Bitcoin Forum
December 04, 2016, 10:31:35 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: My account got hacked  (Read 1877 times)
Anduck
Hero Member
*****
Offline Offline

Activity: 897


quack


View Profile
July 02, 2012, 07:20:34 PM
 #1

My account at GLBSE got hacked recently.

Insurance company CPA recovered my losses completely (a couple tens of BTC). Just wanted to share this information with you guys.

1480890695
Hero Member
*
Offline Offline

Posts: 1480890695

View Profile Personal Message (Offline)

Ignore
1480890695
Reply with quote  #2

1480890695
Report to moderator
1480890695
Hero Member
*
Offline Offline

Posts: 1480890695

View Profile Personal Message (Offline)

Ignore
1480890695
Reply with quote  #2

1480890695
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480890695
Hero Member
*
Offline Offline

Posts: 1480890695

View Profile Personal Message (Offline)

Ignore
1480890695
Reply with quote  #2

1480890695
Report to moderator
wabber
Member
**
Offline Offline

Activity: 85


View Profile
July 02, 2012, 07:32:45 PM
 #2

you better format your PC
paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
July 02, 2012, 07:35:27 PM
 #3

you better format your PC

OP seems to bed doing SEO on the forum, watch out glbse being hacked in a few weeks... just saying

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
Anduck
Hero Member
*****
Offline Offline

Activity: 897


quack


View Profile
July 02, 2012, 07:40:48 PM
 #4

you better format your PC

OP seems to bed doing SEO on the forum, watch out glbse being hacked in a few weeks... just saying

What do you mean? I haven't installed any weird applications on my computer. I think my account got hacked because I used same password at somewhere else too.

memvola
Hero Member
*****
Offline Offline

Activity: 896


View Profile
July 02, 2012, 07:45:52 PM
 #5

Insurance company CPA recovered my losses completely (a couple tens of BTC).

Wow, nice. How does one get insured for this kind of thing? Did you contact CPA over the forums?
Anduck
Hero Member
*****
Offline Offline

Activity: 897


quack


View Profile
July 02, 2012, 07:49:12 PM
 #6

Insurance company CPA recovered my losses completely (a couple tens of BTC).

Wow, nice. How does one get insured for this kind of thing? Did you contact CPA over the forums?


I used IRC to contact usagi from CPA. Ask them for insurance and they will help you to make contract.

pekv2
Hero Member
*****
Offline Offline

Activity: 770



View Profile
July 02, 2012, 08:18:17 PM
 #7

you better format your PC

OP seems to bed doing SEO on the forum, watch out glbse being hacked in a few weeks... just saying

What do you mean? I haven't installed any weird applications on my computer. I think my account got hacked because I used same password at somewhere else too.

*facepalm* People that exercise this kind of way to be exploited must learn about keepass or lastpass and use 100 mix character passwords, use different passwords for each account.

When will you's learn?

Edit:
You didn't get hacked, should change title to, I was dumb and used same password on two dif accounts.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
July 02, 2012, 08:19:52 PM
 #8

So how do they prevent insurance fraud? Seems simple, cash out, claim hax, and collect insurance. What am I missing?

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
July 03, 2012, 05:49:42 AM
 #9

This thread smells funny. Just saying.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
mav
Full Member
***
Offline Offline

Activity: 168


View Profile
July 03, 2012, 06:02:55 AM
 #10

I agree with pekv2 - why drag the GLBSE name through the mud because of your mistake? please change the title of the thread.
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 03, 2012, 07:26:53 AM
 #11

So how do they prevent insurance fraud? Seems simple, cash out, claim hax, and collect insurance. What am I missing?

I asked the same when I was asked to help fund CPA.    :/

aye, that's my first and biggest question.

Reading what the OP linked; How did you get insurance without a secondary authentication on GLBSE?

"4. Insuring assets kept in the GLBSE (hacking insurance)
If you have taken proper security precautions such as adding an authenticator, we offer hacking insurance at rates as low as 1% for 6 months."

I take that just to mean they charge a higher rate for non authenticator accounts.

----------------------------------
I wonder if this may apply here;

"5. Subrogation
The insurance company acquires legal rights to pursue recoveries on behalf of the insured; for example, the insurer may sue those liable for insured's loss. This includes but is not limited to repo clauses in which the customer's assets may be seized in the event of a fraudulent insurance claim."
 Cheesy

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 03, 2012, 07:30:40 AM
 #12

As a potential investor in CPA I am not comfortable with insuring individualing 'hacking' cases as they would be near impossible to prove. Maybe require that there was some known breach of security that lead to multiple, verifiable instances. very unlikely, which is fine. ;p

or Make the premiums for unverifiable hacking insurance such that;
A.The premium is 10% of insured value per period and insured is only qualified for n% of payout per x amount of premium periods up until incident.

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1092


Will read PM's. Have more time lately


View Profile
July 03, 2012, 11:12:07 AM
 #13

So how do they prevent insurance fraud? Seems simple, cash out, claim hax, and collect insurance. What am I missing?

I asked the same when I was asked to help fund CPA.    :/

This thread smells funny. Just saying.

This +1. Personally, I would avoid CPA before usagi explained everything.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 03, 2012, 12:33:05 PM
 #14

usually when you admit you left the keys in the car you cant get an insurance claim.

John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1092


Will read PM's. Have more time lately


View Profile
July 03, 2012, 01:49:06 PM
 #15

So how do they prevent insurance fraud? Seems simple, cash out, claim hax, and collect insurance. What am I missing?

I asked the same when I was asked to help fund CPA.    :/

This thread smells funny. Just saying.

This +1. Personally, I would avoid CPA before usagi explained everything.

Have you sent an information request e-mail to cpa@tsukino.ca?

Have you read the contract?

Have you been following the discussion thread?

It seems to me all your questions have already been answered, I could be wrong on that but I do notice you have not actually asked me anything.

As to the other person's question on how we prevent insurance fraud, let me assure you that this company is run by some very smart people, and if someone tries to commit insurance fraud they probably will not get away with it. However, people do get away with fraud all the time. If you'd like to give us a run for our money please be our guest. Your risk is the premium you pay.

Took a look around the original CPA thread just now, and my question directed at https://bitcointalk.org/index.php?topic=91316.0 still stands. In the real world, insurance companies regularly conduct an extensive background check on claims. How are you going to conduct that in the Bitcoin realm, where everyone is hidden under some pseudonym?

Good luck, but how will you account for fraudulent claims?

This concerns me as well.
Assume that I have insured my GLBSE account against hack/theft.
What will prevent me from selling everything and withdrawing bitcoins, then asking for compensation?

If you want to do this, we would write into your contract at least two provisions; you have to have an authenticator on your account, and you have to choose a strong password that you don't use anywhere else. We would also have to check with the GLBSE, and as there is a subrogation clause in every contract (see the preamble in post #2 or #3 I think) this acts as permission for GLBSE to reveal any details of the incident to us as if he were speaking to you or your lawyer. So we would figure out what happened. In short, if someone logged into your account from an IP you've used a lot in the past, and they typed in your authenticator to log in and then again to do the transfer, we can't cover you.

Another case. If it turns out you got hacked ala the GPUMax scandal recently, where users who didn't have authenticators used their GLBSE password on GPUMax (no comment), we won't cover you, as you would have broken your contract by not having an authenticator on your account. We will know this in our investigation with the GLBSE. There are mitigation and good faith clauses in the contract. You will be informed of these in any contract we write. Really, the authenticator is the big thing. But let's say somehow someone steals your phone and somehow finds your password. Let's say it's a home invasion so it's from your IP address. Just send us a copy of the police report, we will verify that the crime actually occurred, and we'll pay out.

Beyond a certain point we just have to trust you. But if you could give me a specific scenario of someone trying to defraud us, I could try to answer how we would handle that situation.

How would you verify that the person is indeed using a strong password that he/she is not using elsewhere? GLBSE does not (and should not) keep your password in plaintext; only the hash is kept. IP addresses are trivial to fake, with TOR and proxies providing a literally infinite number of them. About the only reasonable clause is the use of an authenticator - OP would have been either:
(a) Got hacked physically, as in phone/yubikey stolen for a short while
(b) Be a victim of a MITM attack.
(c) Have his/her time-based token stolen within a short timeframe and used.

Also, OP states:

you better format your PC

OP seems to bed doing SEO on the forum, watch out glbse being hacked in a few weeks... just saying

What do you mean? I haven't installed any weird applications on my computer. I think my account got hacked because I used same password at somewhere else too.

How would he get the payout, as this violates the provisions you have stated above?

I'm certainly happy to see insurance companies springing up within the Bitcoin ecosystem as it fills an important niche for a successful economy. I apologize for sounding defensive/hostile in my posts, but the anonymity of the Bitcoin system is a factor that causes scam cases to happen like wildfire. I am sceptical of everything that is not proven, and security through obscurity is not an option for me.  I am always ready to invest in another new opportunity, so I would be glad to grab some shares too if my questions are answered.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

redbeans2012
Hero Member
*****
Offline Offline

Activity: 854

MMM Extra - The right step towards the goal!


View Profile WWW
July 03, 2012, 03:03:26 PM
 #16

This thread smells funny. Just saying.

This!

waltmarkers
Member
**
Offline Offline

Activity: 104


View Profile
July 04, 2012, 05:38:23 AM
 #17

This thread smells funny. Just saying.

This!

How does one person's computer being compromised meet the terms of the CPA insurance contract? GLBSE didn't default.....

When BTC grows up (if it ever does) there will be real corps offering real CDS and insurance and reinsurance that will payout on benchmark able items...and not just someone's gut.

Then again...we'd actually have to have some sort of jurisprudence that governed.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!