Bitcoin Forum
October 31, 2024, 12:56:09 PM *
News: Bitcoin Pumpkin Carving Contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 »  All
  Print  
Author Topic: Bitcoin sites leaked :( - Big bitcoin members emails database  (Read 8204 times)
bitcoin_de
Member
**
Offline Offline

Activity: 97
Merit: 10



View Profile WWW
August 18, 2014, 10:15:46 AM
 #81

Hi,

we are not so arrogant to say that we are unhackable, but here it is very likely a scam. The alleged hacker can not submit a single piece of evidence that he really has data from bitcoin.de. We have checked our system and could not detect any unauthorized access.

So if someone really wants to get rid of 10 BTC... Please donate the money to the Wikimedia Foundation https://wikimediafoundation.org/wiki/Ways_to_Give#bitcoin or to the needy coffee fund of bitcoin.de: 1Ep3PpCs76JfKMjz5vckVTckB3JkSQEjAi

Best regards,
Oliver
CEO Bitcoin.de

Support-Team
Bitcoin Deutschland AG
https://www.bitcoin.de/
Fahrradkette
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
August 18, 2014, 10:46:53 AM
 #82

Call me suspicious, but ... the same person created this post, bought the database and claiming it is legit? In a rather strange english like within the pastebin-text? (Okay, English is not my native language, but still...)

Well...I don't believe it, sorry.  Sad

But hey, I think the coffee fund is a good idea!
Maybe I spend some btc on that.  Grin
Jamie_Boulder
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


View Profile WWW
August 18, 2014, 11:05:18 AM
 #83

As long as you use different passwords for different forums/e-mails/accounts etc (AS YOU SHOULD) then all is well.

dadaas
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250


Super Smash Bros. Ultimate Available Now!


View Profile
August 18, 2014, 02:50:26 PM
 #84

Call me suspicious, but ... the same person created this post, bought the database and claiming it is legit? In a rather strange english like within the pastebin-text? (Okay, English is not my native language, but still...)

Well...I don't believe it, sorry.  Sad

But hey, I think the coffee fund is a good idea!
Maybe I spend some btc on that.  Grin

I didn't notice that but you've got very good point. This definitely looks even more suspicious now when you pointed that out. But those free databases they offered in Pastebin are actually true. Probably because it is easier to hack small sites like those rather then serious sites like Bitcoin.de.
Fahrradkette
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
August 18, 2014, 03:06:11 PM
 #85

I didn't notice that but you've got very good point. This definitely looks even more suspicious now when you pointed that out. But those free databases they offered in Pastebin are actually true. Probably because it is easier to hack small sites like those rather then serious sites like Bitcoin.de.

I don't know if the other databases are legit, neither do I know that the bitcoin.de-database is (not) legit.

But as far as I know: Bitcoin.de is regulated/inspected by the german Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht(BaFin)). I do think there are many regulations about security and can't think about any way that the passwords are saved plaintext like the thread-author said.

Nuff said.
dadaas
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250


Super Smash Bros. Ultimate Available Now!


View Profile
August 18, 2014, 03:09:37 PM
 #86


I don't know if the other databases are legit, neither do I know that the bitcoin.de-database is (not) legit.

But as far as I know: Bitcoin.de is regulated/inspected by the german Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht(BaFin)). I do think there are many regulations about security and can't think about any way that the passwords are saved plaintext like the thread-author said.

Nuff said.

I love those German words Cheesy

I didn't know that Bitcoin sites are supervised by federal authority but it makes sense because it is Germany and we all know how Germans are.
Fahrradkette
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
August 18, 2014, 03:12:41 PM
 #87

Back to wörk!  Grin
hyperdimension
Member
**
Offline Offline

Activity: 69
Merit: 10


View Profile
August 18, 2014, 05:47:34 PM
 #88

There's NO way they hacked Bitcoin.de, they need confirmation emails for everything. Unlike this site btw, this site needs confirmation email for everything too, i mean give me a break. How in hell it doesnt?
Razick
Legendary
*
Offline Offline

Activity: 1330
Merit: 1003


View Profile
August 18, 2014, 06:23:21 PM
Last edit: August 18, 2014, 10:31:41 PM by Razick
 #89

Yes, them use md5, the auroracoin forum use the traditional forum salt that is more hard to decrypt.

but with a good pay decoder with trillion hashes decode it no can be hard.

examples (hashes get from freecoinworld):
30fca77cebf16fe3c5b5b4db4371dee4  -  cinta3segi
842df9fecdc99ad5aea6deb7ab117ae0 - me4ta12345

One question, how does anybody crack those codes? Isn't it right that it takes long time to bruteforce those codes? Isn't that the whole point of hashing passwords, to make them practically uncrackable?

The problem is that hash functions are very fast on their own. Modern computers can check millions and sometimes billions per second. For example, although php isn't a good choice, I could break md5 with something like this:

EDIT: As Cortex noted below, the attacker would likely target the database at once making the process much faster, especially if salts aren't used.

Code:
// this is the hash of the password I'm trying to break
$hash_to_crack = '30fca77cebf16fe3c5b5b4db4371dee4';
$found = false;

// until $found is changed to true, keep trying!
while (!$found)
{
     // $this->next_try would be a method designed to supply the next possible password.
     $attempt = md5($this->next_try);
    
     // compare the next hash to the target hash
     if ($attempt == $hash_to_crack)
     {
         // end the loop when we've found the hash
         $found = true;
     }
}

There's NO way they hacked Bitcoin.de, they need confirmation emails for everything. Unlike this site btw, this site needs confirmation email for everything too, i mean give me a break. How in hell it doesnt?

Having confirmation emails doesn't automatically secure a site against having its database stolen.

ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
TheKoziTwo
Legendary
*
Offline Offline

Activity: 1552
Merit: 1047



View Profile
August 18, 2014, 08:34:01 PM
 #90

Aurum is using a forum account that he has either hacked or purchased from the original owner. Just compare his first post in the forum with his current ones. Without looking further into this it seems like Aurum just generated a list of usernames and fake passwords and is trying to make some quick btc by selling air. Nothing to see here.

Cortex7
Full Member
***
Offline Offline

Activity: 238
Merit: 106


View Profile
August 18, 2014, 09:21:46 PM
Last edit: August 19, 2014, 12:29:52 AM by Cortex7
 #91

@Razicks PHP func, modified to crack a whole dbase of hashes at once:
Code:
// these are the hashes of the passwords I'm trying to break
$hash_to_crack = array();
$hash_to_crack[] = '30fca77cebf16fe3c5b5b4db4371dee4';
$hash_to_crack[] = '40fceb6cebf16fec15b5b4db4371cef4';
// many more hashes, the entire dbase.
$hash_to_crack[] = '50fca4cebf146fe3c5b5b4db4371bbe4';

$attempt = NULL;
$hashes = sizeof($hash_to_crack);
$cracked = 0;
$pass = "";

while ($cracked < $hashes)
{
     // $this->next_try would be a method designed to supply the next possible password.
     $pass = $this->next_try
     $attempt = md5($pass);
    
     // compare the next hash to the target hash
     for($hash_num = 0; $hash_num  < $hashes; $hash_num++)
     {
    if ($attempt == $hash_to_crack[$hash_num])
    {
echo("FOUND PASSWORD $pass");
echo("FOR HASH " . ($hash_to_crack[$hash_num]));
echo(PHP_EOL);
                $cracked++;
    }
     }
}
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
August 18, 2014, 09:23:37 PM
 #92

@Razicks PHP func, modified to crack a whole dbase of hashes at once:
Code:
// these are the hashes of the passwords I'm trying to break
$hash_to_crack = array();
$hash_to_crack[] = '30fca77cebf16fe3c5b5b4db4371dee4';
$hash_to_crack[] = '40fceb6cebf16fec15b5b4db4371cef4';
// many more hashes, the entire dbase.
$hash_to_crack[] = '50fca4cebf146fe3c5b5b4db4371bbe4';

$attempt = NULL;
$hashes = sizeof($hash_to_crack);
while (true)
{
     // $this->next_try would be a method designed to supply the next possible password.
     $attempt = md5($this->next_try);
     
     // compare the next hash to the target hash
     for($hash_num = 0; $hash_num  < $hashes; $hash_num++)
     {
     if ($attempt == $hash_to_crack[$hash_num])
     {
echo("FOUND PASSWORD $attempt");
echo("FOR HASH " . ($hash_to_crack[$hash_num]));
echo(PHP_EOL);
     }
     }
}
Only that for even faster performance, it would be implemented in OpenCL. Hashcat already has, though.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
Cortex7
Full Member
***
Offline Offline

Activity: 238
Merit: 106


View Profile
August 18, 2014, 09:27:08 PM
 #93

Only that for even faster performance, it would be implemented in OpenCL. Hashcat already has, though.

Of course you're right! just using PHP like pseudocode because many understand it.
allyouracid
Legendary
*
Offline Offline

Activity: 2321
Merit: 1292


Encrypted Money, Baby!


View Profile
August 18, 2014, 10:11:26 PM
 #94

I've just checked other 3 files they are offering for free and all paswords are hashed in databases. No need to worry at all if your password is long enough.
Just for the sake of clarity, I did a quick rainbow tables check on some md5-hashed passwords from one of those dumps (the site which is already closed). Three out of ten hashed passwords (!) with an amount of altogether way more than 10 BTC could be converted back to plaintext. If I had more than five BTC in my account, I wouldn't use "johnjohn" as my password. So guys, hold on strong passwords, e.g. use calculated passwords which are different for each website (e.g. calculate them with a set of letters, numbers etc and the URL of the site or something like that, so they are not the same, but you can calculate them). Not to talk about 2FA.

And, to make sure that your passwords are safe, do a rainbow tables check on it. Important: download the tables and do it on your pc, never put your password into an online rainbow tables website, as there are many sites which just wait for you to enter your password, so they can md5 it and get the correct hash for the password (so there isn't even any need to calculate the hash back into the password, because you already gave it to them).

One more statement: I'd never steal BTC/money/anything from anybody.


.edit:
Neither the amounts nor the password "johnjohn" is what I have found. Don't want to support people trying to steal bitcoins.

Don't visit my shitcoin blog: OCOIN.DEV
Use cointracking.info for tax declaration & tracking of your trades!
ikank268
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile WWW
August 20, 2014, 05:58:43 PM
 #95

oh no, how they have the email account and know the passwords  Huh ?? it's like nightmare  Embarrassed
bitkojnek
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
August 22, 2014, 10:18:18 PM
 #96

I bought it  Grin

I bought the freecoin and qoinpro date, sure all is fine, now preparing the spam text heheheheh. It will delay some time since 600k emails is a big daten.

Someone already bought the bitcoin.de? It's real? I want to buy it but 10 btc to high, if it's fake i don't can afford 10 btc. Please if someone really bought it talk here if that is real.
Mightycoin
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
August 23, 2014, 08:12:09 AM
 #97

That sucks. That's why security is so much essential. Better change password twice every week Smiley
dadaas
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250


Super Smash Bros. Ultimate Available Now!


View Profile
August 23, 2014, 10:32:03 AM
 #98

I bought it  Grin

I bought the freecoin and qoinpro date, sure all is fine, now preparing the spam text heheheheh. It will delay some time since 600k emails is a big daten.

Someone already bought the bitcoin.de? It's real? I want to buy it but 10 btc to high, if it's fake i don't can afford 10 btc. Please if someone really bought it talk here if that is real.

You will use those databases only for spam email? Somehow I don't think you will just do that.

So can you log in any account from freeco.in and qoinpro? Are those DBs real?
CreamyPie
Member
**
Offline Offline

Activity: 61
Merit: 10


View Profile
August 23, 2014, 02:48:34 PM
 #99

This is the reason why security is so much essential. Being ignorant is not an option

Its recommended by experts to change password every few days, I follow them Smiley
jl2035
Full Member
***
Offline Offline

Activity: 146
Merit: 100



View Profile
September 03, 2014, 03:04:34 PM
 #100

Yes, them use md5, the auroracoin forum use the traditional forum salt that is more hard to decrypt.

but with a good pay decoder with trillion hashes decode it no can be hard.

examples (hashes get from freecoinworld):
30fca77cebf16fe3c5b5b4db4371dee4  -  cinta3segi
842df9fecdc99ad5aea6deb7ab117ae0 - me4ta12345

One question, how does anybody crack those codes? Isn't it right that it takes long time to bruteforce those codes? Isn't that the whole point of hashing passwords, to make them practically uncrackable?

At least this guy is doing it:

http://redd.it/2erai6

JOIN Bitbiz bitbiz.io
Pages: « 1 2 3 4 [5] 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!