Is your phone rooted?
Whoever took it also has access to your email.
Topic: 24 BTC stolen from my bitstamp account 2FA and email confirmation protected - page 4. (Read 14977 times)
March 04, 2014, 01:02:39 PM
March 04, 2014, 01:01:39 PM
Well, either an inside job or you just had only Google email confirmation protected and forgot to enable the 2FA, no one can get to your phone or maybe your close friend look around not too far..
March 04, 2014, 01:01:28 PM
Hmm.. maybe some keylogger installed with some app?
March 04, 2014, 12:59:33 PM
Man, sorry to hear that! I don't understand how they could have bypassed google authenticator without having your phone...unless it was an inside job.
March 04, 2014, 12:54:10 PM
I went on vacation on the 21st. On 23rd I logged in to bitstamp because I thought one week of storage of bitcoin on an exchange were too much.
My balance was zero $ and zero bitcoins. From the history I saw someone (not me) made this astonishing things:
* 2014-02-22 19:56:08 109.163.234.9 Logged in using two-factor authentication
* 2014-02-22 20:01:39 109.163.234.9 Opened bitcoin withdrawal request for 23.83677391 BTC to 1PGPkndy1nYLUee3nKKLez8smjqK5zBNKE
* 2014-02-22 20:01:39 109.163.234.9 Bitcoin withdrawal request: email was sent to user
* 2014-02-22 20:02:00 109.163.234.9 Bitcoin withdrawal request: email confirmed by user
* 2014-02-22 20:09:33 161.53.74.122 Changed user password
* 2014-02-22 20:12:33 96.47.226.20 Opened instant buy order for $36.30
* 2014-02-22 20:13:38 96.47.226.20 Opened bitcoin withdrawal request for 0.05965404 BTC to 1PGPkndy1nYLUee3nKKLez8smjqK5zBNKE
* 2014-02-22 20:13:38 96.47.226.20 Bitcoin withdrawal request: email was sent to user
* 2014-02-22 20:15:35 96.47.226.20 Bitcoin withdrawal request: email confirmed by user
* 2014-02-22 20:24:24 141.212.108.13 Changed user password
Has someone an idea of how an hacker could do this?
What do you suggest to do (Yes I know in the future I won't keep any money on exchanges)?
I wrote to Bitstamp support 5 days ago. Yet no answers.
Update: Bitstamp replied: nothing strange on their part. The email they sent the request for confirmation for the withdrawal was the usual one.
If you don't want to read everything what I can understand is that these things can happen!!!!
My device(s) has surely a very good malaware. I think is the phone but could be the two mac.
I'm sorry to repeat one things everyone has read but not everybody follows strictly:
Consider everything you don't keep in cold storage lost or strongly at risk. Your computer and/or your phone is not safe (as long it has been connected the Internet). Never leave money on the exchanges.
EDIT: Funds Have moved:
http://btc.blockr.io/address/info/1PGPkndy1nYLUee3nKKLez8smjqK5zBNKE
http://btc.blockr.io/tx/info/6ecebb49996c404739609152fe9c9ac2ea28dcc5a39aa327010fd6c89900bcd8
http://btc.blockr.io/tx/info/64a2756280c68615ec10fdd82a90ad014bb93b87e30bb2546cb4a1e8a16de648
http://btc.blockr.io/tx/info/6be0bac51251b0be01c97700b42c9c726608897826c5a53a8ff2bd3c0d441014
The last address in which my funds were clean was http://btc.blockr.io/address/info/3LkSW3SW9KuebH2t1FcqrTpKPnN8JRbYYh
My balance was zero $ and zero bitcoins. From the history I saw someone (not me) made this astonishing things:
* 2014-02-22 19:56:08 109.163.234.9 Logged in using two-factor authentication
* 2014-02-22 20:01:39 109.163.234.9 Opened bitcoin withdrawal request for 23.83677391 BTC to 1PGPkndy1nYLUee3nKKLez8smjqK5zBNKE
* 2014-02-22 20:01:39 109.163.234.9 Bitcoin withdrawal request: email was sent to user
* 2014-02-22 20:02:00 109.163.234.9 Bitcoin withdrawal request: email confirmed by user
* 2014-02-22 20:09:33 161.53.74.122 Changed user password
* 2014-02-22 20:12:33 96.47.226.20 Opened instant buy order for $36.30
* 2014-02-22 20:13:38 96.47.226.20 Opened bitcoin withdrawal request for 0.05965404 BTC to 1PGPkndy1nYLUee3nKKLez8smjqK5zBNKE
* 2014-02-22 20:13:38 96.47.226.20 Bitcoin withdrawal request: email was sent to user
* 2014-02-22 20:15:35 96.47.226.20 Bitcoin withdrawal request: email confirmed by user
* 2014-02-22 20:24:24 141.212.108.13 Changed user password
Has someone an idea of how an hacker could do this?
What do you suggest to do (Yes I know in the future I won't keep any money on exchanges)?
I wrote to Bitstamp support 5 days ago. Yet no answers.
Update: Bitstamp replied: nothing strange on their part. The email they sent the request for confirmation for the withdrawal was the usual one.
If you don't want to read everything what I can understand is that these things can happen!!!!
My device(s) has surely a very good malaware. I think is the phone but could be the two mac.
I'm sorry to repeat one things everyone has read but not everybody follows strictly:
Consider everything you don't keep in cold storage lost or strongly at risk. Your computer and/or your phone is not safe (as long it has been connected the Internet). Never leave money on the exchanges.
EDIT: Funds Have moved:
http://btc.blockr.io/address/info/1PGPkndy1nYLUee3nKKLez8smjqK5zBNKE
http://btc.blockr.io/tx/info/6ecebb49996c404739609152fe9c9ac2ea28dcc5a39aa327010fd6c89900bcd8
http://btc.blockr.io/tx/info/64a2756280c68615ec10fdd82a90ad014bb93b87e30bb2546cb4a1e8a16de648
http://btc.blockr.io/tx/info/6be0bac51251b0be01c97700b42c9c726608897826c5a53a8ff2bd3c0d441014
The last address in which my funds were clean was http://btc.blockr.io/address/info/3LkSW3SW9KuebH2t1FcqrTpKPnN8JRbYYh
Jump to: