Bitcoin Forum
November 21, 2017, 08:36:42 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Can a hacker access accounts with 2FA GAuth?  (Read 2157 times)
mariokiller64
Jr. Member
*
Offline Offline

Activity: 44


View Profile
February 20, 2015, 02:11:32 AM
 #1

Can someone explain to me, how a hacker would attain an account on a website that is protected by 2FA with Google Authentication?

My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

Also, my computer is virus free.  I don't download suspicious files and I definitely don't run them.  I would consider myself technologicaly savvy, especially enough not to be infected with something malicious.
Of course, after this happened, I scanned my whole computer with MBAM, ADwCleaner, and Avast.  They found nothing, nothing at all.
1511253402
Hero Member
*
Offline Offline

Posts: 1511253402

View Profile Personal Message (Offline)

Ignore
1511253402
Reply with quote  #2

1511253402
Report to moderator
"Bitcoin: the cutting edge of begging technology." -- Giraffe.BTC
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511253402
Hero Member
*
Offline Offline

Posts: 1511253402

View Profile Personal Message (Offline)

Ignore
1511253402
Reply with quote  #2

1511253402
Report to moderator
twister
Hero Member
*****
Offline Offline

Activity: 672



View Profile WWW
February 20, 2015, 05:00:20 AM
 #2

Don't know how hackers hack man but I would guess they somehow got hold of the 2fa key which enabled them to make codes. I wouldn't be surprised if it was an inside job.

 

██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
 
Get Free Bitcoin Now!
  ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦   
0.8%-1% House Edge
[/
hardhouseinc
Sr. Member
****
Offline Offline

Activity: 350


Spectiv VR Crowdsale: 12/08/17


View Profile WWW
February 20, 2015, 05:05:38 AM
 #3

My LocalBitcoin account got hacked with 2FA enabled and
their staff didnt help me recover or refund anything.  Its
not impossible to get around I guess.


              ▄▄████████████▄▄             
          ▄███▀▀▀░░░░░░░░░░▀▀▀███▄▄        
       ▄██▀▀░░░░░░░░░░░░░░░░░░░░░▀██▄      
     ▄██▀░░░░░░░░░░░░░░░░░░░░░░░░░░▀███    
   ▄██▀░░░░░░░░░░░░░░░▄▄▄▄▄█████████████▄  
  ▄██░░░░░░░░░░░▄▄█████████░░░░░░░░░░░░▀█▌ 
 ▐██░░░░░░░░▄█████▀▀▀▀▀▀▀▀▀████▄░░░░░░░░▀█▌
▐██░░░░░░▄███▀▀███████████████▀▀██▄░░░░░░██▌
████▄░░▄██▀███████▄██████▄████████▀██▄░░░▐██
██░▀████▀██████████████████████████████▄░░██
██░░░▀██▄█████████████████████████▄██▀▀██▄██
██▌░░░░▀███▄████████▀▀▀▀███████▄██▀░░░░░▀███
▐██░░░░░░░▀███▄▄███████████▄▄██▀▀░░░░░░░░██▌
 ▐██░░░░░░░░░░▀▀████████████▀░░░░░░░░░░░▄█▌
  ▀██▄▄▄▄▄▄▄▄▄████████▀▀▀░░░░░░░░░░░░░░▄█▌ 
   ▀███▀▀▀▀▀▀░░░░░░░░░░░░░░░░░░░░░░░░▄██▀  
     ▀██▄░░░░░░░░░░░░░░░░░░░░░░░░░░▄██▀    
       ▀███▄░░░░░░░░░░░░░░░░░░░░▄▄██▀      
          ▀████▄▄░░░░░░░░░░▄▄▄███▀         
              ▀▀▀██████████▀▀▀             

    
                         [ Website ]                    
    
stdset
Hero Member
*****
Offline Offline

Activity: 573



View Profile
February 20, 2015, 08:33:18 AM
 #4

May be you should think about people having access to your 2FA device?
Otherwise, assuming everything is OK with the website where your account was hacked, it must be a trojan on your computer, from which you enabled 2FA. They only need a screenshot of the secret code either in form of a QR code or in text form.

NeuroticFish
Legendary
*
Offline Offline

Activity: 1302


Tooth Fairy, do you have an USB miner for me?


View Profile
February 20, 2015, 08:41:53 AM
 #5

Can someone explain to me, how a hacker would attain an account on a website that is protected by 2FA with Google Authentication?

My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

Also, my computer is virus free.  I don't download suspicious files and I definitely don't run them.  I would consider myself technologicaly savvy, especially enough not to be infected with something malicious.
Of course, after this happened, I scanned my whole computer with MBAM, ADwCleaner, and Avast.  They found nothing, nothing at all.

Where you keep your private key for 2FA?
What device you use to generate the 2FA - is that virus free too?
Were your computer and 2FA device virus free when you enabled 2FA?

These are some problems to think about. If all this don't lead to a possible backdoor, then the only solution remaining would be a fraud from the website where you had the money.

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄            
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄      
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
▀▄            █        ▀▀      █  
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
cazkooo
Legendary
*
Offline Offline

Activity: 952



View Profile
February 20, 2015, 01:24:59 PM
 #6

Can someone explain to me, how a hacker would attain an account on a website that is protected by 2FA with Google Authentication?

My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

Also, my computer is virus free.  I don't download suspicious files and I definitely don't run them.  I would consider myself technologicaly savvy, especially enough not to be infected with something malicious.
Of course, after this happened, I scanned my whole computer with MBAM, ADwCleaner, and Avast.  They found nothing, nothing at all.

never ever keep your GA at your computer too, there is a lot malware that enable a hacker to access our computer, id suggest to put it somewhere else, and btw some malware isnt really detected by antivirus


██████████              █████           
████████████          ███████         
███        █████          ███████         
███        █████          ███████         
████        ██████      █████████       
██████            ██████████      █████████       
█████            ██████            ████        ██      █████████       
█████            ██████            ████        ███  ███████████     
█████            ██████            ████        ███  ███████████     
███                                      █████████████████  ███████████     
███    ███    █████              ██████████  ████████████  █████████   
███    █████              ██████████  ████████████  █████████   
█████              ██████████  ████████████  █████████   
██████            ███      ███████████      ██████████ 
██████            ███      ███████████      ██████████ 
██████            ███      ███████████      ██████████ 
██████            ██          █████████          ██████████
██████████          █████████          ██████████
██████████          █████████          ██████████
   
██
█  ██  █
█  ██  █
█  ██  █
█  ██  █
█  ██  █
█  ██  █
█  ██  █

█  ██  █

█  ██  █

█  ██  █

█  ██  █

██
   
██
█  ██  █
█  ██  █
█  ██  █
█  ██  █
█  ██  █
█  ██  █
█  ██  █

█  ██  █

█  ██  █

█  ██  █

█  ██  █

██
   
➤  TWITTER
➤  FACEBOOK
➤  INSTAGRAM
mariokiller64
Jr. Member
*
Offline Offline

Activity: 44


View Profile
February 21, 2015, 06:42:27 AM
 #7

Where you keep your private key for 2FA?
What device you use to generate the 2FA - is that virus free too?
Were your computer and 2FA device virus free when you enabled 2FA?

These are some problems to think about. If all this don't lead to a possible backdoor, then the only solution remaining would be a fraud from the website where you had the money.
My private key would be on my Android phone.  The phone is running AOSP and there are just but a few games on there and some Apps I use for day to day.  I don't really see my phone getting infected.
My computer was virus free.  I really can't see myself getting a virus and I do not install malware on my computer.

I don't think I'll trust havelock anymore.  They stopped replying to my E-mails, so I don't think they have any plans of returning my coins.
Syke
Legendary
*
Offline Offline

Activity: 2436


View Profile
February 21, 2015, 08:57:05 PM
 #8

My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

You need to ask Havelock. Was 2FA disabled? When was your account accessed, and was 2FA code entered?

Buy & Hold
pumawolf
Sr. Member
****
Offline Offline

Activity: 479



View Profile
February 21, 2015, 09:28:51 PM
 #9

lets wait til they are done with maintenance to see whats up. this is not good, it needs to be address and dealt with if its on their end. but it could be ur phone as well.  i bought a second  phone just for 2fa , i cut the interweb off and never download any apps. if my act were to be "hacked"  i know its an inside job. its a good investment for ur  investments if ur a heavy investor. anyhow, it will be good for all of us if we figure out if it was ur end or them
abercrombie
Legendary
*
Offline Offline

Activity: 1144



View Profile
February 21, 2015, 10:55:23 PM
 #10

Can someone explain to me, how a hacker would attain an account on a website that is protected by 2FA with Google Authentication?

My havelock investments account was hacked.  I have 2FA authentication enabled, and yet, it was nothing to them.  How is this possible?

Also, my computer is virus free.  I don't download suspicious files and I definitely don't run them.  I would consider myself technologicaly savvy, especially enough not to be infected with something malicious.
Of course, after this happened, I scanned my whole computer with MBAM, ADwCleaner, and Avast.  They found nothing, nothing at all.

Did you do a backup of the initial QRC code?  I always do a backup then PGP encrypt that backup image.  I suppose, if that image was not encrypted then it could've been recovered somehow.

More likely, sounds like an inside job as suggested previously.
mariokiller64
Jr. Member
*
Offline Offline

Activity: 44


View Profile
February 23, 2015, 06:05:39 AM
 #11

I mean, I have other bitcoin accounts.  I have other coins in multiple places.  2FA being on my phone of course.  All those coins are safe and have always been safe.  I don't see why my havelock just happens to get hacked when all my other accounts are just fine.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!