romerun
Legendary
 Offline
Activity: 1078
Merit: 1002
Bitcoin is new, makes sense to hodl.
|
 |
February 14, 2014, 06:00:44 AM |
|
are you using windows?
|
|
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 06:04:39 AM |
|
nope - Mac - and no, I didn't install that "Stealth Bit" malware
|
|
|
|
|
|
electerium
|
|
February 14, 2014, 06:15:38 AM |
|
mitm attack?
|
|
|
|
|
|
shawshankinmate37927
|
|
February 14, 2014, 06:19:52 AM |
|
nope - Mac - and no, I didn't install that "Stealth Bit" malware
That's the only computer you've used to logon to Havelock? |
"It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning." - Henry Ford
|
|
|
|
electerium
|
|
February 14, 2014, 06:25:32 AM |
|
I've forgotten, but when you open an account for havelock, do you at any point enter in your country of origin?
I mean, if the answer is yes, it's insanely easy to just get a VPN connection to any country in the world to circumvent that aspect of security
|
|
|
|
|
|
spartan82
|
|
February 14, 2014, 06:46:54 AM |
|
Just a warning - I've just had my havelock account hacked and all my AM1 shares stolen, and money withdrawn from account.
I had both 2FA enabled, and login from my own country, Thailand. The thief managed to bypass both of those somehow.
I'm devastated right now - I have asked havelock if they can do anything about it ....
That is why price has gone down at havelock - someone sold my 150 shares and then withdrawn the bitcoins.
All withdrawn to: 18jURpZJjcpdp8Utdf9tePVY4VGK84DmUy
shit dude im sorry to hear, i would be fucking devastated. hope havelock can provide you with enough info to track the bastard down |
|
|
|
|
|
VeeMiner
|
|
February 14, 2014, 07:10:29 AM |
|
Just a warning - I've just had my havelock account hacked and all my AM1 shares stolen, and money withdrawn from account.
I had both 2FA enabled, and login from my own country, Thailand. The thief managed to bypass both of those somehow.
I'm devastated right now - I have asked havelock if they can do anything about it ....
That is why price has gone down at havelock - someone sold my 150 shares and then withdrawn the bitcoins.
All withdrawn to: 18jURpZJjcpdp8Utdf9tePVY4VGK84DmUy
brutal. sorry to hear that. Havelock offline now... sheeeitttt. Really sorry to hear that... I don't want to add fuel to fire or anything but best shares are the direct shares... |
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3318
Merit: 2289
Top-tier crypto casino and sportsbook
|
|
February 14, 2014, 08:50:35 AM |
|
Just a warning - I've just had my havelock account hacked and all my AM1 shares stolen, and money withdrawn from account.
I had both 2FA enabled, and login from my own country, Thailand. The thief managed to bypass both of those somehow.
I'm devastated right now - I have asked havelock if they can do anything about it ....
That is why price has gone down at havelock - someone sold my 150 shares and then withdrawn the bitcoins.
All withdrawn to: 18jURpZJjcpdp8Utdf9tePVY4VGK84DmUy
Did you have an activated API key? Been on any shady crypto related sites while being logged in at Havelock? This sounds like a rather serious issue, not sure how likely it is that both your login device and 2FA device were compromised. |
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 08:58:20 AM |
|
nope - Mac - and no, I didn't install that "Stealth Bit" malware
That's the only computer you've used to logon to Havelock? Yep. Just my Macbook |
|
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 08:59:37 AM |
|
Just a warning - I've just had my havelock account hacked and all my AM1 shares stolen, and money withdrawn from account.
I had both 2FA enabled, and login from my own country, Thailand. The thief managed to bypass both of those somehow.
I'm devastated right now - I have asked havelock if they can do anything about it ....
That is why price has gone down at havelock - someone sold my 150 shares and then withdrawn the bitcoins.
All withdrawn to: 18jURpZJjcpdp8Utdf9tePVY4VGK84DmUy
Did you have an activated API key? Been on any shady crypto related sites while being logged in at Havelock? This sounds like a rather serious issue, not sure how likely it is that both your login device and 2FA device were compromised. No API key. I've mentioned in other posts (probably in other threads), I don't log into any "random" URLs, ever. If I try a URL out, I use a different browser. But that's very rare as well. |
|
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 09:00:16 AM |
|
Just a warning - I've just had my havelock account hacked and all my AM1 shares stolen, and money withdrawn from account.
I had both 2FA enabled, and login from my own country, Thailand. The thief managed to bypass both of those somehow.
I'm devastated right now - I have asked havelock if they can do anything about it ....
That is why price has gone down at havelock - someone sold my 150 shares and then withdrawn the bitcoins.
All withdrawn to: 18jURpZJjcpdp8Utdf9tePVY4VGK84DmUy
brutal. sorry to hear that. Havelock offline now... sheeeitttt. Really sorry to hear that... I don't want to add fuel to fire or anything but best shares are the direct shares... Yep. I agree with you  just doesn't help with the pain at the moment ... |
|
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 09:04:03 AM |
|
I've forgotten, but when you open an account for havelock, do you at any point enter in your country of origin?
I mean, if the answer is yes, it's insanely easy to just get a VPN connection to any country in the world to circumvent that aspect of security
Not quite sure what you mean, but yes, obviously VPN to any country in world is easy. Sounds like hacker had a Thai IP organized. Its getting my password (secure) + 2FA I can't get over. Also, I never got a single "trading" email during the heist. But I guess that is easy enough if you have account access. You just turn it off during the heist. I had it turned on previously and it is turned on now. The thief nicely turned it back on for me now my account is empty |
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3318
Merit: 2289
Top-tier crypto casino and sportsbook
|
|
February 14, 2014, 09:15:50 AM |
|
That's pretty scary. Not sure what other attack vectors there might be except for some Havelock employee gone rogue or a security breach at their servers. Maybe your email account is compromised and they used it for some social engineering shenanigans (which would also be hard with you noticing).
|
|
|
|
|
bitcoin.newsfeed
|
|
February 14, 2014, 09:16:21 AM |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
|
... Question Everything, Believe Nothing ...
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 09:19:21 AM |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
2FA key was written down on paper as "backup". |
|
|
|
|
|
jimmothy
|
|
February 14, 2014, 09:21:59 AM |
|
That's pretty scary. Not sure what other attack vectors there might be except for some Havelock employee gone rogue or a security breach at their servers. Maybe your email account is compromised and they used it for some social engineering shenanigans (which would also be hard with you noticing).
Why would a rogue havelock employee sell his shares instead of just the bitcoins from one of the guys with a buy order? Anyways I would try to contact havelock and see if they can dig up any further info. If it is a security breach on their end then that would be very serious. Not sure about how 2fa can be breached along with your password. My guess would be an infected pc (keylogger or something). |
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3318
Merit: 2289
Top-tier crypto casino and sportsbook
|
|
February 14, 2014, 09:32:42 AM |
|
Why would a rogue havelock employee sell his shares instead of just the bitcoins from one of the guys with a buy order? To make it look like a hack? I don't think they did, just pointing out the possibility. However... 2FA key was written down on paper as "backup". ...i guess we might have a scenario where the attacker got ahold of your 2FA key while you were writing it down / your macbook requested it from havelock, assuming it was on the same machine. |
|
|
|
|
willBTC
|
|
February 14, 2014, 09:45:20 AM |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
2FA key was written down on paper as "backup". I am just wondering how could that happened? it seems impossible if you have 2FA |
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
ASICMINERTUBE The Best $/Gh Bitcoin Miner So Far Discover now!
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
|
|
bitcoin.newsfeed
|
|
February 14, 2014, 10:14:06 AM
Last edit: February 14, 2014, 10:29:16 AM by bitcoin.newsfeed |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
2FA key was written down on paper as "backup". I am just wondering how could that happened? it seems impossible if you have 2FA Maybe 2FA on rooted/jailbroken device ... and attacker infected both devices pc and smartphone/tablet via same router. EDIT : I assume you're in Thailand ... 90% of smartphones there are rooted. EDIT2 : Damn, from today I'll login to Havelock only from TailsOS ... I feel sorry for your lose mate, its really devastating. I wish we could do something about it. |
... Question Everything, Believe Nothing ...
|
|
|
|
minerpumpkin
|
|
February 14, 2014, 10:32:01 AM |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
2FA key was written down on paper as "backup". I am just wondering how could that happened? it seems impossible if you have 2FA Maybe 2FA on rooted/jailbroken device ... and attacker infected both devices pc and smartphone/tablet via same router. EDIT : I assume you're in Thailand ... 90% of smartphones there are rooted. EDIT2 : Damn, from today I'll login to Havelock only from TailsOS ... Probably jailbroken at MBK? I have to chime in, I'm also really sorry to hear that. I can only try and fathom how that feels. This makes me truly sad and angry! Just to address other questions/vulnerabilities: When was the last time you changed your password? Is it unique? Did you at some point land on a phishing site, i.e. a Havelock-copy (I guess you may not have noticed it)? I'd like a comment from Havelock. I guess you guys have already contacted them? I'm, just pointing them to this problem, as well. |
I should have gotten into Bitcoin back in 1992...
|
|
|
|
