Bitcoin Forum
December 06, 2016, 08:17:10 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 »  All
  Print  
Author Topic: 135 BTC Stolen from my Deepbit account!!!!!!!!  (Read 13152 times)
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2086



View Profile
May 14, 2011, 10:51:41 PM
 #61



Smells like you may have been targeted.

That radio ad campaign may have gained you too much profile in the eyes of the 'competition' in Washington.

Try not to be put off bitcoin.

1481055430
Hero Member
*
Offline Offline

Posts: 1481055430

View Profile Personal Message (Offline)

Ignore
1481055430
Reply with quote  #2

1481055430
Report to moderator
1481055430
Hero Member
*
Offline Offline

Posts: 1481055430

View Profile Personal Message (Offline)

Ignore
1481055430
Reply with quote  #2

1481055430
Report to moderator
1481055430
Hero Member
*
Offline Offline

Posts: 1481055430

View Profile Personal Message (Offline)

Ignore
1481055430
Reply with quote  #2

1481055430
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
May 14, 2011, 11:45:23 PM
 #62

Code:
error@underground ~ $ host 94.75.217.249
Host 249.217.75.94.in-addr.arpa. not found: 3(NXDOMAIN)
error@underground ~ $ whois 94.75.217.249
[Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '94.75.217.0 - 94.75.217.255'

inetnum:        94.75.217.0 - 94.75.217.255
netname:        LEASEWEB
descr:          LeaseWeb
descr:          P.O. Box 93054
descr:          1090BB AMSTERDAM
descr:          Netherlands
descr:          www.leaseweb.com
remarks:        Please send email to "abuse@leaseweb.com" for complaints
remarks:        regarding portscans, DoS attacks and spam.
remarks:        assignment LEASEWEB 20080723
country:        NL
admin-c:        LSW1-RIPE
tech-c:         LSW1-RIPE
status:         ASSIGNED PA
mnt-by:         LEASEWEB-MNT
source:         RIPE # Filtered

person:         RIP Mean
address:        P.O. Box 93054
address:        1090BB AMSTERDAM
address:        Netherlands
phone:          +31 20 3162880
fax-no:         +31 20 3162890
abuse-mailbox:  abuse@leaseweb.com
nic-hdl:        LSW1-RIPE
mnt-by:         OCOM-MNT
source:         RIPE # Filtered

% Information related to '94.75.192.0/18AS16265'

route:          94.75.192.0/18
descr:          LEASEWEB
origin:         AS16265
remarks:        LeaseWeb
mnt-by:         OCOM-MNT
source:         RIPE # Filtered

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
May 15, 2011, 01:56:43 AM
 #63

Bitcoin addresses of all users were removed by me in order to implement new system for enhanced security.
Additional details will be available shortly.

I found that someone changed bitcoin addresses of some users. I'm not sure how the attacker got passwords, but now you'll have to use e-mail confirmation for changing your wallet address.
I'm very sorry that I haven't implemented this feature earlier, so your stolen bitcoins will be reimbursed.
(Please note: I can't garantee that I can do such reimbursment in the future).

Your money is safe and i'll give instructions on setting your address again. Please wait.

A total of ~150 BTC were stolen: 136 from this user and ~14 BTC from others.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1006



View Profile WWW
May 15, 2011, 02:07:31 AM
 #64

Bitcoin addresses of all users were removed by me in order to implement new system for enhanced security.
Additional details will be available shortly.

I found that someone changed bitcoin addresses of some users. I'm not sure how the attacker got passwords, but now you'll have to use e-mail confirmation for changing your wallet address.
I'm very sorry that I haven't implemented this feature earlier, so your stolen bitcoins will be reimbursed.
(Please note: I can't garantee that I can do such reimbursment in the future).

Your money is safe and i'll give instructions on setting your address again. Please wait.

A total of ~150 BTC were stolen: 136 from this user and ~14 BTC from others.

Wow!
That is very generous of you!
Can I ask about how many users had their bitcoin addresses changed?
So this sounds like it means that none of my employees violated my trust.  (I'm still implementing stronger security measures.)
Would you agree?

I have been worried all day about who could be a thief at my company.
I was worried even more about it than the missing bitcoins.

Thank you again, and I will gladly continue mining with deepbit because of your help!  (I'll keep a much lower balance though)

tiberiandusk
Hero Member
*****
Offline Offline

Activity: 580


The North Remembers


View Profile WWW
May 15, 2011, 02:46:12 AM
 #65

+1 Tycho. Most people wouldn't be so nice. Sounds like some of the people attacking mt. gox have been looking for other attack vectors.

Bitcoin Auction House http://www.BitBid.net BTC - 1EwfBVC6BwA6YeqcYZmm3htwykK3MStW6N | LTC - LdBpJJHj4WSAsUqaTbwyJQFiG1tVjo4Uys Don't get Goxed.
bitcoindaddy
Hero Member
*****
Offline Offline

Activity: 481


View Profile
May 15, 2011, 02:47:13 AM
 #66

Either the email verification is taking a long time - or it's not working.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2086



View Profile
May 15, 2011, 02:47:31 AM
 #67

How much effort did this hack on deepbit take I wonder?

Last week was slush's pool that succumbed to an as yet unidentified failure ... and now deepbit gets hacked for a measly 150 BTC.

Targetting the big pools maybe?

[Tycho]
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
May 15, 2011, 02:54:23 AM
 #68

Either the email verification is taking a long time - or it's not working.
It's not deployed yet, i'm testing it atm. Wait a bit more please.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 15, 2011, 02:54:34 AM
 #69

My deepbit password is now over 20 characters long with caps and symbols.
That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).

That's what I thought, but, hey, apparently I'm a dummy for revealing this personal data on a public forum.

You shouldn't take this personally; in fact, you should be gracious. I was reminded to be more aware of accidentally revealing personal info online.

To be clear, the personal info I revealed is that my password is more than 20 characters long.  I just don't see how telling the world that my password is more than 20 characters long compromises me that much.  You've still got to test a huge set of keyboard characters, including capitalization, for 20+ character passwords and for all anyone knows knows my password could be 40 characters long.  Just for reference, if my password is exactly 21 characters long, and if it uses upper and lower case alphabet characters plus numbers and common symbols, then there are 408,162,404,503,791,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 possibilities.
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
May 15, 2011, 02:57:45 AM
 #70

Last week was slush's pool that succumbed to an as yet unidentified failure ... and now deepbit gets hacked for a measly 150 BTC.
I'm not sure yet how the attacker got the passwords, but some of his data was not correct.
May be he sniffed the mining traffic and tried to log in with same credentials, may be he used some other kind of exploit.

I'll look into it after finishing with confirmation system.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2086



View Profile
May 15, 2011, 02:59:23 AM
 #71


Quote
408,162,404,503,791,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000


Hint: scientific notation.

mewantsbitcoins
Full Member
***
Offline Offline

Activity: 126


View Profile
May 15, 2011, 03:02:31 AM
 #72


Quote
408,162,404,503,791,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000


Hint: scientific notation.

He's learning. Unfortunately, still wrong conclusions
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 15, 2011, 04:29:54 AM
 #73

Even though my account appears to be fine, I appreciate you being completely transparent with us Tycho, and taking full responsibility for it.  Much respect.
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
May 15, 2011, 04:43:42 AM
 #74

E-mail confirmation should be working now.
PM me if your e-mail was non-existent or you can't receive the message.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
jimbobway
Legendary
*
Offline Offline

Activity: 1380



View Profile
May 15, 2011, 05:16:39 AM
 #75

Last week was slush's pool that succumbed to an as yet unidentified failure ... and now deepbit gets hacked for a measly 150 BTC.
I'm not sure yet how the attacker got the passwords, but some of his data was not correct.
May be he sniffed the mining traffic and tried to log in with same credentials, may be he used some other kind of exploit.

I'll look into it after finishing with confirmation system.

Password cracking have been used successfully a while back at mtgox until mtgox changed their login process.  Has this been ruled out?

░░░░░░░░░██████░░░░░░░░░░░░▄▄▄
░░███░░██████░░░░░▄▄▄▄▄░░██
░░███░░█████████████
░░░░░░░░██████▀▀██████████
░░░░░░░░██████░░░░░██████████
░░░░░░▄▄▄▄▄▄░░░▄▄▄░░░░███████
░░░░░██████░░░███░░░░███████
░░░░░██████░░░███
░░░░░███████▄▄▄▄▄████████
░░░░░████████████████████
░░▄▄▄▄▄░░█████░░░░█████████
█████░░█████░░░░█████████
█████░░░░░░░░░░░░█████████
█████░░░░░░░░░░░░░█████████

START GETTING PAID FOR YOUR ATTENTION!
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
JUSTICE IN THE WORLD OF ONLINE ADVERTISING!

BUY MASS COIN 】【 ICO PROSPECTUS
VISIT OUR WEBSITE
TWITTER 】【 FACEBOOK 】【 TELEGRAM

Tha Feds
Newbie
*
Offline Offline

Activity: 9


View Profile
May 15, 2011, 05:54:47 AM
 #76


I'm very sorry that I haven't implemented this feature earlier, so your stolen bitcoins will be reimbursed.
(Please note: I can't garantee that I can do such reimbursment in the future).

Your money is safe and i'll give instructions on setting your address again. Please wait.

A total of ~150 BTC were stolen: 136 from this user and ~14 BTC from others.


If this is accurate, then major props for the reimbursement.
Tha Feds
Newbie
*
Offline Offline

Activity: 9


View Profile
May 15, 2011, 06:05:35 AM
 #77


To be clear, the personal info I revealed is that my password is more than 20 characters long.  I just don't see how telling the world that my password is more than 20 characters long compromises me that much.  You've still got to test a huge set of keyboard characters, including capitalization, for 20+ character passwords and for all anyone knows knows my password could be 40 characters long.  Just for reference, if my password is exactly 21 characters long, and if it uses upper and lower case alphabet characters plus numbers and common symbols, then there are 408,162,404,503,791,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 possibilities.

No one is claiming that your 20 character password is easy to crack, for the time being. It has, however, been pointed out that since you revealed that it is 20 characters, it would be easier to crack than if you had said nothing about its length, since the cracker will not have to spend time checking passwords <20 characters. If this seems trivial, remember that passwords nowadays are the key to valuable information about us and that Moore's Observation (Law) means that the cost of technology needed to crack passwords is getting cheaper quickly. The time will come when there will be a low degree of difficulty to crack a 20 character pw--it might come sooner than you think.
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280


View Profile
May 15, 2011, 09:11:46 AM
 #78

Beware of other people using your accounts.

I agree,  but they are both trusted long term employees 5+ years who I trust.


I am guessing that deepbit maybe susceptible to a brute force password hacking attack.
You seem to be able to try as many incorrect passwords on the site in a row as you want.
I hope they put a delay after 3 failed log in attempts.

Does anyone have the contact info for the admin at deepbit?
I am hoping they have some kind of log for whoever logged into my account.

You "trust" your employees? Hah.
eMansipater
Sr. Member
****
Offline Offline

Activity: 294



View Profile WWW
May 15, 2011, 09:48:41 AM
 #79

You "trust" your employees? Hah.
Yeah, forming real human relationships and then relying on them is for suckers.  Next thing you know he'll be claiming to have "friends" or some other kind of nonsense too.  Wink

Major kudos to [Tycho] for his response to this incident.  Real trustworthiness is proven in a person's response to unplanned-for circumstances.

If you found my post helpful, feel free to send a small tip to 1QGukeKbBQbXHtV6LgkQa977LJ3YHXXW8B
Visit the BitCoin Q&A Site to ask questions or share knowledge.
0.009 BTC too confusing?  Use mBTC instead!  Details at www.em-bit.org or visit the project thread to help make Bitcoin prices more human-friendly.
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
May 15, 2011, 10:26:41 AM
 #80

Bitcoin addresses of all users were removed by me in order to implement new system for enhanced security.
Additional details will be available shortly.

I found that someone changed bitcoin addresses of some users. I'm not sure how the attacker got passwords, but now you'll have to use e-mail confirmation for changing your wallet address.
I'm very sorry that I haven't implemented this feature earlier, so your stolen bitcoins will be reimbursed.
(Please note: I can't garantee that I can do such reimbursment in the future).

Your money is safe and i'll give instructions on setting your address again. Please wait.

A total of ~150 BTC were stolen: 136 from this user and ~14 BTC from others.
real class, way to go Tycho!
Pages: « 1 2 3 [4] 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!