NXT stolen

[light888]

I only have 3 NXTs in my wallet and they are transferred to this address 10411181763421717624.
It is not much NXTs but I have absolutely no idea on how it got stolen.
Link to my address: http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=14639139826719190448

I have never sent any NXT to anyone or any exchanges. Having troubles syncing my wallet, I looked up the blockchain, only to find that it
was transferred to this address somehow. My computer is with me all the time and I have a fairly secure password.

The point here is that NXT is not secure as it seems and can be easily compromised. I was trying to get started with NXT and was a believer of NXT until now, I have no idea how it happened but I will investigate more and will update on this matter. If anyone with similar experience or any solutions, I will appreciate your insights. I am trying to assume that I have downloaded malware that steals NXTs but so far my files are clean.

Any thoughts?

[ak84]

What was your password?

[light888]

What was your password?

10 chars, combination of alphabets, numbers and symbols.
Possible brute force attack but I would like to know how is it done. If the attacker has access to my network and PC then I need to do something about it. If it is just some sniffing and cracking passwords then I'd say that it is not that secure comparing to Bitcoin.

[ak84]

I'd guess brute force attack.. sorry about that sucks.

Make a new account and I'll send you 3 NXT

BTW i think the nxt client recommends super long passwords.

[digit]

10 characters is too short, you need to use at least 50 characters for NXT.  use a random password generator to make it.

[light888]

I'd guess brute force attack.. sorry about that sucks.

Make a new account and I'll send you 3 NXT

BTW i think the nxt client recommends super long passwords.

That is very nice of you. Thanks but I am not here to ask for NXTs.

I am more concern of the security and the future of NXT. If stealing NXT is just the matter of guessing one's password, then its security is nothing compared
to the good ol' Bitcoin.

10 characters is too short, you need to use at least 50 characters for NXT.  use a random password generator to make it.

I don't think the average Joe would go through that kind of trouble to do that, it is a good thing to have a 50 char password but it is just not practical.
I suppose more than 15 char is recommended.

My thoughts on the security aspects. If the wallet provides you with the option of having a password, shouldn't it be the second line of defense instead of being the only one ?

[extee]

it says clearly that the passpharse should be at least 30.
if you made a passphrase of only 10 charchters long it's your own fault . nothing to do with NXT.

[BCFrictionless]

I am more concern of the security and the future of NXT. If stealing NXT is just the matter of guessing one's password, then its security is nothing compared
to the good ol' Bitcoin.

why not check out 3RD GENERATION Frictionlesscoin https://bitcointalk.org/index.php?topic=429478.0
NXT IS JUST A STEPPING STONE TO FLC

[light888]

I am more concern of the security and the future of NXT. If stealing NXT is just the matter of guessing one's password, then its security is nothing compared
to the good ol' Bitcoin.

Seems like trolling. A password for NXT should look like this

yx^Ffk]?Hn:dBDqNb/MuMV66sKR%C;dRxZ}WFu,gQrR,64XmuneYt>sj;ba#e{Kz*7XFN38@MHbX^NRgFt$kz)NZ&RRd4pNLXHHV

THE PASSWORD IS YOUR ACCOUNT/ WHO WOULD BE SO STUPID TO CHOOSE 10 CHARS?



However/why not check out 3RD GENERATION Frictionlesscoin https://bitcointalk.org/index.php?topic=429478.0

I am not trolling, but you sir are trolling.

it says clearly that the passpharse should be at least 30.
if you made a passphrase of only 10 charchters long it's your own fault . nothing to do with NXT.

Yes it is my fault for setting an insecure password. But I do not see what you said about passphrase length in the client.

[relgub]

I have an extreme password. I received 3 nxt from a faucet and the transaction appeared in the unconfirmed transactions part of my wallet.
But the 3 nxt never made to my transactions.  Why is that?

This wallet doesn't seem to work. Needless to say my address is the same and I haven't changed the password.

[instacalm]

I have an extreme password. I received 3 nxt from a faucet and the transaction appeared in the unconfirmed transactions part of my wallet.
But the 3 nxt never made to my transactions.  Why is that?

This wallet doesn't seem to work. Needless to say my address is the same and I haven't changed the password.

Check your balance: http://87.230.14.1/nxt/nxt.cgi?action=100 / http://www.mynxt.info/blockexplorer/

Perhaps your client's blocks are/were not synced with the network.

[digit]

I'd guess brute force attack.. sorry about that sucks.

Make a new account and I'll send you 3 NXT

BTW i think the nxt client recommends super long passwords.

That is very nice of you. Thanks but I am not here to ask for NXTs.

I am more concern of the security and the future of NXT. If stealing NXT is just the matter of guessing one's password, then its security is nothing compared
to the good ol' Bitcoin.

10 characters is too short, you need to use at least 50 characters for NXT.  use a random password generator to make it.

I don't think the average Joe would go through that kind of trouble to do that, it is a good thing to have a 50 char password but it is just not practical.
I suppose more than 15 char is recommended.

My thoughts on the security aspects. If the wallet provides you with the option of having a password, shouldn't it be the second line of defense instead of being the only one ?

NXT requires a complete change in thinking.  There is no wallet.dat to protect. The passphrase/password is the same as the privatekey in bitcoin type cryptos!  Entering that passphrase in NXT wallet is like importing a privatekey into a bitcoin wallet.  
The more complicated your passphrase the more secure your NXT will be, and like privatekeys in bitcoin each passphrase equals one unique NXT address.  

More information on security for NXT can be found here http://wiki.nxtcrypto.org/wiki/Account_Security

[Snail2]

A 10 char alphanumeric password is clearly too short. However OP has a good point about Average Joe who used to choose quite simple passwords.

[jason006]

the same to me
i have 2NXT got from the beginning i open an occunt
but one week later,it disappeared

[FrictionlessCoin]

10 characters is too short, you need to use at least 50 characters for NXT.  use a random password generator to make it.

Likely brute forced if 10 characters.

[FrictionlessCoin]

I'd guess brute force attack.. sorry about that sucks.

Make a new account and I'll send you 3 NXT

BTW i think the nxt client recommends super long passwords.

That is very nice of you. Thanks but I am not here to ask for NXTs.

I am more concern of the security and the future of NXT. If stealing NXT is just the matter of guessing one's password, then its security is nothing compared
to the good ol' Bitcoin.

10 characters is too short, you need to use at least 50 characters for NXT.  use a random password generator to make it.

I don't think the average Joe would go through that kind of trouble to do that, it is a good thing to have a 50 char password but it is just not practical.
I suppose more than 15 char is recommended.

My thoughts on the security aspects. If the wallet provides you with the option of having a password, shouldn't it be the second line of defense instead of being the only one ?

NXT requires a complete change in thinking.  There is no wallet.dat to protect. The passphrase/password is the same as the privatekey in bitcoin type cryptos!  Entering that passphrase in NXT wallet is like importing a privatekey into a bitcoin wallet.  
The more complicated your passphrase the more secure your NXT will be, and like privatekeys in bitcoin each passphrase equals one unique NXT address.  

More information on security for NXT can be found here http://wiki.nxtcrypto.org/wiki/Account_Security

Exactly.  Been screaming about this.  It is just insane.   You can collect all the addresses by reading the chain,  then you run a brute force to see if any matches the chain.

It is crazy!!

[QNX]

Bastard 10411181763421717624 also stoled my 54 nxt, password was long ыbought, but only from digits 16 chars

[anderl]

Avoid NXT.

[cryptohunter]

yeah nxt is like someone already having your wallet infront of them with unlimited time and chances to crack your account.... sadly a good gpu farm will rape most passwords in a matter of days unless it is way longer than 10 digits. I bet on the way to your account he cracked a few others too.

[samysamy1]

Bastard 10411181763421717624 also stoled my 54 nxt, password was long ыbought, but only from digits 16 chars

Where and when did you download the last update of the client?