Bitcoin Forum
September 21, 2018, 03:13:25 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Lets talk Bitcointalk  (Read 308 times)
jimmychanga
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
July 24, 2018, 11:43:56 PM
 #1

On May 19th my Bitcointalk account was compromised via bruteforce, However it wasn't until July 9th 2018 that i found out as i'm not very active on the forum.
What surprised me about this situation wasn't that i was hacked but rather how EASY Bitcointalk made it for the "hacker", I'll elaborate.

Why does Bitcointalk offer NO security when it comes to its users accounts?

Since the beginning of the internet websites have always required the account-holder to verify ANY major changes to an account ie; password change, email etc.
Apparently Bitcointalk doesn't seem to require any verification of account changes, I mean sure we have the option to lock the account within 15-days of the changes happening
but that doesn't do much in my case or in the case of any casual member of the forum who doesn't realize until weeks after the fact.

See: https://gyazo.com/5a2dd6d9504e4af5acd5e0450edd0869

Your account recovery process is trash, Why?

I contacted Theymos on July 9th explaining what happened and how the hacker was attempting to scam the community via an ICO crowdsale, Received no response so i then reached out to Cyrus and still have not heard from either of the forum admins 2+ weeks later.

I'm aware i'm not the only one whom this has happened and it isn't as if my account was Hero/Legend status but when someone is attempting to scam your community and you as an admin are given weeks heads-up notice and don't even bother to read the message, Its concerning for the forum overall. I'm a member of several larger internet boards and they don't really seem to have this problem so what are the admins of Bitcointalk doing?

Recovery Method?

So in order to recover a stolen account we must supply admins with Bitcoin Address or PGP Key related to the account, EXCEPT none of which was REQUIRED upon signing up.
Why not make it clear to members that they MUST supply a wallet address or PGP key and/or store it somewhere as backup incase they're compromised?

In my case i used hundreds of different wallet addresses and never PGP signed my account that i recall.

With all the posts about accounts being compromised you'd think that there would be an urgency of sort to assist users of the community, Instead the entire procedure and account safety features seem rather moot.


1537499605
Hero Member
*
Offline Offline

Posts: 1537499605

View Profile Personal Message (Offline)

Ignore
1537499605
Reply with quote  #2

1537499605
Report to moderator
1537499605
Hero Member
*
Offline Offline

Posts: 1537499605

View Profile Personal Message (Offline)

Ignore
1537499605
Reply with quote  #2

1537499605
Report to moderator
1537499605
Hero Member
*
Offline Offline

Posts: 1537499605

View Profile Personal Message (Offline)

Ignore
1537499605
Reply with quote  #2

1537499605
Report to moderator
Einax Airdrops and Bounties made easy! List your ERC-20 token
FREE
ETH markets launching soon!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537499605
Hero Member
*
Offline Offline

Posts: 1537499605

View Profile Personal Message (Offline)

Ignore
1537499605
Reply with quote  #2

1537499605
Report to moderator
1537499605
Hero Member
*
Offline Offline

Posts: 1537499605

View Profile Personal Message (Offline)

Ignore
1537499605
Reply with quote  #2

1537499605
Report to moderator
r1s2g3
Member
**
Offline Offline

Activity: 294
Merit: 67


View Profile
July 25, 2018, 05:56:06 AM
 #2

On May 19th my Bitcointalk account was compromised via bruteforce, However it wasn't until July 9th 2018 that i found out as i'm not very active on the forum.
What surprised me about this situation wasn't that i was hacked but rather how EASY Bitcointalk made it for the "hacker", I'll elaborate.

Why does Bitcointalk offer NO security when it comes to its users accounts?

Since the beginning of the internet websites have always required the account-holder to verify ANY major changes to an account ie; password change, email etc.
Apparently Bitcointalk doesn't seem to require any verification of account changes, I mean sure we have the option to lock the account within 15-days of the changes happening
but that doesn't do much in my case or in the case of any casual member of the forum who doesn't realize until weeks after the fact.

See: https://gyazo.com/5a2dd6d9504e4af5acd5e0450edd0869

Your account recovery process is trash, Why?

I contacted Theymos on July 9th explaining what happened and how the hacker was attempting to scam the community via an ICO crowdsale, Received no response so i then reached out to Cyrus and still have not heard from either of the forum admins 2+ weeks later.

I'm aware i'm not the only one whom this has happened and it isn't as if my account was Hero/Legend status but when someone is attempting to scam your community and you as an admin are given weeks heads-up notice and don't even bother to read the message, Its concerning for the forum overall. I'm a member of several larger internet boards and they don't really seem to have this problem so what are the admins of Bitcointalk doing?

Recovery Method?

So in order to recover a stolen account we must supply admins with Bitcoin Address or PGP Key related to the account, EXCEPT none of which was REQUIRED upon signing up.
Why not make it clear to members that they MUST supply a wallet address or PGP key and/or store it somewhere as backup incase they're compromised?

In my case i used hundreds of different wallet addresses and never PGP signed my account that i recall.

With all the posts about accounts being compromised you'd think that there would be an urgency of sort to assist users of the community, Instead the entire procedure and account safety features seem rather moot.




OP  , you can put a good heading for this topic .

Anyways , look like that forum policy  makes hacking favorable.  Instead of asking user to confirm the change email in the current email , they are changing  the email and asking the original user to lock its own account.

No body knows how much time recovery takes.

Admins, should not allow change of email and passwords until it is confirmed on original/current email associated with the account.

artamon
Newbie
*
Offline Offline

Activity: 31
Merit: 0


View Profile
July 25, 2018, 07:41:36 AM
 #3

It is your responsibility to read forum rules after you register here. Do you want them to mail you requirements on how to use this forum safely ?
xtraelv
Sr. Member
****
Offline Offline

Activity: 462
Merit: 727



View Profile
July 25, 2018, 08:59:37 AM
 #4

Hello everyone,

I'm making this post to make everyone aware of an alt-coin that goes by TedChain as it is a scam, Several days ago it came to my attention that my Bitcointalk account had been compromised.
To my surprise the person who took-over the account is claiming to have a 'gaming platform' coin that goes by 'TedChain', I immediately reached out to the 'dev's and posted on their thread but was ignored.

I proceed by contacting them via Telegram to which they admitted that the account isn't theirs and claimed it was simply a "misunderstanding" but offered to buy it from me,
Seeing as they had decent community feedback i offered to sell it to them for $100 USD. For a company who claims to have a 'revolutionary' coin, They wasted my time and are now claiming to not have any money and that they're waiting to make money off the crowd-sale scheduled for July 17th.

I can't understand how you claim to have your account "hacked" and then offer to sell it to the "hacker".

Surely you can see the issue with that. 

You are willing to sell your account for a $100 to someone you are accusing of being a scammer.

We are surrounded by legends on this forum. Phenomenal successes and catastrophic failures. Then there are the scams. This forum is a digital museum.  
* The most iconic historic bitcointalk threads.* Satoshi * Cypherpunks*MtGox*Bitcointalk hacks*pHiShInG* Silk Road*Pirateat40*Knightmb*Miner shams*Forum scandals*BBCode*
Vod
Legendary
*
Offline Offline

Activity: 2506
Merit: 1690


Licking my boob since 1970


View Profile WWW
July 25, 2018, 09:38:05 AM
 #5

It is your responsibility to read forum rules after you register here. Do you want them to mail you requirements on how to use this forum safely ?

The forum does not require email validation either.  :/

I'm into creating universes, smiting people, writing holy books and listening to Prayer Messages (PMs).
BitcoinTalk Public Information Project (BPIP)
"Masturbation makes you feel good but doesn't do anything for the person you're thinking of.  Just like prayer."
fomiche
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
July 25, 2018, 10:50:38 AM
 #6

Why is the email not validated while creating an account here ? Can a staff member throw some light on this ?
jimmychanga
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
July 25, 2018, 12:05:44 PM
 #7

Hello everyone,

I'm making this post to make everyone aware of an alt-coin that goes by TedChain as it is a scam, Several days ago it came to my attention that my Bitcointalk account had been compromised.
To my surprise the person who took-over the account is claiming to have a 'gaming platform' coin that goes by 'TedChain', I immediately reached out to the 'dev's and posted on their thread but was ignored.

I proceed by contacting them via Telegram to which they admitted that the account isn't theirs and claimed it was simply a "misunderstanding" but offered to buy it from me,
Seeing as they had decent community feedback i offered to sell it to them for $100 USD. For a company who claims to have a 'revolutionary' coin, They wasted my time and are now claiming to not have any money and that they're waiting to make money off the crowd-sale scheduled for July 17th.

I can't understand how you claim to have your account "hacked" and then offer to sell it to the "hacker".

Surely you can see the issue with that. 

You are willing to sell your account for a $100 to someone you are accusing of being a scammer.

Rather simple if you read the texts provided in the thread, The person who took-over the account claimed they'd purchased it off someone else and offered to buy it off the correct owner in exchange for me not going through with the recovery process to which i agreed. It wasnt until further research that it was determined that this person and the "hacker" were one in the same.

At which point i initiated the recovery process which has been a total waste of time.
jimmychanga
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
July 25, 2018, 12:17:37 PM
 #8

It is your responsibility to read forum rules after you register here. Do you want them to mail you requirements on how to use this forum safely ?

Sorry but you're wrong, This has nothing to do with them emailing us requirements for using the forum safely but rather about broken policies put into place which are not only making the recovery process complicated for the community but also doing absolutely nothing to prevent issues in the future.

As i stated previously it makes absolutely zero sense for admins to require this type of information if its not even a requirement to begin with, If anything it seems like the lazy way out to basically shrug off the user.
simonova
Jr. Member
*
Offline Offline

Activity: 64
Merit: 3


View Profile
July 25, 2018, 12:19:31 PM
 #9

The forum has already made it clear that account recover is of less priority for them and thus it can take time. You will have to follow the same route like other members.

So far as improving the security of the forum is concerned, that involves a lot of work. Consider one person fighting against thousands of hackers to tackle this. No matter how much improvement is done to security features, there is always some chance of account hack happening.
jimmychanga
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
July 25, 2018, 12:30:59 PM
 #10

The forum has already made it clear that account recover is of less priority for them and thus it can take time. You will have to follow the same route like other members.

So far as improving the security of the forum is concerned, that involves a lot of work. Consider one person fighting against thousands of hackers to tackle this. No matter how much improvement is done to security features, there is always some chance of account hack happening.

Lots of work? All we need is an account changes confirmation email and it would have solved and prevented all of it. It isn't "lots of work" either, literally every single forum board software includes it as a default security feature from PHPBB, VB, MYBB etc. and yes even Simple Machines.

If recovery isn't a priority then why waste users time and forum thread space making a shitty post asking users to PM staff only to not hear from them after months later as seen in many posts throughout META? Again seems lazy and inefficient, I understand that admins have duties and possibly lack manpower but to put their users account security last or just completely disregard it, is unacceptable.
matvee
Jr. Member
*
Offline Offline

Activity: 30
Merit: 1


View Profile
July 25, 2018, 01:04:09 PM
 #11

If recovery isn't a priority then why waste users time and forum thread space making a shitty post asking users to PM staff only to not hear from them after months later as seen in many posts throughout META? Again seems lazy and inefficient, I understand that admins have duties and possibly lack manpower but to put their users account security last or just completely disregard it, is unacceptable.

It is mentioned in the same thread that you will have to wait for recovery.

If you think that this is unacceptable for you, do not submit the request and keep yourself engaged at other places which you think are more appropriate for you.
hilariousetc
Legendary
*
Offline Offline

Activity: 980
Merit: 1349


highly educated moran


View Profile
July 25, 2018, 03:38:57 PM
 #12


I can't understand how you claim to have your account "hacked" and then offer to sell it to the "hacker".

Surely you can see the issue with that. 

You are willing to sell your account for a $100 to someone you are accusing of being a scammer.[/b][/size]

It looks like someone hacked his account, then they sold it. The person who then purchased it had probably just offered him the cash as hushmoney instead of having to return it. Can't blame the op for attempting to take it if the option was losing his account anyway, but looks like that's already happened.

Why is the email not validated while creating an account here ? Can a staff member throw some light on this ?

It's just not required for whatever reason, but I think it should be. It's very rare that a forum or website doesn't require such verification. Anyone can use your email without, not to mention bots take advantage of this. Requiring email verification would be one more hoop for them to jump though.


xtraelv
Sr. Member
****
Offline Offline

Activity: 462
Merit: 727



View Profile
July 25, 2018, 04:42:45 PM
 #13

On May 19th my Bitcointalk account was compromised via bruteforce, However it wasn't until July 9th 2018 that i found out as i'm not very active on the forum.

wblockchain.info - phishing

Selling the following domain, I tested it for a few hours and got 10 hits.

So i assume if you know what you're doing this can be useful Smiley


Asking for $50 in BTC.

why would you do such thing as phish other peoples blockchain account. Don't youhave mony to get yourself money. You're supporting scammers here.

If you're this concerned you can always buy it and make the world a better place.

Was it karma perhaps ?

hamporn & tedchain ICO scam investigation + Darkwin hacked account

We are surrounded by legends on this forum. Phenomenal successes and catastrophic failures. Then there are the scams. This forum is a digital museum.  
* The most iconic historic bitcointalk threads.* Satoshi * Cypherpunks*MtGox*Bitcointalk hacks*pHiShInG* Silk Road*Pirateat40*Knightmb*Miner shams*Forum scandals*BBCode*
jimmychanga
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
July 25, 2018, 04:57:30 PM
 #14

On May 19th my Bitcointalk account was compromised via bruteforce, However it wasn't until July 9th 2018 that i found out as i'm not very active on the forum.

wblockchain.info - phishing

Selling the following domain, I tested it for a few hours and got 10 hits.

So i assume if you know what you're doing this can be useful Smiley


Asking for $50 in BTC.

why would you do such thing as phish other peoples blockchain account. Don't youhave mony to get yourself money. You're supporting scammers here.

If you're this concerned you can always buy it and make the world a better place.

Was it karma perhaps ?

hamporn & tedchain ICO scam investigation + Darkwin hacked account

Karma for what exactly? Was i selling a phishing script along with the domain? Get off your moral high horse i've seen WORST sold on here and you dont seem to mind, besides you do know the domain had other uses non-related to phishing, I merely used that as the selling point.

I do appreciate you helping out by making the thread and atleast preventing others from getting scam!
jimmychanga
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
July 25, 2018, 05:14:51 PM
 #15

Quote from: matvee
It is mentioned in the same thread that you will have to wait for recovery.

If you think that this is unacceptable for you, do not submit the request and keep yourself engaged at other places which you think are more appropriate for you.

I don't mind waiting at all but my Issue is with how long the wait is as i stated previously, If you look throughout META you'll find hacking victims that have been waiting 2+
months for recovery which again comes off as lazy and inefficient on the admins part and frankly im surprised no one else is talking about it.

I mean really how hard can determining who the original owner of the account be? In my case my IP hasnt changed and i have the original email, also have my skype ID throughout thread history.
hilariousetc
Legendary
*
Offline Offline

Activity: 980
Merit: 1349


highly educated moran


View Profile
July 25, 2018, 05:23:14 PM
 #16

Quote from: matvee
It is mentioned in the same thread that you will have to wait for recovery.

If you think that this is unacceptable for you, do not submit the request and keep yourself engaged at other places which you think are more appropriate for you.

I don't mind waiting at all but my Issue is with how long the wait is as i stated previously, If you look throughout META you'll find hacking victims that have been waiting 2+
months for recovery which again comes off as lazy and inefficient on the admins part and frankly im surprised no one else is talking about it.

I mean really how hard can determining who the original owner of the account be? In my case my IP hasnt changed and i have the original email, also have my skype ID throughout thread history.

As it stands you'll probably be waiting somewhere between never and forever to get your account back. I agree the excessive waiting/accounts not being recovered at all is unacceptable and something needs to be done about it, but this probably isn't going to happen anytime soon. Besides, looking at this post below I think your account should be put to the bottom of the pile:

Selling the following domain, I tested it for a few hours and got 10 hits.

So i assume if you know what you're doing this can be useful Smiley


Asking for $50 in BTC.

If you haven't got a signed message or pgp then I would just forget about the account because there's little to no chance of you getting it back.

jimmychanga
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
July 25, 2018, 05:32:19 PM
 #17


If you haven't got a signed message or pgp then I would just forget about the account because there's little to no chance of you getting it back.


Its alright i'm confident i'll get it back with or without the admins help, That's cool you have the right to feel that way.

Either way its good to know the scammer has been exposed at-least lol.
Flagship11
Full Member
***
Offline Offline

Activity: 350
Merit: 100


View Profile
July 25, 2018, 07:45:59 PM
 #18

I really wish that I could use 2factor secutrty for this account.   
Just because I post publicly my wallet addresses so who knows who will see it
krishnaverma
Member
**
Offline Offline

Activity: 308
Merit: 56

★Bitvest.io★ Play Plinko or Invest!


View Profile
July 25, 2018, 09:01:01 PM
 #19


If you haven't got a signed message or pgp then I would just forget about the account because there's little to no chance of you getting it back.


Its alright i'm confident i'll get it back with or without the admins help, That's cool you have the right to feel that way.

Either way its good to know the scammer has been exposed at-least lol.

And how do you plan to do that ?

If you were so confident of recovering the account on your own , what is the point of this thread ?

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ ★ ★ ★ ★ ★ ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
PLINKO    |7| SLOTS     (+) ROULETTE    ▼ BIT SPINBITVESTPLAY or INVEST ║ ✔ Rainbot  ✔ Happy Hours  ✔ Faucet
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ ★ ★ ★ ★ ★ ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
xtraelv
Sr. Member
****
Offline Offline

Activity: 462
Merit: 727



View Profile
July 25, 2018, 09:32:01 PM
 #20


Karma for what exactly? Was i selling a phishing script along with the domain? Get off your moral high horse i've seen WORST sold on here and you dont seem to mind, besides you do know the domain had other uses non-related to phishing, I merely used that as the selling point.

I do appreciate you helping out by making the thread and atleast preventing others from getting scam!

If you sell something that can be used for nefarious purposes then you contribute to part of the problem.

It is not being on a moral high horse. Not taking something that is not yours or encouraging others to do so is not "high morality" - it is common decency.

We are surrounded by legends on this forum. Phenomenal successes and catastrophic failures. Then there are the scams. This forum is a digital museum.  
* The most iconic historic bitcointalk threads.* Satoshi * Cypherpunks*MtGox*Bitcointalk hacks*pHiShInG* Silk Road*Pirateat40*Knightmb*Miner shams*Forum scandals*BBCode*
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!