Bitcoin Forum
November 08, 2024, 04:41:16 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: My poloniex account got hacked. Check yours  (Read 2120 times)
tintumon (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


dinkimole nokkalle...


View Profile
March 01, 2014, 07:06:19 AM
 #1

I was shocked to see that my poloniex account got hacked yesterday, and the hacker withdrew all my BTC and LTC.

The strange thing is, poloniex used to send me confirmation on withdrawals, but not when the hacker withdrew my coins.

Please check your account and make sure you are not affected.

username here
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
March 01, 2014, 07:45:29 AM
 #2

If you are keeping coins on an exchange, you need to have 2FA set up. 

tintumon (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


dinkimole nokkalle...


View Profile
March 01, 2014, 08:41:56 AM
 #3

yup, lesson learned the hardway
Cryptock
Hero Member
*****
Offline Offline

Activity: 1792
Merit: 507



View Profile
March 01, 2014, 11:54:58 AM
 #4

Keylogger?

.
.7 BTC  WELCOME BONUS!..
███████████████████████████
██████████▀▀▄▄▄▄▄ ▄▀▀██████
█████████▄██████ ████ ▀████
██████▀▀ ▄▄▄▄ ▀▀███▀▄██ ███
████▀   ██████   ▀██████ ██
███ ▄▄▄████████▄▄▄ ██▄▄▄ ██
██ █████▀    ▀█████ ████ ██
██  ▀██        ███▀ ███ ███
██   ▄██▄    ▄██▄   █▀▄████
███ ▄████████████▄ ████████
████▄▀███▀▀▀▀███▀▄█████████
██████▄▄      ▄▄███████████
███████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████
██████████████████████████████▄▄▄█████▄▄▄████████████████████████████████████████████████████
██████████▄█████▄█▄███▄█▄██████████▄██▀▀▀████████████████████████████████████████████████████
██████████████▀████▄████▀██████████████████████████▄█████▄██▄█████▄████▄████▄████▄████████
█████████████████▐█████▌███████████▄█████▀███▀▀████████▀▀▀▀█████▀▀▀██████▀▀███▀▀███████████
██████████████▄████▀████▄██████████████████▄▄▄▄▄███▄▄▄▄█████▄▄▄████████████████████████
████████████████▀█▀███▀█▀██████████▀███████▀█████████▀█████▀██▀█████▀███████████████████████
██████████████████████████████▀▀▀████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████
███████████████████████████
████████▀▀  ▐█▌  ▀▀████████
██████▄     ▐█▌     ▄██████
████ ▀██▄▄███████▄▄██▀ ████
███    ██▀▀  ▄  ▀▀██    ███
██    ██   ▄███▄   ██    ██
████████  ███████  ████████
██    ██  ▀▀ █ ▀▀  ██    ██
███    ██▄▄ ▀▀▀ ▄▄██    ███
████ ▄██▀▀██████▀▀▀██▄ ████
██████▀     ▐█▌     ▀██████
████████▄▄  ▐█▌  ▄▄████████
███████████████████████████
.
.30+  ALTCOINS AVAILABLE..
LiteMine
Sr. Member
****
Offline Offline

Activity: 380
Merit: 250



View Profile
March 01, 2014, 02:56:09 PM
 #5

He still should have received the email confirmation.
SlidingHorn
Full Member
***
Offline Offline

Activity: 196
Merit: 100

★Bitvest.io★ Play Plinko or Invest!


View Profile
March 01, 2014, 02:58:26 PM
 #6

If you are keeping coins on an exchange, you need to have 2FA set up.  

^^  THIS  ^^

If you don't you're begging people to steal from you.

You shouldn't "keep" them on an exchange though.  Only put coins on an exchange that you intend on trading in a reasonably short period of time.  You don't want to get Goxxed if/when the exchange tanks.

Armadyl
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
March 01, 2014, 03:06:21 PM
 #7

How much did you lose? And the hacker may have removed the emails afterwards, so you wouldn't know right?
drippx
Sr. Member
****
Offline Offline

Activity: 539
Merit: 250


View Profile
March 01, 2014, 03:24:16 PM
 #8

trojan wallet stealer?
rebel24
Member
**
Offline Offline

Activity: 114
Merit: 10


View Profile
March 02, 2014, 01:18:57 PM
 #9

same thing happened to me, see my thread:
https://bitcointalk.org/index.php?topic=495565.new#new

but now I know what happened, poloniex is being DDOS'ed, as well as cryptorush.io
I had the same robberies happen at both places. They are DDOS'ing the sites, taking the login info, and, for me, stupidly, I used the same login info for my email as my login there. So they logged into my email to confirm the withdrawls.

Now I have 2 way authentication and different passwords, I HIGHLY RECOMMEND EVERYONE DO THIS RIGHT NOW IF YOU HAVENT ALREADY
BitJohn
Hero Member
*****
Offline Offline

Activity: 826
Merit: 1001

@Bit_John


View Profile
March 02, 2014, 02:16:25 PM
 #10

He still should have received the email confirmation.

He Likely did get the email typically these start with user getting malware (keylogger) Gets into exchange gets into email. Hacker comes along now has login info sells it off withdraws deletes the confirm emails immediately so they don't get tipped off. IF you ask your mail provider they can likely verify they got the email and that it has been deleted.

So only way to prevent this is Strong 2FA recommend every use it and different passwords login info on all sites.
Nxtblg
Legendary
*
Offline Offline

Activity: 924
Merit: 1000



View Profile WWW
March 02, 2014, 03:40:58 PM
 #11

And Poloniex goes down...Hmm...






██████████████████████████████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████████▄▄▄███████████████████████
███████████████████████████████████████████████████████████████████████▀▀▀████████████████████████
██████████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████████





...INTRODUCING WAVES........
...ULTIMATE ASSET/CUSTOM TOKEN BLOCKCHAIN PLATFORM...






Nullu
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
March 02, 2014, 03:57:17 PM
 #12

I think it should be made very clear that this was a PC vulnerability, not an exchange vulnerability.

The exchange didn't get hacked. Your computer did. Unless you had a very easy to guess/bruteforce password.

BTC - 14kYyhhWZwSJFHAjNTtyhRVSu157nE92gF
bittyweb
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
March 02, 2014, 04:22:23 PM
 #13

Did you have 2 factor authenticiation enabled?
Amph
Legendary
*
Offline Offline

Activity: 3248
Merit: 1070



View Profile
March 02, 2014, 04:28:20 PM
 #14

next time don't manually type your password, use the "remember me" from google, or just scan with malwarebyte, it destroy every trojan or keylogger
scribe
Sr. Member
****
Offline Offline

Activity: 295
Merit: 250



View Profile WWW
March 02, 2014, 04:29:12 PM
 #15

I've got 2FA enabled, but when I login I currently don't get asked to enter the code - the email/password form just redirects to itself. Pretty sure password is OK as pasting it from a password manager.

+1 to only keeping long term things in your own wallet.

blocknois.es Bitcoin music label. ~ New release: This Is Art

Read: Bitcoin Life | Wear: FUTUREECONOMY
Armadyl
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
March 02, 2014, 04:30:15 PM
 #16

next time don't manually type your password, use the "remember me" from google, or just scan with malwarebyte, it destroy every trojan or keylogger

No, most keyloggers or rats have stored password list, so if that's the case they can get it easier from that method..
Amph
Legendary
*
Offline Offline

Activity: 3248
Merit: 1070



View Profile
March 02, 2014, 05:23:46 PM
 #17

next time don't manually type your password, use the "remember me" from google, or just scan with malwarebyte, it destroy every trojan or keylogger

No, most keyloggers or rats have stored password list, so if that's the case they can get it easier from that method..

didn't know about that
Nullu
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
March 02, 2014, 05:25:18 PM
 #18

next time don't manually type your password, use the "remember me" from google, or just scan with malwarebyte, it destroy every trojan or keylogger

I use AntiLogger, which encrypts keystrokes.

BTC - 14kYyhhWZwSJFHAjNTtyhRVSu157nE92gF
silvestar
Legendary
*
Offline Offline

Activity: 1134
Merit: 1002



View Profile
March 02, 2014, 07:56:44 PM
 #19

How much have you lost?
tintumon (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


dinkimole nokkalle...


View Profile
March 02, 2014, 09:02:47 PM
 #20

Actually the hacker, first hacked my email and then sent forgot my password to all the exchanges I trade with.

Once he got the password reset, he basically sold all my altcoins to BTC and then transferred them to his wallet.

He also deleted all the email confirmations from the mail inbox.
I actually noticed the unable to login with poloniex couple of times, but since poloniex was wobbly at that time, i thought it was a server issue.

Altogether I lost around 6LTC and 0.06BTC

Thanks.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!