GreenBits (OP)
Legendary
 Offline
Activity: 1148
Merit: 1048
|
 |
January 26, 2014, 07:51:00 PM |
|
btce was the first account compromised for me chronologically, but out of the accounts compromised, it was the one i utilized the absolute least.
the only service ive signed up for in recent memory that shares this password is bit-mining.co . all the other accounts are very old/ not used (with the exception of cex, heavily used)
|
|
|
|
|
U1TRA_L0RD
Full Member
Offline
Activity: 126
Merit: 100
CAUTION: Angry Man with Attitude.
|
|
January 26, 2014, 08:24:29 PM |
|
Have you guys noticed there is now a chain between BTC-E transactions and account issues and MtGox transactions and account issues?
|
|
|
|
|
GreenBits (OP)
Legendary
Offline
Activity: 1148
Merit: 1048
|
|
January 26, 2014, 08:57:57 PM |
|
got some of my trans log. requested the login times and ips of the time my account was compromised, they werent available. Hello Ljackson,
Unfortunately we don't log login activity (it is sort of pointless in many situations, especially with cookie stealing). We instead choose to monitor changes in account information, including trading, password reset, withdraw request, etc... Also, much of the log is hard to understand. You have to remember that we are a new system, and that we've been working on important features rather than making easily readable logs.
Here is the log for your account: note:(the bold activity is legit)
Buying ljackson0214@gmail.com 59 GHs at 0.013
Buy_Recur(ljackson0214@gmail.com, 0.013, 59)
Buy filled none for ljackson0214@gmail.com, save.
Crediting ljackson0214@gmail.com with 59.00000000 GHs
Selling ljackson0214@gmail.com 10.00000000 GHs at 0.034
Subbing ljackson0214@gmail.com for 10.00000000 GHs
Sell_Recur(ljackson0214@gmail.com, 0.034, 10.00000000)
Sell filled none for ljackson0214@gmail.com, save.
Selling ljackson0214@gmail.com 10.00000000 GHs at 0.0335
Subbing ljackson0214@gmail.com for 10.00000000 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0335, 10.00000000)
Sell filled none for ljackson0214@gmail.com, save.
Selling ljackson0214@gmail.com 10.00000000 GHs at 0.033
Subbing ljackson0214@gmail.com for 10.00000000 GHs
Sell_Recur(ljackson0214@gmail.com, 0.033, 10.00000000)
Sell filled none for ljackson0214@gmail.com, save.
Selling ljackson0214@gmail.com 25 GHs at 0.0327
Subbing ljackson0214@gmail.com for 25 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0327, 25)
Sell filled none for ljackson0214@gmail.com, save.
Buying ljackson0214@gmail.com 10 GHs at 0.0145
Buy_Recur(ljackson0214@gmail.com, 0.0145, 10)
Buy filled none for ljackson0214@gmail.com, save.
Buying ljackson0214@gmail.com 142 GHs at 0.0140000
Buy_Recur(ljackson0214@gmail.com, 0.0140000, 142)
Buy filled none for ljackson0214@gmail.com, save.
Canceling 1753 for ljackson0214@gmail.com
Buy order canceled for ljackson0214@gmail.com, refunded 1.988.
Buying ljackson0214@gmail.com 133 GHs at 0.015
Buy_Recur(ljackson0214@gmail.com, 0.015, 133)
Buy filled none for ljackson0214@gmail.com, save.
Canceling 1770 for ljackson0214@gmail.com
Buy order canceled for ljackson0214@gmail.com, refunded 1.995.
Buying ljackson0214@gmail.com 99 GHs at 0.0200001
Buy_Recur(ljackson0214@gmail.com, 0.0200001, 99)
Buy filled none for ljackson0214@gmail.com, save.
Crediting ljackson0214@gmail.com with 15 GHs (filled)
Crediting ljackson0214@gmail.com with 25 GHs (filled)
Canceling 1752 for ljackson0214@gmail.com
Buy order canceled for ljackson0214@gmail.com, refunded 0.145.
Selling ljackson0214@gmail.com 1.00000000 GHs at 0.0290000
Subbing ljackson0214@gmail.com for 1.00000000 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0290000, 1.00000000)
Crediting xxxxx@hotmail.com with 1.00000000 GHs
Sell filled complete for ljackson0214@gmail.com, finish.
Canceling 1725 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1724 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com
, refunded 10.00000000
Canceling 1705 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 25.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 25.00000000
Canceling 1617 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 20.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 20.00000000
Canceling 1701 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1703 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1704 for ljackson0214@gmail.com
Crediting ljackson0214@gmail.com with 10.00000000 GHs
Sell order canceled for ljackson0214@gmail.com, refunded 10.00000000
Canceling 1792 for ljackson0214@gmail.com
Buy order canceled for ljackson0214@gmail.com
, refunded 1.1800059.
Selling ljackson0214@gmail.com 1.50000000 GHs at 0.0270001
Subbing ljackson0214@gmail.com for 1.50000000 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0270001, 1.50000000)
Sell filled complete for ljackson0214@gmail.com, finish.
Selling ljackson0214@gmail.com 177.07079376178 GHs at 0.0000003
Subbing ljackson0214@gmail.com for 177.07079376178 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 177.07079376178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 174.07079376178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 154.07079376178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 124.07079376178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 117.07079376178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 67.49811794178)
Crediting xxxx@hotmail.com with 1.00000000 GHs
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 66.49811794178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 63.49811794178)
Sell filled incomplete for ljackson0214@gmail.com, recur.
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 62.49811794178)
Sell filled complete for ljackson0214@gmail.com, finish.
Buying ljackson0214@gmail.com 52.08 GHs at 0.0500000
Buying ljackson0214@gmail.com 32.1974668 GHs at 0.0500000
Buy_Recur(ljackson0214@gmail.com, 0.0500000, 32.1974668)
Crediting ljackson0214@gmail.com with 1.02070624 GHs
Buy filled incomplete for ljackson0214@gmail.com, recur.
Buy_Recur(ljackson0214@gmail.com, 0.0500000, 31.17676056)
Crediting ljackson0214@gmail.com with 1.00000000 GHs
Buy filled incomplete for ljackson0214@gmail.com, recur.
Buy_Recur(ljackson0214@gmail.com, 0.0500000, 30.17676056)
Crediting ljackson0214@gmail.com with 19.00000000 GHs
Buy filled incomplete for ljackson0214@gmail.com, recur.
Buy_Recur(ljackson0214@gmail.com, 0.0500000, 11.17676056)
Crediting ljackson0214@gmail.com with 11.17676056 GHs
Buy filled complete for ljackson0214@gmail.com, finish.
Selling ljackson0214@gmail.com 999.99999999 GHs at 0.0000003
Subbing ljackson0214@gmail.com for 999.99999999 GHs
ljackson0214@gmail.com did not have 999.99999999 GHs to sub
Selling ljackson0214@gmail.com 32.1974668 GHs at 0.0000003
Subbing ljackson0214@gmail.com for 32.1974668 GHs
Sell_Recur(ljackson0214@gmail.com, 0.0000003, 32.1974668)
Sell filled complete for ljackson0214@gmail.com, finish.this indicates to me the person that compromised my account also has an account on the exchange, and had a buy/sell order filled. knowing how an orderbook works (demonstrated by the havelock/cex incursions), the thief did not attempt to liquidate the assets and withdraw the money, instead engaging in a pattern of buying/selling/buying selling that satisfied multiple orders over a period of time. this might also suggest multiple agents at work in cohesion (multiple account holders on the exchange) |
|
|
|
|
GreenBits (OP)
Legendary
Offline
Activity: 1148
Merit: 1048
|
|
January 26, 2014, 10:12:10 PM |
|
also, do like, websites exist nowadays that dont record ip addresses of login attempts? or times? esp at a place where multiple password resets mean a required manual admin override to access ( he had to email me a password to get back into my account) i mean, not tech genius here, but there are websites with multiple user accounts that dont record ip information for that particular session? isnt that basic information a site admin/webmaster should have access to?
why cant i find a single password reset email?
|
|
|
|
|
Slight0
Newbie
Offline
Activity: 14
Merit: 0
|
|
January 26, 2014, 10:47:21 PM |
|
There's a good chance the exchange itself could have been compromised or another service you subscribe to. Usually it's pretty easy to tell if your gmail was compromised because of the extensive logging and security tools they have in place. Plus you had 2fa.
Seems really unlikely that a hacker would be able to specifically target your computer after knowing your involvement with BTC so we can rule out a targeted "blackbox" attack. We can also rule out session hijacking (stealing cookies) as he was able to get your password to other exchanges. You say you keep your system secure and updated so it's unlikely you were caught by a trojan or botnet.
You need to catalog ALL places where you have used that username/email and password combo and try to determine if one of those sites/services were compromised because that sounds like the most likely attack vector. Could be as simple as someone hacking a forum that you frequent, cracking your password, then trying it out to see what they can access.
|
|
|
|
|
GreenBits (OP)
Legendary
Offline
Activity: 1148
Merit: 1048
|
|
January 26, 2014, 11:25:52 PM |
|
this password was specifically developed for this category of sites. i keep different sets of passwords (and variations of older passwords over time) for things i deem at different levels of risk. password is ten characters long with three numbers, one cap and 1 symbol. the gmail account doesnt even share the compromised password, in addition to 2fa. i left my android device at home for the holidays and was completely cut off from accessing my btc, so i know how hardcore google is about not letting you access your gmail from foreign ips/foreign devices.
but, every single service that was compromised, had the same password.
Slight, I believe you are correct, out of the services, one of the 4 had its database compromised, either by subversive, technological methods, or simple employee theft.
So lets narrow those vectors down to:
BTCE (10+ months old account)
HAVELOCK (6+ months old, most likely older)
CEX.IO (6+ months old, mst likely older)
BIT-MINING.CO (week old)
my activities are so habitual i can assure you i havent visited any sites with possible malware, nor opened any attachments. also, other passwords have been used on this system, recently, but havent been compromised. in fact, because of a tech error of bit-mining.co (wallet had to sync over two days before we could get withdrawals), i spent 2.5 days camped out in chat waiting for the resolution (most of my position was there, and trading as well as withdrawal was disabled/suspended) literally, checking the site every 15 minutes. i look at that, havelock and cex.io's orderbooks, and i browse the securities section of the forum for news. this is the only thing i do with this terminal. no gaming. no media creation. no youtube. i use my phone for all of this
The common link is the password.
|
|
|
|
|
Slight0
Newbie
Offline
Activity: 14
Merit: 0
|
|
January 26, 2014, 11:35:23 PM |
|
So lets narrow those vectors down to:
BTCE (10+ months old account)
HAVELOCK (6+ months old, most likely older)
CEX.IO (6+ months old, mst likely older)
BIT-MINING.CO (week old)
Ok nice list. Make sure you're 100% certain those are the only places you used your password. i use my phone for all of this
How often do you use wifi and where? Wifi connections, especially public ones are basically a hunting ground for anyone who has basic hacking knowledge. I myself, on a test trail, have stolen people's email passwords and hijacked sessions in public places like the airport, mall, universities, anywhere is unsafe. (Mind you I did this to test common wifi security vulnerabilities as a part of a project, I never did anything with the data collected other then verify that it could be used to access restricted accounts). As far as I know 3G broadband is safe. |
|
|
|
|
GreenBits (OP)
Legendary
Offline
Activity: 1148
Merit: 1048
|
|
January 26, 2014, 11:53:27 PM |
|
this is a laptop, accessing a wifi connection. wifi connection is provided, i live in corporate housing. is password protected, password is fairly complicated and is only given out to lease holders. maybe 10 people total would be using this network.
because of the variable signal strength, i most often use 3g data on my android device to surf the web/youtube/casual research. the old building eats the signal. the laptop, connected to an additional display in the living room, is stationary. it is not specced well enough for gaming/watching media.
this is, in all respects, a work computer.
i have only used this singular connection for the many months this computer has been tethered here
|
|
|
|
|
|
empoweoqwj
|
|
January 27, 2014, 02:15:16 AM |
|
I had a very similar experience with btc-e, I lost about 180 ltc, and 1.7 btc, they didn't get my other coins though.
My 2fa was not compromised yet they removed all my funds.
This was directly after I contacted btc-e support.
I believe to this day btc-e is not a trustworthy company.
Bulgarians!
Any time anyone has coins stolen from an online exchange / wallet provider, they should definitely report it here. Then we can get an idea of the trustworthiness (or not) of the site in question. If money is regularly disappearing with 2fa in place, you have to start wondering whether its an inside job. |
|
|
|
|
U1TRA_L0RD
Full Member
Offline
Activity: 126
Merit: 100
CAUTION: Angry Man with Attitude.
|
|
January 27, 2014, 02:23:06 AM |
|
I had a very similar experience with btc-e, I lost about 180 ltc, and 1.7 btc, they didn't get my other coins though.
My 2fa was not compromised yet they removed all my funds.
This was directly after I contacted btc-e support.
I believe to this day btc-e is not a trustworthy company.
Bulgarians!
Any time anyone has coins stolen from an online exchange / wallet provider, they should definitely report it here. Then we can get an idea of the trustworthiness (or not) of the site in question. If money is regularly disappearing with 2fa in place, you have to start wondering whether its an inside job. If BTC-E is selective scamming, Is there a way to report them, What their country laws? |
|
|
|
|
|
empoweoqwj
|
|
January 27, 2014, 02:31:46 AM |
|
I had a very similar experience with btc-e, I lost about 180 ltc, and 1.7 btc, they didn't get my other coins though.
My 2fa was not compromised yet they removed all my funds.
This was directly after I contacted btc-e support.
I believe to this day btc-e is not a trustworthy company.
Bulgarians!
Any time anyone has coins stolen from an online exchange / wallet provider, they should definitely report it here. Then we can get an idea of the trustworthiness (or not) of the site in question. If money is regularly disappearing with 2fa in place, you have to start wondering whether its an inside job. If BTC-E is selective scamming, Is there a way to report them, What their country laws? They won't even tell us who they are. That tells you something already ... |
|
|
|
|
U1TRA_L0RD
Full Member
Offline
Activity: 126
Merit: 100
CAUTION: Angry Man with Attitude.
|
|
January 27, 2014, 03:18:09 AM |
|
I had a very similar experience with btc-e, I lost about 180 ltc, and 1.7 btc, they didn't get my other coins though.
My 2fa was not compromised yet they removed all my funds.
This was directly after I contacted btc-e support.
I believe to this day btc-e is not a trustworthy company.
Bulgarians!
Any time anyone has coins stolen from an online exchange / wallet provider, they should definitely report it here. Then we can get an idea of the trustworthiness (or not) of the site in question. If money is regularly disappearing with 2fa in place, you have to start wondering whether its an inside job. If BTC-E is selective scamming, Is there a way to report them, What their country laws? They won't even tell us who they are. That tells you something already ... Oh yea, Im pretty sure, Get enough users to steal billions from and put them into different wallet by using a bitcoin tumblr. |
|
|
|
|
GreenBits (OP)
Legendary
Offline
Activity: 1148
Merit: 1048
|
|
January 27, 2014, 04:10:20 AM
Last edit: January 28, 2014, 07:02:02 AM by GreenBits |
|
Honestly, id take btce and cex.io off the list. I havent used my btce account in at least 6 months, it wasnt carrying a balance. had been using cex.io, but again low balance. if the compromise was inter exchange, there would be little financial incentive to take my particular account in those cases. the high value accounts were bit-mining.co and havelock (in that order). These have activity. But for the last week, pretty much the sole site ive been accessing has been bit-mining. which has been under maintenance roughly half that time.
this has to be the dumbest fucking thief in the land. deletes over 10 password reset emails to cover his tracks, and leaves fraudulent login notifications and trade notification sitting in the inbox. that seems highly illogical.
given the lack of timestamps, ive asked bit-mining.co to provide a chronology of the intrusion. i still haven't been told definitively how the hacker got into my account. waiting for a response from them.
|
|
|
|
|
bbit
Legendary
Offline
Activity: 1330
Merit: 1000
Bitcoin
|
|
January 27, 2014, 04:14:12 AM |
|
Probably something to do with email you have to be SUPER careful with that stuff.
|
|
|
|
GreenBits (OP)
Legendary
Offline
Activity: 1148
Merit: 1048
|
|
January 27, 2014, 04:27:20 AM |
|
i wrote: so, the attacker reset my password, utilized the reset to gain access to my account (got into my email), did the series of trades/withdrawal attempts, then, after they finished, as a final action, they reset the password again a second time? this is the sequence of events i have gleaned from our communications.
you see, i remember coming to the terminal, seeing the commotion about a huge buy sell, then refreshing and seeing that small account balance before i attempted to withdraw (dont see my withdrawal attempts). when i hit the trade tab again, i was logged out, then my pass didnt work. that would indicate the password was reset (the second time i guess) while i was actively in chat.
so this was happening while i was near my terminal?
he already had the password.. why did this guy reset it to get a new one?
and why lock me out of my account  he was cool enough to leave me access to all the other accounts he compromised..
none of the other accounts compromised had password resets applied. he knew the password on earlier incursions (btce,cex,havelock) but needed to reset the password on my account here to get in? he had the credentials already... why risk locking the account? also, i cant seem to find a record of any of the password reset emails in my spam, trash, inbox, anywhere. How many password reset requests were issued? why wasnt the account locked in the initial series of password reset attempts, like the second time? also, if my email was compromised, the attacker neglected to delete the havelock trade notifications and btce login notifications yet deleted all the password reset emails (which would have been quite numerous, else it would have meant it was locked due to multiple attempts).
are you absolutely sure that the attacker gained entry via a password reset? i think this is a red herring.
no other service i have accessed in the last 5 days (lbc/gox/stamp) that doesnt share a common password with this incident was affected. all those accounts with different passwords ( accessed from the same compromised pc, using the same compromised email) are completely unaffected.
i strongly urge you to continue investigation into the possibility my credentials were compromised on your end.
thoughts?
iresponse: Well, I can't answer all those questions for you, as I don't know what the hacker was thinking. However, I can attempt to make guesses, and maybe from them and any other information you may be aware of, you can determine what makes sense.
"so, the attacker reset my password, utilized the reset to gain access to my account (got into my email), did the series of trades/withdrawal attempts, then, after they finished, as a final action, they reset the password again a second time? this is the sequence of events i have gleaned from our communications."
Not entirely true. They attempted MANY password resets - so many, so close together, that our server's mail queue became too full and stopped sending mails to your email at all. Not sure what the point of this was.
"you see, i remember coming to the terminal, seeing the commotion about a huge buy sell, then refreshing and seeing that small account balance before i attempted to withdraw (dont see my withdrawal attempts). when i hit the trade tab again, i was logged out, then my pass didnt work. that would indicate the password was reset (the second time i guess) while i was actively in chat."
That, or your session had expired. Seems like an awful big coincidence that your session would expire just as this is occurring, however.
"he already had the password. why did this guy reset it to get a new one?"
Not sure. My original thought was that he first gained access to your email, and knew somehow beforehand that you were a bit-mining user. So, he went to reset your password, and, since he was in a rush (he somehow knew you were at the terminal as you say, perhaps), reset it a whole ton of times since our password resets sometimes take some time to get to your email. He got the password, deleted all the messages (explaining why you don't see any password reset emails in your inbox now), accessed your account, conducted the trades, possibly out of spite, or in some roundabout way to enrich himself, and finally logged out of the account.
This theory is reasonable, but still doesn't support some of the facts. Specifically, (A) that there were no oddly-priced orders placed just before the transaction so the hacker could enrich himself, (B) that your other accounts were accessed... presumably with no password resets (because you can still access the accounts with your old password), and (C) that the hacker attempted to withdraw BTC, suggesting he is unfamiliar with our system. Also, you claim that your gmail had 2 step security placed on it, which renders that type of hack fairly unlikely.
My other theory, which seems to hold a bit more water (I have developed it a bit more since yesterday, so bear with me), is that the hacker somehow got the password to your btc-e account, logged in, and didn't see any balance. However, he saw your chat username mcnastyfilth (I checked the BTC-E chat archive, you that indeed seems to be your name there: http://trollboxarchive.com/search.php?search_type=username&search=mcnastyfilth) . With this username he accessed your Cex.io account. When there was no balance in either of these, he noticed from the cex.io chat log that you mentioned Bit-Mining & Havelock. He drained your havelock account, attempted to drain your Bit-Mining account, and when he couldn't, decided to just destroy it out of spite instead. |
|
|
|
|
GreenBits (OP)
Legendary
Offline
Activity: 1148
Merit: 1048
|
|
January 27, 2014, 04:49:53 AM |
|
rofl, why is everyone else so quick to assume that email caused this? I have 2 fa on my gmail with an android device. like, what about this makes poeple believe my email was compromised? gmail doesnt indicate that, and the sensitive information/lack off cleanup suggest that entry to my email was never gained.
There is more important shit in my email than the credentials for 7 btc. Why nothing else disturbed? The whole argument for my email being compromised rests on the fact that in order to access my bitmining.co account, my password was suppsedly reset, and that reset password was accessed from the only place it could, my inbox (the self same 2fa'd gmail account with an even more complex password).
The takeaway:
The only way that my bit-mining.co account was compromised was if my email was compromised.so if my email wasnt compromised, someone is lying to me.
the guy had the password to get into the account. this was his last stop.
1)....but instead he resets it.
2)....then uses technomancy (accessing my gmail) to get the new password,
3)....deletes all the password reset messages to cover his tracks (LEAVING 4 sell/withdrawal/login notifications in the process, he didnt see those in the inbox apparently), all to:
4) to then to break into my account with the newly generated password.
and, not being able to figure out the withdrawal system at bitmining (your cat could figure this out), attempted only 2 times to withdraw the balance after spending some of it for more ghs? which he sold at the lowest possible price? which, amazingly, he was so inept he put his btc address in an input field designed for a btc amount?
should have taken the fuckin password and skipped to step 4, dont you think? this guy fought the gmail dragon/put malware/phished/cookiestole/i could give two fucks when he already has the username and pass?
now does that scenario seem more likely, or this:
password reset never happened?
|
|
|
|
|
|
electerium
|
|
January 27, 2014, 08:08:00 AM |
|
This one is very simple
If we're positive that your email is safe, then there are 2 obvious explanations
1) you are keylogged (most likely)
or
2) some bitcoin site that you use has had their database compromised. Because you use the same password for all of your bitcoin related activities it would not be too hard to begin targeting sites with your email address and password. He'd never even have to have physical access to your email. The physical address is enough to get into a site like havelock if you know the password.
so what's the gist, kids?
1- always ALWAYS enable 2FA
2- always, ALWAYS make seperate passwords for every single site you use
3- use a some encrypted password manager or a physical notebook.
|
|
|
|
|
GreenBits (OP)
Legendary
Offline
Activity: 1148
Merit: 1048
|
|
January 27, 2014, 08:19:21 AM |
|
so what's the gist, kids?
1- always ALWAYS enable 2FA
2- always, ALWAYS make seperate passwords for every single site you use
3- use a some encrypted password manager or a physical notebook.
totally agree, now i know. but, i dont use the same password for all my bitcoin related activities. i use many different ones. let me clarify, only the exchanges i use for trading have this password. i utilize a variety of different passwords. lbc, mtgoox, btistamp, here, are all unique passwords, because i use them very infrequently. i dont believe i was keylogged, again, no other services were compromised. keylogger would get more than one password, correct? id be looking at total account compromise across the board, not just a single user/pass pair compromised (which seems to be the case). i have never accessed these accounts except at my home terminal. |
|
|
|
|
|
Sonny
|
|
January 27, 2014, 08:41:08 AM |
|
I had a very similar experience with btc-e, I lost about 180 ltc, and 1.7 btc, they didn't get my other coins though.
My 2fa was not compromised yet they removed all my funds.
This was directly after I contacted btc-e support.
I believe to this day btc-e is not a trustworthy company.
Bulgarians!
Any time anyone has coins stolen from an online exchange / wallet provider, they should definitely report it here. Then we can get an idea of the trustworthiness (or not) of the site in question. If money is regularly disappearing with 2fa in place, you have to start wondering whether its an inside job. If BTC-E is selective scamming, Is there a way to report them, What their country laws? They won't even tell us who they are. That tells you something already ... Isn't btc-e based in Russia? I always hear that again and again in the forum... |
|
|
|
|
U1TRA_L0RD
Full Member
Offline
Activity: 126
Merit: 100
CAUTION: Angry Man with Attitude.
|
|
January 27, 2014, 11:42:50 AM |
|
I had a very similar experience with btc-e, I lost about 180 ltc, and 1.7 btc, they didn't get my other coins though.
My 2fa was not compromised yet they removed all my funds.
This was directly after I contacted btc-e support.
I believe to this day btc-e is not a trustworthy company.
Bulgarians!
Any time anyone has coins stolen from an online exchange / wallet provider, they should definitely report it here. Then we can get an idea of the trustworthiness (or not) of the site in question. If money is regularly disappearing with 2fa in place, you have to start wondering whether its an inside job. If BTC-E is selective scamming, Is there a way to report them, What their country laws? They won't even tell us who they are. That tells you something already ... Isn't btc-e based in Russia? I always hear that again and again in the forum... I dont think so. |
|
|
|
|
|
