Topic: BTC-E account hacked!!! (Read 3295 times)
wow that sucks.
I have not clicked on any links in the trollbox. I received some bull$h!t email from support today.
" You should always think about your safety and take steps to avoid data theft. We inform our users about it all. they are responsible for their own accounts."
" You should always think about your safety and take steps to avoid data theft. We inform our users about it all. they are responsible for their own accounts."
allways use 2 factor
I have not clicked on any links in the trollbox. I received some bull$h!t email from support today.
" You should always think about your safety and take steps to avoid data theft. We inform our users about it all. they are responsible for their own accounts."
" You should always think about your safety and take steps to avoid data theft. We inform our users about it all. they are responsible for their own accounts."
Make sure not to click on links people send you or in the trollbox... I had someone message me a link to click on the other day on btc-e, obvious malware is obvious.
Ah man that's a lot of money not being where it belongs. I do hope you get this dilemma sorted.
check your host file, dump your DNS cache (turn off that windows service if it exists)...
Do a full system scan, I suspect you may have a plugin on your browser or root, that is hijacking your page. Eg, you are actually on site A but site A shows site B in an overlay frame, and the "java" or "javascript" or whatever, is not functioning because of that.
They do that to capture your keyboard typing, as you "think" you are entering it into site A, but you are just seeing site A and site B is reading your keystrokes.
Thus, not letting you get inside the actual site.
If you are in REAL deep stuff... try the bleepingcomputer website. They will walk you through a good mbam scan. That finds most things that virus scanners just can't. If nothing still, use microsofts tool for scanning. (That is a "download every time you need to use it" tool.) I forget what it is called, but if something nested itself into a part of windows itself, where mbam can't go, or virus scanners can't go... that will usually get it.
If it happened that fast, I imagine you were infected WAAAY before you visited that site. They watched you create an account, and then waited for your deposit. Purposely canceled it, and got that ticket for the refund, and cashed it out.
Or it is the server itself that has been compromised, which would only affect 'new transactions", such as yours. They need to check the code, php, asp, javascript, etc, for injected code that keeps injecting itself into the server. Usually hidden in cron-jobs, or auto-backups, or auto-updates on the server itself.
In any event, it is THEM who has to do the legal footwork to get the money back for the thieves. It is you who has to do the legal footwork for you, to get it back from them. Hard part will be proof of "them" being the compromised source. (Unless you find others who are having this issue, and your saved scan logs show no related virus results on your PC.)
If they are wise, and I am sure they are... they will bite the loss, repaying you, then try to fight for the hunting of the thief. I am sure they have some form of "allowable losses" to accommodate for that. One would hope, or that is how you loose all your business.
Do a full system scan, I suspect you may have a plugin on your browser or root, that is hijacking your page. Eg, you are actually on site A but site A shows site B in an overlay frame, and the "java" or "javascript" or whatever, is not functioning because of that.
They do that to capture your keyboard typing, as you "think" you are entering it into site A, but you are just seeing site A and site B is reading your keystrokes.
Thus, not letting you get inside the actual site.
If you are in REAL deep stuff... try the bleepingcomputer website. They will walk you through a good mbam scan. That finds most things that virus scanners just can't. If nothing still, use microsofts tool for scanning. (That is a "download every time you need to use it" tool.) I forget what it is called, but if something nested itself into a part of windows itself, where mbam can't go, or virus scanners can't go... that will usually get it.
If it happened that fast, I imagine you were infected WAAAY before you visited that site. They watched you create an account, and then waited for your deposit. Purposely canceled it, and got that ticket for the refund, and cashed it out.
Or it is the server itself that has been compromised, which would only affect 'new transactions", such as yours. They need to check the code, php, asp, javascript, etc, for injected code that keeps injecting itself into the server. Usually hidden in cron-jobs, or auto-backups, or auto-updates on the server itself.
In any event, it is THEM who has to do the legal footwork to get the money back for the thieves. It is you who has to do the legal footwork for you, to get it back from them. Hard part will be proof of "them" being the compromised source. (Unless you find others who are having this issue, and your saved scan logs show no related virus results on your PC.)
If they are wise, and I am sure they are... they will bite the loss, repaying you, then try to fight for the hunting of the thief. I am sure they have some form of "allowable losses" to accommodate for that. One would hope, or that is how you loose all your business.
Anyone know if an exploit can launch from clicking on the notifications or messages at the upper right box with your username? I clicked to open a notification (notif) from someone I did not recognize. The notification did not load even after several attempts so I didn't even have the opportunity to click on any links in the notification, if there were any. After I did that however, I could not navigate to other parts of the site like my finances and profile. It would say that I'm not logged in, but when I return to the homepage, it says that I'm logged in.
Certainly sets off a few warning flags. I'd not keep too much in your account. Although i'd be very surprised if the site enabled notifications allowed script executions but at the same time, it's not intangible.
Hi to all,
I am posting this hoping to see if anyone has had any luck getting anything resolved with these people. I opened an account on 4/16 and funded in via PM in the form on $1065 USD. I then placed a buy order for btc totaling $1050 and leaving $15 in cash. When I checked in the morning to see if my order got filled, I found my order cancelled and my account with a $0 balance. I informed support and they told me a redeem code was issued and the gave me the code. When I attempted to redeem, the code had already been used and not by me. Then gave me the last IP address that accessed my account and one was from the Netherlands and the other from Germany. When I then sent them an email asking how they were going to correct the issue I have not heard anything back since.
Has anyone had any luck?
Mods, I apologize if there is already a thread on the topic, feel free to do with the post as deemed necessary.
I am posting this hoping to see if anyone has had any luck getting anything resolved with these people. I opened an account on 4/16 and funded in via PM in the form on $1065 USD. I then placed a buy order for btc totaling $1050 and leaving $15 in cash. When I checked in the morning to see if my order got filled, I found my order cancelled and my account with a $0 balance. I informed support and they told me a redeem code was issued and the gave me the code. When I attempted to redeem, the code had already been used and not by me. Then gave me the last IP address that accessed my account and one was from the Netherlands and the other from Germany. When I then sent them an email asking how they were going to correct the issue I have not heard anything back since.
Has anyone had any luck?
Mods, I apologize if there is already a thread on the topic, feel free to do with the post as deemed necessary.
allways 2 factor
With the e-mail to request withdrawa security feature, does that mean that you have to e-mail support and wait days everyteim you want to withdraw bitcoins?
Also i enabled it, then went back to disable it, but it doesn't show as being enabled?
Also i enabled it, then went back to disable it, but it doesn't show as being enabled?
I think it means that when you request a withdrawal it will send you an email and you must confirm it via email
With the e-mail to request withdrawa security feature, does that mean that you have to e-mail support and wait days everyteim you want to withdraw bitcoins?
Also i enabled it, then went back to disable it, but it doesn't show as being enabled?
Also i enabled it, then went back to disable it, but it doesn't show as being enabled?
i think you need to have your email address confirmed first. Btce should send an email to your registered address.
With the e-mail to request withdrawa security feature, does that mean that you have to e-mail support and wait days everyteim you want to withdraw bitcoins?
Also i enabled it, then went back to disable it, but it doesn't show as being enabled?
Also i enabled it, then went back to disable it, but it doesn't show as being enabled?
I do not think so
Yes this is a flaw imo Other serious sites (like MtGox) have google authenticator mobile phone protection
aaarrg that sucks man
I do not think so
Hi
I wanted to deposit some funds on this site but dont they have additional double protection
like google authenticator in addition to your password for example?
I wanted to deposit some funds on this site but dont they have additional double protection
like google authenticator in addition to your password for example?
That is what is eating at me, I have lost so many opportunities to purchase btc because of this. If they are swamped, working on it, whatever. At least keep the customer informed.
Samething happened to me only that i got a notice from gmail saying someone from an Singapore IP got into my account
Did BTC-E advise you they where going to do something about what happened? They should at least try to help you?
That's the funny thing. The first responded to my email say that there was a BTC-e Code. When I attempted to redeem the code, I got an error stating that it had already been redeemed. I let them know and then they sent me an email showing me the last IP's that accessed my account and that was the end of it in regards to any type of communication from their support.
Shouldn't they be able to see who it was that redeemed that code and possible reverse the transaction as it is a fraudulent one?
This is what is so frustrating to me, that I am up in there air as to what they are doing to remedy the situation. Don't know if they are going to do something about it or leave me holding the bag. Their silence is killing me.
Did BTC-E advise you they where going to do something about what happened? They should at least try to help you?
most of the accounts hacked were new.
no password was strong enough. inside job perhaps? or some unfixed vulnerability.
java was not installed in some of the affected users' computers.
it's not just windows machines that were affected.
withdrawals were initiated from different IP's around the world. TOR? web proxies? VPN?
Jump to: