Nxt Coins stolen/ Hacked be warned

[gravitate]

I followed all the recommendations and bought 2 bitcoins worth of nxt coins. Logged in and they were gone. No one knows how or why. Just be warned guys. Here is a link to what exactly happened https://nxtforum.org/general/have-i-been-hacked/

Basically I would not recommend anyone holding  lot of Nxt in there. Thats from my own experience. 1000usd flushed down the toilet from no fault of my own. If I kept it in bitcoin it would still be sat on my computer with all my other alts.

[gravitate]

No I mean I followed recommendations about a secure pass phrase.... I thought nxt were ok as they were at every conference I was at I got sucked in. It is the security of the coins ' brain wallet'  that I question.

[instacalm]

Sorry for your loss gravitate

I've had several NXT accounts since November 2013 and I've never had any account compromised or stolen

Here's a sample password (50 chars including digits and symbols):
{^32y3C2pgte%)]MA2Q%XaBQ#ryxc2F89Vd.9#xpifR=9jsMdg

Either use passwords like the above OR the built-in password generator. Both are fine to secure your account.

[gravitate]

ok ok well I got hacked after being scammed then. Double wammy

[devphp]

What's your passphrase?
https://bitcointalk.org/index.php?topic=792600.msg8930621#msg8930621

1) Your pass phrase would confirm your claim is legitimate. And yes, why would anyone believe your claim in this nest of vipers that this forum is
2) Your pass phrase would shed light on whether your account was hacked due to the weak pass phrase.

[gravitate]

Hopefully there will be answers however.Maybe not. I wouldn't buy any more though now until someone can answer how my account was hacked

[instacalm]

until someone can answer how my account was hacked

As I said, I've never had an account hacked/stolen since December 2013 when I first stumbled upon NXT.

There are many different factors that could have lead to this, thus it is very important that you give as much information as possible.

How many chars did your password have, which operating system (keylogger?), which sites/apps did you use et cetera.

[gravitate]

tim cum sim prawn gin yuk bim rarl per tip pop from


It was similar to that... I am not prepared to post it public. It was no less or no more complicated than that.

If that isn't secure enough then what is?

[instacalm]

If that isn't secure enough then what is?

Here are a few examples of strong passphrases, these are impossible to bruteforce:

• u4xJU7F#E>?MZ6z{g&MrX9ePu6)yKPEcd4]8^)FJzJ28q^4Cwc
• Wm3&F,y;pFQm4GRc26Pr4tM,[4mW>Kr=$4c4X*M4BT+JtVQ2zx
• }ZL4.yph}.g4AUHPFp}n9$4H9W43EqLXN#8W6=j,4r]uWeVAaQ
• H8+D/rqrA&?cK3xw82KoWC^Z#=ptjvTaqML968TA,43B&>dQF8
• }FczoDRt*wmGJ8QL7>47BNqZ{a4c,>BQ>9VG9*p;62RH3bLaB&

Please use KeePass or 1Password to generate secure passwords like the above or use the password generator built-in the wallet. I'm using passwords like these, generated by 1Password, and I've never had issues. Again sorry for your loss mate, I know that sucks.

[gravitate]

insta I answered all these questions in the thread I linked if you are interested. Anyway I never used it online ever. I never reused it apart from some of the words.

I use mavericks and I have recently done a scan and nothing on my computer. If there was a key logger by bitcoin bit bargain.co.uk account would have been emptied

[gravitate]

ok well nobody has said this is not secure enough so far anyway

[devphp]

tim cum sim prawn gin yuk bim rarl per tip pop from


It was similar to that... I am not prepared to post it public. It was no less or no more complicated than that.

If that isn't secure enough then what is?

Well, there are a lot of passphrases one can think of that are more secure than that, but your refusal to post the passphrase is typical.

[Vega]

Well, there are a lot of passphrases one can think of that are more secure than that, but your refusal to post the passphrase is typical.

These Nxt stolen topics have one thing in common. The story never starts like this: "I random generated a passphrase..."

[devphp]

Well, there are a lot of passphrases one can think of that are more secure than that, but your refusal to post the passphrase is typical.

These Nxt stolen topics have one thing in common. The story never starts like this: "I random generated a passphrase..."

Yup. Either you're a newbie or an advanced user.

If you're a newbie, the software generates a passphrase for you. If you're an advanced user and want to do it yourself - you're on your own, don't complain if your passphrase is cracked, because you can't think of a random complex passphrase.

[gravitate]

hi devphp the pass phrase is like this
tim cum sim prawn gin yuk bim rarl per tip pop from

It is NO more complicated or NO MORE simplified. If you want to call me a liar by not posting MY pass phrase to cover up security issues with nxt then carry on please.

If I was going to lie about it I would include numbers and characters to make myself look bullet proof to any hacks. The fact is I was hacked and no body has said there is a problem with the pass phrase. Which means nxt in my opinion is not secure enough if the strength of my pass phrase is ok.

[instacalm]

NxT says you need at last a passphrase about 100 digits big if not longer.

It doesn't have to be that long (30-50 chars is enough), but it has to be strong. Here are some guidelines:

http://wiki.nxtcrypto.org/wiki/How-To:GenerateStrongPassword
http://nxtcoin.blogspot.de/2014/01/nxtmyths-5-unsafe-password.html
http://en.wikipedia.org/wiki/Password_strength#Guidelines_for_strong_passwords

Use KeePass/1Password to generate and manage your strong passwords, it makes it easy and comfortable

[gravitate]

OK well it is funny how the nxt community didnt say it wasnt strong enough and they also said it could not be brute forced.

Anyway I am not here to argue about how amazingly secure this coin is. I bought it becasue of how I saw them promoting it all the time.

Anyway let this be a lesson to everyone. If you have a 'secure' password then it will be hacked and your coins will be stolen and then your pass phrase will be considered not secure.

I cant be bothered arguing about it anymore. I hope this serves as a warning to other people thats all.

[3x2]

OK well it is funny how the nxt community didnt say it wasnt strong enough and they also said it could not be brute forced.

Anyway I am not here to argue about how amazingly secure this coin is. I bought it becasue of how I saw them promoting it all the time.

Anyway let this be a lesson to everyone. If you have a 'secure' password then it will be hacked and your coins will be stolen and then your pass phrase will be considered not secure.

I cant be bothered arguing about it anymore. I hope this serves as a warning to other people thats all.

i have less than 30 alphabet password and never got hacked, No number,dot,comma or anything. Dont blame coin for your own mistakes, if someone can hack in to your computer and copy wallet.dat file without the encryption will you still blame BTC for that?

[gravitate]

Bitcoin is more secure full stop. Also the nxt community should be warningh against these pass phrases if they are not secure. I am not blaming anyone for my own stupid mistake by chosing a pass phrase that the nxt community did  NOT think was a risk. I am merely posting this as a warning for new people who are thinking about buying nxt coins.

I would not wish this to happen to anyone else and I would not like any hacker to benefit from it.
So you have the same security pass phrase after reading this will you open a new account?

[devphp]

OK well it is funny how the nxt community didnt say it wasnt strong enough and they also said it could not be brute forced.

It's never enough when it comes to security, but since you don't post your passphrase, it's hard to tell if it's strong enough or not. What's generated by the client for newbies is strong enough. This has been verified by a few security experts. When you make your own passphrase, nobody can say if it's secure enough, especially if you don't present it. I am not saying you're a liar, but I don't have to believe you either.

Other software projects use the same 12-word approach, like Counterparty or Dogeparty, where you have 12 random words that the private key is generated from (https://wallet.dogeparty.io/). Just 12 dictionary words, selected randomly, so it's not like NXT is pioneering anything here in generation of passphrases for newbies.