BTC-e being hacked. Watch your account.

[outofservice]

I lost a few coins but they were just my "trading coins" (still it hurt and is a lesson learned), I kept my load on an encrypted external. I am thanking my brother for talking me into that because I used to have them all online.

I tried to set up the 2key on btc-e, they are set up on my other accounts, but the page to do so on btc-e is in russian. It also asks for a once time code. I have no idea what that code is. I've kept all emails from them and scowered them word by word looking to see if it had been sent and it had not. I emailed them about it and never heard back.
My cell is linked to all and the others you have to verify through the cell, just not btc-e because I didn't have that code to set it up.

The guy who hacked had to do work because my password was scrambled letters, numbers and symbols. Years ago I had simple passwords... until my bother showed me how easy he could crack mine. He's computers and math and I'm history and science. We all have our strengths and weaknesses. Mine just happens to be understanding detailed info about computers.

Funny thing is... I read 3 ppl ranting about getting hacked in the trollbox the last two days and as I read it I said to myself, man, that sucks, hope it doesn't happen to me.
It did and it seems to be happening to others as well. Those of you on btc-e, make sure your security is set.

Not sure how you can say "your security is set" on btc-e if you don't have 2fa enabled. Without 2fa your risk of being hacked goes up considerably.

You need to re-read that again. I didn't say, "my" security is set, I said, "Those of you on btc-e, make sure YOUR security is set".
btc-e is the only account I didn't have 2fa.
I don't get how all pages on btc-e are in English except for the 2fa page which is in Russian. My others sites/wallets have 2fa.

[outofservice]

It sounds like your password got stolen, not neccesarily btce itself hacked.

This is one department I'll admit that hodlors have a clear advantage.

Isn't stolen and hacked the same thing?

Uh, no.......................................

Quote from: outofservice on Today at 20:10:55


Quote from: BitcoinAshley on Today at 20:08:53

You probably have a keylogger. Sucks to be you! Don't keep more on an exchange than you can afford to lose.


What is a keylogger?

Oh boy..............................................



Thanks, your replies have been so helpful.

http://en.wikipedia.org/wiki/Keystroke_logging

A program can record your keystrokes and send it to the person who designed it. If you have one of these,all your passwords may have been compromised. But,damn...

Just read all that on wiki and have a few questions...

I haven't opened any strange links or downloaded anything lately, is there any other way that program could have found it's way into my laptop?

I ran a complete spy-ware and mal-ware program, nothing showed up. Would that confirm a Keystroke program is Not on my system?  ....none of my other accounts have been hacked.

[Denton]

It sounds like your password got stolen, not neccesarily btce itself hacked.

This is one department I'll admit that hodlors have a clear advantage.

Isn't stolen and hacked the same thing?

Uh, no.......................................

Quote from: outofservice on Today at 20:10:55


Quote from: BitcoinAshley on Today at 20:08:53

You probably have a keylogger. Sucks to be you! Don't keep more on an exchange than you can afford to lose.


What is a keylogger?

Oh boy..............................................



Thanks, your replies have been so helpful.

http://en.wikipedia.org/wiki/Keystroke_logging

A program can record your keystrokes and send it to the person who designed it. If you have one of these,all your passwords may have been compromised. But,damn...

Just read all that on wiki and have a few questions...

I haven't opened any strange links or downloaded anything lately, is there any other way that program could have found it's way into my laptop?

I ran a complete spy-ware and mal-ware program, nothing showed up. Would that confirm a Keystroke program is Not on my system?  ....none of my other accounts have been hacked.

It can come embedded in a jpeg that shows in an e-mail. That's why e-mail providers usually automatically block images.

[empoweoqwj]

im noticing msot hacks are people without 2fa

That would make sense, as I pointed out 2 posts ago

[coinage]

It can come embedded in a jpeg that shows in an e-mail. That's why e-mail providers usually automatically block images.

Email is an important attack vector, but images are mainly blocked when they are loaded from external URLs (not embedded in emails) so that users can choose to avoid automated tracking of whether/when they open messages.  Each email can be created with a unique image URL.  When that "image" is fetched, the server sending it can then be pretty confident someone opened the email.

Another reason is to reduce the amount of data downloaded for messages that may well be spam anyway.  (But whitelisted senders' mails are often treated differently, with all images fetched & displayed.)

The shocking jpeg buffer overflow vulnerability dates mainly to 2004 and has been addressed by updated software but that's not to say any software can be fully trusted.

It does make good sense to block unnecessary online content and to use different computers (virtual computers, at least) for financial tasks!