rebel24 (OP)
Member
 Offline
Activity: 114
Merit: 10
|
 |
March 02, 2014, 06:13:09 AM |
|
Just thought I'd let you guys know so you dont let it happen to you.
I never saw this coming and am pretty security conscious.
I lost about 2 bitcoins worth.. over $1000 worth at today's prices...
I have taken some new security precautions but I recommend you guys to do the same-
firstly, use a unique password for your main email account, that you dont use anywhere else.
also add a phone number for alerts to your phone if someone does pass a log-in verification
most my coins are offline... the only ones there were mainly ones I had open for trades....
but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well.
Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?)
|
|
|
|
|
|
philipmicklon
|
|
March 02, 2014, 06:16:37 AM |
|
2FA is a must when you're dealing with BTC.
|
|
|
|
|
rebel24 (OP)
Member
Offline
Activity: 114
Merit: 10
|
|
March 02, 2014, 06:27:05 AM |
|
I believe it did have 2 factor authentication, because it emailed my email to confirm the transaction, and he had access to my gmail.
You make a good point, but the only way it should be done is via phone authentication.
I will also add, the only reason I caught it quickly was because he hacked into my secondary email, which has duplicates sent to my main email.
when I logged into my secondary email, those confirmation emails were deleted (I suppose to prevent me from knowing I was hacked)
|
|
|
|
|
rebel24 (OP)
Member
Offline
Activity: 114
Merit: 10
|
|
March 02, 2014, 06:45:27 AM |
|
Just thought I'd let you guys know so you dont let it happen to you.
I never saw this coming and am pretty security conscious.
I lost about 2 bitcoins worth.. over $1000 worth at today's prices...
I have taken some new security precautions but I recommend you guys to do the same-
firstly, use a unique password for your main email account, that you dont use anywhere else.
also add a phone number for alerts to your phone if someone does pass a log-in verification
most my coins are offline... the only ones there were mainly ones I had open for trades....
but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well.
Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?)
You had you poloniex password saved on your computer somewhere? Would this have been prevented if the only location of your passwords was written down on paper? no it was not saved on my computer.. he initiated a password rest, then because he had access to my email, he accessed my account the question is how did he get my email address login and password (and somehow know I used bitcoin too), my idea is probably one of the smaller exchanges I signed up for (about half a dozen of em, nothing crazy), that is my guess.. |
|
|
|
|
|
Nathonas
|
|
March 02, 2014, 06:49:18 AM |
|
2FA is a must when you're dealing with BTC.
2FA with google authenticator. /endthread |
All we have to decide is what to do with the time that is given us.
|
|
|
g27wr
Full Member
Offline
Activity: 221
Merit: 100
I like guns.
|
|
March 02, 2014, 06:51:47 AM |
|
Just thought I'd let you guys know so you dont let it happen to you.
I never saw this coming and am pretty security conscious.
I lost about 2 bitcoins worth.. over $1000 worth at today's prices...
I have taken some new security precautions but I recommend you guys to do the same-
firstly, use a unique password for your main email account, that you dont use anywhere else.
also add a phone number for alerts to your phone if someone does pass a log-in verification
most my coins are offline... the only ones there were mainly ones I had open for trades....
but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well.
Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?)
You had you poloniex password saved on your computer somewhere? Would this have been prevented if the only location of your passwords was written down on paper? no it was not saved on my computer.. he initiated a password rest, then because he had access to my email, he accessed my account the question is how did he get my email address login and password (and somehow know I used bitcoin too), my idea is probably one of the smaller exchanges I signed up for (about half a dozen of em, nothing crazy), that is my guess.. You could be right. It may have been someone from an exchange. We really have no way of knowing who is behind the scenes. New passwords everywhere!! |
|
|
|
|
Krona Rev
|
|
March 02, 2014, 09:56:11 AM |
|
OP: Sorry for your loss of 2btc. I'm glad to hear you keep most of your coins offline. I wish more people would.
Regarding 2FA, I would be very reluctant to trust google (either gmail or google authenticator) when it comes to security and/or cryptocurrency. No third party should be trusted, obviously, but at this point it is clear that trusting google means trusting the NSA and other dark forces in the US Govt. Don't do it. Please don't do it. One day this Mt. Gox fiasco could look minor compared to the damage someone could use google to do.
Just keep as many of your coins offline as possible, and be prepared to lose all coins that are online.
|
|
|
|
|
corebob
|
|
March 02, 2014, 10:48:50 AM |
|
The problem with giving Google your phone number is that you also give NSA what they need to associate your telephone calls with your emails
|
|
|
|
|
crazy_rabbit
Legendary
Offline
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
March 02, 2014, 11:17:27 AM |
|
Yubikey is your friend.
|
more or less retired.
|
|
|
|
Krona Rev
|
|
March 02, 2014, 11:26:34 AM |
|
Does any service offer 2FA via bitmessage?
|
|
|
|
|
freebit13
|
|
March 02, 2014, 12:58:53 PM |
|
Use Google.../endthread? Stop trusting a central authority to secure your information... that's just not bitcoin  |
Decentralize EVERYTHING!
|
|
|
p-webcorp
Newbie
Offline
Activity: 14
Merit: 0
|
|
March 02, 2014, 01:18:23 PM |
|
2FA is a must when you're dealing with BTC.
2FA with google authenticator. /endthread Oh, yes again a google product. Never ever use anything from google! 'g' give data, 'g' get protection for it, and the rest of the story is blablabla as the bitcoins are used by criminals etcetc, and the dollars are used only by honest people isn't it? |
|
|
|
|
rebel24 (OP)
Member
Offline
Activity: 114
Merit: 10
|
|
March 02, 2014, 01:21:08 PM |
|
I am pretty sure I have figured out what happened, I posted it in another thread so I thought I would share it with you guys-- apparently I am not the only one who has had coins recently stolen from them at poloniex--
what is going on is-
poloniex is being DDOS'ed, as well as cryptorush.io
I had the same robberies happen at both places. They are DDOS'ing the sites, taking the login info, and, for me, stupidly, I used the same login info for my email as my login there. So they logged into my email to confirm the withdrawls.
Now I have 2 way authentication and different passwords, I HIGHLY RECOMMEND EVERYONE DO THIS RIGHT NOW IF YOU HAVENT ALREADY
|
|
|
|
|
|
coinnewbit
|
|
March 02, 2014, 01:43:54 PM |
|
I am pretty sure I have figured out what happened, I posted it in another thread so I thought I would share it with you guys-- apparently I am not the only one who has had coins recently stolen from them at poloniex--
what is going on is-
poloniex is being DDOS'ed, as well as cryptorush.io
I had the same robberies happen at both places. They are DDOS'ing the sites, taking the login info, and, for me, stupidly, I used the same login info for my email as my login there. So they logged into my email to confirm the withdrawls.
Now I have 2 way authentication and different passwords, I HIGHLY RECOMMEND EVERYONE DO THIS RIGHT NOW IF YOU HAVENT ALREADY
I just despoited into poloniex the day before. Crap |
|
|
|
|
|
