Author

Topic: Bitcoins stolen from bitcoin.de. (Read 4519 times)

legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
December 13, 2012, 04:02:49 PM
#18
Please stop it. I already said I sent them there to sell them, not for "safe keeping".

Ok, I understand, please remove the baseless accusation from the OP
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
December 11, 2012, 07:27:06 PM
#17
Please stop it. I already said I sent them there to sell them, not for "safe keeping".
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
December 11, 2012, 05:39:34 PM
#16
I didn't bought them there.

Worse, please don't tell you bought them on an exchange that had 2fa auth and you send them for safe keeping on bitcoin.de
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
December 11, 2012, 05:23:44 PM
#15
I didn't bought them there.
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
December 11, 2012, 05:19:39 PM
#14
I don't "keep" them, I'm trading all the time, I send bitcoins there because I want to sell them (duh!). You should not worry about MIUI reputation, bitcoin.de is the culprit for not having two-factor.

https://i.imgur.com/HWniq.png
https://i.imgur.com/RmauP.png

I hope this serves you as a lesson and never leave the bitcoins on the same exchange you bought them.
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
December 11, 2012, 04:55:54 PM
#13
I don't "keep" them, I'm trading all the time, I send bitcoins there because I want to sell them (duh!). You should not worry about MIUI reputation, bitcoin.de is the culprit for not having two-factor.

https://i.imgur.com/HWniq.png
https://i.imgur.com/RmauP.png
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
December 11, 2012, 04:40:12 PM
#12
  • It's the weakest point in all my security. I'm basically trusting all MIUI (and MIUI.es) devs.
  • Spanish MIUI users are much fewer than the rest.
  • All strange IPs came from spanish speaking countries.

So based on your assumption that you did nothing wrong, bitcoin.de owners haven't either and you have the best guarded password in the world the only weak link was your mobile phone, hence the Spanish MIUI dev community. Basically you started throwing shit at whoever you had closer.

Now it comes, why did you kept almost 800 EUR on an exchange that doesn't even provide 2fa auth? Your edit on reddit and 15 years working in network security tell me that you know what it is and how it works, so how did you left so much money in there knowing from the beginning it was only guarded by a simple password?

Do you have any screenshoots of your bitcoin.de account history?
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
December 11, 2012, 04:30:08 PM
#11
  • It's the weakest point in all my security. I'm basically trusting all MIUI (and MIUI.es) devs.
  • Spanish MIUI users are much fewer than the rest.
  • All strange IPs came from spanish speaking countries.
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
December 11, 2012, 04:20:55 PM
#10
I don't care if no one believe me, that's my opinion after all. For me is just enough proof to never trust a custom build for something so big (as an entire OS) from a little known source.

You keep stirring the shit and avoid answering my question.

Again, how did you linked the "robbery" from bitcoin.de and password saving with the Spanish MIUI community?
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
December 11, 2012, 04:17:29 PM
#9
I don't care if no one believe me, that's my opinion after all. For me is just enough proof to never trust a custom build for something so big (as an entire OS) from a little known source.
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
December 11, 2012, 04:12:38 PM
#8
How you can be so sure that it wasn't a MIUI "cooker"?

I was asking you the same question but you didn't answer, how can you acuse a ROM "cooker" to be person that robbed you? You have any proof to back that up?

You now say maybe is a Flash issue and continue to have the accusation posted. I don't understand what you're trying to achieve here.
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
December 11, 2012, 04:08:39 PM
#7
How you can be so sure that it wasn't a MIUI "cooker"?
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
December 11, 2012, 03:55:43 PM
#6
That's the only plausible explanation, other than this hole in flash.

Please remove the accusation form OP and reddit
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
December 11, 2012, 03:53:20 PM
#5
That's the only plausible explanation, other than this hole in flash.
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
December 11, 2012, 03:45:32 PM
#4
As I already asked you, what made you think you we're robbed by one of the MIUI Spain team members? How, over the mobile phone?
 Please explain.

Also I don't understand what you're trying to achieve by accusing the Spanish MIUI team http://miui.es/index.php/topic,5028 and also posting it on reddit http://www.reddit.com/r/Bitcoin/comments/14ofz5/bitcoins_stolen_from_bitcoinde/
legendary
Activity: 2506
Merit: 1010
December 11, 2012, 03:03:58 PM
#3
It's soo easy to use free password encryption software on your pc or phone (like keepass for example)..

That still doesn't protect against a replay attack.

Someone has logged in from the ip 186.145.27.170 and sent all my coins

Yup, a lot of that going on.  

MtGox account got cleared out
 - https://bitcointalksearch.org/topic/mtgox-account-got-cleared-out-85533

All BTC disappeared from my Mt. Gox account
 - https://bitcointalksearch.org/topic/all-btc-disappeared-from-my-mt-gox-account-88368

Another:
 - https://bitcointalksearch.org/topic/m.941759

And another: My mtgox account got compromised, what can I do?
 - https://bitcointalksearch.org/topic/my-mtgox-account-got-compromised-what-can-i-do-84585

Yet more: MT.Gox account hacked - lost 2k USD - MT.GOX will not explain how.
 - https://bitcointalksearch.org/topic/mtgox-account-hacked-lost-2k-usd-mtgox-will-not-explain-how-89142

And more again: Bitcoins stolen from MtGox
 - http://www.reddit.com/r/Bitcoin/comments/x8lcv/bitcoins_stolen_from_mtgox

And yet more: Stolen from Mt.Gox coins. Help return the coins.
 - https://bitcointalksearch.org/topic/stolen-from-mtgox-coins-help-return-the-coins-119816

Or more here: Email from Mt.Gox this morning.
 - http://www.reddit.com/r/Bitcoin/comments/z0na5/email_from_mtgox_this_morning

And even more here: I just had $715 stolen out of my Mt. Gox account.
 - http://www.reddit.com/r/Bitcoin/comments/12j9gi/i_just_had_715_stolen_out_of_my_mt_gox_account

And the biggie: Bitcoinica MtGox account compromised
 - https://bitcointalksearch.org/topic/bitcoinica-mtgox-account-compromised-93074

With more here: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
 - https://bitcointalksearch.org/topic/unauthorized-account-activity-on-my-mtgox-account-account-compromisedhacked-94140

And on other services as well. Here same thing happened to some GLBSE users:
 - https://bitcointalksearch.org/topic/i-suspect-gpumax-was-compromised-and-passwords-stolen-84893

And elsewhere, BitMarket.eu in this instance:
 - https://bitcointalksearch.org/topic/m.1259168

And now on bitcoin.de as well: Bitcoins stolen from bitcoin.de.
 - https://bitcointalksearch.org/topic/bitcoins-stolen-from-bitcoinde-130264

In none of these was the person using multi-factor authentication. Mt. Gox has had Yubikey support for a while. Mt. Gox accounts now support Google Authenticator:
 - https://mtgox.com/press_release_20120605.html

If the exchange you are storing funds with doesn't provide OTP, consider using a different exchange:
 - http://bitcoin.stackexchange.com/questions/4113/which-two-factor-authentication-methods-are-available-at-which-exchanges

If you are storing funds in an EWallet, consider using a paper wallet.

Here is a fantastic guide: How to use 2-factor auth on mtgox, even without a smartphone (from a second device, of course, not from the same computer you log in on).
 - https://bitcointalksearch.org/topic/how-to-use-2-factor-auth-on-mtgox-even-without-a-smartphone-111943
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
December 11, 2012, 03:01:50 PM
#2
Sorry to hear of your loss.

Thus far, I have never heard of anyone who stored their bitcoins on a paper wallet and had them stolen.  Please use paper wallets.
full member
Activity: 156
Merit: 100
Firstbits: 1dithi
December 11, 2012, 02:19:37 PM
#1
Someone has logged in from the ip 186.145.27.170 and sent all my coins (76.10BTC) to 14nKZU5S2BkLXStnmuF9hcaWMZyyUBc4ea. Also requested to buy 44.6BTC from user miernik (I doubt it's him, I've dealt with him before, has a lot of reviews and it would be silly).

I'm from Spain and the ip is from Bogotá, Columbia. I don't know anybody there.

I don't use the password anywhere else (>30 characters), I don't use the account from another PC and I use Linux since 2001, so I know my stuff. I suspect the site has a security hole.

Please help. It's not a lot of money but it's all I have...

http://www.reddit.com/r/Bitcoin/comments/14ofz5/bitcoins_stolen_from_bitcoinde/

edit: Also someone accesed from 190.19.179.211 (Argentina, it seems)

edit 2: I just noticed the password is saved in my phone's browser. Guys, never do that. Also, I think someone in the Spanish translation of MIUI is probably the thief.

edit 3: I overreacted in the MIUI.es forums, but I realized there are too many attack vectors in my phone and I don't have proof. Also, I disabled Flash as it's the software I haven't kept updated in my PC.
Jump to: