Bitcoin Forum
December 04, 2016, 08:38:04 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 »  All
  Print  
Author Topic: bitcoin7.com 'hacked'. Database and wallets 'stolen'  (Read 20705 times)
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 560


Posts: 69


View Profile WWW
October 06, 2011, 08:07:21 PM
 #41

I would take all emails claiming to be from Bitcoin7 with the biggest grain of salt you can find.   

1480883884
Hero Member
*
Offline Offline

Posts: 1480883884

View Profile Personal Message (Offline)

Ignore
1480883884
Reply with quote  #2

1480883884
Report to moderator
1480883884
Hero Member
*
Offline Offline

Posts: 1480883884

View Profile Personal Message (Offline)

Ignore
1480883884
Reply with quote  #2

1480883884
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin-Qt, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480883884
Hero Member
*
Offline Offline

Posts: 1480883884

View Profile Personal Message (Offline)

Ignore
1480883884
Reply with quote  #2

1480883884
Report to moderator
1480883884
Hero Member
*
Offline Offline

Posts: 1480883884

View Profile Personal Message (Offline)

Ignore
1480883884
Reply with quote  #2

1480883884
Report to moderator
cjp
Full Member
***
Offline Offline

Activity: 210



View Profile WWW
October 06, 2011, 08:31:28 PM
 #42

I would take all emails claiming to be from Bitcoin7 with the biggest grain of salt you can find.

I suppose you have to be careful that whatever instructions they send don't come down to "give us access to the rest of your money". I think it's worth a warning to people to not follow instructions without thinking.

Once somebody receives such an e-mail from B7, can the contents be posted here? Please post it in filtered form (don't include any information which shouldn't be visible to the whole world, such as full URLs with identification numbers in it, or passwords).

Donate to: 1KNgGhVJx4yKupWicMenyg6SLoS68nA6S8
http://cornwarecjp.github.io/amiko-pay/
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
October 06, 2011, 11:49:37 PM
 #43

About 1..2 weeks before this happened, there was an incident where I sent euros to b7, but b7 claimed they never arrived.
...

Actually it might be kind of nice if a solution existed where a terse log of anomalies associated with businesses which hold other peoples money could be reported.  Perhaps patterns could be spotted if they emerge and users might have some sort of advanced warning.  I'm thinking of a stone simple form based incident report thing which would take only a moment to input info into, and the results could be searched.

Maybe the bitsyn people could pick up on that one.


Perhaps we could have a sticky thread here in which these things odd things concerning exchanges are reported.  I think a lot of people would be far more likely to check out the last few pages of the thread than would search a database.

It can also be difficult to know whether odd stuff is significant or not.  There's something going on with one of the Australian exchanges at the moment which may or may not be important, and I've been reluctant to post about it because the public records don't give information about "why" and the reasons behind what's going on could be fairly minor (or even if they aren't, the exchange could say they are and there's no real way to verify that information).

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
October 07, 2011, 01:47:15 AM
 #44

About 1..2 weeks before this happened, there was an incident where I sent euros to b7, but b7 claimed they never arrived.
...

Actually it might be kind of nice if a solution existed where a terse log of anomalies associated with businesses which hold other peoples money could be reported.  Perhaps patterns could be spotted if they emerge and users might have some sort of advanced warning.  I'm thinking of a stone simple form based incident report thing which would take only a moment to input info into, and the results could be searched.

Maybe the bitsyn people could pick up on that one.


Perhaps we could have a sticky thread here in which these things odd things concerning exchanges are reported.  I think a lot of people would be far more likely to check out the last few pages of the thread than would search a database.

It can also be difficult to know whether odd stuff is significant or not.  There's something going on with one of the Australian exchanges at the moment which may or may not be important, and I've been reluctant to post about it because the public records don't give information about "why" and the reasons behind what's going on could be fairly minor (or even if they aren't, the exchange could say they are and there's no real way to verify that information).

A reporter was ready to comment on what you feel like is a problem over at the Australian exchange with he was interrupted by a more pressing concern: http://www.youtube.com/watch?v=aTcSi7c06oc

mizerydearia
Hero Member
*****
Offline Offline

Activity: 574



View Profile
October 07, 2011, 10:06:33 AM
 #45

I don't see how to withdraw my 1 bitcoin.






I also do not see a way to specify USD amount even.

Code:
<div class="row">
<div class="text"><label for="">Amount to withdraw:</label></div>

                <div class="field">0.00 USD <img src="img/flags/usd.gif" /></div>
</div>

Note that 0.00 is plain text and not an input field.

Although, I did not have any usd in my account, only 1 bitcoin.





I'm also a bit skeptical that this process is designed to fish for information of others in which the submitted images (if any) will be used for identity theft purposes.

Again, bitcoin7 have no documented information as to who they are, so they are free to fuck with anyone and everyone as much as they desire.  Bitcoin7 will most likely respond assuring that this is not the case, but that easily can also be part of their effort to continue the fuckages through sense of doubt and willing to take risks, for anyone who is willing to naively consider such options. ^_^
Rino
Jr. Member
*
Offline Offline

Activity: 38


View Profile
October 07, 2011, 11:27:47 AM
 #46

i had some cents in bitcoin7 and they are displayed right in that image.
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 560


Posts: 69


View Profile WWW
October 07, 2011, 11:46:08 AM
 #47

I'm also a bit skeptical that this process is designed to fish for information of others in which the submitted images (if any) will be used for identity theft purposes.

Shit is going to be very serious with whatever is going down with this site and wanting that much information from a user.

At the least this might be filtering out those who use their Bitcoin/exchanges for non legal purposes who will outright refuse to give up that much information.

JonHind
Full Member
***
Offline Offline

Activity: 126


View Profile
October 07, 2011, 12:25:56 PM
 #48

It's ok guys. You can trust them. All they need are scans of your ID, utility bill, bank account details and address etc. What harm could that do?

Anyone sending them these docs deserves to be scammed imho. Call it a stupid tax.
mizerydearia
Hero Member
*****
Offline Offline

Activity: 574



View Profile
October 07, 2011, 12:30:18 PM
 #49

Maybe users can use http://bitcoinmarkets.com/exchanges.php as a kind of reference to see which bitcoin exchanges are trustworthy/reliable in which the contact information is available.


HOWEVER....


The information must also be verified/confirmed so that new exchanges do not provide false information to give perception of legitimacy and continue the fuckages taking advantage of gullible peoples.
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 560


Posts: 69


View Profile WWW
October 07, 2011, 12:41:05 PM
 #50

The information must also be verified/confirmed so that new exchanges do not provide false information to give perception of legitimacy and continue the fuckages taking advantage of gullible peoples.

I do wonder who fact checks everything all these exchanges blurt out other than Gage.

NghtRppr
Sr. Member
****
Offline Offline

Activity: 476


View Profile
October 07, 2011, 01:02:41 PM
 #51

This is why we use OpenID. Even if someone manages to steal our database, it's worthless to them. There are no passwords in it. We also support two-factor authentication.
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
October 07, 2011, 02:03:31 PM
 #52

This is why we use OpenID. Even if someone manages to steal our database, it's worthless to them. There are no passwords in it. We also support two-factor authentication.

You can achieve practically the same using multi-round, multi-algorithm, multiple salts hashing. Makes the hashed password databases useless as long as people are using long (> Cool passwords.

Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
October 07, 2011, 03:20:52 PM
 #53

I'm also a bit skeptical that this process is designed to fish for information of others in which the submitted images (if any) will be used for identity theft purposes.

Shit is going to be very serious with whatever is going down with this site and wanting that much information from a user.

At the least this might be filtering out those who use their Bitcoin/exchanges for non legal purposes who will outright refuse to give up that much information.
I have to agree with this. If I were a criminal, I would have wished that I had thought of this first! Combine the loss of Bitcoins from MyBitcoin, along with the database leak of MtGox, and you end up with a bunch of money AND enough information from your users to perform identity theft! It's brilliant, really.

Under NO circumstance should you provide them with information that they didn't already have. It won't help in verification even IF they are sincere. MtGox didn't even ASK for some of the stuff Bitcoin7 is asking for, and unlike Bitcoin7, MtGox's database was publicly leaked! In fact, I'm surprised that Bitcoin7 didn't just "leak" it themselves to appear more legitimate.

Dansker
Hero Member
*****
Offline Offline

Activity: 740


Hello world!


View Profile
October 07, 2011, 03:23:07 PM
 #54

That is why you should only do business (serious business anyway) with companies where you KNOW who the person behind it is, that is his/her full name, e-mail, phone and physical address is known.

Also, the company must be registered in a decent country, and preferably have insurance if it deals in finance and trade.

cjp
Full Member
***
Offline Offline

Activity: 210



View Profile WWW
October 07, 2011, 04:43:13 PM
 #55

I received this e-mail:
From: info@bitcoin7.com
Date: Fri, October 7, 2011 10:48 am
Subject: Bitcoin7 Account Access Retrieval
Quote
Dear Bitcoin7 User,
In order for you to regain access to your account we will need to verify you as
account owner.
In order to begin the verification process, please proceed to the following address:
https://bitcoin7.com/withdraw/?email=<my email address>&secret=<some big number>
The e-mail was marked as "SPOOFED"; probably by my e-mail provider. According to the e-mail header, it was generated by some PHP script on what seems to be the root account on bitcoin7.com.

By following the link and then logging in with my b7 password, I entered the page that looks just like the screen shot in the post of mizerydearia.

In my case, it said I could only withdraw 0.00 EUR or 0.00 USD, so I didn't even bother submitting any of the requested information.

Considering the type of information they want to have, this really looks like an attempt to identity theft! DON'T FILL IN ANYTHING THAT YOU THINK ISN'T STRICTLY NECESSARY FOR THE WITHDRAWAL TRANSACTION!

For me, the amount of stolen money is about a single day of salary, so I will only spend a limited amount of (otherwise quality-)time in retrieving the money. Are there people who want to cooperate? What kind of action would be appropriate? Personally, I oppose any criminal counter-measures. Does anyone know what we can expect of the Bulgarian legal system?

Donate to: 1KNgGhVJx4yKupWicMenyg6SLoS68nA6S8
http://cornwarecjp.github.io/amiko-pay/
BurtW
Legendary
*
Offline Offline

Activity: 1778

All paid signature campaigns should be banned.


View Profile WWW
October 07, 2011, 04:48:42 PM
 #56

The reason we need to give this kind of information (passport, license, utility bills, etc.) to Mt. Gox is that they need it to comply with regulations so they can continue our accounts and continue their business.

But, we have already been told by Bitcoin7 that they are discontinuing business!  They do not need all this personal identification information for that.  Remember that Bitcoin7 was originally a verbatim rip off of other exchanges.  This looks like a verbatim rip off of the Mt. Gox account validation procedure.

All they need is a simple way for people to reclaim their accounts so they can give them back whatever money and BTC are left in the “hacked” accounts before they close up shop.

There is absolutely no reason for anyone to send this kind of information to an exchange that is going out of business.


Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
tvbcof
Legendary
*
Online Online

Activity: 1974


View Profile
October 07, 2011, 05:31:08 PM
 #57

The reason we need to give this kind of information (passport, license, utility bills, etc.) to Mt. Gox is that they need it to comply with regulations so they can continue our accounts and continue their business.

But, we have already been told by Bitcoin7 that they are discontinuing business!  They do not need all this personal identification information for that.  Remember that Bitcoin7 was originally a verbatim rip off of other exchanges.  This looks like a verbatim rip off of the Mt. Gox account validation procedure.

All they need is a simple way for people to reclaim their accounts so they can give them back whatever money and BTC are left in the “hacked” accounts before they close up shop.

There is absolutely no reason for anyone to send this kind of information to an exchange that is going out of business.

One reason I can think of off hand would be so that you can get your money.  Although I am not a lawyer, it would surprise me very much if someone could legally avoid 'complying with regulations' by going out of business.  Even in Bulgaria.

So, B7 has figured out a way to get, in addition to the BTC, either the money which was in the B7 accounts or even better, information of probably even more value.  And probably both for anyone dumb enough not to write this one off to...er...'bad luck' to be diplomatic in my terminology.

BurtW
Legendary
*
Offline Offline

Activity: 1778

All paid signature campaigns should be banned.


View Profile WWW
October 07, 2011, 05:44:09 PM
 #58

Also on the one hand:  Our security was so piss poor that we go hacked and lost a bunch of your money - sorry guys.  We do not have the resources to fix the holes in our security so we are leaving town.

On the other hand:  Give us a bunch of personal information - we promise that even though we admit we have done nothing to fix the holes in our security your information is safe with us, no, really, we are serious.


Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Horkabork
Full Member
***
Offline Offline

Activity: 140



View Profile
October 07, 2011, 07:01:20 PM
 #59

How to get rich off of Bitcoin in 4 easy steps:

1. Set up an exchange with timing that coincides with a large amount of distrust in your competition and desperation for alternatives. Name it something reminiscent of the hit 1970's British sci-fi show, Blake's 7 and the 1960 film, The Magnificent Seven.

2. Convince people of your legitimacy by pointing to other businesses you might run and/or by soliciting endorsements.

3. Set up a pyramid referral scheme and have people spam their referral codes all over.

4. "Apologize" for the referral spam and do some half-assed rectification, but only after this advertising for your exchange has thoroughly saturated the market.

5. Wait until your exchange wallets seem to have reached their maximum and then plateaued.

6. Have someone you know "hack" the website and steal the money. Politely sidestep the huge security issue of having all the money in wallets that are internet-accessible (Any exchange should only need like 10% of funds in a readily-available wallet).

7. Say, "Oh no we've been hacked. Welp, we're going out of business. We'll give you whatever money we have left, if we feel like it or are legally forced too somehow. Good luck with recovering your funds legally, suckers, as we're in Slovakia or some shit."

8. Move around the "stolen" BTC a bunch of times, then sell it on another exchange. Wait a minute, actually do that a few steps back, so you can exchange the BTC before your announcement lowers the exchange rate or other exchanges catch on and start looking for suspicious exchanges.

9. High fives all around. Hooker and blow. Pancakes and whipped cream. Ice cream fights. Getting serviced so often by high-price prostitutes that you actually say, for the first time in your life, the uncanny phrase, "Man, I'm really getting tired of all these blowjobs."

10. Buy a zeppelin, a top hat, a gold cane, a pocket watch, a monocle, and a rare, purebred yappy dog named "Captain Flufflebunny III". Travel the world. Use the words "orient," "dark continent," "savages," and "colonies" when speaking of your travels.

11. Moon base.

I lied about how many steps this would take. Lying is very advantageous in getting rich off of this scheme.

Me: 15gbWvpLPfbLJZBsL2u5gkBdL3BUXDbTuF
A goat: http://i52.tinypic.com/34pj4v6.jpg
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 560


Posts: 69


View Profile WWW
October 07, 2011, 07:04:24 PM
 #60

1. Set up an exchange with timing that coincides with a large amount of distrust in your competition and desperation for alternatives. Name it something reminiscent of the hit 1970's British sci-fi show, Blake's 7 and the 1960 film, The Magnificent Seven.

MyMtcoinicasangotradebitcardshop.com https://bitcointalk.org/index.php?topic=47098.0

Pages: « 1 2 [3] 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!