Topic: C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees - page 13. (Read 254653 times)

Taкaя жe бeдa,Я HE MOГУ

ПOПACTЬ B MOЙ AККAУHT Увaжaeмый C-cex,

«Пoльзoвaтeль нe нaйдeн или oтключeн aккayнт». Я нe мoгy пoлyчить дocтyп к cвoeй yчeтнoй зaпиcи.
Ecть ли пpoблeмы c мoeй yчeтнoй зaпиcью?

Пoжaлyйcтa, пoмoгитe мнe peшить этy пpoблeмy. 

Agree on this one too since this thread have been already abandoned maybe this would suit out to be put up on
scam accusations where there are lots of people continue to come here complaining that accounts been blocked
other after another.

Is there any possible action with this?

One of the worst exchange i have seen

Bad support and delisting coins without any proper time

Shame on Ccex team

Finally something we both agree on!

@MODS:  Isn't it about time this entire thread was moved to the scam section where it belongs?  This would help stop noob users being scammed any further.

No support.
Customers accounts being closed.
Customers funds vanishing.
No withdrawals.
Missing funds.
Page after page after page of complaints.

Пoxoдy cocкaмилиcь. SCAM!!

Outside this, there are also weak practices like using MD5 based session cookies and don't change it across requests.
What's happenning? Do you remember how they were hacked in February 2014? Please notice how the last 9 september and the Februrary 2014 are similar (both repeated the same withdrawal several time).
Well it might not be the same guys as in 2014, but I think the hackers just found a variant of the same vulnerability in order to bypass the February 2014 protection which was put after the first attack.

Without C-cex explaining how it exactly happenned. We'll won't know.
What glory days? Trust me, you can be sure even by 2014 security standards, that you wouldn't see GET requests on Facebook or Paypal.
You can be sure those weakness exists since the beggining and aren't the result of a code update.

These are indeed serious bypass that you had mentioned but it doesnt really matter at all yet this exchange do already fallen to scam anyone.Im reading once in a while
into this thread.I havent seen any response of OP on whats happening and also reading up continuous complaints about account disabled and lost funds.
Remembering C-cex glory days but they do end up like this after on that 3 months vacation alibi.

Sorry c-cex, but you don't seems to care about bug reports tickets.

Normally, even when you go on coinexchange.io, it's hard to find something vulnerable.
But with c-cex, it's hard to find something protected on client side. For starting, everything is vulnerable to CSRF even with 2FA enabled:

Wanna change the user's chatname of someonelse? It's possible to do it by making cliking a link which trigger a POST to http://c-cex.com/?id=profile&rett=chat_b.
Wanna write a chat message with an account you don't own?  It's possible to do it by making cliking a link which simply works through a GET request.
You hacked the e-mail account linked to a c-cex account? Just make the target user click a link and you'll receive the confirmation link. You also don't need to login to confirm the withdrawal (an other vulnerability combined).

In that case, the only thing protected against CSRF I found is posting limit orders. And even then it's still performed through GET requests.
I also found making someone losing all funds through clicking https://c-cex.com/?id=funds&dump=btc requires an origin matching c-cex.com. Though that’s still possible to hide and trigger the target through a redirect.

There is also their internal captcha systemhttps://c-cex.com/cp.html?s=385353503 which is easy to solve fully automatically through things like IBM Watson or Google Cloud vision with high sucess rates.

There are many ways to bypass users completely and steal funds directly from servers like with the recent attack (though I failed to see the vulnerabilty recently used by the attacker).

The exchange is definitely less secure than Mt.Gox. There are even known bugs used in the past elsewhere that aren't fixed on the exchange (1 task when you are in charge of security is to read the news about recent discovered attacking methods). Maybe they also run outdated third party libraries else too, but that's something to invastigate.
The only thing postive over Mt.Gox is funds are correctly managed manually outside the lack of fund audits: they can't "find" a forgotten wallet like it happened with Mt.Gox since no wallet are susceptible to be forgotten.

In some way, the bugs users are noticing with unexecuted withdrawals or disappearing deposits as well as disabled account is only the top of the iceberg.

criminal scam exchange.

When is the next 3-month vacation?  

I CAN NOT ACCESS MY ACCOUNT

Dear C-cex,

“User not found or account disabled”. I can’t access my account.
Is there any problem with my account?

Please help me solving this problem.

also, i try to get lost password and never get an email to change it.
my email is [email protected]

I CAN NOT ACCESS MY ACCOUNT

Dear C-cex,

“User not found or account disabled”. I can’t access my account.
Is there any problem with my account?

Please help me solving this problem.

Thanks!

Same f**** problem for almost 2month's!

HI, I also have account disabled, and every time I try to post a ticket to report it (trying for 2 weeks now), get the answer "Out support queue is full, try again later"...

Is there an CCEX support email address I can send my issue too? I have not been able to logon since April actually when I first found issue. I want to move some of my balances held on your exchange...

Why I have "User not found or account disabled" when would login ?!?

3 days since posted but still we do got this numbers.I'll spread this link for the petition.

Dear C-Cex,
The petition was signed too.

Planning to push it to our traders community.

ArtyomVasenin

My account hasn't been activated yet.
Dear C-Cex support, please activate it.

I am a trader, I make your money!

Artyom Vasenin

My Account is also deactivated and it is impossible to create a Support Tickets. Could I place reqeust here?