MY SIG
|
|
January 25, 2014, 06:18:02 PM |
|
Can you add QuickQuickCoin please ? (QQC)
QQC the fastest coin ever.
+1 |
|
|
|
shaks
Newbie
Offline
Activity: 56
Merit: 0
|
|
January 25, 2014, 06:18:32 PM |
|
Please add MRC Microcoin. This is a great currency which is extremely fair and unique
|
|
|
|
|
ibukovec
Newbie
Offline
Activity: 25
Merit: 0
|
|
January 25, 2014, 06:20:48 PM |
|
Hi admin, I am having a serious problem with my account, please contact me. I logged in today and my balances are completely different from how they were last night, all my NOBL, Klondike, DGB and USDe are all gone and for some reason I have a load of doges I should not have.
It looks like I have either been hacked or the wrong account has been given to me.
Please contact me about this ASAP, thanks.
From looking at trade history it seems that someone has used my account to buy 50k doges at 900 satoshie each.
This wasn;t me, is there any way trade can be rolled back here? I have lost a lot of money here...
i got 3,8 k doge for 670. This market has a flaw it dosnt buy best it goes for the designated price. This way the hacker sold his doge for a nice price. |
|
|
|
|
podyx
Legendary
Offline
Activity: 2338
Merit: 1035
|
|
January 25, 2014, 06:22:29 PM |
|
It's on its way. Cant speed it up anymore. I have waited over 2 hours transaction ID: 9b7cd688bd9f7629c8e362f43f150375c12611951882f315eb9adf72f346b5ba username: lowkey amount: 0.4 BTC |
|
|
|
|
mrbildo
Member
Offline
Activity: 102
Merit: 10
|
|
January 25, 2014, 06:24:20 PM |
|
I am really gutted over this, I have lost all the coins I have spent month saving, mining and trading, this has crypto-bankrupt me. I had a strong password, I doubt I have been brute forced, there must be a vulnerability server side that allowed this attack.
Really want a response from site admin ASAP.
I can sent screen shots of the illegitimate trades.
|
|
|
|
|
coinmarket.io (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 06:25:56 PM
Last edit: January 25, 2014, 06:36:00 PM by coinmarket.io |
|
It looks like I have either been hacked or the wrong account has been given to me.
Please contact me about this ASAP, thanks.
From looking at trade history it seems that someone has used my account to buy 50k doges at 900 satoshie each.
This wasn;t me, is there any way trade can be rolled back here? I have lost a lot of money here...
Unfortunately there is nothing we can do, your account (usename and password) are your responsibility. We will attempt to reverse the trades with users that we are 100% sure are connected to that person. Many people have got burnt by using the same user/password combination here and on some pools. Pools get hacked, passwords leak. Semi-strong passwords get cracked by dictionary attacks. There is no vulnerability server-side. Even it it were, we are not liable for any damages. Our login/auth code is ready to be revealed to an expert at request, for auditing purposes. We assure you that it IS secure.
Auth handling is one of the easiest things for an application like this.
On login, query the database and store matching user data in a session. On every action requiring auth, check for session data.Edit: pools get hacked very often, actually. The smartest of the hackers dont touch the pools coins, they go for exchange passwords first. |
|
|
|
|
mrbildo
Member
Offline
Activity: 102
Merit: 10
|
|
January 25, 2014, 06:28:33 PM |
|
It looks like I have either been hacked or the wrong account has been given to me.
Please contact me about this ASAP, thanks.
From looking at trade history it seems that someone has used my account to buy 50k doges at 900 satoshie each.
This wasn;t me, is there any way trade can be rolled back here? I have lost a lot of money here...
Unfortunately there is nothing we can do, your account (usename and password) are your responsibility. We will attempt to reverse the trades with users that we are 100% sure are connected to that person. Many people have got burnt by using the same user/password combination here and on some pools. Pools get hacked, passwords leak. Semi-strong passwords get cracked by dictionary attacks. There is no vulnerability server-side. Even it it were, we are not liable for any damages. I used a strong, unique password with capital, lowercase and non-alphanumeric figures. I do not think it was brute forced of hacked from a pool. I would seriously audit things server side if I were you. Do you need any info from me regarding trade reversals? |
|
|
|
|
|
blade87
|
|
January 25, 2014, 06:31:52 PM |
|
Two comments/suggestions from me.
1) A lot of times when I click "balance" followed by "buy ___" I get a "not enough funds" message. Removing the last decimal place allows me to place the order. Maybe put some kind of rounding down of that last decimal place so the balance always displayed is less than the true balance so this goes away.
2) I would consider a popup confirmation for placing orders. I could see erroneous orders being placed without it, though it hasn't happened to me yet thankfully.
Other than that, fantastic job so far. I really see amazing things for this exchange in the future. It feels like a mini BTC-e to me right now.
Also, as far as some hacking issues go, I would lock the account and send email notification for too many incorrect login attempts, and only allow it to be unlocked via some sort of PIN or email unlock.
|
|
|
|
|
BlueTunic
Newbie
Offline
Activity: 3
Merit: 0
|
|
January 25, 2014, 06:33:17 PM |
|
Hey, I signed up with you guys a while back and used a test e-mail on my account; it never actually asked me for e-mail confirmation, so when I went to actually do some trading, and withdraw coins, it sent the confirmation email to... you guessed it, the test account, which I don't have access to.
Is there any way I can get the withdrawl that I did reverted or get the confirmation e-mail sent to my actual e-mail address?
|
|
|
|
|
coinmarket.io (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 06:35:04 PM |
|
Hey, I signed up with you guys a while back and used a test e-mail on my account; it never actually asked me for e-mail confirmation, so when I went to actually do some trading, and withdraw coins, it sent the confirmation email to... you guessed it, the test account, which I don't have access to.
Is there any way I can get the withdrawl that I did reverted or get the confirmation e-mail sent to my actual e-mail address?
Give me your username, i'll confirm your withdrawal manually and you will crate an another account with the right details after that. |
|
|
|
|
podyx
Legendary
Offline
Activity: 2338
Merit: 1035
|
|
January 25, 2014, 06:37:30 PM |
|
I have waited over 2 hours
transaction ID: 9b7cd688bd9f7629c8e362f43f150375c12611951882f315eb9adf72f346b5ba
username: lowkey
amount: 0.4 BTC
Are you looking into this deposit? |
|
|
|
|
coinmarket.io (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 06:39:13 PM |
|
|
|
|
|
|
lulu2029
Newbie
Offline
Activity: 21
Merit: 0
|
|
January 25, 2014, 06:40:37 PM |
|
My friends do not receive the confirmation mail 181KDC T176419579@qq.comL6ZuHHZhpZsap6ZEfcRt2xZzShQ3idaX5i |
|
|
|
|
|
|
mrbildo
Member
Offline
Activity: 102
Merit: 10
|
|
January 25, 2014, 06:46:31 PM |
|
 Here are the trades the hacker made in my account. He cleared out 90% of my coins in the space of a few minutes, these trades are very quick, looks automated to me. It is certainly not a pool password because I use a different password for pools and a unique password for each exchange. Coinmarket.io, I have a friend who is a infosec specialist, can you contact me please with some info regarding site security so I can get him to audit it for me please? I REALLY don't think the vulnerability was my password here and that you may have a bigger problem. I'm a sad trader today, all the coins I was holding nearly doubled and I am left with nothing  Donations very welcome  |
|
|
|
|
|
incorrect
|
|
January 25, 2014, 06:47:53 PM |
|
I love the exchange, but I cannot receive confirmation emails because of the email provider I used. My BTC is now stuck there because of my stupidity. I hope we can sort this out.
Edit: I'm in the IRC waiting since I'm sure you're busy at the moment.
|
|
|
|
|
|
