Author

Topic: ... (Read 1181 times)

hero member
Activity: 560
Merit: 500
★777Coin.com★ Fun BTC Casino!
...
May 04, 2014, 12:35:20 PM
#17
Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.


It's called 2 factor authentication.

Something you know =  password
Something you have = your mobile phone / crypto card / (bio info too, finger print, eyeball, face, but I'm not down with that shit!)

I lost BTC in a known exchange site even though i had 2 factor authentication. They did not require just my account, they fucked over the whole exchange site, which the 2factor cannot prevent!

2FA offers some security but it is not a panacea.  It *might* prevent your account from getting hacked but don't bet on it.  Some hacker may inject a fake deposit address so you send your bitcoin to the hacker instead of the exchange.  Or the site might get hacked and you lose all your funds if they are stored in a hot wallet on the server.
hero member
Activity: 560
Merit: 500
★777Coin.com★ Fun BTC Casino!
May 04, 2014, 12:33:40 PM
#16
Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.



There is no easy solution.  'Security' is never going to be 100% on a web server.  Doesn't matter if you spend $100k/year on a security team, it won't matter. Eventually, you WILL get hacked.

I own sites like https://BitPlastic.com and https://BitLaunder.com and https://CoinChimp.com .. we used to get hacked all the time, and I had to pay clients who lost money out of my own pocket to avoid getting branded a 'scam'.  We hired a security specialist and we haven't been hacked since, but eventually it WILL happen again.  Of that I am 100% sure.

The main consideration for a Bitcoin site owner is simply not store much Bitcoin in 'live wallets' running bitcoind on a server.  If you store your client funds in a 'hot wallet' on the server, you are basically begging to get hacked into oblivion, like Flexcoin and MtGox (although that might have been Karpeles theft).

The other thing you need to worry about is fake deposit addresses. For example, hackers will insert their own deposit address into your mysql table, so when clients send funds to the wallet on the server, actually they are sending funds to the hackers.  This type of thing is usually discovered within a few hours and losses are kept to a minimum. 

I think every Bitcoin website owner needs to maintain an 'insurance' fund of maybe 25% of their profits to simply cover hacking losses. 

Some sort of 'Bitcoin insurance policy' might even be a good business idea!

As far as longterm hacking prevention in the Bitcoin world, I don't see that ever happening.  At least not with the current Bitcoin protocol

Dr. Michael Moriarty
https://BitPlastic.com / https://BitLaunder.com / https://BitArmored.com / https://CoinChimp.com / https://BitSpeculate.com
legendary
Activity: 1372
Merit: 1014
May 04, 2014, 08:27:24 AM
#15
when an exchange gets hacked its all about cold wallets - real cold wallets not Gox style  Wink
legendary
Activity: 3766
Merit: 1217
May 04, 2014, 08:04:54 AM
#14
I lost BTC in a known exchange site even though i had 2 factor authentication. They did not require just my account, they fucked over the whole exchange site, which the 2factor cannot prevent!

You are right. Even before the Mt Gox scandal, a lot of users lost their coins from the smaller exchanges. Either someone hacked the site and robbed all the coins, or the exchange owner himself stole all of them. 2FA won't do any wonders in such cases.
sr. member
Activity: 345
Merit: 250
Trusted Member
May 04, 2014, 07:40:38 AM
#13
Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.


It's called 2 factor authentication.

Something you know =  password
Something you have = your mobile phone / crypto card / (bio info too, finger print, eyeball, face, but I'm not down with that shit!)

I lost BTC in a known exchange site even though i had 2 factor authentication. They did not require just my account, they fucked over the whole exchange site, which the 2factor cannot prevent!
hero member
Activity: 490
Merit: 500
May 04, 2014, 06:30:33 AM
#12
Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.


It's called 2 factor authentication.

Something you know =  password
Something you have = your mobile phone / crypto card / (bio info too, finger print, eyeball, face, but I'm not down with that shit!)
legendary
Activity: 3766
Merit: 1217
May 04, 2014, 06:05:40 AM
#11
I hope they will be online back soon. Good thing was nothing been hacked. That's the good news so far. But what if attackers gain access to the data?

What would happen?

Don't be so sure. Even when the news about the Mt Gox hack came out, Karpeles and Co. were initially saying that the users' coins were safe. Everyone knows what happened after that.  Angry
sr. member
Activity: 345
Merit: 250
Trusted Member
May 04, 2014, 05:00:39 AM
#10
Hackers are everywhere man. ive lost a lot of coins from exchange sites that have been hacked.  There must be a solution to this type of behaviour. BTC will not grow if there isnt any trust or 100% security is implemented on sites that are holding bitcoins. I know its not easy as i say but more should be invested in keeping the currency safe and have measures to prevent hackers.

full member
Activity: 122
Merit: 100
May 04, 2014, 03:50:05 AM
#9
I hope they will be online back soon. Good thing was nothing been hacked. That's the good news so far. But what if attackers gain access to the data?

What would happen?
full member
Activity: 165
Merit: 102
May 04, 2014, 03:38:06 AM
#8
I wonder why the hosting gave root access to the attacker without verification ?

Probably someone hacked the email service of the localbitcoins.com and used the same to have root access. Perhaps they had disabled their cell-phone notifications and other precautions.

Quote
it looks like the request was made using spoofed email addresses

So it seems, mail was not hacked. It was spoofed (http://en.wikipedia.org/wiki/Email_spoofing). Probably a simple php mail function usage.
legendary
Activity: 3766
Merit: 1217
May 04, 2014, 03:31:29 AM
#7
I wonder why the hosting gave root access to the attacker without verification ?

Probably someone hacked the email service of the localbitcoins.com and used the same to have root access. Perhaps they had disabled their cell-phone notifications and other precautions.
full member
Activity: 165
Merit: 102
May 04, 2014, 03:12:49 AM
#6
I wonder why the hosting gave root access to the attacker without verification ? First of all those spoofing mails should go to spam folder. Even if the mail client's filtering system is not strong, they can readily check the authentication from mail header. This is a severe fault of the hosting administration. I doubt if it is an outside attacker though...
legendary
Activity: 3766
Merit: 1217
May 04, 2014, 02:53:08 AM
#5
damn this hackers must be stoped...too many hackings happening lately...this is really pulling down bitcoin. We must do something

It will never stop. Rather we should try to increase the security. There were issues with Localbitcoins for the past 1-2 weeks. Several people were reporting here that their coins were stolen.
hero member
Activity: 761
Merit: 500
May 04, 2014, 01:57:47 AM
#4
damn this hackers must be stoped...too many hackings happening lately...this is really pulling down bitcoin. We must do something
legendary
Activity: 1834
Merit: 1094
Learning the troll avoidance button :)
May 04, 2014, 01:57:08 AM
#3
Wow that was dodging the bullet a little to close
Spoof and everything
sr. member
Activity: 462
Merit: 250
May 04, 2014, 01:49:35 AM
#2
Damn, that hurts
Localbitcoins has been a critical pillar in helping me get into the btc ecosystem in my geography (that has no exchanges)
Hope it gets sorted quickly!
full member
Activity: 197
Merit: 100
May 04, 2014, 01:41:16 AM
#1
...
Jump to: