bitcoin_de
|
|
August 18, 2014, 10:15:46 AM |
|
Hi, we are not so arrogant to say that we are unhackable, but here it is very likely a scam. The alleged hacker can not submit a single piece of evidence that he really has data from bitcoin.de. We have checked our system and could not detect any unauthorized access. So if someone really wants to get rid of 10 BTC... Please donate the money to the Wikimedia Foundation https://wikimediafoundation.org/wiki/Ways_to_Give#bitcoin or to the needy coffee fund of bitcoin.de: 1Ep3PpCs76JfKMjz5vckVTckB3JkSQEjAi Best regards, Oliver CEO Bitcoin.de
|
|
|
|
Fahrradkette
Newbie
Offline
Activity: 12
Merit: 0
|
|
August 18, 2014, 10:46:53 AM |
|
Call me suspicious, but ... the same person created this post, bought the database and claiming it is legit? In a rather strange english like within the pastebin-text? (Okay, English is not my native language, but still...) Well...I don't believe it, sorry. But hey, I think the coffee fund is a good idea! Maybe I spend some btc on that.
|
|
|
|
Jamie_Boulder
|
|
August 18, 2014, 11:05:18 AM |
|
As long as you use different passwords for different forums/e-mails/accounts etc (AS YOU SHOULD) then all is well.
|
|
|
|
dadaas
Sr. Member
Offline
Activity: 490
Merit: 250
Super Smash Bros. Ultimate Available Now!
|
|
August 18, 2014, 02:50:26 PM |
|
Call me suspicious, but ... the same person created this post, bought the database and claiming it is legit? In a rather strange english like within the pastebin-text? (Okay, English is not my native language, but still...) Well...I don't believe it, sorry. But hey, I think the coffee fund is a good idea! Maybe I spend some btc on that. I didn't notice that but you've got very good point. This definitely looks even more suspicious now when you pointed that out. But those free databases they offered in Pastebin are actually true. Probably because it is easier to hack small sites like those rather then serious sites like Bitcoin.de.
|
|
|
|
Fahrradkette
Newbie
Offline
Activity: 12
Merit: 0
|
|
August 18, 2014, 03:06:11 PM |
|
I didn't notice that but you've got very good point. This definitely looks even more suspicious now when you pointed that out. But those free databases they offered in Pastebin are actually true. Probably because it is easier to hack small sites like those rather then serious sites like Bitcoin.de.
I don't know if the other databases are legit, neither do I know that the bitcoin.de-database is (not) legit. But as far as I know: Bitcoin.de is regulated/inspected by the german Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht(BaFin)). I do think there are many regulations about security and can't think about any way that the passwords are saved plaintext like the thread-author said. Nuff said.
|
|
|
|
dadaas
Sr. Member
Offline
Activity: 490
Merit: 250
Super Smash Bros. Ultimate Available Now!
|
|
August 18, 2014, 03:09:37 PM |
|
I don't know if the other databases are legit, neither do I know that the bitcoin.de-database is (not) legit.
But as far as I know: Bitcoin.de is regulated/inspected by the german Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht(BaFin)). I do think there are many regulations about security and can't think about any way that the passwords are saved plaintext like the thread-author said.
Nuff said.
I love those German words I didn't know that Bitcoin sites are supervised by federal authority but it makes sense because it is Germany and we all know how Germans are.
|
|
|
|
Fahrradkette
Newbie
Offline
Activity: 12
Merit: 0
|
|
August 18, 2014, 03:12:41 PM |
|
Back to wörk!
|
|
|
|
hyperdimension
Member
Offline
Activity: 69
Merit: 10
|
|
August 18, 2014, 05:47:34 PM |
|
There's NO way they hacked Bitcoin.de, they need confirmation emails for everything. Unlike this site btw, this site needs confirmation email for everything too, i mean give me a break. How in hell it doesnt?
|
|
|
|
Razick
Legendary
Offline
Activity: 1330
Merit: 1003
|
|
August 18, 2014, 06:23:21 PM Last edit: August 18, 2014, 10:31:41 PM by Razick |
|
Yes, them use md5, the auroracoin forum use the traditional forum salt that is more hard to decrypt.
but with a good pay decoder with trillion hashes decode it no can be hard.
examples (hashes get from freecoinworld): 30fca77cebf16fe3c5b5b4db4371dee4 - cinta3segi 842df9fecdc99ad5aea6deb7ab117ae0 - me4ta12345
One question, how does anybody crack those codes? Isn't it right that it takes long time to bruteforce those codes? Isn't that the whole point of hashing passwords, to make them practically uncrackable? The problem is that hash functions are very fast on their own. Modern computers can check millions and sometimes billions per second. For example, although php isn't a good choice, I could break md5 with something like this: EDIT: As Cortex noted below, the attacker would likely target the database at once making the process much faster, especially if salts aren't used. // this is the hash of the password I'm trying to break $hash_to_crack = '30fca77cebf16fe3c5b5b4db4371dee4'; $found = false;
// until $found is changed to true, keep trying! while (!$found) { // $this->next_try would be a method designed to supply the next possible password. $attempt = md5($this->next_try); // compare the next hash to the target hash if ($attempt == $hash_to_crack) { // end the loop when we've found the hash $found = true; } }
There's NO way they hacked Bitcoin.de, they need confirmation emails for everything. Unlike this site btw, this site needs confirmation email for everything too, i mean give me a break. How in hell it doesnt?
Having confirmation emails doesn't automatically secure a site against having its database stolen.
|
ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
|
|
|
TheKoziTwo
Legendary
Offline
Activity: 1552
Merit: 1047
|
|
August 18, 2014, 08:34:01 PM |
|
Aurum is using a forum account that he has either hacked or purchased from the original owner. Just compare his first post in the forum with his current ones. Without looking further into this it seems like Aurum just generated a list of usernames and fake passwords and is trying to make some quick btc by selling air. Nothing to see here.
|
|
|
|
Cortex7
|
|
August 18, 2014, 09:21:46 PM Last edit: August 19, 2014, 12:29:52 AM by Cortex7 |
|
@Razicks PHP func, modified to crack a whole dbase of hashes at once: // these are the hashes of the passwords I'm trying to break $hash_to_crack = array(); $hash_to_crack[] = '30fca77cebf16fe3c5b5b4db4371dee4'; $hash_to_crack[] = '40fceb6cebf16fec15b5b4db4371cef4'; // many more hashes, the entire dbase. $hash_to_crack[] = '50fca4cebf146fe3c5b5b4db4371bbe4';
$attempt = NULL; $hashes = sizeof($hash_to_crack); $cracked = 0; $pass = "";
while ($cracked < $hashes) { // $this->next_try would be a method designed to supply the next possible password. $pass = $this->next_try $attempt = md5($pass); // compare the next hash to the target hash for($hash_num = 0; $hash_num < $hashes; $hash_num++) { if ($attempt == $hash_to_crack[$hash_num]) { echo("FOUND PASSWORD $pass"); echo("FOR HASH " . ($hash_to_crack[$hash_num])); echo(PHP_EOL); $cracked++; } } }
|
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
August 18, 2014, 09:23:37 PM |
|
@Razicks PHP func, modified to crack a whole dbase of hashes at once: // these are the hashes of the passwords I'm trying to break $hash_to_crack = array(); $hash_to_crack[] = '30fca77cebf16fe3c5b5b4db4371dee4'; $hash_to_crack[] = '40fceb6cebf16fec15b5b4db4371cef4'; // many more hashes, the entire dbase. $hash_to_crack[] = '50fca4cebf146fe3c5b5b4db4371bbe4';
$attempt = NULL; $hashes = sizeof($hash_to_crack); while (true) { // $this->next_try would be a method designed to supply the next possible password. $attempt = md5($this->next_try); // compare the next hash to the target hash for($hash_num = 0; $hash_num < $hashes; $hash_num++) { if ($attempt == $hash_to_crack[$hash_num]) { echo("FOUND PASSWORD $attempt"); echo("FOR HASH " . ($hash_to_crack[$hash_num])); echo(PHP_EOL); } } } Only that for even faster performance, it would be implemented in OpenCL. Hashcat already has, though.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
Cortex7
|
|
August 18, 2014, 09:27:08 PM |
|
Only that for even faster performance, it would be implemented in OpenCL. Hashcat already has, though.
Of course you're right! just using PHP like pseudocode because many understand it.
|
|
|
|
allyouracid
Legendary
Offline
Activity: 2321
Merit: 1292
Encrypted Money, Baby!
|
|
August 18, 2014, 10:11:26 PM |
|
I've just checked other 3 files they are offering for free and all paswords are hashed in databases. No need to worry at all if your password is long enough.
Just for the sake of clarity, I did a quick rainbow tables check on some md5-hashed passwords from one of those dumps (the site which is already closed). Three out of ten hashed passwords (!) with an amount of altogether way more than 10 BTC could be converted back to plaintext. If I had more than five BTC in my account, I wouldn't use "johnjohn" as my password. So guys, hold on strong passwords, e.g. use calculated passwords which are different for each website (e.g. calculate them with a set of letters, numbers etc and the URL of the site or something like that, so they are not the same, but you can calculate them). Not to talk about 2FA. And, to make sure that your passwords are safe, do a rainbow tables check on it. Important: download the tables and do it on your pc, never put your password into an online rainbow tables website, as there are many sites which just wait for you to enter your password, so they can md5 it and get the correct hash for the password (so there isn't even any need to calculate the hash back into the password, because you already gave it to them). One more statement: I'd never steal BTC/money/anything from anybody. .edit: Neither the amounts nor the password "johnjohn" is what I have found. Don't want to support people trying to steal bitcoins.
|
|
|
|
ikank268
Newbie
Offline
Activity: 2
Merit: 0
|
|
August 20, 2014, 05:58:43 PM |
|
oh no, how they have the email account and know the passwords ?? it's like nightmare
|
|
|
|
bitkojnek
Newbie
Offline
Activity: 14
Merit: 0
|
|
August 22, 2014, 10:18:18 PM |
|
I bought it I bought the freecoin and qoinpro date, sure all is fine, now preparing the spam text heheheheh. It will delay some time since 600k emails is a big daten. Someone already bought the bitcoin.de? It's real? I want to buy it but 10 btc to high, if it's fake i don't can afford 10 btc. Please if someone really bought it talk here if that is real.
|
|
|
|
Mightycoin
Member
Offline
Activity: 82
Merit: 10
|
|
August 23, 2014, 08:12:09 AM |
|
That sucks. That's why security is so much essential. Better change password twice every week
|
|
|
|
dadaas
Sr. Member
Offline
Activity: 490
Merit: 250
Super Smash Bros. Ultimate Available Now!
|
|
August 23, 2014, 10:32:03 AM |
|
I bought it I bought the freecoin and qoinpro date, sure all is fine, now preparing the spam text heheheheh. It will delay some time since 600k emails is a big daten. Someone already bought the bitcoin.de? It's real? I want to buy it but 10 btc to high, if it's fake i don't can afford 10 btc. Please if someone really bought it talk here if that is real. You will use those databases only for spam email? Somehow I don't think you will just do that. So can you log in any account from freeco.in and qoinpro? Are those DBs real?
|
|
|
|
CreamyPie
Member
Offline
Activity: 61
Merit: 10
|
|
August 23, 2014, 02:48:34 PM |
|
This is the reason why security is so much essential. Being ignorant is not an option Its recommended by experts to change password every few days, I follow them
|
|
|
|
jl2035
|
|
September 03, 2014, 03:04:34 PM |
|
Yes, them use md5, the auroracoin forum use the traditional forum salt that is more hard to decrypt.
but with a good pay decoder with trillion hashes decode it no can be hard.
examples (hashes get from freecoinworld): 30fca77cebf16fe3c5b5b4db4371dee4 - cinta3segi 842df9fecdc99ad5aea6deb7ab117ae0 - me4ta12345
One question, how does anybody crack those codes? Isn't it right that it takes long time to bruteforce those codes? Isn't that the whole point of hashing passwords, to make them practically uncrackable? At least this guy is doing it: http://redd.it/2erai6
|
|
|
|
|