Bitcoin Forum
November 14, 2024, 04:34:29 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Funds withdrawn from Stake without 2FA.  (Read 446 times)
ubercool (OP)
Hero Member
*****
Offline Offline

Activity: 1078
Merit: 504


View Profile
December 18, 2023, 03:16:28 PM
 #1

Hi everyone,

I dont know if anyone remembers me or not but I was an active member on this forum for years..

I write this post with a heavy heart to tell everyone the incident happened with me 3 days ago.

All of my BTC from my Stake account got transferred to some unknown address without my knowledge. I can firmly say that I dont click random website links and I can more surely say that I have never given my credentials to anyone. Also Stake asks for 2FA when you try to withdraw funds even when you are logged in. Still funds got transferred without my knowledge.

The official reply from Stake to me:
"Please follow our instructions and you shouldn't experience any similar things ever again. We understand your concerns, but we are not able to track your activity across the web to be sure where the issue happened."
"We are truly sorry for what happened."

My Question: How can a withdraw gets accepted without 2fa?
Reply: There are numerous ways that we are not familiar with.


Stake team is not providing me any details about the withdrawal. And on that they say their security is impenetrable.

Another point I want to ask to everyone here
Why there is not authenticity check when the user logs in from a different country in a day's time or even whenever he logs in from a different country rather than his home country.?


Wapfika
Hero Member
*****
Offline Offline

Activity: 1456
Merit: 597


Bitcoin makes the world go 🔃


View Profile
December 18, 2023, 03:22:26 PM
 #2

Customer support usually choose the easiest way to close any existing open concern especially if the concern is already not solvable by them. It’s very hard to justify your case  because you can’t provide any evidence that you don’t commit the mistake.

Even if Stake provide different IP login on your account, How can you prove that no one hacks your phone that install your 2FA. Also how did the hacker knew your login credentials?

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Yamane_Keto
Hero Member
*****
Offline Offline

Activity: 630
Merit: 510



View Profile WWW
December 18, 2023, 04:16:12 PM
 #3

Sorry for losing your money, but 2FA is an additional but essential verification method in all services. avoid using any service that does not have several layers of protection, and write what happened to you in detail, at least no one else will lose their money.

えいごをはなせますか。
Mahdirakib
Legendary
*
Offline Offline

Activity: 2100
Merit: 1047


In Search of Incredible


View Profile
December 18, 2023, 04:29:10 PM
 #4

All of my BTC from my Stake account got transferred to some unknown address without my knowledge.
Can you post the Bitcoin address here in which your withdrawal was made?

Why there is not authenticity check when the user logs in from a different country in a day's time or even whenever he logs in from a different country rather than his home country.?
If 2fa is enabled on your account, then the 2fa code is required for accessing your account. Otherwise, Stake sends a login code to users email address whenever a user login from a new device or location. 2fa or the email code is also required for each withdrawal. Perhaps, your device has been compromised without your knowledge. Have you checked your login sessions? Is there any unknown IP address and location on your session activity?

R


▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀
LLBIT|
4,000+ GAMES
███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀
█████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀
||.
|
▄▄████▄▄
▀█▀
▄▀▀▄▀█▀
▄░░▄█░██░█▄░░▄
█░▄█░▀█▄▄█▀░█▄░█
▀▄░███▄▄▄▄███░▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
░░██████░░█
█░░░░▀▀░░░░█
▀▄▀▄▀▄▀▄▀▄
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
███████████░███████▀▄▀
███████████░██▀▄▄▄▄▀
███████████░▀▄▀
████████████▄▀
███████████
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI
Cantsay
Hero Member
*****
Offline Offline

Activity: 938
Merit: 591


Bitcoin Casino Est. 2013


View Profile WWW
December 18, 2023, 04:54:34 PM
 #5

Sorry for your loss, Op…

Have you tried reaching out to other representatives after your interaction with the customer support? I will suggest you send a message to stunna if he can help you take a look at the incident and check what could have been the cause.


All of my BTC from my Stake account got transferred to some unknown address without my knowledge. I can firmly say that I dont click random website links and I can more surely say that I have never given my credentials to anyone. Also Stake asks for 2FA when you try to withdraw funds even when you are logged in. Still funds got transferred without my knowledge.


This is really strange, I’m not going to lie… if you don’t click on links what about files? Have you ever downloaded any file from a site that’s not secure? It could be one of those free movie sites that are overloaded with ads, anything at this point could have led to your system being infected by malware.

Well, just send Stunna a pm and pray he receives an email concerning the pm so that you can get a fast response from him. https://bitcointalk.org/index.php?action=profile;u=81292

███▄▀██▄▄
░░▄████▄▀████ ▄▄▄
░░████▄▄▄▄░░█▀▀
███ ██████▄▄▀█▌
░▄░░███▀████
░▐█░░███░██▄▄
░░▄▀░████▄▄▄▀█
░█░▄███▀████ ▐█
▀▄▄███▀▄██▄
░░▄██▌░░██▀
░▐█▀████ ▀██
░░█▌██████ ▀▀██▄
░░▀███
▄▄██▀▄███
▄▄▄████▀▄████▄░░
▀▀█░░▄▄▄▄████░░
▐█▀▄▄█████████
████▀███░░▄░
▄▄██░███░░█▌░
█▀▄▄▄████░▀▄░░
█▌████▀███▄░█░
▄██▄▀███▄▄▀
▀██░░▐██▄░░
██▀████▀█▌░
▄██▀▀██████▐█░░
███▀░░
logfiles
Copper Member
Legendary
*
Offline Offline

Activity: 2170
Merit: 1822


Top Crypto Casino


View Profile WWW
December 18, 2023, 07:53:12 PM
 #6

You may have kept your login credentials safely, but how about the 2FA recovery code?
There could have been a loophole somewhere, though you may not notice it right now due to the stress you have for losing the funds.

I would like you to check the login history on your account to see if there are any strange IP addresses that maybe been recorded while we wait for the representative to respond here

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Oshosondy
Legendary
*
Offline Offline

Activity: 1638
Merit: 1202


Gamble responsibly


View Profile
December 19, 2023, 09:44:37 AM
 #7

My Question: How can a withdraw gets accepted without 2fa?
The most likely reason is that there is someone that used your 2FA to spend from your Setake account. Either the person was able to access the device your 2FA app is or you used 2FA like Google authenticator. If you save your username, password and 2FA backup on Google cloud, only what the bad actor needed was just to be able to access your email account. If you are using 2FA that your 2FA backup is backed up online or you backup your login passwords online, it is better you change the backups and deleted them from the online cloud.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
robelneo
Legendary
*
Offline Offline

Activity: 3430
Merit: 1226



View Profile WWW
December 19, 2023, 10:45:28 AM
 #8



My Question: How can a withdraw gets accepted without 2fa?
Reply: There are numerous ways that we are not familiar with.


Stake team is not providing me any details about the withdrawal. And on that they say their security is impenetrable.

Another point I want to ask to everyone here
Why there is not authenticity check when the user logs in from a different country in a day's time or even whenever he logs in from a different country rather than his home country.?

This is a rare complaint there was an intrusion on your account and we can only investigate if you care to send the latest transaction where you think the scammers withdrew your funds and how much funds and the time he withdrew it everything is available in your transaction page to check your email also if you're using an email confirmation for every action in your account, your login sessions is another, you have to check all areas of your account to see if there is an intrusion, Stake has no control on your action as long as you have the email or the tool that allow access your account, its better to change your password now both on Stake and your email.
You're a long-time member of this forum you should have followed the right format in creating an accusation that's always been the drill.

..cryptomus..   
  
.
lllllllllllllllllll CRYPTO
PAYMENT GATEWAY
▄█▀▀██▄░░░▄█████▄░░░▄▀████▄
██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█
██░▀▄██░░░███▄███░░░███░░▄█
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄
███▀▄██░░░██▀░▀██░░░██▀▀▀▀█
██▀▄███░░░██░░░██░░░█▄███░█
▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀

▄█████▄░░░▄█▀▀██▄░░░▄█████▄
█▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██
█▄█▄█▄█░░░███░▀▄█░░░███▄███
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
ACCEPT
CRYPTO
PAYMENTS
..GET STARTED..
TheUltraElite
Legendary
*
Offline Offline

Activity: 3066
Merit: 1330


Going to reach LEET merits soon!


View Profile WWW
December 19, 2023, 03:13:12 PM
 #9

OP sorry for your loss,

I read your post but I could not confirm whether you actually had 2FA on during this entire time - I assume you did, otherwise you would not be speaking of the same.

If there a chance the hacker got access to your Google account and cloud synced the authentication codes on their device? Of course you could get security emails if they did but maybe you overlooked?

Also you can check the previous IP locations of the logins on Primedice, I am not sure if the same exists in Stake, but I assume you already did that in case you want to take the legal route.

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
ubercool (OP)
Hero Member
*****
Offline Offline

Activity: 1078
Merit: 504


View Profile
December 19, 2023, 04:41:12 PM
 #10

The IP Address: 194.127.199.43

The Bitcoin Address: https://www.blockchain.com/explorer/addresses/btc/bc1qyuqc9hc9kguk693zlgq6sfk568f7r205rhts4f

Yes there was a session from that IP in my Stake account. As soon as I showed it to the customer care guy, he told me to remove the session ASAP. I did that and now even my VIP host doesnt have any details.

Stake doesnt send you an email even if you make a WITHDRAW.  Roll Eyes 

I have the same 2FA device for all my accounts. Exchanges and Stake but only my Stake account got emptied, my exchange balances were same, I have withdrawn everything now.
Only thing is that Email ID and passwords are not same for all.

I have scanned my PC and mobile and everything came clean. No malwares or viruses...

The only dilemma I am having right now is even if someone have cracked my email and password and logged in, Still Stake asks for 2FA while withdrawing.
How did they passed that..?
Official reply from my VIP Host: "Nothing more than you could see in your transactions."

Does anyone have any answer to this.? A site like Stake or Binance or any exchange for that matter, why no one is doing this..?
Why there is not authenticity check when the user logs in from a different country in a day's time or even whenever he logs in from a different country rather than his home country.?
holydarkness
Legendary
*
Online Online

Activity: 2716
Merit: 1540


Yes, I'm an asshole


View Profile
December 19, 2023, 05:21:32 PM
 #11

[...]
The only dilemma I am having right now is even if someone have cracked my email and password and logged in, Still Stake asks for 2FA while withdrawing.
How did they passed that..?
Official reply from my VIP Host: "Nothing more than you could see in your transactions."

Does anyone have any answer to this.? A site like Stake or Binance or any exchange for that matter, why no one is doing this..?
Why there is not authenticity check when the user logs in from a different country in a day's time or even whenever he logs in from a different country rather than his home country.?

Is it possible that they bypassed the 2FA through this method? Is there a log on your email account that shows it's accessed from different location than yours? IF we amuse your assumption for a while that someone has access to your email, perhaps the details asked by their security team are readily available in your inbox?

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Upgrade00
Legendary
*
Offline Offline

Activity: 2226
Merit: 2369


Playgram - The Telegram Casino


View Profile WWW
December 19, 2023, 08:40:49 PM
 #12

The only dilemma I am having right now is even if someone have cracked my email and password and logged in, Still Stake asks for 2FA while withdrawing.
How did they passed that..?
We do not have access to the behind the scenes, so cannot determine how there was a breach of the website. You can only get that response directly from a representative of Stake.

Isolated cases like this are not uncommon with crypto related websites, it could be due to a hack or  you allowing someone else access to where you keep valuable information.

If you do not get a substantial answer after a few days, then you can try calling then out on other websites they are active on.

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
logfiles
Copper Member
Legendary
*
Offline Offline

Activity: 2170
Merit: 1822


Top Crypto Casino


View Profile WWW
December 19, 2023, 08:54:37 PM
 #13

OP, which app do you use for 2-factor authentication codes? Google authenticator? Authy?
How about the email you used for registering to stake... Gmail?

Does anyone have any answer to this.? A site like Stake or Binance or any exchange for that matter, why no one is doing this..?
Why there is not authenticity check when the user logs in from a different country in a day's time or even whenever he logs in from a different country rather than his home country.?
To this date, some sites are not so strict when it comes to IP addresses. I don't know why. I used to like how some site would first have to prove if it's actually you trying to log in, regardless of your IP address.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
tabas
Hero Member
*****
Offline Offline

Activity: 3192
Merit: 770


Top Crypto Casino


View Profile
December 19, 2023, 10:35:34 PM
 #14

If the 2FA method is through email then it's possible that it's your email that has been cracked by the hacker. Do you remember all of the websites that you've signed up for and did you use the same emails and passwords from all of those? Because I've read somewhere that there hackers actually goes through all of the credentials to the websites that they're in like finances, exchanges, casinos, etc. That's what I am thinking on your case. But if they're not telling you any reason or how did it happened, it actually go through the process and the money's gone so sorry about your losses OP. Remember which website you probably think the leak has happened and you're right that they should flag an account if ever some unfamiliar IP gets access and goes on withdrawal asap.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
ubercool (OP)
Hero Member
*****
Offline Offline

Activity: 1078
Merit: 504


View Profile
December 20, 2023, 02:10:51 PM
 #15


Is it possible that they bypassed the 2FA through this method? Is there a log on your email account that shows it's accessed from different location than yours? IF we amuse your assumption for a while that someone has access to your email, perhaps the details asked by their security team are readily available in your inbox?

No. My email is not compromised.. I have checked the sessions of my mail and its clear.


We do not have access to the behind the scenes, so cannot determine how there was a breach of the website. You can only get that response directly from a representative of Stake.

Isolated cases like this are not uncommon with crypto related websites, it could be due to a hack or  you allowing someone else access to where you keep valuable information.

If you do not get a substantial answer after a few days, then you can try calling then out on other websites they are active on.

There is no proper response, nor from the live support or from my VIP host. They are just giving me defined automated answers.


OP, which app do you use for 2-factor authentication codes? Google authenticator? Authy?
How about the email you used for registering to stake... Gmail?

To this date, some sites are not so strict when it comes to IP addresses. I don't know why. I used to like how some site would first have to prove if it's actually you trying to log in, regardless of your IP address.

I use Google Authenticator, I have known only this one from the beginning and been using it since.

In an age where any device can be hacked from a distance why reputed, large scale websites are not doing anything regarding this.
In my case, Norway is like 24 hours away on an airplane.

There has to be some logical authentication method when a user logs in from a far away country within some hours.



If there is anyone from Stake here, Do tell me whether the scammer has withdrawn with 2FA or if there is any other way.
Because this cant be an answer your user is expecting..


My Question: How can a withdraw gets accepted without 2fa?
Reply: There are numerous ways that we are not familiar with.


holydarkness
Legendary
*
Online Online

Activity: 2716
Merit: 1540


Yes, I'm an asshole


View Profile
December 20, 2023, 04:20:10 PM
 #16


Is it possible that they bypassed the 2FA through this method? Is there a log on your email account that shows it's accessed from different location than yours? IF we amuse your assumption for a while that someone has access to your email, perhaps the details asked by their security team are readily available in your inbox?

[...]
I use Google Authenticator, I have known only this one from the beginning and been using it since.

In an age where any device can be hacked from a distance why reputed, large scale websites are not doing anything regarding this.
In my case, Norway is like 24 hours away on an airplane.

There has to be some logical authentication method when a user logs in from a far away country within some hours.

Reading your reply to multiple questions, my initial thought when learning that you use GA as your 2FA and your email was not compromised was that maybe that hacker was someone close to you and bypassing your account by the security key that you probably wrote somewhere and store it in your home. But given the IP is from Norway... I think that's quite unlikely.

If there is anyone from Stake here, Do tell me whether the scammer has withdrawn with 2FA or if there is any other way.
Because this cant be an answer your user is expecting..


My Question: How can a withdraw gets accepted without 2fa?
Reply: There are numerous ways that we are not familiar with.


Stake has a representative that forward every case against them on this board to their team to be addressed, you probably want to try to PM him to get to the bottom of this issue, Symphonized, though he probably is already aware of this situation.

I usually gladly invite representatives of casinos to address an issue or to simply inform them about an open accusation against their platform, but on our previous exchange of PM, he informed me that he's well aware of every case against Stake and asked me to stop sending him PM for such matter. Thus I am not doing it in concern that my PM will be considered as unsolicited.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
TheUltraElite
Legendary
*
Offline Offline

Activity: 3066
Merit: 1330


Going to reach LEET merits soon!


View Profile WWW
December 20, 2023, 04:33:36 PM
 #17

Case seems pretty puzzling to me as to how the hacker got access to your account. But we can only do so much as speculate and rule out the common causes. In depth investigation can be done from the Stake's owners side and thus I would advice the OP to PM Stunna and wait for them to respond to the thread.

Hoping Stunna/Mladen/Eddie to respond soon and the case to get resolved. Once again, sorry for the loss.


Side note - maybe dont use casino websites as wallets in future?

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
holydarkness
Legendary
*
Online Online

Activity: 2716
Merit: 1540


Yes, I'm an asshole


View Profile
December 20, 2023, 05:02:04 PM
 #18

Case seems pretty puzzling to me as to how the hacker got access to your account. But we can only do so much as speculate and rule out the common causes. In depth investigation can be done from the Stake's owners side and thus I would advice the OP to PM Stunna and wait for them to respond to the thread.

Hoping Stunna/Mladen/Eddie to respond soon and the case to get resolved. Once again, sorry for the loss.


Side note - maybe dont use casino websites as wallets in future?

Stunna hasn't been online for a while, more than five months, I don't think sending them a PM will be beneficial and solve this case, given a very high probability the PM will not even be noticed.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Sunderland
Sr. Member
****
Offline Offline

Activity: 1476
Merit: 381

To Be Or Not To Be


View Profile
December 20, 2023, 05:56:13 PM
 #19


Sorry for your loss, maybe out of topic but just in case you need to trace where the money goes:

Here is what I found,
The "hacker" withdraw with this address: bc1qyuqc9hc9kguk693zlgq6sfk568f7r205rhts4f
then sent the funds to bc1q72tgjdwj8svpmc5nent856zece47cxwav7g0lc (this is Fixedfloat hot address for "order") https://fixedfloat.com/en/

The user doesnt need to provide personal data to use fixedfloat, but maybe they able to provide you with the IP and address destination from that transaction with an official request from the police/authority.
Well, if the funds goes to an exchange with KYC - its possible to identify the bad guy.

back to work
sokani
Sr. Member
****
Offline Offline

Activity: 672
Merit: 441


View Profile WWW
December 20, 2023, 10:54:57 PM
Last edit: December 21, 2023, 07:17:39 AM by sokani
 #20

Sorry for your loss op. I think the possible ways this could have happened is:
  • If someone close you had access to your device, possibly a friend or loved one.
  • If you stored your login details and 2FA backup code on a password manager, mail or on cloud storage that got compromised.
  • If you downloaded a malware infected application that accessed and stole your login details and 2FA backup code on your device.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!