Pages:
Author

Topic: Be careful with security! I learned my lesson. - page 2. (Read 712 times)

legendary
Activity: 1554
Merit: 2037
Hey sorry to here. I documented my own recent Fuck up in regards to keeping my coins safe. I wasn't anywhere near the 20K mark, but it stings non the less. Good on you for sharing your info, and moving forward please secure things better. There is tons of information out there on how to keep all of that information as safe as possible, as well as multiple backups you can use. Hopefully you are in a situation where you can rebuild, form here. Don't dwell on it is the best advice I can give, just learn from it.
legendary
Activity: 3024
Merit: 2148
I actually removed my phone number from all my Google accounts, because it seems to be much more of a vulnerability than a security or safety measure these days. It's just ridiculous how easy it is to steal someone's phone number. I use Google 2FA app for all my important accounts, and I hope there's no vulnerabilities in it that can allow attackers to bypass it like the do with phones.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
I know how you feel right now and I am truly sorry for your loss. I've gone through this before and in my case I lost around 8k $. I have a strong feeling that who hacked me is someone I know though
Since then, I never save my private keys or passwords on any online platform regardless of how much secure it may sound.

I think I should recheck my email to see If there is still any sensitive data saved there.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
I was thinking that ther might be a person who has physical access then steal the email and hack the sms 2fa verification security by doibg what findingnemo provided and getaway with it. It will be easier for that person to steal your money since your passwords, private keys are stored online which storing online is not the most suitable way to keep your info safe.
hero member
Activity: 1498
Merit: 596
Not really, hackers also getting updated with security development.
I totally agree with you...


It's not easy to bypass 2FA code but we can't say its impossible.
I agree but in order to hack an email account the hacker needs to break at least two locks (if 2fa is enabled), isn't it?
And the hacker to succeed, the user (email owner) needs to click a link from a phishing email and then needs to put the login credentials, otherwise no. That's a long process.

A month or two ago, I got an email saying that someone tried to access my email (the email template was the same as Google's template) and asked me to verify, but when I checked the sender email I found that it was not Google but just a phishing attempt. So I didn't even click any link from that phishing email. What I want to say is that a hacker will never succeed without our help, we all just need to be more careful, that's all.


edit:
If it is not a case of phishing email than what could be other ways except a known person?
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
Always use something like Google Authenticator or Authy. I guess Authy is better because it can be restored in case of losing the phone.
Make sure to back up your 2FA codes safely before activating it; then you can restore your 2FA on other phones.

I copy & paste or write codes down manually; then when I enter the activation code for the first time, I type it manually by looking at my backup codes (not directly copying and pasting from computers). I do this because I want to make sure that backup codes saved correctly and can be used later.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
2FA SMS is one of a secure way to protect your online accounts if I'm not mistaken.
Not really, hackers also getting updated with security development. It's not easy to bypass 2FA code but we can't say its impossible.

Phishing SMS 2FA codes – How hackers bypass two-factor authentication
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
For someone who is a member from early 2016 things like this should not happen, it has been repeated thousands of times that private keys/seed should not be stored on e-mail or as unencrypted documents on PC/smartphone. Some members also say that if you have more then $500 in BTC that in this case hardware/paper wallet is necessary. But in my opinion, even $100 worth of crypto justifies investing in security.

It sure is really surprising. Not saying that high rank & early registration date = smart, but you'd really expect a bit more security awareness from someone who's been in the forum for some time already. My guess that in the case of OP, it's more of the "ehh, no ones going to hack me" reasons. Because hot damn storing very very sensitive information on an email account is a very very very novice move.
hero member
Activity: 1498
Merit: 596
I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily. Ended up losing all my savings. Don't use sim verification ever it's pointless there are multiple ways to break it.
2FA SMS is one of a secure way to protect your online accounts if I'm not mistaken. I can only think of how it happened is that someone around you has the physical access to your phone and also knows your email pass and that's how they accessed your email account, maybe I'm wrong. It's the two locks a hacker needs to break to get inside. However, have you identified the way it happened yet?

$20k is not a small amount and I also feel that you should report to the police as Lucius suggested, only if Crypto is legal in your country.
legendary
Activity: 1974
Merit: 1150
Also concerned about what happened to you Iwan, I will make your experience a valuable lesson for me.
Many people may still be ignoring the security of their money so far and I am also one of them, even if buying one hardware wallet might not be the only thing that can be bought. But more often ignore it.

This is ridiculous in my opinion, and as soon as possible will set aside money to buy it. Security is the main thing that must always be maintained if we have large amounts of assets and even if small.

member
Activity: 100
Merit: 21
Always use something like Google Authenticator or Authy. I guess Authy is better because it can be restored in case of losing the phone.
If you are storing your private keys/passwords/seed keys into online, no Authenticator is safe. It's better if we can use paper wallet or hardware wallet. Or at least, we don't store our private keys/seed keys online. It can be written form.
I always store any seed or private key on paper. And if there's an option for 2FA, I always prefer authenticator apps over SMS verification. That's why I said it. Thank you mate.
hero member
Activity: 2492
Merit: 542
Thats very unfortunate mate, that was a huge money, this is a lesson to all never ever store your important keys on your email/gmail this is very risky much safe to store on your hdd with password or in a portable hdd if you have no hardware wallet Im also storing mine in my portable hdd so that wherever I go I can securely hide it somewhere in my house.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
For someone who is a member from early 2016 things like this should not happen, it has been repeated thousands of times that private keys/seed should not be stored on e-mail or as unencrypted documents on PC/smartphone. Some members also say that if you have more then $500 in BTC that in this case hardware/paper wallet is necessary. But in my opinion, even $100 worth of crypto justifies investing in security.

When I say security, I don't just mean on hardware wallets, but also in PC/smartphone security. $20k is big money, so even though the chances are very small for the return of coins, the whole thing needs to be reported to the police.
sr. member
Activity: 1078
Merit: 310
Oh well, painful mistake for you I guess. Look at the bright side. While 20k is a good amount of money, better learn a hard lesson losing the $20k rather than learning your lesson when you already have like $100k+ or more. Best of luck moving forward.

Correct! This is also my line of thinking when I was victimized by  phishing but so far,that incident has taught me to be more security conscious and be more vigilant with our assets.

Needless to say, we must employ certain security practices  like installing security products, using password managers. etc.,  that could help in strengthening the  defenses of our systems.

Most importantly, no matter what happens to us, just don't give up! Imho.
hero member
Activity: 1358
Merit: 851
Always use something like Google Authenticator or Authy. I guess Authy is better because it can be restored in case of losing the phone.
If you are storing your private keys/passwords/seed keys into online, no Authenticator is safe. It's better if we can use paper wallet or hardware wallet. Or at least, we don't store our private keys/seed keys online. It can be written form.
Sorry to hear about your loss. OP, you are a old bitcointalker. It's very unexpected mistake from members like you. You must have known about these security issue long ago.
hero member
Activity: 2338
Merit: 757
Back to 2017 , i used to store my secret codes in a text file , compress it in winrar file locked by a long sophisticated password , then upload it to my DropBox which also secured by sms verification [gmail] . At that time, i hadn't any secure device and had to access my accounts from different computers. Even after i repaired my laptop, that winrar file stayed a long time before i deleted it and reset all my codes. I didn't thought sim verification may not be secure enough, as also for a hacker may have access to content in a locked zipped file.
Am so sorry about your lost . This is shocked !
Am also a little bit curious about how this did happened to you ? I mean how they have access to your email ? Is it possible to brute force codes sent via sms or sophisticated long password for Winrar ?
member
Activity: 100
Merit: 21
Mobile verification is not that good at all. In my country, almost anyone can reclaim any working SIM card. I've been a victim before. Someone purchased my number again.
Always use something like Google Authenticator or Authy. I guess Authy is better because it can be restored in case of losing the phone.
And using someone else's Google account on your phone is risky too. My phone was once reset by a thief who stole my friends phone.
Be careful. Don't lose all your money.  Undecided
legendary
Activity: 2506
Merit: 1394
I feel sorry for your lost...
But, I am a little curious why you have been the target by them? Or they are just have some random targets and finding only the big fish on their targets.

I also experienced last month about my centralized exchange account, when someone able to log in it via my email address and correct password but didn't able to proceed because it needs SMS 2FA from my sim card, so he/she didn't able to proceed, but after that I activate my 2FA uding authy/google authenticator which is much stronger.
legendary
Activity: 2338
Merit: 1261
Heisenberg
Sorry for your loss... Stay positive and just consider it as an expensive lesson learnt.

SMS 2FA is pretty weak. At least if you are to go for 2 factor authentication for your email, go for the strongest that is a available and that is authy or google authenticator.

Keeping your login credentials and private keys in email drafts, cloud storage like Dropbox or online notebooks is also not wise. Those are the first places the hacker checks out.
sr. member
Activity: 532
Merit: 302
I'm sorry this happened to you.

I had all the private keys, passwords, etc saved in my email draft & I had 2 fa SMS verification didn't know that someone can break it easily.

Sounds like it was webmail something like gmail so it doesn't have to be a break in to your account to steal your information. It can be many other things like a cross site scripting attack from another tab or a rogue browser extension or malware on your computer.

Pages:
Jump to: