but they did refund me in the end.. Sorry for your loss OP
Topic: BTC-E Account All Coins Stolen (Read 2243 times)
I've had SEPA withdrawals go missing for months with BTC-e but they did refund me in the end..
Sorry for your loss OP
but they did refund me in the end.. Sorry for your loss OP
Nowadays 2fa is a must, unless you can make sure that your password is only used on BTC-E and no where else.
Fuckin sucks dude, I had about $1,000 worth of btc stolen from me last Christmas 
Felt sick for first few days, hope you manage to get your coin back
Felt sick for first few days, hope you manage to get your coin back
I have been hacked as well.. and all my litecoin went to the same damn address Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
http://bitinfocharts.com/litecoin/address/Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
And btc-e told me that I have confirmed the withdrawal from my email but I've never once have seen anything from
btc-e. I just bought bunch of alt coins including ltc with my btc.
I almost think that this could be an inhouse-job? I never had anything to do with confirming a withdrawal. And
here's the response I've got.
Hello! We are sorry but your money was transferred out from BTC-E. Withdrawal has been confirmed with your mail. #401267130 -166.95923176 LTC Withdrawal LTC to address Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm 14.03.14 04:05:50 yes We can't refund and return your money. We recommend you change your password, e-mail and set 2fa protection. We can provide you IP logs of potential hacker: success login 108.171.80.246 14.03.14 04:02
http://bitinfocharts.com/litecoin/address/Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
And btc-e told me that I have confirmed the withdrawal from my email but I've never once have seen anything from
btc-e. I just bought bunch of alt coins including ltc with my btc.
I almost think that this could be an inhouse-job? I never had anything to do with confirming a withdrawal. And
here's the response I've got.
Hello! We are sorry but your money was transferred out from BTC-E. Withdrawal has been confirmed with your mail. #401267130 -166.95923176 LTC Withdrawal LTC to address Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm 14.03.14 04:05:50 yes We can't refund and return your money. We recommend you change your password, e-mail and set 2fa protection. We can provide you IP logs of potential hacker: success login 108.171.80.246 14.03.14 04:02
Sounds like your email account has been hacked as well.
Do you use the same password, and do you see any suspicious login on your email account?
I have been hacked as well.. and all my litecoin went to the same damn address Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
http://bitinfocharts.com/litecoin/address/Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
And btc-e told me that I have confirmed the withdrawal from my email but I've never once have seen anything from
btc-e. I just bought bunch of alt coins including ltc with my btc.
I almost think that this could be an inhouse-job? I never had anything to do with confirming a withdrawal.
maybe he just deleted the withdrawal email http://bitinfocharts.com/litecoin/address/Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
And btc-e told me that I have confirmed the withdrawal from my email but I've never once have seen anything from
btc-e. I just bought bunch of alt coins including ltc with my btc.
I almost think that this could be an inhouse-job? I never had anything to do with confirming a withdrawal.
I have been hacked as well.. and all my litecoin went to the same damn address Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
http://bitinfocharts.com/litecoin/address/Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
And btc-e told me that I have confirmed the withdrawal from my email but I've never once have seen anything from
btc-e. I just bought bunch of alt coins including ltc with my btc.
I almost think that this could be an inhouse-job? I never had anything to do with confirming a withdrawal. And
here's the response I've got.
Hello! We are sorry but your money was transferred out from BTC-E. Withdrawal has been confirmed with your mail. #401267130 -166.95923176 LTC Withdrawal LTC to address Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm 14.03.14 04:05:50 yes We can't refund and return your money. We recommend you change your password, e-mail and set 2fa protection. We can provide you IP logs of potential hacker: success login 108.171.80.246 14.03.14 04:02
http://bitinfocharts.com/litecoin/address/Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
And btc-e told me that I have confirmed the withdrawal from my email but I've never once have seen anything from
btc-e. I just bought bunch of alt coins including ltc with my btc.
I almost think that this could be an inhouse-job? I never had anything to do with confirming a withdrawal. And
here's the response I've got.
Hello! We are sorry but your money was transferred out from BTC-E. Withdrawal has been confirmed with your mail. #401267130 -166.95923176 LTC Withdrawal LTC to address Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm 14.03.14 04:05:50 yes We can't refund and return your money. We recommend you change your password, e-mail and set 2fa protection. We can provide you IP logs of potential hacker: success login 108.171.80.246 14.03.14 04:02
^^^ May be it will be better, if we seek help from some of the French members of this forum.
all money is just sitting in that wallet. so no transactions to track, other than those incoming.
try to contact his/her service provider:
https://console.online.net/en/assistance/index
Opening time: Monday through Friday from 8:00 a.m. to 8:00 p.m. GMT+0100 (CET) at +33 1 84 13 00 01
Currently: 2014-04-09 20:09 UTC +1
the service provider has a forum as well http://forum.online.net/
furthermore you can report abuse:
https://console.online.net/en/account/abuses/search
Yes, it could be a TOR exit node or a proxy, but until know its uncertain.
dedibox forwards to http://www.online.net/en ; its the service provider I think.
If you check the address on streetview
Of course it could be a spoofed domain, but it doesnt seem so: PING online.net (62.210.16.2) 56(84) bytes of data.
ip range is near;
oh check this: dedibox
Its a dedicated server http://www.online.net/en/dedicated-server/dedibox-scg2 they have various different ones.
If you are lucky they connected directly to the dedibox with their direct ip-address, so online.net would know;
try to contact his/her service provider:
https://console.online.net/en/assistance/index
Opening time: Monday through Friday from 8:00 a.m. to 8:00 p.m. GMT+0100 (CET) at +33 1 84 13 00 01
Currently: 2014-04-09 20:09 UTC +1
the service provider has a forum as well http://forum.online.net/
furthermore you can report abuse:
https://console.online.net/en/account/abuses/search
Yes, it could be a TOR exit node or a proxy, but until know its uncertain.
Quote
what is dedibox
dedibox forwards to http://www.online.net/en ; its the service provider I think.
If you check the address on streetview
Quote
address: 8, rue de la ville l'eveque
address: 75008 Paris
address: France
you will find an office building.address: 75008 Paris
address: France
Of course it could be a spoofed domain, but it doesnt seem so: PING online.net (62.210.16.2) 56(84) bytes of data.
ip range is near;
oh check this: dedibox
Its a dedicated server http://www.online.net/en/dedicated-server/dedibox-scg2 they have various different ones.
If you are lucky they connected directly to the dedibox with their direct ip-address, so online.net would know;
stay tuned, ill try to find out some more 
What is this Dedibox? Tried to Google it. Found nothing.
> whois
% Abuse contact for '62.4.0.0 - 62.4.15.255' is '[email protected]'
inetnum: 62.4.0.0 - 62.4.15.255
netname: DEDIBOX-POOL-IPFO
descr: Pools for Dedibox Customers
country: FR
admin-c: DAaT1-RIPE
tech-c: DAaT1-RIPE
status: LIR-PARTITIONED PA
mnt-by: MNT-TISCALIFR-B2B
mnt-by: ONLINE-NET-MNT
mnt-lower: DEDIBOX-MNT
source: RIPE # Filtered
mnt-domains: ONLINE-NET-MNT
role: Dedibox Admin and Tech Contact
address: 8, rue de la ville l'eveque
address: 75008 Paris
address: France
abuse-mailbox: [email protected]
admin-c: SC14327-RIPE
tech-c: SC14327-RIPE
nic-hdl: DAaT1-RIPE
mnt-by: DEDIBOX-MNT
source: RIPE # Filtered
% Information related to '62.4.0.0/19AS12876'
route: 62.4.0.0/19
descr: Online SAS
descr: Paris, France
origin: AS12876
mnt-by: MNT-TISCALIFR
source: RIPE # Filtered
stay tuned, ill try to find out some more
% Abuse contact for '62.4.0.0 - 62.4.15.255' is '[email protected]'
inetnum: 62.4.0.0 - 62.4.15.255
netname: DEDIBOX-POOL-IPFO
descr: Pools for Dedibox Customers
country: FR
admin-c: DAaT1-RIPE
tech-c: DAaT1-RIPE
status: LIR-PARTITIONED PA
mnt-by: MNT-TISCALIFR-B2B
mnt-by: ONLINE-NET-MNT
mnt-lower: DEDIBOX-MNT
source: RIPE # Filtered
mnt-domains: ONLINE-NET-MNT
role: Dedibox Admin and Tech Contact
address: 8, rue de la ville l'eveque
address: 75008 Paris
address: France
abuse-mailbox: [email protected]
admin-c: SC14327-RIPE
tech-c: SC14327-RIPE
nic-hdl: DAaT1-RIPE
mnt-by: DEDIBOX-MNT
source: RIPE # Filtered
% Information related to '62.4.0.0/19AS12876'
route: 62.4.0.0/19
descr: Online SAS
descr: Paris, France
origin: AS12876
mnt-by: MNT-TISCALIFR
source: RIPE # Filtered
stay tuned, ill try to find out some more
It seems OP already received a reply from btc-e, and the site literally replied "can't refund and return your money". (refer to post #15)
OK.. missed that part. But how was the transaction confirmed by email? Was the email hacked too?
So from this we've found that the ip 62.4.8.72 is the malicious one. And they are located somewhere in France near Paris. I'm going to contact the owner of the IP range and do some digging.
I am not sure whether it is one of the TOR exit nodes. Or might be a proxy.
This one says that it is a Dedibox (?) connection.
Sorry to hear your loss.
Send the support tickets as quickly as possible. If it is their fault, then they have to refund you the stolen coins.
It seems OP already received a reply from btc-e, and the site literally replied "can't refund and return your money". (refer to post #15)
Unfortunately I haven't even got round to sending support tickets. But I heard they're pretty slow and a lot of the time don't even reply. We'll see what happens anyway and I'll keep you guys updated. I'm not entirely sure there's anything I can do other than sending BTC-e messages, but if anyone has any other advice I'm be more than grateful to receive it.
Send the support tickets as quickly as possible. If it is their fault, then they have to refund you the stolen coins.
It seems OP already received a reply from btc-e, and the site literally replied "can't refund and return your money". (refer to post #15)
You can try to track down the person and googling the address and search for any single location it's mentioned in (other than here) or if you could a real IP...
Try to email https://support.btc-e.com/ and tweet them https://twitter.com/btcecom in order to find out how it happend. Support page is here https://support.btc-e.com/.
On the blockchain of litecoin you can find +160 LTC
http://explorer.litecoin.net/address/Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
Transcations have never been sent out.
Can you post the detailed email headers? Email-from address is easy to fake.
On the blockchain of litecoin you can find +160 LTC
http://explorer.litecoin.net/address/Lh8Gc1UKR99FsjdWbNEAMmWCo5qUyWZ8Rm
Transcations have never been sent out.
Can you post the detailed email headers? Email-from address is easy to fake.
And they always recommend to use gmail and 2FA to prevent account hacking and always recommend to be careful with address line in your browser. If You will follow this simple rules, everything will be OK.
I have seen people getting robbed even after enabling the 2FA and email verification. Keyloggers were used in such robberies.
sad story and sorry for your loss.. the IP's maybe are not actually the hacker's, possibly a VPN or some sort..
i guess you will no longer get your coins back
i guess you will no longer get your coins back
BTC-e is a good exchange. And they always recommend to use gmail and 2FA to prevent account hacking and always recommend to be careful with address line in your browser. If You will follow this simple rules, everything will be OK.
Unfortunately I haven't even got round to sending support tickets. But I heard they're pretty slow and a lot of the time don't even reply. We'll see what happens anyway and I'll keep you guys updated. I'm not entirely sure there's anything I can do other than sending BTC-e messages, but if anyone has any other advice I'm be more than grateful to receive it.
Send the support tickets as quickly as possible. If it is their fault, then they have to refund you the stolen coins.
I guess your email is hacked. You cannot confirm a withdrawal from btc-e if you cannot open the email address. I guess the hacker confirms the withdrawal and delete the email. I don't think btc-e will refund cases like this.
Just read your story, on the unfortunate incident.
It seems like you got the email phishing thing going on, but the wtf moment is when you mentioned the email being not in the inbox.
Unless they can delete it from your side, using the same pw if its used for your email account. But thats scary, how all the coins just disappeared like that, esp the converting part kinda ripped me.
I been scammed before, so I know the shitty feeling..
But, I think when you clicked on the deny part, then login in maybe that recorded some type of keylogging?
It seems like you got the email phishing thing going on, but the wtf moment is when you mentioned the email being not in the inbox.
Unless they can delete it from your side, using the same pw if its used for your email account. But thats scary, how all the coins just disappeared like that, esp the converting part kinda ripped me.
I been scammed before, so I know the shitty feeling..
But, I think when you clicked on the deny part, then login in maybe that recorded some type of keylogging?
Jump to: