Murat (OP)
|
So weeks ago I lost over 20k USD in Crypto.
I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.
If you can afford then buy a hardware wallet. and if you can't then don't store your important data online or anywhere connected to online.
Write down on paper secret codes & keys.
Use different passwords.
Again be very careful with security, If you keep anything online then you're putting yourself at risk.
|
|
|
|
mk4
Legendary
Offline
Activity: 2912
Merit: 3881
📟 t3rminal.xyz
|
|
November 21, 2019, 01:01:53 PM Merited by LoyceV (1), Murat (1) |
|
Err. We literally had the past few years flooded with news of funds getting stolen due to carelessness of the holders. Not sure how this is still happening knowing that you're on Bitcointalk, which is pretty up to date with hackings and breaches. A lot of people have been very very very vocal about security.
Oh well, painful mistake for you I guess. Look at the bright side. While 20k is a good amount of money, better learn a hard lesson losing the $20k rather than learning your lesson when you already have like $100k+ or more. Best of luck moving forward.
|
|
|
|
GSpgh
|
|
November 21, 2019, 01:26:38 PM |
|
I'm sorry this happened to you. I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily.
Sounds like it was webmail something like gmail so it doesn't have to be a break in to your account to steal your information. It can be many other things like a cross site scripting attack from another tab or a rogue browser extension or malware on your computer.
|
|
|
|
JeromeTash
Legendary
Offline
Activity: 2324
Merit: 1258
Heisenberg
|
|
November 21, 2019, 02:11:12 PM |
|
Sorry for your loss... Stay positive and just consider it as an expensive lesson learnt.
SMS 2FA is pretty weak. At least if you are to go for 2 factor authentication for your email, go for the strongest that is a available and that is authy or google authenticator.
Keeping your login credentials and private keys in email drafts, cloud storage like Dropbox or online notebooks is also not wise. Those are the first places the hacker checks out.
|
|
|
|
GreatArkansas
Legendary
Offline
Activity: 2492
Merit: 1394
|
|
November 21, 2019, 02:15:44 PM |
|
I feel sorry for your lost... But, I am a little curious why you have been the target by them? Or they are just have some random targets and finding only the big fish on their targets.
I also experienced last month about my centralized exchange account, when someone able to log in it via my email address and correct password but didn't able to proceed because it needs SMS 2FA from my sim card, so he/she didn't able to proceed, but after that I activate my 2FA uding authy/google authenticator which is much stronger.
|
|
|
|
Mashfiqun
Member
Offline
Activity: 100
Merit: 21
|
|
November 21, 2019, 02:23:47 PM |
|
Mobile verification is not that good at all. In my country, almost anyone can reclaim any working SIM card. I've been a victim before. Someone purchased my number again. Always use something like Google Authenticator or Authy. I guess Authy is better because it can be restored in case of losing the phone. And using someone else's Google account on your phone is risky too. My phone was once reset by a thief who stole my friends phone. Be careful. Don't lose all your money.
|
|
|
|
coupable
|
|
November 21, 2019, 02:39:50 PM |
|
Back to 2017 , i used to store my secret codes in a text file , compress it in winrar file locked by a long sophisticated password , then upload it to my DropBox which also secured by sms verification [gmail] . At that time, i hadn't any secure device and had to access my accounts from different computers. Even after i repaired my laptop, that winrar file stayed a long time before i deleted it and reset all my codes. I didn't thought sim verification may not be secure enough, as also for a hacker may have access to content in a locked zipped file. Am so sorry about your lost . This is shocked ! Am also a little bit curious about how this did happened to you ? I mean how they have access to your email ? Is it possible to brute force codes sent via sms or sophisticated long password for Winrar ?
|
|
|
|
RapTarX
|
|
November 21, 2019, 02:53:37 PM |
|
Always use something like Google Authenticator or Authy. I guess Authy is better because it can be restored in case of losing the phone.
If you are storing your private keys/passwords/seed keys into online, no Authenticator is safe. It's better if we can use paper wallet or hardware wallet. Or at least, we don't store our private keys/seed keys online. It can be written form. Sorry to hear about your loss. OP, you are a old bitcointalker. It's very unexpected mistake from members like you. You must have known about these security issue long ago.
|
|
|
|
lobat999
|
|
November 21, 2019, 02:55:29 PM |
|
Oh well, painful mistake for you I guess. Look at the bright side. While 20k is a good amount of money, better learn a hard lesson losing the $20k rather than learning your lesson when you already have like $100k+ or more. Best of luck moving forward.
Correct! This is also my line of thinking when I was victimized by phishing but so far,that incident has taught me to be more security conscious and be more vigilant with our assets. Needless to say, we must employ certain security practices like installing security products, using password managers. etc., that could help in strengthening the defenses of our systems. Most importantly, no matter what happens to us, just don't give up! Imho.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3416
Merit: 6143
Crypto Swap Exchange🈺
|
|
November 21, 2019, 02:57:24 PM |
|
For someone who is a member from early 2016 things like this should not happen, it has been repeated thousands of times that private keys/seed should not be stored on e-mail or as unencrypted documents on PC/smartphone. Some members also say that if you have more then $500 in BTC that in this case hardware/paper wallet is necessary. But in my opinion, even $100 worth of crypto justifies investing in security.
When I say security, I don't just mean on hardware wallets, but also in PC/smartphone security. $20k is big money, so even though the chances are very small for the return of coins, the whole thing needs to be reported to the police.
|
|
|
|
ice18
|
|
November 21, 2019, 03:02:43 PM |
|
Thats very unfortunate mate, that was a huge money, this is a lesson to all never ever store your important keys on your email/gmail this is very risky much safe to store on your hdd with password or in a portable hdd if you have no hardware wallet Im also storing mine in my portable hdd so that wherever I go I can securely hide it somewhere in my house.
|
|
|
|
Mashfiqun
Member
Offline
Activity: 100
Merit: 21
|
|
November 21, 2019, 03:12:10 PM |
|
Always use something like Google Authenticator or Authy. I guess Authy is better because it can be restored in case of losing the phone.
If you are storing your private keys/passwords/seed keys into online, no Authenticator is safe. It's better if we can use paper wallet or hardware wallet. Or at least, we don't store our private keys/seed keys online. It can be written form. I always store any seed or private key on paper. And if there's an option for 2FA, I always prefer authenticator apps over SMS verification. That's why I said it. Thank you mate.
|
|
|
|
BITCOIN4X
Legendary
Offline
Activity: 2156
Merit: 1170
|
|
November 21, 2019, 03:12:22 PM |
|
Also concerned about what happened to you Iwan, I will make your experience a valuable lesson for me. Many people may still be ignoring the security of their money so far and I am also one of them, even if buying one hardware wallet might not be the only thing that can be bought. But more often ignore it.
This is ridiculous in my opinion, and as soon as possible will set aside money to buy it. Security is the main thing that must always be maintained if we have large amounts of assets and even if small.
|
| | . .Duelbits│SPORTS. | | | ▄▄▄███████▄▄▄ ▄▄█████████████████▄▄ ▄███████████████████████▄ ███████████████████████████ █████████████████████████████ ███████████████████████████████ ███████████████████████████████ ███████████████████████████████ █████████████████████████████ ███████████████████████████ ▀████████████████████████ ▀▀███████████████████ ██████████████████████████████ | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | ███▄██▄███▄█▄▄▄▄██▄▄▄██ ███▄██▀▄█▄▀███▄██████▄█ █▀███▀██▀████▀████▀▀▀██ ██▀ ▀██████████████████ ███▄███████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ▀█████████████████████▀ ▀▀███████████████▀▀ ▀▀▀▀█▀▀▀▀ | | OFFICIAL EUROPEAN BETTING PARTNER OF ASTON VILLA FC | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | 10% CASHBACK 100% MULTICHARGER | │ | | │ |
|
|
|
akamit
|
|
November 21, 2019, 03:14:50 PM |
|
I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.
2FA SMS is one of a secure way to protect your online accounts if I'm not mistaken. I can only think of how it happened is that someone around you has the physical access to your phone and also knows your email pass and that's how they accessed your email account, maybe I'm wrong. It's the two locks a hacker needs to break to get inside. However, have you identified the way it happened yet? $20k is not a small amount and I also feel that you should report to the police as Lucius suggested, only if Crypto is legal in your country.
|
|
|
|
mk4
Legendary
Offline
Activity: 2912
Merit: 3881
📟 t3rminal.xyz
|
|
November 21, 2019, 03:52:14 PM |
|
For someone who is a member from early 2016 things like this should not happen, it has been repeated thousands of times that private keys/seed should not be stored on e-mail or as unencrypted documents on PC/smartphone. Some members also say that if you have more then $500 in BTC that in this case hardware/paper wallet is necessary. But in my opinion, even $100 worth of crypto justifies investing in security.
It sure is really surprising. Not saying that high rank & early registration date = smart, but you'd really expect a bit more security awareness from someone who's been in the forum for some time already. My guess that in the case of OP, it's more of the " ehh, no ones going to hack me" reasons. Because hot damn storing very very sensitive information on an email account is a very very very novice move.
|
|
|
|
Findingnemo
|
|
November 21, 2019, 04:06:16 PM |
|
2FA SMS is one of a secure way to protect your online accounts if I'm not mistaken.
Not really, hackers also getting updated with security development. It's not easy to bypass 2FA code but we can't say its impossible. Phishing SMS 2FA codes – How hackers bypass two-factor authentication
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
hd49728
Legendary
Offline
Activity: 2268
Merit: 1127
|
|
November 21, 2019, 04:26:11 PM |
|
Always use something like Google Authenticator or Authy. I guess Authy is better because it can be restored in case of losing the phone.
Make sure to back up your 2FA codes safely before activating it; then you can restore your 2FA on other phones. I copy & paste or write codes down manually; then when I enter the activation code for the first time, I type it manually by looking at my backup codes (not directly copying and pasting from computers). I do this because I want to make sure that backup codes saved correctly and can be used later.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
akamit
|
|
November 21, 2019, 07:17:36 PM |
|
Not really, hackers also getting updated with security development.
I totally agree with you... It's not easy to bypass 2FA code but we can't say its impossible.
I agree but in order to hack an email account the hacker needs to break at least two locks (if 2fa is enabled), isn't it? And the hacker to succeed, the user (email owner) needs to click a link from a phishing email and then needs to put the login credentials, otherwise no. That's a long process. A month or two ago, I got an email saying that someone tried to access my email (the email template was the same as Google's template) and asked me to verify, but when I checked the sender email I found that it was not Google but just a phishing attempt. So I didn't even click any link from that phishing email. What I want to say is that a hacker will never succeed without our help, we all just need to be more careful, that's all. edit: If it is not a case of phishing email than what could be other ways except a known person?
|
|
|
|
nakamura12
|
|
November 21, 2019, 07:41:29 PM |
|
I was thinking that ther might be a person who has physical access then steal the email and hack the sms 2fa verification security by doibg what findingnemo provided and getaway with it. It will be easier for that person to steal your money since your passwords, private keys are stored online which storing online is not the most suitable way to keep your info safe.
|
|
|
|
khaled0111
Legendary
Offline
Activity: 2702
Merit: 3037
Top Crypto Casino
|
|
November 21, 2019, 08:48:06 PM |
|
I know how you feel right now and I am truly sorry for your loss. I've gone through this before and in my case I lost around 8k $. I have a strong feeling that who hacked me is someone I know though Since then, I never save my private keys or passwords on any online platform regardless of how much secure it may sound.
I think I should recheck my email to see If there is still any sensitive data saved there.
|
|
|
|
|