corather
Legendary
Offline
Activity: 1708
Merit: 1000
Solarcoin.org
|
|
May 03, 2015, 07:38:43 PM |
|
Coinme, I'm sorry to hear that you lost your coins. Hopefully we can figure out who the thief is when/if they sign on for CEO status.
Thank you! This is what I was hoping to hear in the beginning from ARCH Owner, CEOs or Support. I have given up hope of this happening as the lack of support shown by ARCH top dogs is quite remarkable. To date I know of 5 now ex ARCHers who have contacted me and described losing coins in a similar manner. The total lost to hacks/theft or whatever you want to call that I've been made aware of is over 200k ARCH which by the latest prices is around 75BTC worth, and I'm sure there will be others who no longer monitor this thread, have walked away from ARCH and no longer follow this coin or do not wish to make their loss public. Edgar ARCH will know a lot more but he is remaining silent on this matter and has offered no assistance in tracking the thief. My recent posts here sparked a response from ARCH Support and Tom has been polite. Thank you, Tom, but unable to be of assistance as he does not know who is ARCH rich lister #2 at the following address. https://chainz.cryptoid.info/arch/address.dws?AL8PwmG2wC5Kjq9SfsTCmVVvKJqrg2bWWc.htmI can see the 32k taken from my wallet ended up there by following the Blockchain from https://chainz.cryptoid.info/arch/block.dws?171607.htmI've contacted Bittrex but they are claiming privacy reasons for not divulging anything. I'm not certain that this is a Bittrex wallet as it doesn't have a lot of withdrawls It only seems to be accumulating. While the loss of 15BTC worth of ARCH is personally disappointing what is the most disappointing is the response from the ARCH community. From the previous replys in this thread you can see how the common cry has been that it was my fault for not pass-wording the wallet. I accept this was an mistake on my part however it must pointed out that it is NOT a requirement to password the ARCH wallet. It is a recommendation only. The ARCH wallet does not enforce a password and this should be a minimum requirement BY DESIGN given the reoccurring thefts seen over the last 6 months from ARCH wallets and that ARCH Devs are obviously aware of. On the bright side I have found the ONE coin which actually takes users wallet very seriously! My twitter feed has a video showing a coin with real security features in action which make what happened to me impossible. Would you leave a safe closed but unlocked? It's no different than leaving a wallet unencrypted.
|
|
|
|
|
coinme.info
|
|
May 04, 2015, 05:28:34 AM |
|
Would you leave a safe closed but unlocked? It's no different than leaving a wallet unencrypted.
When the safe is located in your locked house and surrounded by a security fence you might leave it open. Not quite the same as if the safe has been left on the street is it?
|
|
|
|
coinme.info
|
|
May 04, 2015, 05:30:10 AM |
|
Does this new release enforce password encrypting of the wallet?
|
|
|
|
WhalePanda
Full Member
Offline
Activity: 163
Merit: 101
HODLing is an art, not just a word
|
|
May 04, 2015, 05:30:27 AM |
|
Would you leave a safe closed but unlocked? It's no different than leaving a wallet unencrypted.
When the safe is located in your locked house and surrounded by a security fence you might leave it open. Not quite the same as if the safe has been left on the street is it? Your house is your computer so obviously your computer (or house in this example) seems to have a lot of open windows, else noone gets in. The safe (encrypted wallet) is last line of defense.
|
|
|
|
coinme.info
|
|
May 04, 2015, 05:33:04 AM Last edit: May 04, 2015, 05:45:43 AM by coinme.info |
|
And they got moved on from there if you follow the outputs from that wallet. Thanks for checking, hoping someone who is a blockchain bloodhound would look at this to confirm.
|
|
|
|
coinme.info
|
|
May 04, 2015, 05:43:59 AM Last edit: May 04, 2015, 06:46:55 AM by coinme.info |
|
Would you leave a safe closed but unlocked? It's no different than leaving a wallet unencrypted.
When the safe is located in your locked house and surrounded by a security fence you might leave it open. Not quite the same as if the safe has been left on the street is it? Your house is your computer so obviously your computer (or house in this example) seems to have a lot of open windows, else noone gets in. The safe (encrypted wallet) is last line of defense. Do you need "a lot" of open windows? Do you even know how the thief got through the security fences and broke into the house past the alarm? No one knows at this point and it is not as isolated case it would seem. Someone has been targeting owners of this brand of safes! And all the other owners are thinking their safes are secure because they have used an optional password. What will happen though when their safe is taken and the thief has time to brute force the password. You will all be claiming it is the safer owners fault once again because he didn't choose a long enough password. How long does the password need to be. Is the password enforced by the safe security mechanism? Is the safe manufacturer taking all practical steps to ensure the product they're supplying is fit for the purpose?
|
|
|
|
WhalePanda
Full Member
Offline
Activity: 163
Merit: 101
HODLing is an art, not just a word
|
|
May 04, 2015, 05:50:46 AM |
|
What makes a password strong (or weak)? A strong password: - Is at least eight characters long.
- Does not contain your user name, real name, or company name.
- Does not contain a complete word.
- Is significantly different from previous passwords.
Contains characters from each of the following four categories: Character category Uppercase letters: A, B, C Lowercase letters: a, b, c Numbers: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces: ` ~ ! @ # $ % ^ & * ( ) _ - + = { } [ ] \ | : ; " ' < > , . ? / A password might meet all the criteria above and still be a weak password. For example, Hello2U! meets all the criteria for a strong password listed above, but is still weak because it contains a complete word. H3ll0 2 U! is a stronger alternative because it replaces some of the letters in the complete word with numbers and also includes spaces. For Crypto I suggest at least 10 chars.
|
|
|
|
mrakbox
Member
Offline
Activity: 82
Merit: 10
|
|
May 04, 2015, 05:55:39 AM Last edit: May 04, 2015, 06:13:30 AM by mrakbox |
|
Does this new release enforce password encrypting of the wallet?
Click on Settings/Encrypt Wallet. Don't use your name or date of birth as password ... but something more complex. For example: *8h2vHQEKB$0U&K(ymZ@N3xpiK@bk7RY75#LBp55 I recommend LastPass + YubiKey (optional) for storing/generating passwords.
|
|
|
|
sid7039
|
|
May 04, 2015, 07:26:49 PM |
|
Would like to warn you about bter exchange. I'm trying to withdraw ARCH from bter but they are cancelling my withdrawal requests for a few days.
If somebody from ARCH Team could intervene in this matter I would appreciate it.
Best!
|
|
|
|
BTCarchitect
|
|
May 04, 2015, 09:16:54 PM |
|
Would like to warn you about bter exchange. I'm trying to withdraw ARCH from bter but they are cancelling my withdrawal requests for a few days.
If somebody from ARCH Team could intervene in this matter I would appreciate it.
Best!
Sorry to inform you this but Bter was hacked and closed down a couple of months ago. They reopened after a few week saying "everything was fine" but since they haven't returned anyones funds since then, we all suspect they are just trying to scam people to deposit there and then bail. Wish you the best of luck and keep contacting their support. I also have a few thousand Arch there but they don't even reply to developers. Cheers
|
|
|
|
stormia
|
|
May 04, 2015, 09:28:50 PM |
|
Would like to warn you about bter exchange. I'm trying to withdraw ARCH from bter but they are cancelling my withdrawal requests for a few days.
If somebody from ARCH Team could intervene in this matter I would appreciate it.
Best!
Sorry to inform you this but Bter was hacked and closed down a couple of months ago. They reopened after a few week saying "everything was fine" but since they haven't returned anyones funds since then, we all suspect they are just trying to scam people to deposit there and then bail. Wish you the best of luck and keep contacting their support. I also have a few thousand Arch there but they don't even reply to developers. Cheers I've been able to withdrawal all of my funds (UNITY and XCR) from bter since the hack... Didn't have any ARCH on there, maybe it is specific to ARCH?
|
|
|
|
coinme.info
|
|
May 05, 2015, 05:07:20 AM |
|
Does this new release enforce password encrypting of the wallet? Anyone able to confirm that the new wallet enforces encrypting the wallet as a default condition on install?
|
|
|
|
WhalePanda
Full Member
Offline
Activity: 163
Merit: 101
HODLing is an art, not just a word
|
|
May 05, 2015, 09:11:59 AM |
|
Does this new release enforce password encrypting of the wallet? Anyone able to confirm that the new wallet enforces encrypting the wallet as a default condition on install? it doesn't, wallet security is something personal. The option is there, if you don't use it, your fault. It's the same with 2FA on exchanges, it's there but if you don't activate it, it's your own fault your account got hacked. If you would force people to encrypt their wallet after a few days people will cry that they forgot their password and have now lost all their coins.
|
|
|
|
coinme.info
|
|
May 05, 2015, 10:04:18 AM |
|
Does this new release enforce password encrypting of the wallet? Anyone able to confirm that the new wallet enforces encrypting the wallet as a default condition on install? it doesn't, wallet security is something personal. The option is there, if you don't use it, your fault. It's the same with 2FA on exchanges, it's there but if you don't activate it, it's your own fault your account got hacked. If you would force people to encrypt their wallet after a few days people will cry that they forgot their password and have now lost all their coins. Thanks. Reminds me of when wifi routers first came out. Security was turned OFF by default. Now security is turned ON by default as the industry realised that end users can not be expected to find and turn on security features to protect themselves from hackers. Security is now default ON. ARCh wallet is therefore still failing the customers as it does not require the customer to implement what you all consider a minimum level of security and puts the end customer in a position of suffering a greater loss than would otherwise occur if the ARCH wallet had enforced the minimum security level of password protection defaulted to ON in the event the ARCH software is obtained by a third party. It would appear that ARCH is quite comfortable with having legitimate shareholders tokens taken from their supplied software and those stolen shareholder tokens passed on or sold to parties who are not entitled to hold those tokens and acknowledges that the holders of those tokens may be accepted to management positions within the ARCH business. Very interesting business model there as ultimately you may end up with management comprising a unknown number of criminals having obtained positions by way of obtaining stolen tokens either knowingly or unknowingly. The tokens are traceable by ARCH if they so desire are they not? Class Action Suit anyone for losses incurred to date?
|
|
|
|
WhalePanda
Full Member
Offline
Activity: 163
Merit: 101
HODLing is an art, not just a word
|
|
May 05, 2015, 10:34:52 AM |
|
Does this new release enforce password encrypting of the wallet? Anyone able to confirm that the new wallet enforces encrypting the wallet as a default condition on install? it doesn't, wallet security is something personal. The option is there, if you don't use it, your fault. It's the same with 2FA on exchanges, it's there but if you don't activate it, it's your own fault your account got hacked. If you would force people to encrypt their wallet after a few days people will cry that they forgot their password and have now lost all their coins. Thanks. Reminds me of when wifi routers first came out. Security was turned OFF by default. Now security is turned ON by default as the industry realised that end users can not be expected to find and turn on security features to protect themselves from hackers. Security is now default ON. ARCh wallet is therefore still failing the customers as it does not require the customer to implement what you all consider a minimum level of security and puts the end customer in a position of suffering a greater loss than would otherwise occur if the ARCH wallet had enforced the minimum security level of password protection defaulted to ON in the event the ARCH software is obtained by a third party. It would appear that ARCH is quite comfortable with having legitimate shareholders tokens taken from their supplied software and those stolen shareholder tokens passed on or sold to parties who are not entitled to hold those tokens and acknowledges that the holders of those tokens may be accepted to management positions within the ARCH business. Very interesting business model there as ultimately you may end up with management comprising a unknown number of criminals having obtained positions by way of obtaining stolen tokens either knowingly or unknowingly. The tokens are traceable by ARCH if they so desire are they not? Class Action Suit anyone for losses incurred to date?
|
|
|
|
clovis A.
Legendary
Offline
Activity: 1206
Merit: 1000
|
|
May 05, 2015, 12:53:18 PM |
|
Agreed ^^ whalepanda!! Drop it already dude!! You're a senior member ffs, don't blame ARCH for your lack of security measures, the wallet was not encrypted, it's your fault!
If I have a home security system and i don't arm it, it's not the fault of the security system provider if my home is burglarized!!
|
. |
| .
| . |
| s i a
| . |
| .
| . |
| .
| . |
| .
| . |
| .
| . |
| .
Cloud storage is about to change Are you ready?
|
|
|
|
mauriek
|
|
May 05, 2015, 01:56:14 PM |
|
Agreed ^^ whalepanda!! Drop it already dude!! You're a senior member ffs, don't blame ARCH for your lack of security measures, the wallet was not encrypted, it's your fault!
If I have a home security system and i don't arm it, it's not the fault of the security system provider if my home is burglarized!!
I think it's fair to say that he want every developers of the coin to act as police, prosecutor and judge to investigate, pursue and punish every criminal in their own coin community, and to think that every Arch wallet user as customers that purchase and used good and service from Arch developer like wifi routers buyers is definitely takes the term of dumb logic at least 3 level higher, with all these effort to rationalize the dumb logic, i'm beginning to think this case is similar with insurance fraud attempt.
|
|
|
|
infinitechaos
|
|
May 05, 2015, 02:14:36 PM |
|
Don't feed the troll.
Anyone who would suggest that it is anyone's responsibility but their own to handle their own security practices re: their crypto wallets is just that - a troll.
|
|
|
|
coinme.info
|
|
May 05, 2015, 06:25:58 PM |
|
Agreed ^^ whalepanda!! Drop it already dude!! You're a senior member ffs, don't blame ARCH for your lack of security measures, the wallet was not encrypted, it's your fault!
If I have a home security system and i don't arm it, it's not the fault of the security system provider if my home is burglarized!!
Sorry but this home security system, as you are referring to, the Arch wallet, is broadcasting it's location to the companies other alarm system users. Unscrupulous users of the system are then using this information to target the other security system customers with a view to attacking their alarm system. The attackers once bypassing other security devices then appear to be able to bypass the security system itself as it's basic configuration does not require the turning on of what it seems is considered a basic function. The security system company is ignoring this fact and has made no effort to address this issue even though they are apparently quite aware of this from previous reports and other competitors in the industry have already addressed this issue. The company also appear to be taking no action to track the stolen tokens that the security system is is designed to secure which are being used to as certificates of shareholding in the company. Which ever way this is put or real wold analogies used it does not sound good and does not paint picture of a responsible company taking all appropriate measures to provide a product fit for the purpose it was designed to do.
|
|
|
|
|