HeRetiK
Legendary
 Offline
Activity: 2912
Merit: 2091
Cashback 15%
|
 |
February 14, 2014, 08:50:35 AM |
|
Just a warning - I've just had my havelock account hacked and all my AM1 shares stolen, and money withdrawn from account.
I had both 2FA enabled, and login from my own country, Thailand. The thief managed to bypass both of those somehow.
I'm devastated right now - I have asked havelock if they can do anything about it ....
That is why price has gone down at havelock - someone sold my 150 shares and then withdrawn the bitcoins.
All withdrawn to: 18jURpZJjcpdp8Utdf9tePVY4VGK84DmUy
Did you have an activated API key? Been on any shady crypto related sites while being logged in at Havelock? This sounds like a rather serious issue, not sure how likely it is that both your login device and 2FA device were compromised. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
|
|
|
|
|
|
The block chain is the main innovation of Bitcoin. It is the
first distributed timestamping system.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 08:58:20 AM |
|
nope - Mac - and no, I didn't install that "Stealth Bit" malware
That's the only computer you've used to logon to Havelock? Yep. Just my Macbook |
|
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 08:59:37 AM |
|
Just a warning - I've just had my havelock account hacked and all my AM1 shares stolen, and money withdrawn from account.
I had both 2FA enabled, and login from my own country, Thailand. The thief managed to bypass both of those somehow.
I'm devastated right now - I have asked havelock if they can do anything about it ....
That is why price has gone down at havelock - someone sold my 150 shares and then withdrawn the bitcoins.
All withdrawn to: 18jURpZJjcpdp8Utdf9tePVY4VGK84DmUy
Did you have an activated API key? Been on any shady crypto related sites while being logged in at Havelock? This sounds like a rather serious issue, not sure how likely it is that both your login device and 2FA device were compromised. No API key. I've mentioned in other posts (probably in other threads), I don't log into any "random" URLs, ever. If I try a URL out, I use a different browser. But that's very rare as well. |
|
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 09:00:16 AM |
|
Just a warning - I've just had my havelock account hacked and all my AM1 shares stolen, and money withdrawn from account.
I had both 2FA enabled, and login from my own country, Thailand. The thief managed to bypass both of those somehow.
I'm devastated right now - I have asked havelock if they can do anything about it ....
That is why price has gone down at havelock - someone sold my 150 shares and then withdrawn the bitcoins.
All withdrawn to: 18jURpZJjcpdp8Utdf9tePVY4VGK84DmUy
brutal. sorry to hear that. Havelock offline now... sheeeitttt. Really sorry to hear that... I don't want to add fuel to fire or anything but best shares are the direct shares... Yep. I agree with you  just doesn't help with the pain at the moment ... |
|
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 09:04:03 AM |
|
I've forgotten, but when you open an account for havelock, do you at any point enter in your country of origin?
I mean, if the answer is yes, it's insanely easy to just get a VPN connection to any country in the world to circumvent that aspect of security
Not quite sure what you mean, but yes, obviously VPN to any country in world is easy. Sounds like hacker had a Thai IP organized. Its getting my password (secure) + 2FA I can't get over. Also, I never got a single "trading" email during the heist. But I guess that is easy enough if you have account access. You just turn it off during the heist. I had it turned on previously and it is turned on now. The thief nicely turned it back on for me now my account is empty |
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 2912
Merit: 2091
Cashback 15%
|
|
February 14, 2014, 09:15:50 AM |
|
That's pretty scary. Not sure what other attack vectors there might be except for some Havelock employee gone rogue or a security breach at their servers. Maybe your email account is compromised and they used it for some social engineering shenanigans (which would also be hard with you noticing).
|
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
bitcoin.newsfeed
|
|
February 14, 2014, 09:16:21 AM |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
|
... Question Everything, Believe Nothing ...
|
|
|
|
empoweoqwj
|
|
February 14, 2014, 09:19:21 AM |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
2FA key was written down on paper as "backup". |
|
|
|
|
|
jimmothy
|
|
February 14, 2014, 09:21:59 AM |
|
That's pretty scary. Not sure what other attack vectors there might be except for some Havelock employee gone rogue or a security breach at their servers. Maybe your email account is compromised and they used it for some social engineering shenanigans (which would also be hard with you noticing).
Why would a rogue havelock employee sell his shares instead of just the bitcoins from one of the guys with a buy order? Anyways I would try to contact havelock and see if they can dig up any further info. If it is a security breach on their end then that would be very serious. Not sure about how 2fa can be breached along with your password. My guess would be an infected pc (keylogger or something). |
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 2912
Merit: 2091
Cashback 15%
|
|
February 14, 2014, 09:32:42 AM |
|
Why would a rogue havelock employee sell his shares instead of just the bitcoins from one of the guys with a buy order? To make it look like a hack? I don't think they did, just pointing out the possibility. However... 2FA key was written down on paper as "backup". ...i guess we might have a scenario where the attacker got ahold of your 2FA key while you were writing it down / your macbook requested it from havelock, assuming it was on the same machine. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
willBTC
|
|
February 14, 2014, 09:45:20 AM |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
2FA key was written down on paper as "backup". I am just wondering how could that happened? it seems impossible if you have 2FA |
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
ASICMINERTUBE The Best $/Gh Bitcoin Miner So Far Discover now!
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
|
|
bitcoin.newsfeed
|
|
February 14, 2014, 10:14:06 AM
Last edit: February 14, 2014, 10:29:16 AM by bitcoin.newsfeed |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
2FA key was written down on paper as "backup". I am just wondering how could that happened? it seems impossible if you have 2FA Maybe 2FA on rooted/jailbroken device ... and attacker infected both devices pc and smartphone/tablet via same router. EDIT : I assume you're in Thailand ... 90% of smartphones there are rooted. EDIT2 : Damn, from today I'll login to Havelock only from TailsOS ... I feel sorry for your lose mate, its really devastating. I wish we could do something about it. |
... Question Everything, Believe Nothing ...
|
|
|
|
minerpumpkin
|
|
February 14, 2014, 10:32:01 AM |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
2FA key was written down on paper as "backup". I am just wondering how could that happened? it seems impossible if you have 2FA Maybe 2FA on rooted/jailbroken device ... and attacker infected both devices pc and smartphone/tablet via same router. EDIT : I assume you're in Thailand ... 90% of smartphones there are rooted. EDIT2 : Damn, from today I'll login to Havelock only from TailsOS ... Probably jailbroken at MBK? I have to chime in, I'm also really sorry to hear that. I can only try and fathom how that feels. This makes me truly sad and angry! Just to address other questions/vulnerabilities: When was the last time you changed your password? Is it unique? Did you at some point land on a phishing site, i.e. a Havelock-copy (I guess you may not have noticed it)? I'd like a comment from Havelock. I guess you guys have already contacted them? I'm, just pointing them to this problem, as well. |
I should have gotten into Bitcoin back in 1992...
|
|
|
|
bitcoin.newsfeed
|
|
February 14, 2014, 10:39:58 AM |
|
When was the last time you changed your password? Is it unique?
You can have 200chars upper-lower-special char 0-day new password, if your computer is once rated and part of the botnet you are screwed, it keylogs everything right into the database based on keywords ... 2FA and secure OS is the only way. |
... Question Everything, Believe Nothing ...
|
|
|
|
Herp
|
|
February 14, 2014, 10:41:39 AM |
|
Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?
2FA key was written down on paper as "backup". I am just wondering how could that happened? it seems impossible if you have 2FA Maybe 2FA on rooted/jailbroken device ... and attacker infected both devices pc and smartphone/tablet via same router. EDIT : I assume you're in Thailand ... 90% of smartphones there are rooted. EDIT2 : Damn, from today I'll login to Havelock only from TailsOS ... Probably jailbroken at MBK? I have to chime in, I'm also really sorry to hear that. I can only try and fathom how that feels. This makes me truly sad and angry! Just to address other questions/vulnerabilities: When was the last time you changed your password? Is it unique? Did you at some point land on a phishing site, i.e. a Havelock-copy (I guess you may not have noticed it)? I'd like a comment from Havelock. I guess you guys have already contacted them? I'm, just pointing them to this problem, as well. In many of the cases it's actually a person close to the victim, probably living in your own house or a friend or someone with actual physical access to your computer and phone. There were many such cases. Might even be your wife or lover. Also there might be another possibility no one here discussed and that is the possibility of this guy lying to prop up another exchange. I'm not saying it's the case but it's possible. |
|
|
|
romerun
Legendary
Offline
Activity: 1078
Merit: 1001
Bitcoin is new, makes sense to hodl.
|
|
February 14, 2014, 10:48:00 AM |
|
sounds like havelock inside job, well, what's lost is lost, better buy new machine, ubuntu air gap it and relocate all your coin stashes to new wallets,
also if havelock is not helping, raise the issue over reddit, and let's up vote
|
|
|
|
|
|
minerpumpkin
|
|
February 14, 2014, 10:52:01 AM |
|
We can't know if the story is true, sure. But I have no reason not to believe him as long as I don't make any important decisions due to that fact.
If his computer is compromised, everything is lost, of course! But the reason I'm asking is, if he maybe changed his password just yesterday, this could indicate another attack vector (keylogger) than maybe a break-in to his email account or a breach in Havelock itself.
Physical theft is an option, yeah. So: How many people do know you're "into Bitcoin" or own AM shares? Do they even know what AM shares are? Did you tell people about it?
|
I should have gotten into Bitcoin back in 1992...
|
|
|
|
Herp
|
|
February 14, 2014, 10:57:00 AM |
|
We can't know if the story is true, sure. But I have no reason not to believe him as long as I don't make any important decisions due to that fact.
If his computer is compromised, everything is lost, of course! But the reason I'm asking is, if he maybe changed his password just yesterday, this could indicate another attack vector (keylogger) than maybe a break-in to his email account or a breach in Havelock itself.
Physical theft is an option, yeah. So: How many people do know you're "into Bitcoin" or own AM shares? Do they even know what AM shares are? Did you tell people about it?
There are lots of pathological liars in this world who can be amazingly convincing. Physical theft is a very real option. Many people tell their friends, spouse or love ones about their investments. Very few people can keep it a secret. You'd be amazed how often the person responsible is a room mate or someone close. In this described event of getting access to 2 factor I think these 2 scenarios are highly probable. I think a Havelock "rogue" trader would have targeted an even bigger account or several such accounts so I don't think that's the case. |
|
|
|
|
minerpumpkin
|
|
February 14, 2014, 11:43:47 AM |
|
We can't know if the story is true, sure. But I have no reason not to believe him as long as I don't make any important decisions due to that fact.
If his computer is compromised, everything is lost, of course! But the reason I'm asking is, if he maybe changed his password just yesterday, this could indicate another attack vector (keylogger) than maybe a break-in to his email account or a breach in Havelock itself.
Physical theft is an option, yeah. So: How many people do know you're "into Bitcoin" or own AM shares? Do they even know what AM shares are? Did you tell people about it?
There are lots of pathological liars in this world who can be amazingly convincing. Physical theft is a very real option. Many people tell their friends, spouse or love ones about their investments. Very few people can keep it a secret. You'd be amazed how often the person responsible is a room mate or someone close. In this described event of getting access to 2 factor I think these 2 scenarios are highly probable. I think a Havelock "rogue" trader would have targeted an even bigger account or several such accounts so I don't think that's the case. I'd guess his mail account got compromised. It's simply the biggest hole you can get through. I guess it's futile to discuss what is 'probable' because why would someone do something improbable - because it is improbable. Circular logic, we'll have to wait and see... |
I should have gotten into Bitcoin back in 1992...
|
|
|
|
101111
|
|
February 14, 2014, 12:06:10 PM |
|
very sorry to hear about that Empow, I hope you can catch the thief
|
|
|
|
|
|
