|
barryzand (OP)
|
 |
March 22, 2014, 08:47:03 AM
Last edit: July 04, 2014, 03:22:53 PM by barryzand |
|
Hi all! This morning, I found my cryptorush account empty! thank god only coins worth 0.12 btc was in there... Now this thought came up in my head... How did they do that?! LOL Thinking back I always set different passwords on every exchange... so how the hell did they do that!  And then i remembered one douchebag kind of exchange named COINMARKET.IO... For some reason I used one of my passwords twice... on coinmarket and cryptorush at the time... though I changed that after a few days on coinmarket... I'm not saying COINMARKET.IO actually "hacked" my Cryptorush.in account... But having said all this... it just cant be a small coincedence, since the password issue described above... So just be warned people! Maybe this piece of shit coinmarket.io guy takes it one step further! Barry |
|
|
|
|
|
bramvnl
|
|
March 22, 2014, 11:31:51 AM |
|
dont trust cryptorush
|
|
|
|
|
|
barryzand (OP)
|
|
March 22, 2014, 11:57:54 AM |
|
dont trust cryptorush
Well its been 4 hrs now since i opened up a support ticket... no response yet... but why cant we trust cryptorush? well basicly you cant trust anybody with your coins... Well i doubt they stole my coins... why?? there was only 0.12 btc in there... if it was cryptorush itself, they could have gotten a much bigger balance from somebody else... here is the TX ID ed7b1faf37ba929f310d48cea615b1d28078cde029d9a30d62c84361cc0d9820 and this is the adress my btc got send to : 116AkvFZfsfdvcf6T39Uo6Jr5HvCPGNnXn I know it wont help by posting these... but if someone knows a way to get my btc back (probably not) i'll give you half! |
|
|
|
|
pokrivac
Newbie
 Offline
Activity: 14
Merit: 0
|
|
March 22, 2014, 12:15:49 PM |
|
ccc cryptorush ;(
|
|
|
|
|
mrmining
Newbie
Offline
Activity: 10
Merit: 0
|
|
March 22, 2014, 12:38:00 PM |
|
oh my god..worry for my coin
|
|
|
|
|
Ceois
Newbie
Offline
Activity: 4
Merit: 0
|
|
March 23, 2014, 12:11:50 PM |
|
They also stole my bitcoins from cryptorush.in . The funny thing is i only used that email there. Nobody knew what the email was or the password. How can somebody hack my account if they didn't know what email i used. Only crypto knew the email i used....
|
|
|
|
|
|
Vann
|
|
March 23, 2014, 12:42:46 PM |
|
Unfortunately, you might have installed a keylogger without knowing it. I would reinstall the OS, just to be sure. Never type in sensitive passwords using a keyboard. Use a Password manager program such as LastPass, Password Safe or KeePass to safely store and manage logins or use the built in Windows On-Screen Keyboard to manually type in passwords, which keyloggers won't pickup. BinaryClock from Dedicated Pools has an excellent tutorial video on the subject: https://www.youtube.com/watch?v=ksTRQqDoWwE |
|
|
|
|
|
lemfuture
|
|
March 23, 2014, 12:49:44 PM |
|
Unfortunately, you might have installed a keylogger without knowing it. I would reinstall the OS, just to be sure. Never type in sensitive passwords using a keyboard. Use a Password manager program such as LastPass, Password Safe or KeePass to safely store and manage logins or use the built in Windows On-Screen Keyboard to manually type in passwords, which keyloggers won't pickup. BinaryClock from Dedicated Pools has an excellent tutorial video on the subject: https://www.youtube.com/watch?v=ksTRQqDoWwEwhat about ctrl+c and ctrl+v? |
1ADLcfwTofFXb95pKhebpeRkJ4WTWsvQXB
|
|
|
|
Vann
|
|
March 23, 2014, 12:55:56 PM
Last edit: March 23, 2014, 01:21:27 PM by Vann |
|
Unfortunately, you might have installed a keylogger without knowing it. I would reinstall the OS, just to be sure. Never type in sensitive passwords using a keyboard. Use a Password manager program such as LastPass, Password Safe or KeePass to safely store and manage logins or use the built in Windows On-Screen Keyboard to manually type in passwords, which keyloggers won't pickup. BinaryClock from Dedicated Pools has an excellent tutorial video on the subject: https://www.youtube.com/watch?v=ksTRQqDoWwEwhat about ctrl+c and ctrl+v? Yea, that works too but means you have to keep your passwords in a plain-text file on your computer. Much safer to keep them encrypted in a password manager. |
|
|
|
|
pr9me
Sr. Member
Offline
Activity: 369
Merit: 250
Cryptsy.com • Got Shitcoins?
|
|
March 23, 2014, 12:56:03 PM |
|
Do you have strong/unique passwords on all exchanges/email?
Do you have 2FA enabled on everything, including your email?
Do you have a dedicated and secure (always debatable) computer or device that you use exclusively for crypto?
Do you use encryption on all your computers?
Do you spread your smaller amounts around different secure "hot" locations, not keeping all your eggs in one basket?
Do you keep your larger amounts in "cold" storage which was generated in a secure manner?
It's not a joke anymore.
|
|
|
|
|
|
barryzand (OP)
|
|
March 23, 2014, 10:07:34 PM |
|
Do you have strong/unique passwords on all exchanges/email?
Do you have 2FA enabled on everything, including your email?
Do you have a dedicated and secure (always debatable) computer or device that you use exclusively for crypto?
Do you use encryption on all your computers?
Do you spread your smaller amounts around different secure "hot" locations, not keeping all your eggs in one basket?
Do you keep your larger amounts in "cold" storage which was generated in a secure manner?
It's not a joke anymore
Dude thats a lot of security there... and about half of the things i dont have... Thnx for the advice! Ill look into this..  You know I'm just a simple miner and a daytrader... and almost never leave my coins on exchange.. this time I was just waiting for my buy order to get filled... Unfortunately, you might have installed a keylogger without knowing it. I would reinstall the OS, just to be sure. Never type in sensitive passwords using a keyboard. Use a Password manager program such as LastPass, Password Safe or KeePass to safely store and manage logins or use the built in Windows On-Screen Keyboard to manually type in passwords, which keyloggers won't pickup. BinaryClock from Dedicated Pools has an excellent tutorial video on the subject: https://www.youtube.com/watch?v=ksTRQqDoWwEwhat about ctrl+c and ctrl+v? Yea, that works too but means you have to keep your passwords in a plain-text file on your computer. Much safer to keep them encrypted in a password manager. I really hope this isnt my case... Wich "scanner" finds stuff like this? do I need something more then just Norton/mcafee/spyhunter etc.? |
|
|
|
|
|
barryzand (OP)
|
|
March 23, 2014, 10:15:34 PM |
|
BTW! I got email back from cryptorush... they gave me a few IP adresses of "people" who logged in my account the last month... Ip Address: 183.171.163.28 First Login: 2014-03-09 16:56:38 Ip Address: 183.171.164.255 First Login: 2014-03-19 17:09:54 Ip Address: 183.171.171.133 First Login: 2014-03-19 18:20:42 Ip Address: 183.171.169.185 First Login: 2014-03-21 20:17:32 Ip Address: 183.171.173.147 First Login: 2014-03-22 05:59:38 This motherfucker stole my coins... As you can see this "person" logged in my account once in a while... probably to check my balance... mofo... The last one is when he took my money... This actually proves Cryptorush lack of security features... you cant even see the last IP adress that logged in on your dashboard... Then it would ring a bell to me the first time i would see it...  |
|
|
|
|
h4xx0r
Full Member
Offline
Activity: 154
Merit: 100
★Bitin.io★ - Instant Exchange
|
|
March 23, 2014, 10:27:27 PM |
|
BTW! I got email back from cryptorush... they gave me a few IP adresses of "people" who logged in my account the last month... Ip Address: 183.171.163.28 First Login: 2014-03-09 16:56:38 Ip Address: 183.171.164.255 First Login: 2014-03-19 17:09:54 Ip Address: 183.171.171.133 First Login: 2014-03-19 18:20:42 Ip Address: 183.171.169.185 First Login: 2014-03-21 20:17:32 Ip Address: 183.171.173.147 First Login: 2014-03-22 05:59:38 This motherfucker stole my coins... As you can see this "person" logged in my account once in a while... probably to check my balance... mofo... The last one is when he took my money... This actually proves Cryptorush lack of security features... you cant even see the last IP adress that logged in on your dashboard... Then it would ring a bell to me the first time i would see it... dude thats an awesome idea. every exchange should have that feature! |
|
|
|
|
wasamata
|
|
March 23, 2014, 10:35:18 PM |
|
BTW! I got email back from cryptorush... they gave me a few IP adresses of "people" who logged in my account the last month... Ip Address: 183.171.163.28 First Login: 2014-03-09 16:56:38 Ip Address: 183.171.164.255 First Login: 2014-03-19 17:09:54 Ip Address: 183.171.171.133 First Login: 2014-03-19 18:20:42 Ip Address: 183.171.169.185 First Login: 2014-03-21 20:17:32 Ip Address: 183.171.173.147 First Login: 2014-03-22 05:59:38 This motherfucker stole my coins... As you can see this "person" logged in my account once in a while... probably to check my balance... mofo... The last one is when he took my money... This actually proves Cryptorush lack of security features... you cant even see the last IP adress that logged in on your dashboard... Then it would ring a bell to me the first time i would see it... dude thats an awesome idea. every exchange should have that feature! Yeah, a few pools have that feature already too, neat. |
|
|
|
|
|
xbudahx
|
|
March 23, 2014, 11:07:59 PM |
|
Do they not offer 2 factor authentication?
|
|
|
|
|
|
gustav
|
|
March 24, 2014, 12:39:50 AM |
|
thanks for the heads-up
|
|
|
|
|
|
barryzand (OP)
|
|
March 24, 2014, 08:26:18 AM |
|
I opened up a new support ticket with the request to add this IP feature... On site or through email... this just needs to be added... I will do the same with other exchanges... This could actually prevent some btc theft in the future... Just take my own story.. The "hacker" logged in several times to check my balance... Since I dont usually keep any balance in my account, I couldve spotted this guy sneaking around in my account sooner if that feature just was there. And i couldve changed passwords etc.
|
|
|
|
|
rokkyroad
Legendary
Offline
Activity: 1090
Merit: 1000
|
|
March 24, 2014, 04:40:19 PM |
|
2FA is a must. Google Authenticator is ok. SMS is the BEST.
Even Gmail offers SMS verification for free so why not use it? I'm pretty sure you can receive/send sms on most cell phones, android, ios devices. Many free apps for doing such. Textplus comes to mind.
Blockchain.info, VaultofSatoshi, Cryptsy are three services I know that offer SMS.
Perhaps others will post email services and exchanges with SMS verification.
|
" If you have to spam and shout to justify your existence then you are a shit coin." TaunSew
|
|
|
|
Mayuyu48
|
|
March 24, 2014, 04:52:54 PM |
|
hmm, just after i viewed cryptorush and they advice me to enable 2FA from their notifications
many people hack cryptorush account already?
I think 2FA is must factor!
and probably exchanger should add IP filter feature. A feature when Somebody log in with different IP can't login / block
|
|
|
|
|
Vann
|
|
March 24, 2014, 04:56:27 PM |
|
Do they not offer 2 factor authentication?
Yes, they do. CryptoRush now displays a banner on the top of the page if you don't have it enabled. I like the IP idea too. AllCoin coin sends you an email with the IP anytime someone logs into your account.  |
|
|
|
|
|
