Bitcoin sites leaked :( - Big bitcoin members emails database

[bitcoin_de]

Hi,

we are not so arrogant to say that we are unhackable, but here it is very likely a scam. The alleged hacker can not submit a single piece of evidence that he really has data from bitcoin.de. We have checked our system and could not detect any unauthorized access.

So if someone really wants to get rid of 10 BTC... Please donate the money to the Wikimedia Foundation https://wikimediafoundation.org/wiki/Ways_to_Give#bitcoin or to the needy coffee fund of bitcoin.de: 1Ep3PpCs76JfKMjz5vckVTckB3JkSQEjAi

Best regards,
Oliver
CEO Bitcoin.de

[1714963647]

1714963647

[1714963647]

1714963647

[1714963647]

1714963647

[1714963647]

1714963647

[Fahrradkette]

Call me suspicious, but ... the same person created this post, bought the database and claiming it is legit? In a rather strange english like within the pastebin-text? (Okay, English is not my native language, but still...)

Well...I don't believe it, sorry.  

But hey, I think the coffee fund is a good idea!
Maybe I spend some btc on that.  

[Jamie_Boulder]

As long as you use different passwords for different forums/e-mails/accounts etc (AS YOU SHOULD) then all is well.

[dadaas]

Call me suspicious, but ... the same person created this post, bought the database and claiming it is legit? In a rather strange english like within the pastebin-text? (Okay, English is not my native language, but still...)

Well...I don't believe it, sorry. 

But hey, I think the coffee fund is a good idea!
Maybe I spend some btc on that. 

I didn't notice that but you've got very good point. This definitely looks even more suspicious now when you pointed that out. But those free databases they offered in Pastebin are actually true. Probably because it is easier to hack small sites like those rather then serious sites like Bitcoin.de.

[Fahrradkette]

I didn't notice that but you've got very good point. This definitely looks even more suspicious now when you pointed that out. But those free databases they offered in Pastebin are actually true. Probably because it is easier to hack small sites like those rather then serious sites like Bitcoin.de.

I don't know if the other databases are legit, neither do I know that the bitcoin.de-database is (not) legit.

But as far as I know: Bitcoin.de is regulated/inspected by the german Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht(BaFin)). I do think there are many regulations about security and can't think about any way that the passwords are saved plaintext like the thread-author said.

Nuff said.

[dadaas]

I don't know if the other databases are legit, neither do I know that the bitcoin.de-database is (not) legit.

But as far as I know: Bitcoin.de is regulated/inspected by the german Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht(BaFin)). I do think there are many regulations about security and can't think about any way that the passwords are saved plaintext like the thread-author said.

Nuff said.

I love those German words

I didn't know that Bitcoin sites are supervised by federal authority but it makes sense because it is Germany and we all know how Germans are.

[Fahrradkette]

Back to wörk! 

[hyperdimension]

There's NO way they hacked Bitcoin.de, they need confirmation emails for everything. Unlike this site btw, this site needs confirmation email for everything too, i mean give me a break. How in hell it doesnt?

[Razick]

Yes, them use md5, the auroracoin forum use the traditional forum salt that is more hard to decrypt.

but with a good pay decoder with trillion hashes decode it no can be hard.

examples (hashes get from freecoinworld):
30fca77cebf16fe3c5b5b4db4371dee4  -  cinta3segi
842df9fecdc99ad5aea6deb7ab117ae0 - me4ta12345

One question, how does anybody crack those codes? Isn't it right that it takes long time to bruteforce those codes? Isn't that the whole point of hashing passwords, to make them practically uncrackable?

The problem is that hash functions are very fast on their own. Modern computers can check millions and sometimes billions per second. For example, although php isn't a good choice, I could break md5 with something like this:

EDIT: As Cortex noted below, the attacker would likely target the database at once making the process much faster, especially if salts aren't used.

Code:

// this is the hash of the password I'm trying to break
$hash_to_crack = '30fca77cebf16fe3c5b5b4db4371dee4';
$found = false;

// until $found is changed to true, keep trying!
while (!$found)
{
     // $this->next_try would be a method designed to supply the next possible password.
     $attempt = md5($this->next_try);
     
     // compare the next hash to the target hash
     if ($attempt == $hash_to_crack)
     {
         // end the loop when we've found the hash
         $found = true;
     }
}

There's NO way they hacked Bitcoin.de, they need confirmation emails for everything. Unlike this site btw, this site needs confirmation email for everything too, i mean give me a break. How in hell it doesnt?

Having confirmation emails doesn't automatically secure a site against having its database stolen.

[TheKoziTwo]

Aurum is using a forum account that he has either hacked or purchased from the original owner. Just compare his first post in the forum with his current ones. Without looking further into this it seems like Aurum just generated a list of usernames and fake passwords and is trying to make some quick btc by selling air. Nothing to see here.

[Cortex7]

@Razicks PHP func, modified to crack a whole dbase of hashes at once:

Code:

// these are the hashes of the passwords I'm trying to break
$hash_to_crack = array();
$hash_to_crack[] = '30fca77cebf16fe3c5b5b4db4371dee4';
$hash_to_crack[] = '40fceb6cebf16fec15b5b4db4371cef4';
// many more hashes, the entire dbase.
$hash_to_crack[] = '50fca4cebf146fe3c5b5b4db4371bbe4';

$attempt = NULL;
$hashes = sizeof($hash_to_crack);
$cracked = 0;
$pass = "";

while ($cracked < $hashes)
{
     // $this->next_try would be a method designed to supply the next possible password.
     $pass = $this->next_try
     $attempt = md5($pass);
     
     // compare the next hash to the target hash
     for($hash_num = 0; $hash_num  < $hashes; $hash_num++)
     {
	     if ($attempt == $hash_to_crack[$hash_num])
	     {
		echo("FOUND PASSWORD $pass");
		echo("FOR HASH " . ($hash_to_crack[$hash_num]));
		echo(PHP_EOL);
                $cracked++;
	     }
     }
}

[Remember remember the 5th of November]

@Razicks PHP func, modified to crack a whole dbase of hashes at once:

Code:

// these are the hashes of the passwords I'm trying to break
$hash_to_crack = array();
$hash_to_crack[] = '30fca77cebf16fe3c5b5b4db4371dee4';
$hash_to_crack[] = '40fceb6cebf16fec15b5b4db4371cef4';
// many more hashes, the entire dbase.
$hash_to_crack[] = '50fca4cebf146fe3c5b5b4db4371bbe4';

$attempt = NULL;
$hashes = sizeof($hash_to_crack);
while (true)
{
     // $this->next_try would be a method designed to supply the next possible password.
     $attempt = md5($this->next_try);
     
     // compare the next hash to the target hash
     for($hash_num = 0; $hash_num  < $hashes; $hash_num++)
     {
	     if ($attempt == $hash_to_crack[$hash_num])
	     {
		echo("FOUND PASSWORD $attempt");
		echo("FOR HASH " . ($hash_to_crack[$hash_num]));
		echo(PHP_EOL);
	     }
     }
}

Only that for even faster performance, it would be implemented in OpenCL. Hashcat already has, though.

[Cortex7]

Only that for even faster performance, it would be implemented in OpenCL. Hashcat already has, though.

Of course you're right! just using PHP like pseudocode because many understand it.

[allyouracid]

I've just checked other 3 files they are offering for free and all paswords are hashed in databases. No need to worry at all if your password is long enough.

Just for the sake of clarity, I did a quick rainbow tables check on some md5-hashed passwords from one of those dumps (the site which is already closed). Three out of ten hashed passwords (!) with an amount of altogether way more than 10 BTC could be converted back to plaintext. If I had more than five BTC in my account, I wouldn't use "johnjohn" as my password. So guys, hold on strong passwords, e.g. use calculated passwords which are different for each website (e.g. calculate them with a set of letters, numbers etc and the URL of the site or something like that, so they are not the same, but you can calculate them). Not to talk about 2FA.

And, to make sure that your passwords are safe, do a rainbow tables check on it. Important: download the tables and do it on your pc, never put your password into an online rainbow tables website, as there are many sites which just wait for you to enter your password, so they can md5 it and get the correct hash for the password (so there isn't even any need to calculate the hash back into the password, because you already gave it to them).

One more statement: I'd never steal BTC/money/anything from anybody.


.edit:
Neither the amounts nor the password "johnjohn" is what I have found. Don't want to support people trying to steal bitcoins.

[ikank268]

oh no, how they have the email account and know the passwords  ?? it's like nightmare 

[bitkojnek]

I bought it 

I bought the freecoin and qoinpro date, sure all is fine, now preparing the spam text heheheheh. It will delay some time since 600k emails is a big daten.

Someone already bought the bitcoin.de? It's real? I want to buy it but 10 btc to high, if it's fake i don't can afford 10 btc. Please if someone really bought it talk here if that is real.

[Mightycoin]

That sucks. That's why security is so much essential. Better change password twice every week

[dadaas]

I bought it 

I bought the freecoin and qoinpro date, sure all is fine, now preparing the spam text heheheheh. It will delay some time since 600k emails is a big daten.

Someone already bought the bitcoin.de? It's real? I want to buy it but 10 btc to high, if it's fake i don't can afford 10 btc. Please if someone really bought it talk here if that is real.

You will use those databases only for spam email? Somehow I don't think you will just do that.

So can you log in any account from freeco.in and qoinpro? Are those DBs real?

[CreamyPie]

This is the reason why security is so much essential. Being ignorant is not an option

Its recommended by experts to change password every few days, I follow them

[jl2035]

Yes, them use md5, the auroracoin forum use the traditional forum salt that is more hard to decrypt.

but with a good pay decoder with trillion hashes decode it no can be hard.

examples (hashes get from freecoinworld):
30fca77cebf16fe3c5b5b4db4371dee4  -  cinta3segi
842df9fecdc99ad5aea6deb7ab117ae0 - me4ta12345

One question, how does anybody crack those codes? Isn't it right that it takes long time to bruteforce those codes? Isn't that the whole point of hashing passwords, to make them practically uncrackable?

At least this guy is doing it:

http://redd.it/2erai6