Pages:
Author

Topic: bitmarket.eu (Read 4997 times)

newbie
Activity: 11
Merit: 0
January 16, 2013, 05:44:33 PM
#68

 I transfered some BTC to Bitmarket.EU 3 h ago but nothing is there on my account yet... Is this normal ?
Normally... no - it would be available to use on the site from the 3rd confirmation.

Today... yes - this topic has reports from other people who've not had their accounts credited and/or who are unable to withdraw coins: https://bitcointalk.org/index.php?topic=5441.660
member
Activity: 91
Merit: 10
January 15, 2013, 01:49:10 PM
#67

 I transfered some BTC to Bitmarket.EU 3 h ago but nothing is there on my account yet... Is this normal ?
legendary
Activity: 1526
Merit: 1001
October 10, 2012, 05:05:41 PM
#66
Taking a 0.5% fee would be my next suggestion. I wouldn't prefer it though. A trust fund cannot be big enough to protect against all the potential losses. No use attacking bitmarket now, if you haven't been victim of a hack-attack yet, you just haven't been targeted. Bitmarket was probably lucky for so many months because it wasn't as big as other services. And if they took 0.5% why would I still prefer it over bitcoin.de? Anyway, I'm certain I will trust it again. Will just let a little time pass now.
legendary
Activity: 1754
Merit: 1007
October 10, 2012, 03:19:53 PM
#65
I am disappointed in the Bitmarket service. Service does not give us any guarantees for our deposity. Why do you require a deposit of our bitcoins to you if you do not have the normal protection of our resources and you do not have a guarantee fund?
I think you service have no future . it's not serious.

P.S. you should collect a 0.5% fee from each confirmed sell order to prevent future losses. And build guarantee fund, or do not ask for BTC deposits from customers.
sr. member
Activity: 520
Merit: 253
555
October 10, 2012, 02:10:23 PM
#64
It is not ruled out that security has been breached but until such has not been established, it makes no sense to blame the admin.

I think it would be fair that neither side blames the other, until we know what happened. I don't like the way the admin blames people's password policies, while we know that even those with good passwords were attacked.

BTW, if I am being keylogged, why do I have any money left on my local machines?
legendary
Activity: 1526
Merit: 1001
October 10, 2012, 01:45:01 PM
#63
I donated 0,25 BTC for the cause. Maybe will add to that later. If you did so too, how about announcing it here? I know it isn't much, but if one hundred people donated 0,91 BTC half of the lost money could be refunded!
newbie
Activity: 6
Merit: 0
October 10, 2012, 09:02:03 AM
#62
OK, thanks... ;( At least I know now there is no hope... ;(
hero member
Activity: 607
Merit: 500
October 10, 2012, 08:56:07 AM
#61
I immediately put all withdrawals on hold, even small ones, banned him and then disabled the site. So after that he couldn't do any more damage, but he still managed to withdraw aforementioned 182 BTC to his private BTC address.

I hope this explains it all.
OK, so since I notified you less than 10 minutes from the sale, does this mean that you have been able to stop him from withdrawing my 15 BTC? As far as I know it takes at least an hour to get a few confirmations and be able to get the coins...

No. The minute your Bitcoin client announces a trade, you can't revert it. Just a minute after this it has already propagated throughout the network and other Bitcoin nodes acknowledge it. The "one hour" thing is a Bitcoin security measure for other Bitcoin clients to ensure that your "announcement" wasn't forged, i.e. that the coins you claim that you're spending really belong to you.

15 BTC is not a lot, but it's not a small amount either, I understand you. I've spent around 15 BTC (in my currency though) to buy my first SSD drive few weeks ago. Believe me, if there was anything I could do to stop or revert this, I would have done it.
newbie
Activity: 6
Merit: 0
October 10, 2012, 07:36:02 AM
#60
I immediately put all withdrawals on hold, even small ones, banned him and then disabled the site. So after that he couldn't do any more damage, but he still managed to withdraw aforementioned 182 BTC to his private BTC address.

I hope this explains it all.
OK, so since I notified you less than 10 minutes from the sale, does this mean that you have been able to stop him from withdrawing my 15 BTC? As far as I know it takes at least an hour to get a few confirmations and be able to get the coins... Would you please care to explain if I can hope to get my coins back or no? I was really counting on this money - for most of the users here 150 euro is probably not a whole lot, but in my country this is more than a minimum wage and a little over half of my monthly income. Sad
hero member
Activity: 607
Merit: 500
October 10, 2012, 07:29:44 AM
#59
@Auris: I did my best to explain the situation in the official Bitmarket thread. If you want more details:

- First hack happened on 5th october. Two accounts were involved then. While it didn't alarm me much (from time to time these kind of things happened because people were careless with their passwords), I did set up a withdrawal hold feature. It worked like this: when you withdrawed more than 5 BTC from your account, it would hold it until I accepted it manually.
- Yesterday (9th october), presumably same hacker struck for the second time. This time, he accessed a bunch more accounts (around 15). Everytime he got something in his fraudulent account (CoonBreakair, jlcducky and probably hellonona) he would withdraw it immediately to his private BTC address. First, he tried to withdraw larger sums of BTC, which were held by the mechanism described above. These were returned to their respective owners. Then he probably noticed what's wrong and began to withdraw smaller sums, like 1-5 BTCs at time, which ultimately allowed him to drain ~182 BTC, until I was alarmed by users and stopped him. I immediately put all withdrawals on hold, even small ones, banned him and then disabled the site. So after that he couldn't do any more damage, but he still managed to withdraw aforementioned 182 BTC to his private BTC address.

I hope this explains it all.

Edit:

Quote
there are people, having unique, strong, cryptographically generated passwords, that have not been used anywhere else and still got ripped off.

Few members affected had not-reused passwords, majority acknowledged that they reused their login details elsewere (Mt. Gox, Intersango, among others). So while it's puzzling how passwords of these two members were cracked, it could be just about anything. One of these members has changed his password and few hours later attacker accessed his account again! It looks like a classic trojan/keylogger attack if you ask me.
newbie
Activity: 6
Merit: 0
October 10, 2012, 07:26:32 AM
#58
Even if security was breached, it is still a free website.
Quote from: BTCurious link=topic=5441.msg1261917#msg1261917
This is a serious issue, I repeat, my password is cryptographically generated and not used anywhere else, and not typed in on a keyboard either.
We have put our trust into the website and the administration, running this site. As it turns out, there are people, having unique, strong, cryptographically generated passwords, that have not been used anywhere else and still got ripped off. This is a significant indication that the breach occurred on Bitmarket.eu and not elswhere! And talks like this, that it's a free site and you are on your own would only make those who lost coins more paranoid and also cause other users of the service to start thinking if this is not an inside job and if their money is safe! Does this mean that if I open a service like this, which is free, I can rip you off of your coins, because my service was free? Does it mean that the people running the site can just close it down with everybody's coins in there and split...? ('cause withdrawals have been halted, remember?)
legendary
Activity: 3122
Merit: 1538
yes
October 10, 2012, 06:46:26 AM
#57
The deciding factor for blaming an admin is: facts

It is not ruled out that security has been breached but until such has not been established, it makes no sense to blame the admin. Even if security was breached, it is still a free website. I use it occassionally and at my own risk. It is basically the same premise as with Bitcoin: you are on your own.

For those not affected, it is a great moment to reconsider your password strategy.
newbie
Activity: 6
Merit: 0
October 10, 2012, 06:08:09 AM
#56
I believe the world is a bad, bad place and if you have your password stolen, not due to security breaches of Bitmarket.eu, you should consider your online password strategy instead of demanding payback for a site that costs you nothing to use.

If you don't want to lose it, keep it save. This is Bitcoin, remember?
I believe that if there has been a halt, like the admin said, my coins should not have left the Bitmarket.eu, therefore I should at least get a note when will I receive them. If my coins have been halted and are not returned to me, then who has them...? Doesn't this lead to conclusions, that are not in favour of the site and administration...? If coins have been stolen 3 days earlier and no measures have been taken to prevent those future thefts, doesn't this again lead you to conclusions that are not in favour of the site and its administration? Not only that, but it also implies, that they MIGHT be involved too... Don't get me wrong - I am not saying they are, but if they haven't taken the measures necessary, or if they are not returning coins that they know that have been stolen and they claim they have been halted, this is just what it looks like...  Sad


P.S. I just hope it all turns out for the best and we can all gain our trust in the site back again and go back to normal! I have been trading only on Bitmarket.eu eversince I stirted mining and I don't want to shift to another place Sad
legendary
Activity: 3122
Merit: 1538
yes
October 10, 2012, 05:49:30 AM
#55
I also believe that this makes it his fault too and he needs to reply to those concerned what is going on with their coins, otherwise people will lose trust in BitMarket.eu, which is irreversible!

I believe the world is a bad, bad place and if you have your password stolen, not due to security breaches of Bitmarket.eu, you should consider your online password strategy instead of demanding payback for a site that costs you nothing to use.



If you don't want to lose it, keep it save. This is Bitcoin, remember?
newbie
Activity: 6
Merit: 0
October 10, 2012, 05:10:58 AM
#54
I believe having the same password for more than one money related website is more than careless. Therefore, as a user, honestly I don't think you would have a right to claim your money back really. You were not careful with the one most important thing concerning bitcoins: password security.

However, in the other thread I have made a plead for Bitmarket to open a donation account and ask every user (have some info on this on the webpage as well) to voluntarily send some bitcents or bitcoins to it in order to at least partly compensate those users affected. If someone stole from me, I would be super glad to receive whatever tiny fraction of the loss I could get back. Actually, I know how it feels since I lost a lot of coins at Bitcoinicascamgo.

And I believe that having the same password is not the issue (I had a strong password), since none of my other accounts were cracked (if they were, this guy would have had a lot more to take than my 15 BTC). No, the only account hacked was the one on Bitmarket.eu.

I also believe that the measures taken by the admin were too late - there have been breaches on the 6th of this month and not only hasn't he taken the measures he took now - confirming transactions from your e-mail, not just the marketplace, resetting the passwords and so on, but he also never put a warning on the website, like they did on MtGox last year, when they got hacked. If he had put a message just after the first hack attacks, many people's coins would not have been stolen!

I also believe that resetting all passwords right after the first stolen coins would have been a lot smaller inconvenience to anyone than losing their hard-earned bitcoins!

I also believe that this makes it his fault too and he needs to reply to those concerned what is going on with their coins, otherwise people will lose trust in BitMarket.eu, which is irreversible!
legendary
Activity: 1526
Merit: 1001
October 09, 2012, 05:02:00 PM
#53
I believe having the same password for more than one money related website is more than careless. Therefore, as a user, honestly I don't think you would have a right to claim your money back really. You were not careful with the one most important thing concerning bitcoins: password security.

However, in the other thread I have made a plead for Bitmarket to open a donation account and ask every user (have some info on this on the webpage as well) to voluntarily send some bitcents or bitcoins to it in order to at least partly compensate those users affected. If someone stole from me, I would be super glad to receive whatever tiny fraction of the loss I could get back. Actually, I know how it feels since I lost a lot of coins at Bitcoinicascamgo.
full member
Activity: 123
Merit: 100
October 09, 2012, 04:17:46 PM
#52
You were able to get in touch with your buyer of bitcoin? I was able to get in touch with my buyer. He told me not to have understood why transfers it had so quickly been validated. I explained him the validation of the transaction without my authorization.
In his e-mail he announced me to have proceeded to the sending of the payment under 3 days.
The pirate did not make the offer of sale for me. The offer of sale was mine, the pirate has or bought and validated the transaction or he is just made the validation of the transaction.

This is buyer of good time either does he play with me?
Do I have to deal with the pirate either with the fair buyer?
In my case it is not about the buyer CoonBreakair but of jlcducky.

Thank you
legendary
Activity: 1754
Merit: 1007
October 09, 2012, 03:08:31 PM
#51
Withdrawals are halted, so there is no way to get funds out of bitmarket now.
The attacker used TOR (anonymous) network, so even though I have the IPs, their not traceable. Only a few users were affected, since most people have unique passwords for their accounts.

Unfortunately there isn't a way to get the coins back, because attacker managed to withdraw them before I was notified about this. The withdrawal lock is in place to secure any further frauds, because I have no way to know if anyone's else account is compromised. I could force a password reset on everyone, but that would be highly annoying to everyone that have good password practices.

So, since coins are blocked in Bitmarket and there is a withdrawal lock, does this mean I will get my 15.047xxxx BTC back?

I was logged in Bitmarket today and my coins were there (I had canceled my offers yesterday). I was just about to place a new offer but I decided to withdraw the bitcoins from Slush's pool. Logged on to Slush and this is when I got an email (I receive all e-mails on my smart phone as soon as they arrive - thank God and Google for push functionality). By the time I go back to BitMarket's account, coins were gone and transaction confirmed and even my country of residence was changed from Bulgaria to Bahamas. The same user who stole your coins stole mine! I e-mailed the Bitmarket Admin right away and he responded within 30 minutes. I have been using the same password for Deepbit, Slush pool, Paypal and my Gmail - had no issues with any of them, even though it would have been even more painful! Of course, all of them are now changed.

M4v3R, please tell me our coins are safe and have not left Bitmarket and will be returned to us, otherwise this would be a huge disappointment not only for me and would lead to loss of trust and customers. Everyone needs to feel safe and secure where he trades and spend/receive money.

+1, whant to know too
newbie
Activity: 6
Merit: 0
October 09, 2012, 02:59:41 PM
#50
Withdrawals are halted, so there is no way to get funds out of bitmarket now.
The attacker used TOR (anonymous) network, so even though I have the IPs, their not traceable. Only a few users were affected, since most people have unique passwords for their accounts.

Unfortunately there isn't a way to get the coins back, because attacker managed to withdraw them before I was notified about this. The withdrawal lock is in place to secure any further frauds, because I have no way to know if anyone's else account is compromised. I could force a password reset on everyone, but that would be highly annoying to everyone that have good password practices.

So, since coins are blocked in Bitmarket and there is a withdrawal lock, does this mean I will get my 15.047xxxx BTC back?

I was logged in Bitmarket today and my coins were there (I had canceled my offers yesterday). I was just about to place a new offer but I decided to withdraw the bitcoins from Slush's pool. Logged on to Slush and this is when I got an email (I receive all e-mails on my smart phone as soon as they arrive - thank God and Google for push functionality). By the time I go back to BitMarket's account, coins were gone and transaction confirmed and even my country of residence was changed from Bulgaria to Bahamas. The same user who stole your coins stole mine! I e-mailed the Bitmarket Admin right away and he responded within 30 minutes. I have been using the same password for Deepbit, Slush pool, Paypal and my Gmail - had no issues with any of them, even though it would have been even more painful! Of course, all of them are now changed.

M4v3R, please tell me our coins are safe and have not left Bitmarket and will be returned to us, otherwise this would be a huge disappointment not only for me and would lead to loss of trust and customers. Everyone needs to feel safe and secure where he trades and spend/receive money.
legendary
Activity: 1754
Merit: 1007
October 09, 2012, 01:46:08 PM
#49
On Friday, October 5th at 0:53 am my offer of sale of 10 btc was accepted by a buyer and at night the confirmation of purchase was confirmed without my authorization. I had made the day before  on Thursday, October 04th the offer of sale. I do not know which and how this transaction was validated !

My password was unique and I have no account on mtgox.

welcome in club...
Pages:
Jump to: