Pages:
Author

Topic: Bitmain Hacked - Change all your gambling site passwords (Read 2160 times)

member
Activity: 84
Merit: 12
Block Hunting
Its becoming more prevalent these days for 2fa to be hacked possibly by Social engineering or by way of malware or dodgy apps from playstore.


https://www.wired.com/2017/05/security-news-week-hackers-beat-two-factor-authentication-rob-bank-accounts/

https://www.theregister.co.uk/2017/06/26/parliament_email_hack/

hero member
Activity: 2996
Merit: 609
I never got email from bitmain about this. Yesterday I got an email saying there is an unusual activity on my account. I checked the website and saw that my 2FA is not working and was not able to login. I checked it from my smartphone app and I see that all my 'hash' is sold and there are thousands of transaction on my account. What is the point of having 2FA if someone can login just with stolen passwords? Who the hell stores encrypted passwords anyway?

I have contacted support but they haven't replied so far. Please help... I had 5 BTC worth of hash-power rented from them. There has to be a way I can hold them accountable.

Yes you can they should reimbese any losses if you had 2FA active and its been turned off by someone and they were hacked they have a responsibility to deal with it and cover any losses that are accumulted by the customer.  They should be able to look at the IP that logged in and see that it not the same as your one also they might have a browser user agent logger that would show if it was the same browser that was used.

Bitmain did not contact me regarding this either I found out via a forum post about it.

Message them and make them aware that your account has been compromised and your 2fa was also effected..  

I also agree why would such a company store un-encryped passwords in there database?  They should be hashing them and and salt.  Totaly unacceptable behaviour from a company of this scale.


Its odd that 2fa has been affected and the hacker did able to bypassed on that one and sold off the contracts.I cant think off that someone do have the skills on doing this knowing that 2fa is one of the hardest layers when it comes on 2nd attempts on logging in.Hackers would normally not use their own ip address on logging in.They are not dumb as we think.

I was only noting that is the OP had logged in from his own IP many times they possibly have a record of the last logged in could also show it was infact compromised..

We alll know hackers use VPN - Socks5 - Tor - SSH to do there nasty work.  

I also agree 2fa is rather a strange one if it was active then suddenly not active but bitmain should have a log of when and how it was switched off.
All of this thing would really depend on bitmain since they do have all the logs regarding on the access of such account same as you said. This thing boggling my mind how 2fa has been off.
It is quiet alarming specially on having big amounts stored or purchased contracts but nothing to be worried as long your password is unique and not a common one but also 2fa is always been suggested on any accounts we do have.
member
Activity: 84
Merit: 12
Block Hunting
I never got email from bitmain about this. Yesterday I got an email saying there is an unusual activity on my account. I checked the website and saw that my 2FA is not working and was not able to login. I checked it from my smartphone app and I see that all my 'hash' is sold and there are thousands of transaction on my account. What is the point of having 2FA if someone can login just with stolen passwords? Who the hell stores encrypted passwords anyway?

I have contacted support but they haven't replied so far. Please help... I had 5 BTC worth of hash-power rented from them. There has to be a way I can hold them accountable.

Yes you can they should reimbese any losses if you had 2FA active and its been turned off by someone and they were hacked they have a responsibility to deal with it and cover any losses that are accumulted by the customer.  They should be able to look at the IP that logged in and see that it not the same as your one also they might have a browser user agent logger that would show if it was the same browser that was used.

Bitmain did not contact me regarding this either I found out via a forum post about it.

Message them and make them aware that your account has been compromised and your 2fa was also effected..  

I also agree why would such a company store un-encryped passwords in there database?  They should be hashing them and and salt.  Totaly unacceptable behaviour from a company of this scale.


Its odd that 2fa has been affected and the hacker did able to bypassed on that one and sold off the contracts.I cant think off that someone do have the skills on doing this knowing that 2fa is one of the hardest layers when it comes on 2nd attempts on logging in.Hackers would normally not use their own ip address on logging in.They are not dumb as we think.

I was only noting that is the OP had logged in from his own IP many times they possibly have a record of the last logged in could also show it was infact compromised..

We alll know hackers use VPN - Socks5 - Tor - SSH to do there nasty work.  

I also agree 2fa is rather a strange one if it was active then suddenly not active but bitmain should have a log of when and how it was switched off.
hero member
Activity: 2996
Merit: 609
I never got email from bitmain about this. Yesterday I got an email saying there is an unusual activity on my account. I checked the website and saw that my 2FA is not working and was not able to login. I checked it from my smartphone app and I see that all my 'hash' is sold and there are thousands of transaction on my account. What is the point of having 2FA if someone can login just with stolen passwords? Who the hell stores encrypted passwords anyway?

I have contacted support but they haven't replied so far. Please help... I had 5 BTC worth of hash-power rented from them. There has to be a way I can hold them accountable.

Yes you can they should reimbese any losses if you had 2FA active and its been turned off by someone and they were hacked they have a responsibility to deal with it and cover any losses that are accumulted by the customer.  They should be able to look at the IP that logged in and see that it not the same as your one also they might have a browser user agent logger that would show if it was the same browser that was used.

Bitmain did not contact me regarding this either I found out via a forum post about it.

Message them and make them aware that your account has been compromised and your 2fa was also effected.. 

I also agree why would such a company store un-encryped passwords in there database?  They should be hashing them and and salt.  Totaly unacceptable behaviour from a company of this scale.


Its odd that 2fa has been affected and the hacker did able to bypassed on that one and sold off the contracts.I cant think off that someone do have the skills on doing this knowing that 2fa is one of the hardest layers when it comes on 2nd attempts on logging in.Hackers would normally not use their own ip address on logging in.They are not dumb as we think.
member
Activity: 84
Merit: 12
Block Hunting
I never got email from bitmain about this. Yesterday I got an email saying there is an unusual activity on my account. I checked the website and saw that my 2FA is not working and was not able to login. I checked it from my smartphone app and I see that all my 'hash' is sold and there are thousands of transaction on my account. What is the point of having 2FA if someone can login just with stolen passwords? Who the hell stores encrypted passwords anyway?

I have contacted support but they haven't replied so far. Please help... I had 5 BTC worth of hash-power rented from them. There has to be a way I can hold them accountable.

Yes you can they should reimbese any losses if you had 2FA active and its been turned off by someone and they were hacked they have a responsibility to deal with it and cover any losses that are accumulted by the customer.  They should be able to look at the IP that logged in and see that it not the same as your one also they might have a browser user agent logger that would show if it was the same browser that was used.

Bitmain did not contact me regarding this either I found out via a forum post about it.

Message them and make them aware that your account has been compromised and your 2fa was also effected.. 

I also agree why would such a company store un-encryped passwords in there database?  They should be hashing them and and salt.  Totaly unacceptable behaviour from a company of this scale.

newbie
Activity: 5
Merit: 0
I never got email from bitmain about this. Yesterday I got an email saying there is an unusual activity on my account. I checked the website and saw that my 2FA is not working and was not able to login. I checked it from my smartphone app and I see that all my 'hash' is sold and there are thousands of transaction on my account. What is the point of having 2FA if someone can login just with stolen passwords? Who the hell stores encrypted passwords anyway?

I have contacted support but they haven't replied so far. Please help... I had 5 BTC worth of hash-power rented from them. There has to be a way I can hold them accountable.
hero member
Activity: 868
Merit: 535
Apparently Bitmain got hacked a day or so ago and I am getting email alerts from different services and gambling sites that there was attempted unauthorized accesses.

Just like the Bitcointalk hack a few years back, these hackers are trying to gain access to any and all Bitcoin related services like exchanges, wallets and most likely also gambling sites.

So if you used the same password and had no 2FA enabled you are at risk...



Pretty unsecured world we are living in. A lot of databases always get hacked and it's basically unsafe to use your favorite password. It is getting complicated. And when you have a complicated password there is also a risk that user may lose their password because of that. There is a trade off with convenience and security here. There is risk of loss even without anyone attacking because of the password is super hard to remember.
hero member
Activity: 560
Merit: 500
These days none in digital world is safe. Anyone can hack anything with the right knowledge. Cloudbleed was one main event and now its bitmain. How sadful when people misuse of their skills and knowledge.
member
Activity: 84
Merit: 12
Block Hunting
How can we be sure the firmware for the miners on there pages has not been tampered with?

Is there any official announcment regarding checking of the firmware? If hackers have access to the server then who knows what they managed to do before they were stopped.

Can we have a notice letting us know that the miner firmwares were not compromised in the attack!

No idea why you are talking about their firmware. Basically the sites login info and passwords was leaked somehow and people who reused the same passwords on different sites are mostly affected.

I highly doubt that someone hacked their server to change the BIOS firmware for antminers. It would be very difficult to cause any damage that way. People would just reflash the old firmware. People also very rarely update the firmware on their ASICs. Most only upgrade if they are having issues. During that small hacking window there isn't many that would of been doing a firmware flash during that time.

I would have to dissagree.  If you were a hacker and you target a company like bitmain. Are you really going to be happy with a password and email dump?

If they had access to the server (and had time there)  

Who knows what they could of done. It would not be hard to edit a firmware to include something nasty.

Since there is very very limited info out there on this matter I would have to say it would be foolish for bitmain not to check that there have been no code changes to there firmware.  I highley doubt hackers would stop at only stealing some e-mail lists and passwords.

Its happend in the past where firms get hacked. there products get infected via firmware updates or software they sell.  Look at team viewer. they were hacked and ransomware was included in there software.

google..

company hacked firmware effected

You will see 100's of companys that were hacked and there software or firmwares were tampered with.

Yes I agree with you, Bitmain did a very poor job of telling us what exactly they hacked. I am still getting failed login attempts with many of the bitcoin services and gambling sites I am registered with. So this leads me to the conclusion that they were only targetting usernames and passwords and hoping that people reused the same password and no 2FA.

This isnt the first time it happened. Bitcointalk was hacked a few years back and it was the same scenario.

Hacking the firmware to change the pool info is possible but it would only affect the people who downloaded the firmware in the short while that it was hacked.

Either way they really should SHA256 all their firmware and post the hash somewhere on another website or even with their bitcointalk account, so we can be sure that the firmware won't destroy your ASIC.

I have had no response from them regarding the hack and if they are checking there firmware which I think if hackers have had access to the server should be a high on there agenda to check.  Last thing we want is waves of miners going offline or being "destroyed" by some code additions from the hackers.

I also agree they should be more forthcoming with info.

I hope others don't lose too much dew to the this and I hope bitmain start to take security a little more seriosuly.
legendary
Activity: 3808
Merit: 1723
How can we be sure the firmware for the miners on there pages has not been tampered with?

Is there any official announcment regarding checking of the firmware? If hackers have access to the server then who knows what they managed to do before they were stopped.

Can we have a notice letting us know that the miner firmwares were not compromised in the attack!

No idea why you are talking about their firmware. Basically the sites login info and passwords was leaked somehow and people who reused the same passwords on different sites are mostly affected.

I highly doubt that someone hacked their server to change the BIOS firmware for antminers. It would be very difficult to cause any damage that way. People would just reflash the old firmware. People also very rarely update the firmware on their ASICs. Most only upgrade if they are having issues. During that small hacking window there isn't many that would of been doing a firmware flash during that time.

I would have to dissagree.  If you were a hacker and you target a company like bitmain. Are you really going to be happy with a password and email dump?

If they had access to the server (and had time there)  

Who knows what they could of done. It would not be hard to edit a firmware to include something nasty.

Since there is very very limited info out there on this matter I would have to say it would be foolish for bitmain not to check that there have been no code changes to there firmware.  I highley doubt hackers would stop at only stealing some e-mail lists and passwords.

Its happend in the past where firms get hacked. there products get infected via firmware updates or software they sell.  Look at team viewer. they were hacked and ransomware was included in there software.

google..

company hacked firmware effected

You will see 100's of companys that were hacked and there software or firmwares were tampered with.

Yes I agree with you, Bitmain did a very poor job of telling us what exactly they hacked. I am still getting failed login attempts with many of the bitcoin services and gambling sites I am registered with. So this leads me to the conclusion that they were only targetting usernames and passwords and hoping that people reused the same password and no 2FA.

This isnt the first time it happened. Bitcointalk was hacked a few years back and it was the same scenario.

Hacking the firmware to change the pool info is possible but it would only affect the people who downloaded the firmware in the short while that it was hacked.

Either way they really should SHA256 all their firmware and post the hash somewhere on another website or even with their bitcointalk account, so we can be sure that the firmware won't destroy your ASIC.
member
Activity: 84
Merit: 12
Block Hunting
How can we be sure the firmware for the miners on there pages has not been tampered with?

Is there any official announcment regarding checking of the firmware? If hackers have access to the server then who knows what they managed to do before they were stopped.

Can we have a notice letting us know that the miner firmwares were not compromised in the attack!

No idea why you are talking about their firmware. Basically the sites login info and passwords was leaked somehow and people who reused the same passwords on different sites are mostly affected.

I highly doubt that someone hacked their server to change the BIOS firmware for antminers. It would be very difficult to cause any damage that way. People would just reflash the old firmware. People also very rarely update the firmware on their ASICs. Most only upgrade if they are having issues. During that small hacking window there isn't many that would of been doing a firmware flash during that time.

I would have to dissagree.  If you were a hacker and you target a company like bitmain. Are you really going to be happy with a password and email dump?

If they had access to the server (and had time there)  

Who knows what they could of done. It would not be hard to edit a firmware to include something nasty.

Since there is very very limited info out there on this matter I would have to say it would be foolish for bitmain not to check that there have been no code changes to there firmware.  I highley doubt hackers would stop at only stealing some e-mail lists and passwords.

Its happend in the past where firms get hacked. there products get infected via firmware updates or software they sell.  Look at team viewer. they were hacked and ransomware was included in there software.

google..

company hacked firmware effected

You will see 100's of companys that were hacked and there software or firmwares were tampered with.
legendary
Activity: 3808
Merit: 1723
How can we be sure the firmware for the miners on there pages has not been tampered with?

Is there any official announcment regarding checking of the firmware? If hackers have access to the server then who knows what they managed to do before they were stopped.

Can we have a notice letting us know that the miner firmwares were not compromised in the attack!

No idea why you are talking about their firmware. Basically the sites login info and passwords was leaked somehow and people who reused the same passwords on different sites are mostly affected.

I highly doubt that someone hacked their server to change the BIOS firmware for antminers. It would be very difficult to cause any damage that way. People would just reflash the old firmware. People also very rarely update the firmware on their ASICs. Most only upgrade if they are having issues. During that small hacking window there isn't many that would of been doing a firmware flash during that time.
member
Activity: 84
Merit: 12
Block Hunting
How can we be sure the firmware for the miners on there pages has not been tampered with?

Is there any official announcment regarding checking of the firmware? If hackers have access to the server then who knows what they managed to do before they were stopped.

Can we have a notice letting us know that the miner firmwares were not compromised in the attack!
U2
hero member
Activity: 676
Merit: 503
I used to be indecisive, but now I'm not sure...
If you reuse passwords in the bitcoin world and you haven't lost money yet it must be because you accidentally sat on a horse shoe and it got stuck up there.

"Bitmain hacked - smart people unaffected"
sr. member
Activity: 1914
Merit: 328
Best advice to give and a great update to all members concerned but my advice is to change password every month to be safe
Not all gambling sites were hacked; I don’t think it’s possible for them to hack all gambling sites, because there are too many of them.Secondly, one thing I don’t miss when I’m making use of any wallet is to activate 2fa, and I don’t use sites without such security features.
newbie
Activity: 17
Merit: 0
Best advice to give and a great update to all members concerned but my advice is to change password every month to be safe
hero member
Activity: 1694
Merit: 541
With the price of bitcoin moving higher,we are seeing more hacks and if you are sloppy then your accounts will be compromised,never use the same password in any site and the risk is too much and if everyone could follow this simple rule then we do not need to be worried by hearing these hack news.
sr. member
Activity: 658
Merit: 250
Oh that is a big blow but I don't have any account there and also I have activated 2fa in almost all of my important accounts already so hope I will be in safe side  Grin

Quote
Data breach includes user data, including encrypted passwords, email addresses and phone numbers.
If they have strongly encrypted users password when storing in their server than I think hacker might not gain access to user passwords. Am I wrong?

The email and phone number is a big problem. If you use an exchange such as Coinbase or Gemini or CEX, if someone knows your phone number they can get your 2FA if you are using Authy.

With your email AND phone number they can easily reset any password and even reset your Authy.

This is a huge problem
By reset you mean getting all the 2fa codes? that'll happen only when one enables multi-device feature, one can always disable that feature and stay safe from sms/call based authy recovery.

Yes. Go to Authy website and read the FAQs. Its basically for people who have no recovery codes and a way for them to get their account back.

They can easily get it back with EMAIL + PHONE NUMBER. Even if they had no multi device checked off.



Though it defeats the purpose right? What if your email was hacked then they can recover the 2FA for authy then they can hack everything connected to it.
I think the best way is to create a paper backup of the qr code of your 2FAs so that you can securely store them and no one else have access to it but you and
whatever authenticator you use.

I think that the situation has a leakage of 2FA security authentication specially the private key must be preserve or confidential on you wallet. Having proper back-up is really the best option to do, because the accessing is secured and nothing will fear of that hacking will be possible. One thing that phisers online will capable of doing such unrighteous acts is due to location was turned on on your device. Prevent that device location from being turned on, so that you will not in danger of attacks on those hackers freely roaming online. Stay secure and keep all personal keys confidential; most importantly never entertain unknown mails.
hero member
Activity: 756
Merit: 505
Oh that is a big blow but I don't have any account there and also I have activated 2fa in almost all of my important accounts already so hope I will be in safe side  Grin

Quote
Data breach includes user data, including encrypted passwords, email addresses and phone numbers.
If they have strongly encrypted users password when storing in their server than I think hacker might not gain access to user passwords. Am I wrong?

The email and phone number is a big problem. If you use an exchange such as Coinbase or Gemini or CEX, if someone knows your phone number they can get your 2FA if you are using Authy.

With your email AND phone number they can easily reset any password and even reset your Authy.

This is a huge problem
By reset you mean getting all the 2fa codes? that'll happen only when one enables multi-device feature, one can always disable that feature and stay safe from sms/call based authy recovery.

Yes. Go to Authy website and read the FAQs. Its basically for people who have no recovery codes and a way for them to get their account back.

They can easily get it back with EMAIL + PHONE NUMBER. Even if they had no multi device checked off.



Though it defeats the purpose right? What if your email was hacked then they can recover the 2FA for authy then they can hack everything connected to it.
I think the best way is to create a paper backup of the qr code of your 2FAs so that you can securely store them and no one else have access to it but you and
whatever authenticator you use.

The best security still is not just having 2fa but having a secure password. Everybody stop using the same passwords for everything, that is how the hackers are
able to hack accounts. Check out Masterpassword (it's really a generic name, I know, but that is what they chose). It's pretty awesome in my opinion.
hero member
Activity: 896
Merit: 514
Oh that is a big blow but I don't have any account there and also I have activated 2fa in almost all of my important accounts already so hope I will be in safe side  Grin

Quote
Data breach includes user data, including encrypted passwords, email addresses and phone numbers.
If they have strongly encrypted users password when storing in their server than I think hacker might not gain access to user passwords. Am I wrong?

The email and phone number is a big problem. If you use an exchange such as Coinbase or Gemini or CEX, if someone knows your phone number they can get your 2FA if you are using Authy.

With your email AND phone number they can easily reset any password and even reset your Authy.

This is a huge problem
By reset you mean getting all the 2fa codes? that'll happen only when one enables multi-device feature, one can always disable that feature and stay safe from sms/call based authy recovery.

Yes. Go to Authy website and read the FAQs. Its basically for people who have no recovery codes and a way for them to get their account back.

They can easily get it back with EMAIL + PHONE NUMBER. Even if they had no multi device checked off.



Though it defeats the purpose right? What if your email was hacked then they can recover the 2FA for authy then they can hack everything connected to it.
I think the best way is to create a paper backup of the qr code of your 2FAs so that you can securely store them and no one else have access to it but you and
whatever authenticator you use.
Pages:
Jump to: