Topic: Bitcoin-24 scams - page 2. (Read 6024 times)

This doesn't look good...did a withdrawal only few hours ago. You guys scare the shit out of me.
Have you tried contact them through email?

OTOH from what I've heard 2 weeks are not uncommon for SEPA transfers at Bitcoin-24.

Same here.
Did a regular withdrawal last week, and several "same-day", and none has been processed yet. 
I'll think of switching to another exchange for futher withdrawals if it takes too long.

I can't tell you why, but I too am waiting for the sepa withdrawal that I requested last Wednesday. Still processing...
Did a withdrawal from Bitstamp at the same time, money in my account yesterday!

Anyone has any idea why SEPA transfers from Bitcoin-24 take so damn long? Currently waiting on two transfers from them, a standard SEPA transfer initiated about a week ago and a "same day" transfer initiated on Friday. Both of them are still "processing" on the site, so it's a pretty far cry from what they promise in terms of delivery. I thought the extra cash you pay for Same Day transfer was supposed to bring the money to you faster...

I could very well have been one of the biggest fish with the api enabled.

That's what I'm saying it can't have been, or he would surely have taken more. If it was that predictable, what stops him from going after really big fish? Or do you reckon you were the big fish on there?

Yes, perhaps the api key is the hash of your username or something, and the hacker figured it out. I must ask about that.

That's what has me puzzled as well. I reckon that if the API key would've been predictable from some feature of your account (email, username, something like that) more people would have been duped. It's really weird that it happened to you and a few minor other cases (as can be seen in that outlier graph).

If API is disabled and two step verification is enabled, do you think that your balance would have been safe? I just started using two step verification and i am not sure if there is known cases of google auth failing with security yet.

Why the attacker didn't withdraw coins I don't know. If you have the api key it is perfectly possible, unless the user has activated the sms confirmation feature. I hadn't done that I must admit (because I will emigrate soon and won't have my number anymore), but even the site admin thought I had...

But if you as an attacker don't know if the sms confirmation is enabled or not, the surest way to get the money without setting off any alarms would be to buy them cheap. The thing is that bitcoin-24 is mainly a Euro market. The dollar market hardly used at all and is very illiquid. In my case he managed to buy 75% of my coins for $0.14, which is not bad for him.

But how do you crack an api key made up of 32 random characters? You can't do offline cracking either. You would need to do a huge number of api calls and that doesn't seem feasible to me.

My advice to users is to disable the api key for now. If you do that I think you are safe. I wish the exchange would make an official statement warning about it.


Yes, you are absolutely right.

Happy to hear part of your coins are back. Please let us know if you get them back in full or not.

Bitcoin-24 for me has been of immense value. I am simply shocked that he offers an exchange with NO charges for trades. And even for sending and withdrawing euro's the charges are ridiculous at 1€ per sepa transfer no matter what amount. This business model of free trading benefits the users immensely, all at a great cost to him! He does receive donations but those are nothing compared to say a 1% fee on trades or withdrawals. Those donations cannot cover the huge expenses it would take to have decent customer support.
 
Ofcourse if you lose hundreds of coins via fraud, I understand the balance is turned negative. So my sympathies for that.


Sometimes euro sepa transfer to and from the exchange go very fast, like 1-2 days, but mostly it takes 3-5 days. And it has happened to me that a fiat withdrawal simply did not arrive after 2 weeks, also no reply to my customer support tickets and emails. So I had to hunt him down on the chat and even irc, something I didn't even know. Finally he got back and indeed, something had gone wrong and the fiat withdrawal hadn't even processed and he explained what had gone wrong with the bank and website system and initiated it correctly. Frustratingly I also asked to cancel the withdrawal since I changed my mind in the meantime but, again due to lack of support, he missed that and processed it anyway. He did apologize and took responsibility for what had gone wrong and even added a feature to the website that allows to cancel euro sepa withdrawals which I like very much.

So I'm happy in the end but I was very worried and frustrated for a while.


I think we as users have a choice here. It's obvious that he needs to make more money from this exchange so he can hire people for support. I would love that the website remains free so my request is, please donate! We have a real gem here that could change the whole exchange business model from very expensive and unavoidable (% fee) to very cheap and voluntary (donations).

That's great that they have been partially restored, it shows that the owner is serious about the site, it'd be quite painful to restore any amount due to hacking, surely. I hope you get the rest back, as for the security of the site, i am sure it will only get better. The web site is quite amazing considering its made by one dev. Good luck!

An attacker would withdraw your coins they wouldn't sell them. Sounds like they cracked the api and are trying to figure out how to withdraw coins, trial and error but are selling them instead. Change your passwords, enable 2FA and disable api if it lets you in settings. LR accounts get fleeced all the time by cracking api passwords which is why it's disabled by default now.

No, I will never use mtgox

Of course I shouldn't have had that much money in the exchange but the incredible price increase makes you forget the actual value...

Anyway, I have received a response from support where it is confirmed that the same thing happened to three other users and that my bitcoins have been partially restored awaiting more thorough investigation. This is good news but the question remains, how could this have happened?

I would love to hear from any of the other victims.

What's especially sad is that the thief seems to have gotten away with the loot. If the admin had acted as soon as he saw the problem that might have been prevented.

Well as far as I understand he is a one man band, which would make me very uneasy holding large amounts on the site. After reading your thread I'm even scared of putting 250 euros on it TBH.

However, it's a great site. The guys is obviously a very talented dev, now what he needs is a team around him, business dev, a security system administrator, etc... he needs a plan on how to raise money from his devoted users so he can afford those things. If I knew him I'd gladly have a brain storm with him to try and help him out but unfortunately I don't ;-)

If you are trading like 500 bit coins you should definitely do it on mtgox, i guess safety is better there? Has to be, right?!

No I don't know exactly what happened in the other cases. But no exchange has a frequency of extreme prices like bitcoin-24 and I do know what happened to me. Before my own issue I didn't think the same way. During the weekend, I caught the end of a discussion in the chat where one guy was complaining about losing money, but I came too late to get exactly what the issue was, and I didn't think much about it until later. Perhaps it is wrong of me to speculate about what actually happened, though.

So far, TAiS46 has seemed a bit careless but friendly and helpful. All issues have been resolved in the end, but some have been quite serious. It was also he who alerted me this time.

The system his runs seems not reliable though.

- trades have been executed without being recorded in the history
- I have been able to buy bitcoins for exactly zero price! (that was changed later)
- my balance once changed by ~400 BTC overnight, and that got resolved by him just changing my balance in the database. That makes the discrepancy between recorded trades and actual balance very big.
- Once I was able to sell 1 BTC for way over market price, because the trading engine allowed for crossing bid and ask (changed after I filed a support ticket)

All this makes me think that he has a very unorganized financial situation. And even good people can do bad things in a difficult situation.

That's frustrating to read! I'm waiting for a SEPA deposit at BTC-24 as well. After the Bitcoin Central debacle I figured I'd settle with a (fairly) big player for safety.. 

"I starting to suspect that TAiS46 is using client funds for his own purposes."

Strangely or not, after waiting for my SEPA deposit sent on 26.03 (still not credited at the time I'm writing) I begun thinking the same. These transfers usually reach the destination account the next business day. Very rarely it could take up to 3 business days. Pretending that you're assaulted with new customers with a ton of new deposits gives you the chance to actually manipulate the funds as you like for more than a week. Such as buying BTC and waiting for the price to raise... what could go wrong?
On top of that, after sending 2 or 3 messages to support through online form (an email can be lost in a spam filter, but a form submission?!?!) without getting any answer, I submit a new form message to support pretending that I will do that every hour until my issue is solved. The answer came in a matter of several hours only, the content would be quite hilarious if my money wouldn't be involved: "what's wrong?
I can't find another massage from you."
Maybe the support person was referring to the missing hourly messages I promised to send?
If my issue will be solved, even with this pretty large delay, I will certainly provide updates here.

Searching for bitcoin-24 scam only shows this topic; can you show us the examples of the other scams? J/w because I use the site and do not want to lose my pitiful amount of bitcoins.