Author

Topic: Bitcoin.de account hijacked.Froud trades made. (Read 1187 times)

newbie
Activity: 55
Merit: 0
You better try www.multisigna.com

We never own your fiat money, nor your bitcoins
newbie
Activity: 11
Merit: 0
Yesterday i registered in bitcoin.de for the first time.Sent some bitcoins and when returned home i found 1 withdrawal and 3 trades that i have not done myself.
The withdrawal was made and the 15coins(daily limit) are already in the blockchain.
http://blockexplorer.com/address/19fWBZ4B3qT8ZVdJGUrALr1zEYXMPHwcAa

Now there is an alert on the site that this happened with several accounts:
"Important: Last night (04/16 to 04/17) someone used the "Password reset" function on bitcoin.de for a few accounts. As of now our investigation shows that password reset requests were only used with accounts that did not have OTP (two factor authentication) activated. Additionally we're checking whether the email addresses of these accounts are to be found in the 2011 leaked user database of another bitcoin exchange. To make it clear: Bitcoin.de was NOT compromised! At the time of this writing it seems that email accounts of bitcoin.de users were compromised so that a third person having access to these email accounts was able to initiate a password reset request on bitcoin.de and then access the email we sent to the users email account. Our security system kicked in and prevented the transfer of then requested bitcoin withdrawals in part. We will check all bitcoin withdrawal requests manually now. We strongly recommend all Bitcoin.de users to activate the two factor authentication (OTP) in their accounts and to only access their accounts from trusted devices. This is the only way that an attacker that gains access to your email account can't withdraw BTC from your bitcoin.de account."

Someone associated a Liberty Reserve account that is not mine(i never used them) made 2 offers x17 coins  way above market price witch were immediately fulfilled and confirmed as payment received from my account.Witch leads me to believe that the buyers accounts are also controlled by the hijacker.
There was also another trade for 60 bitcoins that was made and then canceled by them witch was for SEPA transfer from "Christian Martin".His IBAN was also present.One of the two accounts who bough the other bitcoins with Liberty Reserve has also the name "martin1234"
The ip with witch he logged is: one time 62.152.15.246   during witch nothing was made and then 4 times with 212.117.162.222

I was able to access my account after all this happened.
This morning after seeing the alert i successfully logged again in my account but half an hour later i was unable anymore.Tried password reset witch didn't help and some minutes after that the password reset page was removed from the site.

Has anyone had similar experience yesterday?
What can i expect?
Can these Lybery reserve trades be reversed and my coins returned?

I had contacted several times bitcoin.de trying to explain everything i noticed.Still don't have an answer and now my account is not accessible with 50 coins inside.It says "Login name and/or password are incorrect!" even after the fresh password reset i made before the reset page was removed.
I also contacted Liberty Reserve with the account number to witch the transfers was supposed to be made but i don't know what they can do.
Jump to: