Note: For recovery of hacked/lost accounts, follow new process announced by theymos.
[1]
Recovering hacked/lost accounts[2]
Account recoveries are moving againSend email to the address written in the OP of [1]. Since the addresses will be periodically changed, check the latest ones in the OP.
Everyday we see threads about hacked/locked accounts, which are not only beginners' accounts but also for Legendary members'. In addition to the brute force hacking risk, there are peculiar risks in the current system and by
data breach on May 22, 2015. The security of the forum account has been one of the biggest issue. The improvement of security, e.g. requiring email verification for changing password/email, introduction of 2FA, automated account recovery system, and the new forum software with stronger security would be ideal.
Meanwhile, until these features are implemented, what we can do now is to learn how the current bitcointalk system works, how to improve the security of your bitcointalk account, and also what you should do in case your account is hacked/locked. In this thread, I tried to provide a thorough guide about these topics. I hope it helps to reduce the number of hacked/lost accounts.
Table of contents
Basics
1. Bookmark
https://bitcointalk.org/ and always login from the bookmark. Avoid bitcointalk.to, thebitcointalk.net or any other phishing site.
2. Use new email address that you don't use for any other purposes.
3. Use new password that you don't use for any other websites, with sufficient length using a combination of letter/capital characters, numbers, and special characters.
4. You could set a secret question and its answer for password reset but most likely it increases the risk of your account to be hacked/locked. For more details, see Tips below and
Change password and email / Forgot password.
5. Do not download untrusted softwares and keep your device clean from malware.
6. Keep all your devices and softwares updated to the latest version.
7. Stake your Bitcoin address. See
Stake Bitcoin address below for more detail.
TipsTips for 1: Phishing site- You could also bookmark the link to bypass the login captcha, see
Captcha bypass for more details.
- Some phishing links are automatically replaced by [phishing] but that feature has not been introduced for bitcointalk.to and thebitcointalk.net yet, see
this post.
- In case you enter your login information to phishing site, you should immediately change the password of bitcointalk.org to avoid your account to be hacked.
- Before clicking the link, make sure its true URL. Some browsers show URL when you mouse over the link.
- The link to bitcointalk.org internal webpage (except anchors) will be shown by green when you mouse over, whereas the link to an external site will remain blue. This feature enables you to distinguish a link to phishing site even if a hacker pretend it to be an internal link.
True
BitcointalkFake
Bitcointalk (link to google.com)
You can recognize that the second one is the fake link as it remains blue when you mouse over.
- Be aware of
homograph attack, while some of them are automatically replaced.
- There is a way to prevent your computer to access the phishing site by editing hosts file. For more details see
this post by LoyceV.
Tips for 2: Email address - Gmail allows you to have an alias, but in this case the original mail address is exposed since for a gmail address
example@gmail.com alias will be example+add@gmail.com though you can choose any letters in "add".
- Avoid yopmail as anyone can access yopmail address.
- As a related tip, it is recommended to use new or disposable email address rather than your main address for registration of bounties in the forum in order to avoid potential data breach or data collection by fake/scam bounties.
Tips for 3: Password- For password, do not use dictionary words, your birth date, pets’ name, phone number, or anything which is easy to guess for hackers or falls into
The Worst 25 Passwords of 2017.
- Since the password data breach occurred in 2015, if you have been around the forum since 2015 or before and have not change your password, it is recommended to change your password.
- If you are using autofill feature of your browser, make sure if it checks URL or simply fill in your passwords. For the latter case, it is recommended to turn off the autofill. Even for the former case, the rule may be changed when the browser is updated, so you need to be careful.
- You can use "Always stay logged in" option so that you do not need to enter the password every time.
- For password manager, see e.g.
The Five Best Password Managers.
- See also
this post by mapuche33 for further tips.
Tips for 4: Secret question- There are several important things to know about the secret question feature.
1) There is no email verification process, so most likely the secret question option increases the risk of your account being hacked or locked.
2) If password reset via secret question is used, your account will be locked, and you need to follow
Unlock your account process. If the account is under your control, this feature is a drawback. If it is hacked, you can use this feature to lock the account, but this case would be rare as the hacker likely to changes the secret question and you have another option to lock your account from email notification of email change within 14 days.
3) You can remove the secret question and answer. For reference, see
this post by SFR10.
Tips for 5: Untrusted softwares- Untrusted softwares include Bitcointalk unofficial apps, whose security is not guaranteed by the forum and in principle they can steal the password of your account.
- You could use a virtual machine for those untrusted softwares or altcoin wallets.
Change password and email / Forgot password
- You can change the password either by
1) Profile page.
2) "Forgot password" link at the login page.
3) Password reset via secret question. Note that the account will be locked.
- In the Trust page, a password change/reset by 1) or 2) is shown for 3 days, whereas a password reset by 3) is shown for 30 days. Both are shown in
security log page for 30 days.
- You can change the email from the Profile page. Email change history is also shown in Trust.
- Once you change your password or email, email notification will be sent to your (old) email address.
TipsTips for 2): How to use "Forgot password"Click "Forgot your password?" link at the login page.
After filling out username or email, click "send".
You will receive the following email with the link to reset your password.
Dear <username>,
This mail was sent because the 'forgot password' function has been applied to your account. To set a new password click the following link:
https://<link to password reset>
IP: xxx.xxx.xxx.xxx
Username: <username>
Regards,
The Bitcoin Forum Team.
Tips for 3): How to use "Secret question"Again, note that the account will be locked if you reset your password via secret question.
Click "Forgot your password?" link at the login page.
After filling out username or email, choose "Ask me my question" and then click "send".
The secret question will be displayed in your browser to which you fill in the answer and you can change the password there.
Note that there is no email verification process and the account will be locked.
(Ref:
PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT)
You will receive the following email.
Password reminder
Please enter the answer to your question, and the password you would like to use. Your password will be changed to the one you select provided you answer the question correctly.
Warning: If you answer correctly, your password will be changed, but then your account will then be LOCKED for manual review, since the whole idea of secret questions/answers is inherently insecure. Processing unlocks due to this is one of our lowest priorities, so it could be a long time until you get your account back.
Secret Question: <secret question you set will be displayed here>
Answer: <enter answer>
Choose password: <enter new password>
For best security, you should use six or more characters with a combination of letters, numbers, and symbols.
Verify password:
Drawbacks of secret question feature are it simply increases the risk of your account to be hacked as there is no email verification, and even if the feature is used appropriately as intended originally, you end up with your account locked, and you need to wait for unlock.
If you did not set the secret question and choose "Ask me my question", the following error message will be shown.
An Error Has Occurred!
Sorry, there is no secret question set for this member.
Stake Bitcoin address
Staking Bitcoin address is the most efficient way to prove your ownership of your Bitcointalk account. Once your account is hacked, the hacker can edit/delete your previous posts but staked address quoted appropriately by other account cannot be modified unless the hacker also hacks the account quoted your post and modifies the address in the quoted post. Therefore, you can claim that you are the original owner of the account by a signed message by using the staked address.
1. Issue signed message following
How to sign a message?! using your Bitcoin address for which you control your private key. Legacy address would be better as everyone can verify it. Example:
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is <username> at bitcointalk.org. The current date is <date>.
-----BEGIN SIGNATURE-----
<insert Bitcoin address here>
<insert signature here>
-----END BITCOIN SIGNED MESSAGE-----
2. Before posting the signed message, verify it by yourself with
Brainwallet,
Blockexplorer etc.
3. Post your signed message with address to the thread
Stake your Bitcoin address here by Tomatocage.
4. Check if your signed message is quoted and verified appropriately by other forum members.
Lock your account
Accounts will be locked if
1) you use password reset from secret question.
(Ref:
PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT)
2) you request it from the link of email notification for the change of the email address for the account.
3) you login after a long period of inactivity since before the 2015 data breach.
While your account is being locked, you cannot login and the following error message will appear:
An Error Has Occurred!
Sorry <username>, you are banned from using this forum! Your account looks like it may have been hacked, so it was locked for safety. Email <email address>
TipsIt is different from the temporal/permanent ban, for which the error message will be
An Error Has Occurred!
Sorry <username>, you are banned from posting or sending personal message on this forum!
Reason: <reason>
Ban duration: <duration>
You can create a temporal account and appeal by opening a topic about your ban in Meta. However, for permanent ban, ban evasion is not allowed.
The evil score is accumulated to the IP address that was used by banned accounts. When an IP's evil score reached a threshold, the IP is banned to prevent ban evasion, after which one needs to pay small amount of BTC to create new accounts via the banned IP.
Unlock your account
1. Create a signed message using the Bitcoin address you staked to prove your ownership of the locked account. Example:
-----BEGIN BITCOIN SIGNED MESSAGE-----
My account <account> has been locked. Please unlock it. The current date is <date>.
-----BEGIN SIGNATURE-----
<insert Bitcoin address here>
<insert signature here>
-----END BITCOIN SIGNED MESSAGE-----
2. Before sending the signed message to mods, verify it by yourself with
Brainwallet,
Blockexplorer etc.
3. Create temporal Bitcointalk account by using a different email address.
4. Send PM to theymos, Cyrus, hilariousandco including the above signed message and the link to the post where you staked your bitcoin address.
How to notice your account is hacked
Make sure that you check "Receive forum announcements and important notifications by email" in the Profile, and that your email do not categorize emails from
noreply@bitcointalk.org to spam box.
Whenever your password is changed (except by admin), you will get the following email notification from
noreply@bitcointalk.orgDear <username>,
Your Bitcoin Forum (bitcointalk.org) password was just changed by IP address xxx.xxx.xxx. If you did not do this, then you should use the forgotten password feature to change your password.
Regards,
The Bitcoin Forum Team.
Whenever your registered email is changed (except by admin), your old email address will receive the following email notification from
noreply@bitcointalk.org with a link to lock your account, which is valid for 14 days.
Dear <username>,
Your Bitcoin Forum (bitcointalk.org) email address was just changed from <old email address> to <new email address> by IP address xxx.xxx.xxx. If you did not do this, then you can visit the following link within 14 days in order to lock the account:
https://<url to lock your account>
Note that you will NOT be asked for your password at that URL.
Regards,
The Bitcoin Forum Team
If you receive one or both of these emails regardless you did not change password or email, your account is likely to be hacked and a hacker changed them.
If the hacker changed
1) only password:
Use "Forgot password" feature to change the password. You will receive the email with the link for password reset from which you can change the password.
2) only email:
Login and change the password and email from Profile page.
3) both password and email:
Proceed to Tips below and
Recovery of your hacked/lost account.
TipsEven if you fall into 3), if the hacker's email address is yopmail.com, there is a chance that you can regain the account by yourself rather than locking your account and waiting for unlock, as yopmail address is accessible from anyone. Follow the instruction below quoted from
Hacked and Changed Email addresses Account using Yopmail accounts by Swenna:
1. I logged into my account using the "forgot password" setting. Then, a recovery link was sent to the "yopmail account" which can be used to change the password of your account.
2. After changing the password of my account, I also changed my email address, and added a new security question for additional security.
3. Afterwards, I deleted all the forum's messages in the yopmail account so as to prevent the hacker from undoing my change password nor locking my account.
Recovery of your hacked/lost account
If your account is hacked and the hacker changed the password and email, or you forgot the password and do not have an access to the registered email address and cannot use the password reset option, or admin locked your account as you had been inactive after data breach in 2015, the last resort is to request of the recovery of your account to admins. However, do not expect too much, as the recovery of accounts seems a low priority for admin and it will typically take a long time or there is a chance you end up with no recovery. The official announcement by theymos is given in:
Recovering hacked accounts or accounts with lost passwords1. Create a signed message using the Bitcoin address you staked to prove your ownership of the hacked account. Example:
-----BEGIN BITCOIN SIGNED MESSAGE-----
My account <account> has been hacked/lost. Please reset the email to <email>. The current date is <date>.
-----BEGIN SIGNATURE-----
<insert Bitcoin address here>
<insert signature here>
-----END BITCOIN SIGNED MESSAGE-----
2. Before sending the signed message to admins, verify it by yourself with
Brainwallet,
Blockexplorer etc.
3. Create a temporal account by using
an email address different from the one you want to use for the recovery of the hacked/lost account.
4. Send PM to theymos, Cyrus including the above signed message and the link to the post where you staked your bitcoin address.
Typically it will take some time, could be months to years, during which you could optionally try the following processes:
5. Create a topic on Meta section by using the temporal account.
6. Ask members to check if your PM included all necessary information for recovery of the account or other general advice.
7. Ask DT member to red tag your hacked account with a signed message as the proof of your ownership.
TipsTips for 1: Bitcoin addressIf you haven't staked your Bitcoin address in advance, you could still look for other options for the proof of your ownership of your account. While it is not the best option, the other option could be your address in a spreadsheet of addresses of participants of a bounty campaign (basically hacker cannot edit it), in any post in the past e.g. in marketplace or bounty threads (since hacker can edit/delete your posts in the past, it can be proven as the original post if it is unedited post or the last edit date is before hacking, or it is in a locked thread), or in your profile (hacker can edit/delete it so it may not be accepted without some strong support or special circumstances). They might be regarded as proof but the best option is to stake your address and ask other member to quote and verify it in advance.
Tips for 3: PMFirst time PM is the most important one, make sure to include every information necessary for admin, otherwise you would lose your chance.
Tips for 5: BumpBump is allowed for each 24 hours and old bumps should be deleted.
Tips for 7: Red trustRed tag with comments by DT clarifies the account is hacked, and prevents the hacker to fully exploit your account for e.g. participating bounty campaigns, scamming in marketplace, or selling the account, and reduce the possibility of other members being scammed by the hacker. Once your account is back under your control, you will need to ask the DT to remove the tag with a signed message notifying the recovery of your account.
Recent successful cases of recovery
Among many accounts waiting for recovery for a long time, there are several lucky guys who succeeded to recover their hacked/lost accounts. While these real stories provide us important lessons, things do not always go like these examples and the situation has been changing, so do not expect too much if you are in the same situation.
Account: LTU_btc Hero
Thread: Hacked account recovery. Cyrus, please help November 17, 2017
LTU_btc noticed the account was hacked by email notification for change of password and/or email, and soon after that he/she locked the account using the link in the email. He/She created temporary account LTU_btc/2, and sent PM to Cyrus with a signed message from the bitctoin account staked the other day. Fortunately the process went very smoothly in this case, and he/she recovered the account only in a few days.
Account: Shazam!!! Full Member
Thread: Need help with Unlock---Please December 12, 2017
Shazam!!! had been inactive for years after the password hashes were leaked in 2015. Such accounts were locked automatically for the high risk of being hacked. When he/she tried to login at the end of 2017, he/she noticed that the account was locked. He/She sent PM to Cyrus from his/her temporary account !!!Shazam!!! with a signed message. However, he/she had not staked the address in the Tomatocage's thread. Fortunately, Vod and minifrij helped to find out that the address was posted in several bounty threads in 2015. Strictly speaking, if the account was hacked, the hacker can edit/delete all previous posts so the address without quotation by other member is a weaker proof of the ownership. However in this case, it is simply locked account without being hacked, and the posts were unedited ones as well, which are sufficient for the proof. hilariousandco also helped him/her and sent PM to theymos and Cyrus. Within the same day as the topic was opened, the account was successfully unlocked. After the unlock, Shazam!!! immediately staked the address to
the staking thread.
Account: premium_domainer Legendary
Thread: Account Regained with the help of Loyce. Thank you all January 10, 2018
This case is a bit tricky. BitcoinBazaar.net is a temporary account created for the recovery of the original account premium_domainer which was claimed to be hacked, but later it was claimed that the account was bought, while from the thread it is not clear how it was bought. The owner did not stake his/her address, which is why LoyceV made a lot of effort to confirm the ownership. LoyceV opened
a thread to ask how to help out BitcoinBazaar.net and resolved the bug of incomplete private key for blockchain.info read only address. It attracted attention of DT and the hacked account was red tagged. Still, the account had not been regained, and BitcoinBazaar.net continued to bump the thread. 6 months after the OP, the buyer finally asked $200 to give the account back. He/She posted a password in the thread, claiming that if password and email are changed and $200 is not paid the account will be locked. As you see this approach has a loophole since admin can unlock the account. Presumably the buyer noticed it and deleted the post. However, LoyceV noticed the post before deleted, and immediately took the account. Later, LoyceV gave back the account to BitcoinBazaar.net.
Account: Swenna Full Member
Thread: Hacked and Changed Email addresses Account using Yopmail accounts July 15, 2018
(See also
peter0425's post who independently discovered the method.)
As already mentioned above, this thread tells us how to regain your account by yourself if the hacker uses yopmail. Recently several accounts have been hacked by the same IP address using yopmail as a new address. The yopmail is disposable email address which does not require login. It means that you can also access the hacker's yopmail account and change the registered email back to your email following the method:
1. I logged into my account using the "forgot password" setting. Then, a recovery link was sent to the "yopmail account" which can be used to change the password of your account.
2. After changing the password of my account, I also changed my email address, and added a new security question for additional security.
3. Afterwards, I deleted all the forum's messages in the yopmail account so as to prevent the hacker from undoing my change password nor locking my account.