WARNING! 40 000 USD was stolen fom BTC-e.com account!

[ik_do]

BTW if you're still in doubt about 2FA you should check out the comments on the reddit post for this thread (someone submitted it to reddit):
http://www.reddit.com/r/Bitcoin/comments/2vv2ss/someones_complaining_on_bitcointalk_that_his_btce/

Almost all the comments mention the fact that you didn't use 2FA. You should be spending your time right now formatting your computer (or using another computer which is known to be clean) and then checking the security settings of all of your accounts.

[deluxeCITY]

There is a trend here from 'hacked accounts' gambling site stole money cheated etc if they was true they would be very welcome but chances are they are not.

Always newbie accounts and that makes me take little no notice anymore, unlucky on losing that amount of money if i am wrong and you actually did however 'doubtful' but you deserved it keeping that amount of money on an exchange with no 2fa in the first place.

lol

[redsn0w]

There is a trend here from 'hacked accounts' gambling site stole money cheated etc if they was true they would be very welcome but chances are they are not.

Always newbie accounts and that makes me take little no notice anymore, unlucky on losing that amount of money if i am wrong and you actually did however 'doubtful' but you deserved it keeping that amount of money on an exchange with no 2fa in the first place.

lol

At the end it is his fault at 99% , because he didn't set up the 2FA on his btc-e account. Now the unique way is to contact the support and his police station.

[ik_do]

There is a trend here from 'hacked accounts' gambling site stole money cheated etc if they was true they would be very welcome but chances are they are not.

Always newbie accounts and that makes me take little no notice anymore, unlucky on losing that amount of money if i am wrong and you actually did however 'doubtful' but you deserved it keeping that amount of money on an exchange with no 2fa in the first place.

lol

At the end it is his fault at 99% , because he didn't set up the 2FA on his btc-e account. Now the unique way is to contact the support and his police station.

I'd say more like 100% his fault. The best part is that because he didn't have 2FA enabled it is pretty much impossible to ascertain how much of his system/accounts are compromised. If he had bothered to use 2FA and this actually happened then he could be certain that 2FA was hacked (meaning his entire system is compromised).

Without 2FA he is going to have to get some scooby snacks and hire a crew of hippies to drive around the internet in a van looking for the criminal. Good luck with that.

[Quinn]

thats a huge fuken loss.. but they had a history of missing deposits in the past. or honoring the deposits they get from other countries.

that sucks though that this could of been prevented if 2fa was setup..

[jarvanIV]

thats an expensive lesson learned.. always use 2fa.

but even sometimes using 2fa incidents still occur, like the whole blockchain.info wallet madness a couple weeks back or a month ago.

people got like 30 btc stolen forwarded to other accounts etc.

[ik_do]

thats an expensive lesson learned.. always use 2fa.

but even sometimes using 2fa incidents still occur, like the whole blockchain.info wallet madness a couple weeks back or a month ago.

people got like 30 btc stolen forwarded to other accounts etc.

Its not any single point of failure that causes these situations.

Its a multitude of different problems (mostly attributed to people being lazy):
-not activating 2FA
-not activating logging features on their accounts
-sharing email addresses and/or passwords between accounts
-not running antivirus/malware scanner
-assuming your operating system is 100% immune to viruses or malware (dear mac users your operating system is not, has not and cannot be 100% immune to being compromised)
-sharing your computer with idiots
-installing stupid applications and/or opening stupid links
-assuming people you know won't steal your shit when it can never be traced back to them
-letting other people know how much money you have and where
-blindly trusting web-based wallets etc that aren't decentralized
-installing pirated software which can compromise your system
-using wifi, wireless keyboard/mice or stupid technology that could easily compromise your internet money (if you live in the jungle use wifi, if you live in a crowded urban area where anyone within 50 metres of you could sniff all your personal data then you're an idiot)
-keeping all your eggs in one basket; even if I was trading anything even remotely approaching 40,000 USD, let alone 1000 USD I would sure as shit not store it all on one exchange with no fucking 2FA.

You should not be storing 30 btc on a web wallet like blockchain. Period.
You should not be storing 40,000 USD worth of anything on any online account that doesn't have 2FA. Period.

Part of the responsibility does fall on this exchange for not requiring 2FA or not requiring authentication of transactions via email account, however the problem is that this user is basically incompetent (proven by the fact they refuse to believe 2FA is important) and they then go and write misleading statements regarding their account (no, your money wasn't actually stolen which is what prevents the exchange from helping you) and tries to brush off their own irresponsibility and laziness as not having attributed to the situation (if this user had 2FA enabled then I would be in no position to criticize as much).

[MrThePlague]

Your thread title is inaccurate. Your money was not 'stolen'. You didn't use 2FA which helps to prevent unauthorized access. Someone gained unauthorized access to your account and made unauthorized trades. This can at least be partially attributed to your refusal to use 2FA, using Tor and a number of other factors that are completely outside of your exchange's control.

If btc-e actually cooperated and provided any information of other customers in this situation (without a police/court order) it would set an alarming precedent and I am sure they would lose many customers over it.

Wouldn't his BTC/Cash still be considered stolen? I mean if someone breaks into your house while your away and you only locked the one door lock, would it make it any less of a break in or explained as a 'unauthorized entry' because the home owner had a dead bolt and/or alarm system that he didn't use? Sure he had extra precautions he didn't utilized that may have prevented the break in, but it doesn't lessen the fact that someone still broken in to his house all the same, no?


As to the OP, you should defiantly enable 2FA if you haven't yet. Say your house gets broken into, you are basically using the argument "I didn't bother to lock my door because thieves could have just picked the lock anyway". Hopefully that puts it into a better perspective.

Very sorry for that loss though, I do hope you get some form of resolution from it

[ik_do]

Your thread title is inaccurate. Your money was not 'stolen'. You didn't use 2FA which helps to prevent unauthorized access. Someone gained unauthorized access to your account and made unauthorized trades. This can at least be partially attributed to your refusal to use 2FA, using Tor and a number of other factors that are completely outside of your exchange's control.

If btc-e actually cooperated and provided any information of other customers in this situation (without a police/court order) it would set an alarming precedent and I am sure they would lose many customers over it.

Wouldn't his BTC/Cash still be considered stolen? I mean if someone breaks into your house while your away and you only locked the one door lock, would it make it any less of a break in or explained as a 'unauthorized entry' because the home owner had a dead bolt and/or alarm system that he didn't use? Sure he had extra precautions he didn't utilized that may have prevented the break in, but it doesn't lessen the fact that someone still broken in to his house all the same, no?


As to the OP, you should defiantly enable 2FA if you haven't yet. Say your house gets broken into, you are basically using the argument "I didn't bother to lock my door because thieves could have just picked the lock anyway". Hopefully that puts it into a better perspective.

Very sorry for that loss though, I do hope you get some form of resolution from it

• From a legal standpoint I assume it would still be theft.
• From a literal standpoint, no money actually left his account--only unauthorized transactions took place.

Regardless of anyone's personal feelings the distinction between these two is vitally important is that he falls into the second category and is asking the exchange to reveal confidential information about other users of the service without a court order/warrant. The idea that any exchange or organisation would reveal such private information about its customers with no court order/warrant would basically never happen in a million years.

Even with a court order/warrant you're assuming that anyone who was "the other half" of his transactions is guilty and putting their privacy at stake--this is likely impossible to ascertain and sounds more like a matter for a legal investigation.

Should an exchange breach other user's privacy because some guy didn't bother to use 2FA? No, and if the answer was yes then no one would ever use that exchange ever again.

Personally I abhor people that steal or gain access to other users accounts and then proceed to do malicious things, I believe they should be persecuted to the fullest extent of the law. Having said that, in this instance the victim (i.e. the author of this thread) should realize how their naivety and laziness was likely the primary reason for their loss and also that no reputable organization on Earth would go about releasing information about other users in this same situation without a court order/warrant.

I strongly disagree with the title of this thread and the initial post as they are both greatly misleading to most readers who won't bother to be critical and will take it as face value (and no, I'm not associated with the exchange). I think the victim in this situation refuses to admit that their arrogance and naivety when it comes to security caused this issue and nothing else. If you have 40,000 USD on a website you should take security a lot more seriously.

It is also disheartening to see people learning about promising technologies like bitcoin etc while failing to adequately research basic account security. If anyone is reading this right now and has anything of worth stored on their exchange accounts, gmail/dropbox/banking websites and currently does not use 2FA I strongly urge you to start using it. It isn't some fantasia bullshit, it is the 6 digit code that stands between you accessing your account and some random on the internet being able to essentially rob you of 40k USD. Regardless of what anyone says about it being imperfect it still does a lot more to protect your accounts and private data than having nothing at all in place.

Bottom line:
Not having 2FA enabled = 40,000 USD mistake.

[johnyj]

If those money never left exchange due to AML rules, then the loss is small, not stolen

[Bralex]

Who here even believes that he was hacked 40k??

I do not believe him and if i did, i would laugh anyway i use 2fa on holdings on $500 on an exchange anyone that loses that amount without securing it takes full responsibility for being one of the stupidest people i have met on this forum/real life.

How do you feel knowing you're funds would have been safe had you took 2 minutes to enable 2fa?

[abercrombie]

2FA enabled or GTFO.   

But really, can someone explain how this happened? 

BTC-e requires clicking a email confirmation link for withdrawals (even without 2FA).  And didn't the OP say his email was not compromised?  Or was it... 

[ajareselde]

2FA enabled or GTFO.   

But really, can someone explain how this happened? 

BTC-e requires clicking a email confirmation link for withdrawals (even without 2FA).  And didn't the OP say his email was not compromised?  Or was it... 

This is what turns some of clients off from creating 2fa on btc-e (https://btc-e.com/profile#security/2fa)

Для coздaния ключa нeoбxoдимo ycтaнoвить пpилoжeниe Google Authenticator:
Android: тyт
iOS: тyт
Windows Phone: тyт
J2ME: тyт
Google Authenticator ecть нa мнoгиx плaтфopмax. Cпиcoк ecть нa википeдии.

Пocлe ycтaнoвки пpилoжeния нeoбxoдимo нaжaть нa кнoпкy coздaть ключ и cocкaниpoвaть QR кoд.
Ecли y вac нe пoлyчaeтcя cocкaниpoвaть QR кoд пoпpoбyйтe иcпoльзoвaть дpyгoe пpилoжeниe для cкaниpoвaния QR кoдoв.
Ecли жe вы нe мoжeтe cocкaниpoвaть QR кoд, тo ввeдитe ключ в пpилoжeниe вpyчнyю.

Пocлe тoгo кaк ключ был cocкaниpoвaн, пpилoжeниe Google Authenticator бyдeт гeнepиpoвaть oднopaзoвыe пapoли кaждыe 30 ceкyнд.
Для пoдтвepждeния coздaния ключa нeoбxoдимo ввecти oднopaзoвый пapoль и нaжaть пoдтвepдить.
Note: Пepeд пoдтвepждeниeм coздaния ключa cдeлaйтe бэкaп QR-кoдa или ключa, чтoбы нe имeть пpoблeм пpи yтepe/cбpoce вaшeгo тeлeфoнa. Бэкaп нeoбxoдимo дeлaть нa внeшниe ycтpoйcтвa, тaкиe кaк USB-флeшкa.
Note: Taк кaк oднopaзoвыe пapoли ocнoвaны нa вpeмeни, нeoбxoдимo чтoбы вpeмя нa ycтpoйcтвe гдe cтoит Google Authenticator былo cинxpoнизиpoвaнo, a тaк жe был выбpaн вepный чacoвoй пoяc. B пpoтивнoм cлyчae вы бyдeтe пoлyчaть oшибкy чтo вaш oднopaзoвый пapoль нeвepeн.

Its not even translated to english, funny for a site with so much daily trading volume

[ik_do]

2FA enabled or GTFO.   

But really, can someone explain how this happened? 

BTC-e requires clicking a email confirmation link for withdrawals (even without 2FA).  And didn't the OP say his email was not compromised?  Or was it... 

Read the thread fully. This is why I find the initial post to be misleading--nothing was theoretically stolen, just someone accessed this person's account and made unauthorized trades.

[ik_do]

2FA enabled or GTFO.   

But really, can someone explain how this happened? 

BTC-e requires clicking a email confirmation link for withdrawals (even without 2FA).  And didn't the OP say his email was not compromised?  Or was it... 

This is what turns some of clients off from creating 2fa on btc-e (https://btc-e.com/profile#security/2fa)

Для coздaния ключa нeoбxoдимo ycтaнoвить пpилoжeниe Google Authenticator:
Android: тyт
iOS: тyт
Windows Phone: тyт
J2ME: тyт
Google Authenticator ecть нa мнoгиx плaтфopмax. Cпиcoк ecть нa википeдии.

Пocлe ycтaнoвки пpилoжeния нeoбxoдимo нaжaть нa кнoпкy coздaть ключ и cocкaниpoвaть QR кoд.
Ecли y вac нe пoлyчaeтcя cocкaниpoвaть QR кoд пoпpoбyйтe иcпoльзoвaть дpyгoe пpилoжeниe для cкaниpoвaния QR кoдoв.
Ecли жe вы нe мoжeтe cocкaниpoвaть QR кoд, тo ввeдитe ключ в пpилoжeниe вpyчнyю.

Пocлe тoгo кaк ключ был cocкaниpoвaн, пpилoжeниe Google Authenticator бyдeт гeнepиpoвaть oднopaзoвыe пapoли кaждыe 30 ceкyнд.
Для пoдтвepждeния coздaния ключa нeoбxoдимo ввecти oднopaзoвый пapoль и нaжaть пoдтвepдить.
Note: Пepeд пoдтвepждeниeм coздaния ключa cдeлaйтe бэкaп QR-кoдa или ключa, чтoбы нe имeть пpoблeм пpи yтepe/cбpoce вaшeгo тeлeфoнa. Бэкaп нeoбxoдимo дeлaть нa внeшниe ycтpoйcтвa, тaкиe кaк USB-флeшкa.
Note: Taк кaк oднopaзoвыe пapoли ocнoвaны нa вpeмeни, нeoбxoдимo чтoбы вpeмя нa ycтpoйcтвe гдe cтoит Google Authenticator былo cинxpoнизиpoвaнo, a тaк жe был выбpaн вepный чacoвoй пoяc. B пpoтивнoм cлyчae вы бyдeтe пoлyчaть oшибкy чтo вaш oднopaзoвый пapoль нeвepeн.

Its not even translated to english, funny for a site with so much daily trading volume

You probably shouldn't use a site that does not match up to your expectations.
FWIW, most modern browsers can automatically translate different languages. Cryptocurrency is global, so it won't necessarily be delivered to your doorstep in your own language.

[fox19891989]

you din’t set two factors authentication That's the point, why didn't set it?

Did u usually chat in the trollbox? All guys talk there will get phishing emails, I guess you were fooled by the phishing emails.

[fox19891989]

Who here even believes that he was hacked 40k??

I do not believe him and if i did, i would laugh anyway i use 2fa on holdings on $500 on an exchange anyone that loses that amount without securing it takes full responsibility for being one of the stupidest people i have met on this forum/real life.

How do you feel knowing you're funds would have been safe had you took 2 minutes to enable 2fa?

+1, I always open my g-email with 2FA although I have 100 USD or 10k USD there, the simple computer security knowledge is necessary. Very sad about this guy, hackers are becoming richer, damn!

[tss]

so op has 40k on btc-e without 2 factor auth?  anyone else feel like leaving your money to be stolen.  maybe a few bucks without 2fa but 40k?  i think not.  seems if it was an inside job they wouldnt need the email confirmation.

i really doubt op had that much in there.  but who knows.  anyways these exchanges are not to be trusted.

[Kprawn]

Put up the sign.... "Do not feed the troll"

It's just another newbie account, claiming ...."My coins were stolen" !!! .......Anyone can post @#$% like that.

I would take this seriously when it's coming from a ranked member with a good reputation.

If it's real, and from a ranked member trying to hide his/her real identity... then I apologize in advance and says one word.... 2FA 

[monsanto]

Don't know if it's a troll or not but somebody lost a lot of money on Feb 6th on LTC/CNH market that is for sure.

Also makes me wonder how many of these strange flash crash & price spike incidents that are blamed on "fat finger" traders and bots gone haywire are really hacked accounts having their funds stolen through transactions.