Bitcoin Forum
November 07, 2024, 08:33:03 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Robbed more than 100,000 NXT  (Read 4358 times)
donn2012 (OP)
Full Member
***
Offline Offline

Activity: 145
Merit: 100


View Profile
September 22, 2014, 06:12:46 PM
 #1

I do not understand how it happened, but it happened.
Withdraw all 9 assets from my account NXT-Q7KC-9GQR-XB4C-EKY7T September 13. Transferred all on account NXT-VKPH-NH97-5556-9ZSPM everything sold on the same day received for it 104947 NXT, followed by 20 September, all brought to account 2792886670414734681.
The question is, what can be done with the thief and how to return the NXT?
Zer0Sum
Legendary
*
Offline Offline

Activity: 1588
Merit: 1000


View Profile
September 22, 2014, 06:37:24 PM
 #2

So that's about $3,000.

I'm very impressed by NXT...
But have serious concerns about security...
The ecosystem is so centralized that inside jobs must be possible.

Also, there must more to security than a password...
Or accounts above a certain threshold must get an additional layer of security.

A password might be good enough for a transmission network like Ripple...
But not good enough for the storage of Crypto Assets and significant wealth.
Blazr2
Full Member
***
Offline Offline

Activity: 218
Merit: 115



View Profile
September 22, 2014, 06:42:08 PM
 #3

Join the club, mine disappeared mysteriously too. No more NXT for me, and don't tell me it was my 128 character randomly generated cut and paste password either.
rabbiter
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
September 22, 2014, 06:44:00 PM
 #4


So that's about $3,000.

I'm very impressed by NXT...
But have serious concerns about security...
The ecosystem is so centralized that inside jobs must be possible.

Also, there must more to security than a password...
Or accounts above a certain threshold must get an additional layer of security.




Qora has said he is confused why NXT choose the password system they use as it's possible to force it open. 
Wulfcastle
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile WWW
September 22, 2014, 06:46:27 PM
 #5


So that's about $3,000.

I'm very impressed by NXT...
But have serious concerns about security...
The ecosystem is so centralized that inside jobs must be possible.

Also, there must more to security than a password...
Or accounts above a certain threshold must get an additional layer of security.




Qora has said he is confused why NXT choose the password system they use as it's possible to force it open. 

Explain how it's possible to "force it open"?
donn2012 (OP)
Full Member
***
Offline Offline

Activity: 145
Merit: 100


View Profile
September 22, 2014, 06:50:37 PM
 #6

Join the club, mine disappeared mysteriously too. No more NXT for me, and don't tell me it was my 128 character randomly generated cut and paste password either.

Password of my account is 75 character with upper letter and special symbol.
Wulfcastle
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile WWW
September 22, 2014, 06:52:08 PM
 #7

I don't think that the password system is the problem, because when you lose your Private key from bitcoin your coins will be gone as well.

This is rather a exploit or just a Trojaner or man in the middle attack

Hmm, the strange thing is that this has occurred quite a lot recently. Check the NXT Forums and you'll see a few more cases just like this where NXT balances and assets have been transferred
EvilDave
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1001



View Profile
September 22, 2014, 07:03:44 PM
 #8

Sheesh, that sucks, mate.

The usual answer to this is almost always a weak password, with some cases of probable malware.
There was also a very early attack using compromised client software.


So, the usual questions:

Where did u d/l the client ? Did u run the checksum before unzipping ?

Results of your latest virus/malware scanner ?

Anyone else with access to your client ?

Was the password genuinely secure ? One guy used a fairly long Bible quote, with predictable results.

NXT will be implementing an Account Control feature soon, which will allow you to specify conditions for locking down your account. Not that that helps you now, sorry.

BTW: the nextcoin.org thread is from 9 months ago, head on over to www.nxtforum.org, which is currently the biggest NXT forum.

Nulli Dei, nulli Reges, solum NXT
Love your money: www.nxt.org  www.ardorplatform.org
www.nxter.org  www.nxtfoundation.org
EvilDave
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1001



View Profile
September 22, 2014, 07:12:39 PM
 #9

Following the trail....

OPs account:
http://nxtreporting.com/?ac=NXT-Q7KC-9GQR-XB4C-EKY7T

Thief Account 01
http://nxtreporting.com/?ac=NXT-VKPH-NH97-5556-9ZSPM
(Seller of assets)

Thief Account 02
http://nxtreporting.com/?ac=NXT-TLCJ-WM9U-TERB-EUUX7

Thief Account 03
http://nxtreporting.com/?ac=NXT-WTCT-N6HZ-CCKY-4MLJF
Looks like thief central.....

Nulli Dei, nulli Reges, solum NXT
Love your money: www.nxt.org  www.ardorplatform.org
www.nxter.org  www.nxtfoundation.org
megashira1
Legendary
*
Offline Offline

Activity: 1146
Merit: 1000



View Profile
September 22, 2014, 07:13:03 PM
 #10

I don't think that the password system is the problem, because when you lose your Private key from bitcoin your coins will be gone as well.

This is rather a exploit or just a Trojaner or man in the middle attack

The problem is it is too easy to humanly err with NXT. There are no safeguards such as having a seed and than an account password. NXT has lots of innovations but it fails to understand the needs of the average user.

This is also another reason why I divested from NXT. So much history of scams, hacks, thefts + the never ending arguments against the initial distribution. The tech is sound and all, but it has the worst PR to deal with and I feel the uphill battle is too great to be overcome.


devphp
Sr. Member
****
Offline Offline

Activity: 336
Merit: 260


View Profile
September 22, 2014, 07:19:08 PM
 #11

What was the pass phrase you used? You don't need it any more.
CryptoCarmen
Member
**
Offline Offline

Activity: 84
Merit: 10

★Bitin.io★ - Instant Exchange


View Profile
September 22, 2014, 07:26:29 PM
 #12

I am sorry for you. I would send you some NXT if would have any. All get caught at the end since they never have enough so dont worry, thief will get what he deserve.
EvilDave
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1001



View Profile
September 22, 2014, 07:30:07 PM
 #13

Looking even deeper:
https://nxtforum.org/general-discussion/help!-my-nxt-account-stolen-account-for-nxt-wczn-dgql-xm69-62l3n

This guy got ripped by the same hacker/thief....and that was the one with the Bible quote.

Nulli Dei, nulli Reges, solum NXT
Love your money: www.nxt.org  www.ardorplatform.org
www.nxter.org  www.nxtfoundation.org
donn2012 (OP)
Full Member
***
Offline Offline

Activity: 145
Merit: 100


View Profile
September 22, 2014, 07:50:09 PM
 #14

What was the pass phrase you used? You don't need it any more.

Thanx a lot
Zer0Sum
Legendary
*
Offline Offline

Activity: 1588
Merit: 1000


View Profile
September 22, 2014, 07:51:19 PM
 #15

The problem is it is too easy to humanly err with NXT. There are no safeguards such as having a seed and than an account password. NXT has lots of innovations but it fails to understand the needs of the average user.

Wikipedia:

"Passwords or watchwords have been used since ancient times. Polybius describes the system for the distribution of watchwords in the Roman military..."

It's not very reassuring that NXT uses 3,000 year old tech to safeguard wealth...
Because that it all it is and nothing more.

And people wonder why Bitcoin has hit a wall.
EvilDave
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1001



View Profile
September 22, 2014, 07:53:09 PM
 #16

Join the club, mine disappeared mysteriously too. No more NXT for me, and don't tell me it was my 128 character randomly generated cut and paste password either.

Password of my account is 75 character with upper letter and special symbol.

@Blazr: can you send me some info on your theft ? Like to see if it's linked....

@Donn: could you send me your passphrase please ?
The account is gone anyway, and it might help other people if we know what sort of passwords are being cracked.
I suspect that it's a quote from something, but i'd like to see. PM me or post here, up to you.

Nulli Dei, nulli Reges, solum NXT
Love your money: www.nxt.org  www.ardorplatform.org
www.nxter.org  www.nxtfoundation.org
devphp
Sr. Member
****
Offline Offline

Activity: 336
Merit: 260


View Profile
September 22, 2014, 07:56:20 PM
 #17

It's curious that pass phrases from hacked accounts are almost never posted, as if the victims know it's their fault they chose a weak password. Posting a pass phrase also helps confirm that the the claim is legitimate, anyone can use the pass phrase to log in to the hacked account to check whether the pass phrase really matches the account.
EvilDave
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1001



View Profile
September 22, 2014, 07:59:11 PM
 #18

The problem is it is too easy to humanly err with NXT. There are no safeguards such as having a seed and than an account password. NXT has lots of innovations but it fails to understand the needs of the average user.

Wikipedia:

"Passwords or watchwords have been used since ancient times. Polybius describes the system for the distribution of watchwords in the Roman military..."

It's not very reassuring that NXT uses 3,000 year old tech to safeguard wealth...
Because that it all it is and nothing more.

And people wonder why Bitcoin has hit a wall.


Don't forget that this works well for 99.99% of NXT users, but, yeah, we need Account Control to be active.
This is not just a NXT problem: other coins are vulnerable to rainbow table attacks on the blockchain in search of private key hashes.

Nulli Dei, nulli Reges, solum NXT
Love your money: www.nxt.org  www.ardorplatform.org
www.nxter.org  www.nxtfoundation.org
EvilDave
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1001



View Profile
September 22, 2014, 08:01:51 PM
 #19

It's curious that pass phrases from hacked accounts are almost never posted, as if the victims know it's their fault they chose a weak password. Posting a pass phrase also helps confirm that the the claim is legitimate, anyone can use the pass phrase to log in to the hacked account to check whether the pass phrase really matches the account.

This guy did, first known victim of this thief:
https://nxtforum.org/general-discussion/help!-my-nxt-account-stolen-account-for-nxt-wczn-dgql-xm69-62l3n/msg92255/#msg92255
His pass was just a random phrase from Genesis, complete with full stop.

Nulli Dei, nulli Reges, solum NXT
Love your money: www.nxt.org  www.ardorplatform.org
www.nxter.org  www.nxtfoundation.org
donn2012 (OP)
Full Member
***
Offline Offline

Activity: 145
Merit: 100


View Profile
September 22, 2014, 08:04:25 PM
 #20


@Donn: could you send me your passphrase please ?
The account is gone anyway, and it might help other people if we know what sort of passwords are being cracked.
I suspect that it's a quote from something, but i'd like to see. PM me or post here, up to you.
[/quote]

I would not want to disclose my password. What exactly will help you my password, explain in more detail what I'd made ​​the right decision.
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!