Bitcoin Forum
November 02, 2024, 04:29:53 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
  Print  
Author Topic: ...  (Read 1170 times)
turtlehurricane (OP)
Full Member
***
Offline Offline

Activity: 197
Merit: 100


View Profile
May 04, 2014, 06:41:16 AM
Last edit: September 27, 2015, 09:01:55 AM by turtlehurricane
 #1

...
TrailingComet
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


View Profile
May 04, 2014, 06:49:35 AM
 #2

Damn, that hurts
Localbitcoins has been a critical pillar in helping me get into the btc ecosystem in my geography (that has no exchanges)
Hope it gets sorted quickly!

freedomno1
Legendary
*
Offline Offline

Activity: 1806
Merit: 1090


Learning the troll avoidance button :)


View Profile
May 04, 2014, 06:57:08 AM
 #3

Wow that was dodging the bullet a little to close
Spoof and everything

Believing in Bitcoins and it's ability to change the world
icet208
Hero Member
*****
Offline Offline

Activity: 761
Merit: 500


View Profile
May 04, 2014, 06:57:47 AM
 #4

damn this hackers must be stoped...too many hackings happening lately...this is really pulling down bitcoin. We must do something
bryant.coleman
Legendary
*
Offline Offline

Activity: 3766
Merit: 1217


View Profile
May 04, 2014, 07:53:08 AM
 #5

damn this hackers must be stoped...too many hackings happening lately...this is really pulling down bitcoin. We must do something

It will never stop. Rather we should try to increase the security. There were issues with Localbitcoins for the past 1-2 weeks. Several people were reporting here that their coins were stolen.
upal
Full Member
***
Offline Offline

Activity: 165
Merit: 102


View Profile
May 04, 2014, 08:12:49 AM
 #6

I wonder why the hosting gave root access to the attacker without verification ? First of all those spoofing mails should go to spam folder. Even if the mail client's filtering system is not strong, they can readily check the authentication from mail header. This is a severe fault of the hosting administration. I doubt if it is an outside attacker though...
bryant.coleman
Legendary
*
Offline Offline

Activity: 3766
Merit: 1217


View Profile
May 04, 2014, 08:31:29 AM
 #7

I wonder why the hosting gave root access to the attacker without verification ?

Probably someone hacked the email service of the localbitcoins.com and used the same to have root access. Perhaps they had disabled their cell-phone notifications and other precautions.
upal
Full Member
***
Offline Offline

Activity: 165
Merit: 102


View Profile
May 04, 2014, 08:38:06 AM
 #8

I wonder why the hosting gave root access to the attacker without verification ?

Probably someone hacked the email service of the localbitcoins.com and used the same to have root access. Perhaps they had disabled their cell-phone notifications and other precautions.

Quote
it looks like the request was made using spoofed email addresses

So it seems, mail was not hacked. It was spoofed (http://en.wikipedia.org/wiki/Email_spoofing). Probably a simple php mail function usage.
monsterbitty
Full Member
***
Offline Offline

Activity: 122
Merit: 100


View Profile
May 04, 2014, 08:50:05 AM
 #9

I hope they will be online back soon. Good thing was nothing been hacked. That's the good news so far. But what if attackers gain access to the data?

What would happen?
gloryninja
Sr. Member
****
Offline Offline

Activity: 345
Merit: 250


Trusted Member


View Profile WWW
May 04, 2014, 10:00:39 AM
 #10

Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.


Custom Built Gaming Desktops and GPU Rigs!
bryant.coleman
Legendary
*
Offline Offline

Activity: 3766
Merit: 1217


View Profile
May 04, 2014, 11:05:40 AM
 #11

I hope they will be online back soon. Good thing was nothing been hacked. That's the good news so far. But what if attackers gain access to the data?

What would happen?

Don't be so sure. Even when the news about the Mt Gox hack came out, Karpeles and Co. were initially saying that the users' coins were safe. Everyone knows what happened after that.  Angry
Gator-hex
Hero Member
*****
Offline Offline

Activity: 490
Merit: 500


View Profile
May 04, 2014, 11:30:33 AM
Last edit: May 04, 2014, 11:41:33 AM by Gator-hex
 #12

Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.


It's called 2 factor authentication.

Something you know =  password
Something you have = your mobile phone / crypto card / (bio info too, finger print, eyeball, face, but I'm not down with that shit!)

gloryninja
Sr. Member
****
Offline Offline

Activity: 345
Merit: 250


Trusted Member


View Profile WWW
May 04, 2014, 12:40:38 PM
 #13

Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.


It's called 2 factor authentication.

Something you know =  password
Something you have = your mobile phone / crypto card / (bio info too, finger print, eyeball, face, but I'm not down with that shit!)

I lost BTC in a known exchange site even though i had 2 factor authentication. They did not require just my account, they fucked over the whole exchange site, which the 2factor cannot prevent!

Custom Built Gaming Desktops and GPU Rigs!
bryant.coleman
Legendary
*
Offline Offline

Activity: 3766
Merit: 1217


View Profile
May 04, 2014, 01:04:54 PM
 #14

I lost BTC in a known exchange site even though i had 2 factor authentication. They did not require just my account, they fucked over the whole exchange site, which the 2factor cannot prevent!

You are right. Even before the Mt Gox scandal, a lot of users lost their coins from the smaller exchanges. Either someone hacked the site and robbed all the coins, or the exchange owner himself stole all of them. 2FA won't do any wonders in such cases.
leopard2
Legendary
*
Offline Offline

Activity: 1372
Merit: 1014



View Profile
May 04, 2014, 01:27:24 PM
 #15

when an exchange gets hacked its all about cold wallets - real cold wallets not Gox style  Wink

Truth is the new hatespeech.
moriartybitcoin
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

★777Coin.com★ Fun BTC Casino!


View Profile
May 04, 2014, 05:33:40 PM
 #16

Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.



There is no easy solution.  'Security' is never going to be 100% on a web server.  Doesn't matter if you spend $100k/year on a security team, it won't matter. Eventually, you WILL get hacked.

I own sites like https://BitPlastic.com and https://BitLaunder.com and https://CoinChimp.com .. we used to get hacked all the time, and I had to pay clients who lost money out of my own pocket to avoid getting branded a 'scam'.  We hired a security specialist and we haven't been hacked since, but eventually it WILL happen again.  Of that I am 100% sure.

The main consideration for a Bitcoin site owner is simply not store much Bitcoin in 'live wallets' running bitcoind on a server.  If you store your client funds in a 'hot wallet' on the server, you are basically begging to get hacked into oblivion, like Flexcoin and MtGox (although that might have been Karpeles theft).

The other thing you need to worry about is fake deposit addresses. For example, hackers will insert their own deposit address into your mysql table, so when clients send funds to the wallet on the server, actually they are sending funds to the hackers.  This type of thing is usually discovered within a few hours and losses are kept to a minimum. 

I think every Bitcoin website owner needs to maintain an 'insurance' fund of maybe 25% of their profits to simply cover hacking losses. 

Some sort of 'Bitcoin insurance policy' might even be a good business idea!

As far as longterm hacking prevention in the Bitcoin world, I don't see that ever happening.  At least not with the current Bitcoin protocol

Dr. Michael Moriarty
https://BitPlastic.com / https://BitLaunder.com / https://BitArmored.com / https://CoinChimp.com / https://BitSpeculate.com

moriartybitcoin
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

★777Coin.com★ Fun BTC Casino!


View Profile
May 04, 2014, 05:35:20 PM
 #17

Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.


It's called 2 factor authentication.

Something you know =  password
Something you have = your mobile phone / crypto card / (bio info too, finger print, eyeball, face, but I'm not down with that shit!)

I lost BTC in a known exchange site even though i had 2 factor authentication. They did not require just my account, they fucked over the whole exchange site, which the 2factor cannot prevent!

2FA offers some security but it is not a panacea.  It *might* prevent your account from getting hacked but don't bet on it.  Some hacker may inject a fake deposit address so you send your bitcoin to the hacker instead of the exchange.  Or the site might get hacked and you lose all your funds if they are stored in a hot wallet on the server.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!