Topic: BTC Stolen at Paxful - Social Engineering . (Read 1343 times)

Not that you heard, you are Paxful Moderators.


All your replies here shows that.  Stop scamming people of their Bitcoins, its not good.  Are you guys that broke?

A times, Paxful stole this coins and claim its stolen by people or hacked



Read this



Paxful.com is a scam. Trade on localbitcoins . com next time

Take a look on their scam site from this links

1) https://www.reddit.com/r/BitcoinMarkets/comments/6jqlpp/stay_away_from_paxfulcom_the_moderators_are/

2) http://www.nairaland.com/3884643/www.paxful.com-fraud-scammer-site-founder

3) https://bitcointalksearch.org/topic/paxfulcom-moderators-stealing-people-bitcoins-codedly-scam-and-fraud-site-1987998

4) http://www.nairaland.com/3887327/never-trade-paxful.com-owner-start#57917835

They will ban the vendor, take all his coins and won't even resolve issue with the Card owner.  Scam both Vendor and Card seller




The owner were caught with drug weeks ago in Miami, USA.

Popular site in USA Posted this, read it here https://cointelegraph.com/news/paxful-exchange-ceo-and-cto-arrested-in-miami-on-weapons-and-drugs-charges






STAY AWAY FROM PAXFUL.COM PLEASE, THEY ARE DANGEROUS.

Sorry to hear that. I heard that name before from a friend who also trade in Paxful. As what I remember from the story of a friend, that name was suspended and banned after Pax investigation.

The best way really to avoid being a victim of fraud and scams is not to trust people we just met. But its a good lesson for you so that next time you will no longer be a victim of this scams. You are still considered to be lucky since your balance was not withdrawn by the person that hijacked your account. I do agree with you that 2fa is a great help in adding security to our accounts but still the best way to make your bitcoins safe is to keep your email that you used for transactions in secret.

Social engineering is one of the most profitable methods for frauds and illegal ways to obtain money from people. Those scam scenarios with Bitcoin are especialy popular and sometimes very easy to perform. Sometimes people are victims of social engineering without even beeing aware of it so if something looks suspicious, even the tiniest detail, get out of it.

Bitcoin is highly prone to thief and scamming as there is no way to get the personal information or there is no way to se our bitcoin once someone get our private key then and public would be known to them so accessing the wallet is longer tough for them.

Marcos is a scammer, and not one of Paxful's support.
Anyone could send an email from [email protected] It's what you call mx records.
If you want Paxful support - livechat or you send them an email.
If you receive an email from Marcos (an african Douche) - try replying to it.
You won't because the sender's real mailbox is different than the shown one.

First off, that was just plain stupid, no offense. By all means, it's unwise to give any authorization code to anyone. It's usually already mentioned in the email (e.g. "Never give this code to anyone!").
He still had access to your account after switching on 2FA because he's still logged in. If the site doesn't offer a "Log me out from all sessions" button, you have a problem.

SIM cards cannot be cloned, so cant "port" your sim card. If he has malware on your phone, he may just have gotten your text messages. Read line #2 to know why he still has access after turning on 2FA.


I guess you learned your lesson the hard way. Always use 2FA if you have the opportunity. Even sites like bitcointalk can get hacked, so if you're using the same password on high-profile sites and the passwords aren't secure, they'll be compromised as well if you don't use 2FA.

It's banned and suspended.

That's true...but it seems he no longer has access to my emails which a good thing...

Sorry to hear that dude, i think you must check your logs account see the ip your last login maybe it can help you to find the answer. 2fa sometimes not working well that's why i never safe my bitcoin at exchanger.

I am sorry for you loss, I had my email account hacked 2 years ago and lost all of my blockchain wallet funds back then , since that day I switched to Linux and enabled 2FA on all my accounts and also on my Gmail account via a SMS google sends me to my phone. Recently someone tried to hack my Yobit account , I saw an email that someone did a forgot password thing in Yobit, thanks to 2FA on Yobit account and also on my Gmail nothing happened, and I want to emphasize even more now how important is 2FA nowadays.

Is that code you get on your cell is from google or your email provider? you should have read the sender number as well as message before sending that code back to scammer. Sorry for your losss, so if he still has access to your paxful account ask paxful to suspend your account before he start scamming others with that.

You can't be too careful when money is involved.
If people can go to great lengths to social engineer on facebook/linkedin, they will more willingly try it when money is involved.

You need to contact Paxful now and get your account removed, or a lot more people will fall victim to him.

I'm planning on selling and buying at Paxful soon, so this is very good information to know.

Sorry that you were scammed OP.

I stopped using paxful before 5 months.The customer support from Marcos wasn`t very good.

There are many scammers on localbitcoins too....

Social Engineering Attacks were the most effective way today on hacking online and bank accounts. It is good to you that you enable 2FA, and also, sometimes those ID's or Selfies were stolen from other users and they can manipulate some of the infos. Me too, I use 2FA on all of my accounts so I dont care if they can find out all of my passwords.

If the session was already open for him when you enabled 2fa he would have still had access using a session that didn't have 2fa.

It depends how the site is programmed, but usually its keep session variables until logout button is hit.

too many scumbags around.

On Paxfull on 6/13/16 my account "AruTrader" was hijacked after a social engineering attack. This member under the Screen Name "Profiter" had a very attractive AD to buy BTC. Very good deal. So I made him an offer,  he even showed an ID and one with Selfie.. He also asked for my Cell number pretending that he want to verify it. He already knew my email where to send payment to. The BTC were already in Escrow. So he asked if I received a code which I gived to him right away! That code he used it to reset my email account to get access to my paxfull then release the coins to himself. What a thief! I didn't realize that untill it was too late that I was a victim of a Social Engineering Attack!.

And still not satisfied he gain access to several of my btc wallets and tried to spend 500EU on one of them, which fortunately was canceled.

After changing my passwords and enabled 2FA (2 Factor Authentication) I reported him, and his account got suspended and banned. But It's not over yet. He still had access to my paxful account, using it to scam others under my behalf until my account was also banned and suspended!! I reported this to Marcos, the moderator, and he believed that Profit hacked my account but he also believed that I did the same thing also!! WTF! His IP location is from Morocco, but of course he could be using some proxy or VPN.

So I don't know how come he still had access to my account. I Enabled 2FA on my email and my paxful account also had 2FA enabled, but through SMS, and I heard it's possible for the Hacker to Port your SIM card Number to his phone, maybe that's how he got access.  But maybe there were also some settings in my email account that he knew about. So I reset all security codes and devices etc..and changed my password again with 2FA enabled. Also I started Enabling 2FA on the accounts that were compromised. Since then, no more issues!!  If I did that earlier, this would not have happened!.

Lesson learned: Becareful when giving numbers, and read the sms code verify carefully if it's from your email provider. Do not give numbers to any buyer. If you do then make sure is for legitimate purpose. Just because the buyer or seller provides ID doesn't mean it's real no matter how legitimate it looks!

Always Enable 2FA (2 Factor Authentication), Not SMS 2FA but Mobile App 2FA. This will make hard for the hacker to get access t your account. If my email had 2FA enabled, my account wouldn't be hijacked... I learned the hard way!!

Update:  The scumbag tried to gain access again to my Email, from an IP from Netherlands....but this time he failed!! Thanks to 2FA!!!