Bitcoin Forum
November 10, 2024, 08:29:58 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: WARNING! 40 000 USD was stolen fom BTC-e.com account!  (Read 10766 times)
Godzilla99 (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
February 14, 2015, 09:56:03 AM
 #1

It was only btc-e account was hacked, email box was not hacked, so the thief just traded all my 40 K USD to his profit and to my loss. He changed  all my US dollars mostly to LTC, then sold LTC to CHG that’s the way how he did that. When contacting with BTC-E support and wanted them to investigate the situation they answered approximately the next:

“Hello, thank you for contacting btc-e support. We do investigation only when we have the official request from police (Police of what country they want???). We do all the possible to protect money of our clients. But you din’t set two factors authentication, that’s why we can’t be responsible for safety of your account. Thank you, feel fee to contact us”

So and other in the same style. You can blame only yourself, your computer full of viruses and you are poor victim of hackers and so on go f…k yourself.


Further more to look closer to the way how  it was done I suspect that somebody from the btc-e employees was involved or there SSL protocol is piece of shit and you can never be safe contacting btc-e.com. Also a history of the ip entrance gives a thought that the thief was exactly sure where he was doing,and how much money was there and that everything was ready for
 stealing and all that was done from the first connection, and  30 minutes!

The thief entered my account only one time at the time of the robbery, and there was 40 K. So everything was ready for the stealing. He bought LTC from all the sellers, then sold LTC for CNH. It was also the time chosen ideally for the robbery when the order line was minimal, in order to gain maximum, and fast.
To maximise his profit when selling my  dollars he should have also half of my money on his accounts.
My email box wasn’t hacked so if to suppose virus on my computer which let the hacker now my password so in that case he easily took my email password too because it was much easier and more profitable to withdraw money through email confirmation.
If not having virus on my mac (I’m experienced user, it is very rare situation having virus on mac, otherwise I should have installed it myself) that means that they have the big bug in there SSL protocol so that means that nobody is safe when connecting btc-e and that means that one day they announce as MTGOX did that we were hacked and all money was stolen
Even if I was fished, what is least probable because I’m experienced user, so in that case having my password the hacker should have entered once before the robbery time, to be sure how much money is there and to plan the operation and collect the resources.
The say that they need official request from the police! Isn’t it mockery is it? What country they need a police request? Cyprus? USA? Nigeria? Russia


 And the only conclusion I can make from that situation that they don’t want to investigate the situation because they understand that in that case they will find out that somebody of there employees is involved or there https connection has a big bug.
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 3654
Merit: 6430



View Profile
February 14, 2015, 09:57:56 AM
 #2

Confused a little bit here , from where you got this informations (that an account got hacked)  ? It wasen't your account , was it ?
EDIT : nvm I just read the last part

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Rannasha
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
February 14, 2015, 10:03:28 AM
 #3

So you had $40K in your account and you didn't even set up 2FA?

Without 2FA there are so many ways an attacker can obtain your password.
Godzilla99 (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
February 14, 2015, 10:13:02 AM
 #4

So you had $40K in your account and you didn't even set up 2FA?

Without 2FA there are so many ways an attacker can obtain your password.

If they have a thief inside a company, 2FA also will be hacked.
So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?
user2
Member
**
Offline Offline

Activity: 92
Merit: 10


View Profile
February 14, 2015, 10:16:41 AM
 #5

I'm pretty sure btc-e doesn't have your password in cleartext, only hash of it. So even if someone can look at internal btc-e database, he can't deduce your password.
And their's SSL is standard, otherwise your browser would complain. I just checked, it's TLS 1.2

▒ NOW token ▒ by ChangeNOW ▒ Get the WIN! ▒
ChangeNOW - an instant Non-custodial Exchange Service  (( changenow.io ))
Whitepaper  ▓  Telegram  ▓  Twitter  ▓  Facebook  ▓  Medium  ▓  Reddit  ▓  Bounty Thread
user2
Member
**
Offline Offline

Activity: 92
Merit: 10


View Profile
February 14, 2015, 10:22:18 AM
 #6

No fishing email pretending to be from btc-e lately?

▒ NOW token ▒ by ChangeNOW ▒ Get the WIN! ▒
ChangeNOW - an instant Non-custodial Exchange Service  (( changenow.io ))
Whitepaper  ▓  Telegram  ▓  Twitter  ▓  Facebook  ▓  Medium  ▓  Reddit  ▓  Bounty Thread
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
February 14, 2015, 10:30:29 AM
 #7

So you had $40K in your account and you didn't even set up 2FA?

Without 2FA there are so many ways an attacker can obtain your password.

If they have a thief inside a company, 2FA also will be hacked.
So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?

Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.
ajareselde
Legendary
*
Offline Offline

Activity: 1722
Merit: 1000

Satoshi is rolling in his grave. #bitcoin


View Profile
February 14, 2015, 10:42:36 AM
 #8

So you had $40K in your account and you didn't even set up 2FA?

Without 2FA there are so many ways an attacker can obtain your password.

If they have a thief inside a company, 2FA also will be hacked.
So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?

Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.

Quote
“Hello, thank you for contacting btc-e support. We do investigation only when we have the official request from police (Police of what country they want???). We do all the possible to protect money of our clients. But you din’t set two factors authentication, that’s why we can’t be responsible for safety of your account. Thank you, feel fee to contact us”

It seams like they ditched him off, blaming him alone for the theft because he had no 2fa enabled, which is insane, atleast they could track down where the money went and allow him to fight for his money.
Their support is terrible, i can confirm, but never did i expect something like this to happen.
Presuming op is telling the whole truth ofc.

cheers
user2
Member
**
Offline Offline

Activity: 92
Merit: 10


View Profile
February 14, 2015, 10:53:15 AM
 #9


It seams like they ditched him off, blaming him alone for the theft because he had no 2fa enabled, which is insane, atleast they could track down where the money went and allow him to fight for his money.
Their support is terrible, i can confirm, but never did i expect something like this to happen.
Presuming op is telling the whole truth ofc.

cheers

To be fair it's pretty hard for them to do something. Just think about it, the stolen account has been selling his LTC for CNH, CNH price went up. A lot of people made something on it. I personally made about btc in the ensuing panic. I saw in the btc-e trollbox people boasting about making much more. The thieves could have had several accounts. How do you suppose to go after them?

▒ NOW token ▒ by ChangeNOW ▒ Get the WIN! ▒
ChangeNOW - an instant Non-custodial Exchange Service  (( changenow.io ))
Whitepaper  ▓  Telegram  ▓  Twitter  ▓  Facebook  ▓  Medium  ▓  Reddit  ▓  Bounty Thread
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
February 14, 2015, 10:55:54 AM
 #10

So you had $40K in your account and you didn't even set up 2FA?

Without 2FA there are so many ways an attacker can obtain your password.

If they have a thief inside a company, 2FA also will be hacked.
So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?

Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.

Quote
“Hello, thank you for contacting btc-e support. We do investigation only when we have the official request from police (Police of what country they want???). We do all the possible to protect money of our clients. But you din’t set two factors authentication, that’s why we can’t be responsible for safety of your account. Thank you, feel fee to contact us”

It seams like they ditched him off, blaming him alone for the theft because he had no 2fa enabled, which is insane, atleast they could track down where the money went and allow him to fight for his money.
Their support is terrible, i can confirm, but never did i expect something like this to happen.
Presuming op is telling the whole truth ofc.

cheers

Oh thanks I've "skipped" that part, so it is also a fault of the OP. The 2FA *must* be active in each exchange/site when you are "depositing/saving" your money (it is a basically rules/concept).
ajareselde
Legendary
*
Offline Offline

Activity: 1722
Merit: 1000

Satoshi is rolling in his grave. #bitcoin


View Profile
February 14, 2015, 11:04:08 AM
 #11


It seams like they ditched him off, blaming him alone for the theft because he had no 2fa enabled, which is insane, atleast they could track down where the money went and allow him to fight for his money.
Their support is terrible, i can confirm, but never did i expect something like this to happen.
Presuming op is telling the whole truth ofc.

cheers

To be fair it's pretty hard for them to do something. Just think about it, the stolen account has been selling his LTC for CNH, CNH price went up. A lot of people made something on it. I personally made about btc in the ensuing panic. I saw in the btc-e trollbox people boasting about making much more. The thieves could have had several accounts. How do you suppose to go after them?

few years back there was a security breach with liberty reserve deposits, allowing the attacker to  deposit fake usd in unlimited quantities,
attacker used funds to buy bitcoin and litecoin and then withdrew them, what btc-e did was to roll-back every transaction on btc-e to the state before the attack took place.

im not saying they should do the same now, but atleast they can investigate the theft, compare ip's used to login to his account and compare it to the ones that benefited the most out of trades.
its likely that the attacker used vpn, but maybe he didnt, maybe its just some skid that grabbed his login in some lame way, iwe seen alot of them over the years.
but to tell someone its their own faul and goodbye, well mister, you just lost some customers, presuming this story turns out to be true.

cheers
ik_do
Hero Member
*****
Offline Offline

Activity: 522
Merit: 500


View Profile
February 14, 2015, 11:16:40 AM
 #12

Before you go assuming your mac is perfect and your password alone is enough to protect you--it isn't. I've seen macs firsthand with viruses. Nowadays visiting a single website is enough to completely compromise your system.

My opinion:
-Not having 2FA enabled = asking for money to be stolen
-Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen
-Acting as if macs can't get viruses = asking for money to be stolen
-Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen
-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc)

My questions (please answer all of these so we can see what factors may have attributed to this situation):
-Were you using wifi?
-Were you using a wireless keyboard?
-What browser do you use?
-Does anyone else use your computer?
-Do you share your wifi access with anyone else?
-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.
-Do you share the same password on ANY other service ANYWHERE?

Regardless of you being slightly naive (my personal opinion anyway) with a lot of these, this service should still be assisting you (once they have identified you are the legitimate account holder).
user2
Member
**
Offline Offline

Activity: 92
Merit: 10


View Profile
February 14, 2015, 11:18:40 AM
 #13


It seams like they ditched him off, blaming him alone for the theft because he had no 2fa enabled, which is insane, atleast they could track down where the money went and allow him to fight for his money.
Their support is terrible, i can confirm, but never did i expect something like this to happen.
Presuming op is telling the whole truth ofc.

cheers

To be fair it's pretty hard for them to do something. Just think about it, the stolen account has been selling his LTC for CNH, CNH price went up. A lot of people made something on it. I personally made about btc in the ensuing panic. I saw in the btc-e trollbox people boasting about making much more. The thieves could have had several accounts. How do you suppose to go after them?

few years back there was a security breach with liberty reserve deposits, allowing the attacker to  deposit fake usd in unlimited quantities,
attacker used funds to buy bitcoin and litecoin and then withdrew them, what btc-e did was to roll-back every transaction on btc-e to the state before the attack took place.

im not saying they should do the same now, but atleast they can investigate the theft, compare ip's used to login to his account and compare it to the ones that benefited the most out of trades.
its likely that the attacker used vpn, but maybe he didnt, maybe its just some skid that grabbed his login in some lame way, iwe seen alot of them over the years.
but to tell someone its their own faul and goodbye, well mister, you just lost some customers, presuming this story turns out to be true.

cheers

They ought to investigate, I'm with you on this. I have an account with btc-e and I sincerely hope they didn't just tell him to f*ck off. At least not right away.

▒ NOW token ▒ by ChangeNOW ▒ Get the WIN! ▒
ChangeNOW - an instant Non-custodial Exchange Service  (( changenow.io ))
Whitepaper  ▓  Telegram  ▓  Twitter  ▓  Facebook  ▓  Medium  ▓  Reddit  ▓  Bounty Thread
ik_do
Hero Member
*****
Offline Offline

Activity: 522
Merit: 500


View Profile
February 14, 2015, 11:20:24 AM
 #14

So you had $40K in your account and you didn't even set up 2FA?

Without 2FA there are so many ways an attacker can obtain your password.

If they have a thief inside a company, 2FA also will be hacked.
So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?

Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.

2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same.

Any service that runs without these basic features is just asking for money to be stolen.
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
February 14, 2015, 11:28:27 AM
Last edit: February 14, 2015, 11:41:36 AM by redsn0w
 #15

So you had $40K in your account and you didn't even set up 2FA?

Without 2FA there are so many ways an attacker can obtain your password.

If they have a thief inside a company, 2FA also will be hacked.
So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?

Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.

2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same.

Any service that runs without these basic features is just asking for money to be stolen.

Yes of course ,with the simple 2FA you have a "strong"  level of security but as you told also the  email for confirm the withdraw will add a much level of security.

However as I always said, you will should never keep your money in an exchange (for 1-2 days) -instead- you have to deposit > make the exchange and then withdraw all your "coins" to your personal wallet.
BitCoinNutJob
Legendary
*
Offline Offline

Activity: 1316
Merit: 1000


View Profile
February 14, 2015, 11:29:49 AM
 #16


Man this situation makes me sick to the stomach, hope your end up with some kind of result OP, no idea what you should do, BTC-e support is your only hope though.
FanEagle
Legendary
*
Offline Offline

Activity: 3038
Merit: 1129


View Profile
February 14, 2015, 11:40:42 AM
 #17

and I'm still wondering how the hell they hacked into my email too.
The password I personally used was a complex one, but they still managed to enter and change it, and they even gone to my cex.io without issues and that password was one time used and they searched for any btc in it(luckily it was empty, I was only lurking there)
but still, they managed to reset some of many not bitcoin related websites/games password
But hell, I would never trust a website to hold 40K dollars, maybe only on my computer, inside a virtual machine.(If I break that virtual machine im damned to hell but, I would use that method.
ik_do
Hero Member
*****
Offline Offline

Activity: 522
Merit: 500


View Profile
February 14, 2015, 11:42:19 AM
Last edit: February 14, 2015, 11:55:27 AM by ik_do
 #18

So you had $40K in your account and you didn't even set up 2FA?

Without 2FA there are so many ways an attacker can obtain your password.

If they have a thief inside a company, 2FA also will be hacked.
So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?

Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.

2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same.

Any service that runs without these basic features is just asking for money to be stolen.

Yes of course ,with the simple 2FA you have a "strong"  level of security but as you told also the  email for confirm the withdraw will add a much level of security.

However as I always said, you will should never keep your money in an exchange (for 1-2 days) -instead- you have to deposit > make the exchange and then withdraw all your "coin" to your personal wallet.

Exactly--this should be common practice. 40k USD isn't exactly pocket change for most people.

There really should be a rating system for the various exchanges, what security measures they offer as well as a track record of their history (sort of like coinssource we need an exchangesource if such a thing exists)

Email confirmation of transactions/withdrawals will at the very least prove the exchange is extremely unlikely to involved in theft from accounts and would point at the user's computer being compromised (or similar).
ik_do
Hero Member
*****
Offline Offline

Activity: 522
Merit: 500


View Profile
February 14, 2015, 11:43:35 AM
 #19

and I'm still wondering how the hell they hacked into my email too.
The password I personally used was a complex one, but they still managed to enter and change it, and they even gone to my cex.io without issues and that password was one time used and they searched for any btc in it(luckily it was empty, I was only lurking there)
but still, they managed to reset some of many not bitcoin related websites/games password
But hell, I would never trust a website to hold 40K dollars, maybe only on my computer, inside a virtual machine.(If I break that virtual machine im damned to hell but, I would use that method.

Again if you're going to say your email address or any account was hacked please provide the following information:
-What operating system?
-What browser do you use?
-Were you using wifi?
-Were you using a wireless keyboard?
-Does anyone else use your computer (at ALL)?
-Do you share your wifi access with anyone else?
-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.
-Do you share the same password on ANY other service ANYWHERE?
FanEagle
Legendary
*
Offline Offline

Activity: 3038
Merit: 1129


View Profile
February 14, 2015, 11:56:37 AM
 #20

and I'm still wondering how the hell they hacked into my email too.
The password I personally used was a complex one, but they still managed to enter and change it, and they even gone to my cex.io without issues and that password was one time used and they searched for any btc in it(luckily it was empty, I was only lurking there)
but still, they managed to reset some of many not bitcoin related websites/games password
But hell, I would never trust a website to hold 40K dollars, maybe only on my computer, inside a virtual machine.(If I break that virtual machine im damned to hell but, I would use that method.

Again if you're going to say your email address or any account was hacked please provide the following information:
-What operating system?
-What browser do you use?
-Were you using wifi?
-Were you using a wireless keyboard?
-Does anyone else use your computer (at ALL)?
-Do you share your wifi access with anyone else?
-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.
-Do you share the same password on ANY other service ANYWHERE?

Windows 7
Firefox
Yes
No
No, only me.
No
15 chars, it was a mix of latin word number and special chars.
No, that password was unique, at least for the email.

I'm still wondering why he requested password change of a game "Trion Worlds", of an empty cex.io account, and another account of stellarix(empty too) and all those passwords were differents.
Side Note, why he didn't asked to change passwords to my porn sites? maybe because they were all free accounts.  Roll Eyes
Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!