WARNING!! Failed login attempt at Deribit Exchange. Stay cautious!

[rhomelmabini]

From Deribit chat group.

https://twitter.com/DeribitExchange/status/1142061912198438915

Message from one of the admin at Deribit.
[In reply to SHIELD CYBER SECURITY]
We are aware of this. It seems a database was breached somewhere. If you don't re-use passwords and have 2FA enabled for log ins you have no issues.


I guess this was due to the uptrend of bitcoin touching at $11k, there will be likely some possible scenario to other exchanges so I advice stay cautious as always. Always secure 2FA on all your accounts.

[anu1908]

so deribit database was hacked then?
and there are no further steps to make sure user account is safe except than telling their users that they need to use 2fa and update their password?

[bernardos]

It seems the passwords werent leaked otherwise you wouldnt be receiving emails of failed login attempts. This again shows how important 2FA is.
Thanks for the heads up.

[rhomelmabini]

so deribit database was hacked then?
and there are no further steps to make sure user account is safe except than telling their users that they need to use 2fa and update their password?

It isn't hacked but somehow an attack from random email list and co-founder said maybe it was a breach from ICO or other exchanges.

https://haveibeenpwned.com/ you can check there if your email been part of some breaches.

[nakamura12]

@OP: If you have an account in that website, is there any chance that you tried logging in in that site (deribit) and you mistakenly input a wrong credential or you input your password incorrectly in that site?, if you really did not tried logging on that site then, this is what I can think of about that failed attempt to log in your account in that website or possible reason why you received an email about the failed attempt.

1.) Someone is trying to log in your account purposely (someone might know your log in credentials in that site except your password).
2.) Someone is trying to log in different username (if logging in on that site is by username) or randomly logging in using email that he/she can see or think of because there is a case happen I know that they have almost the same gmail they used like this example, let's pretend that you're email is example12@gmail.com and the other person's email that he/she is trying to log in on that site is example21@gmail.com then when he/she is typing the email/gmail to log in his/her account but mistakenly type his/her email to example12@gmail.com which is the gmail that you are using instead of typing his/her correct email that this person used to log in on that site then you'll get or received a mail about your account's failed attempt to log in.
3.) The exchange site/website that you mentioned might be attacked by an attacker or the site is almost hacked by this hacker.

My decision on what to do/my prevention about the failed attempt or plan to do even if you have set up your 2FA in that exchange site is I still don't think that it's safe is because if the attacker/hacker successfully attacked/hacked the exchange site then the attacker/hacker have access to the accounts information in the site so, I will decide to do it right away to keep my account safe and secured as far as I can by doing this tip to your account as soon as possible.

1.) If registering in deribit exchange site will required you to input your email/gmail to register then you should exchange your password quickly or as soon as possible.
2.) If your account in deribit exchange password is the same as your email then you should also change it's password.
3.) This is the best solution to do for keeping your account that you use in any website that you have an account is by changing all your account's password daily or weekly in every site that you have an account but make sure that you save a back up of every new password you'll use in which there is a program that you can install in your computer where there are different "Password Manager" that you can use.

For now, change your password right away.

[AdolfinWolf]

None of the above i think is likely what happend.

It's more likely that some ICO or airdrop sold their database and IP adresses of users who signed up for them, and now checks if people have a deribit account using that email list. If so -> they send an email with your leaked email adress + IP that someone is trying to log into your deribit account to phish you.

Or perhaps deribit is lying and their database got hacked. In which case the attackers would probably get the user's IP adresses + Emails + hashed passwords. (Although the emails & ips are probably hashed as well. so i doubt this.)

[Quickseller]

Or perhaps deribit is lying and their database got hacked. In which case the attackers would probably get the user's IP adresses + Emails + hashed passwords.

If this was the case, I would suspect the hacker would decrypt the hashed passwords before trying to logging in, and the OP would be receiving emails (hopefully) to approve a login from a new IP address/device.

It is more likely that the OPs email was part of a hacked database (or multiple databases) separate from Deribit that included (hashed) passwords, and someone with access to the DB is trying these passwords to access the OPs account, hoping he reused passwords.

[nakamura12]

None of the above i think is likely what happend.

It's more likely that some ICO or airdrop sold their database and IP adresses of users who signed up for them, and now checks if people have a deribit account using that email list. If so -> they send an email with your leaked email adress + IP that someone is trying to log into your deribit account to phish you.

Or perhaps deribit is lying and their database got hacked. In which case the attackers would probably get the user's IP adresses + Emails + hashed passwords. (Although the emails & ips are probably hashed as well. so i doubt this.)

Well, it may be that way where possible cases that I stated in my previous post is none of the above in your opinion or it didn't happen to op's case at all. We don't know that one of the cases that I mentioned in my previous post might be actually happened to op. Quickseller may be also right that the op's account database is taken somewhere else (It can really happen to any site especially the site that doesn't have strong security) where the op might have used the same email and other op's information but the password used in the hacked site is different from the site that their database has been hacked successfully and the hacker may have an access to the op's email and the hacker know that the email is used in deribit and try to log in the email then the hacker used the password that the op's using in the site that the hacker got from decrypting then failed attempt to log in. Anyway, I am not against in your point or you're opinion but my point is to share what I think that the cases I mentioned might be what really to op, who knows until the op will provide more information about what did the op did after getting those mails. Look at the bright side because if you ask me, it is better that nothing is taken from the op and this will serve as lesson learned (lesson learned that we should be really serious about our security if it is secured enough to avoid this case from happening again in my opinion).

[rhomelmabini]

None of the above i think is likely what happend.

It's more likely that some ICO or airdrop sold their database and IP adresses of users who signed up for them, and now checks if people have a deribit account using that email list. If so -> they send an email with your leaked email adress + IP that someone is trying to log into your deribit account to phish you.

Or perhaps deribit is lying and their database got hacked. In which case the attackers would probably get the user's IP adresses + Emails + hashed passwords. (Although the emails & ips are probably hashed as well. so i doubt this.)

Exactly the scenario would be like that; it is some breached from some ICO or exchanges or Deribit has some issues about their database yet still silent not to panic people. Actually those above images are not mine but for some people that have accounts at Deribit that geeting some issues but luckily so far no account been compromised, 2FA really is a good thing. I have no account in there it just happened when I joined in there telegram group this chat been the sole topic most of the time.

[magneto]

None of the above i think is likely what happend.

It's more likely that some ICO or airdrop sold their database and IP adresses of users who signed up for them, and now checks if people have a deribit account using that email list. If so -> they send an email with your leaked email adress + IP that someone is trying to log into your deribit account to phish you.

The problem I have with this is that why would these people target Deribit, instead of any other exchange?

Either way, this shows that there is most likely at least some underlying security flaw when it comes to Deribit. Otherwise, the people with this email list would not be setting their eyes on this platform, instead of any others.

It's also wise to protect your own security by instating 2FA if you haven't already, and changing the passwords to something unrelated to any of your other accounts, regardless of what the actual situation is. From my experience deribit has always been quite a professional company, I doubt they'll have too much of a hiccup in this instance.