Probably about time we changed the name from 'Bitcoin' to 'Hackcoin'.
Hardly a day goes by without some sort of hacking incident
Topic: CEX - Hack in Progress! (Read 1894 times)
Probably about time we changed the name from 'Bitcoin' to 'Hackcoin'.
Hardly a day goes by without some sort of hacking incident
password resets no longer allowed on cex either.
I sent support a message mid hack as the failed attempts were coming in. best they said to do was change my email and password. all attempts were different ip address so the probably had control of a botnet. That kind of makes sense but my password held up so maybe i shouldn't change it.
anyway there is no way to change my username, thats part one of what they need to hack in.
cex should be using a unique id instead of user names in their referral links imo.
anyway there is no way to change my username, thats part one of what they need to hack in.
cex should be using a unique id instead of user names in their referral links imo.
They were using Tor
Could be anon-proxies too. I have about a thousand of them banned on one server i run for just this reason. Constantly used for bruteforce attempts.
Thats where an account timeout helps. Continued failures and the account gets locked an hour.
A good bruteforce is going to require tens of thousands of attempts unless the user is very stupid (and used a password like passw0rd). Its rare anyone has that many proxies to burn but even if they do lock the account for 10mins to an hour after every x failures and the chance of a bruteforce working are close to zero.
Edit: I wont mention what i think of your suggestion of security by obscurity. Its something but if you wish to pin your hopes on it god help you.
Thats where an account timeout helps. Continued failures and the account gets locked an hour.
A good bruteforce is going to require tens of thousands of attempts unless the user is very stupid (and used a password like passw0rd). Its rare anyone has that many proxies to burn but even if they do lock the account for 10mins to an hour after every x failures and the chance of a bruteforce working are close to zero.
Edit: I wont mention what i think of your suggestion of security by obscurity. Its something but if you wish to pin your hopes on it god help you.
I sent support a message mid hack as the failed attempts were coming in. best they said to do was change my email and password. all attempts were different ip address so the probably had control of a botnet. That kind of makes sense but my password held up so maybe i shouldn't change it.
anyway there is no way to change my username, thats part one of what they need to hack in.
cex should be using a unique id instead of user names in their referral links imo.
anyway there is no way to change my username, thats part one of what they need to hack in.
cex should be using a unique id instead of user names in their referral links imo.
Wow 700 attempts you think a professional site would have some anti-brtue force timeouts in place. Heck most forums and torrent sites lock down attempts to bruteforce very quickly.
Three times and either the account locks for x time or the IP does is fairly basic protection but it bloody works.
Three times and either the account locks for x time or the IP does is fairly basic protection but it bloody works.
and how would they get your usernames to even try it...
think long and hard about the possibiities
think long and hard about the possibiities
It's in his sig
They should understand by now bruteforcing online is not the best to do it. If they got the database and bruteforcing offline now that could be another story.
and how would they get your usernames to even try it...
think long and hard about the possibiities
think long and hard about the possibiities
It doesn't take a genius to get a username
and how would they get your usernames to even try it...
think long and hard about the possibiities
think long and hard about the possibiities
Yeah, they finally stopped trying on mine also. Went on for about an hour. I honestly don't have any balance there anyway. It was super annoying seeing over 700 attempts but rewarding at the same time knowing my pw was strong enough.
Attack seems to have stopped... at least, the "Failed Authorisation" emails have stopped.
Probably moved on to easier targets. Good for you for using 2FA.
Attack seems to have stopped... at least, the "Failed Authorisation" emails have stopped.
I'm probably not the only one who has a CEX account which is being attempted to be hacked right now
I've spoken with CEX Support who state that as I've 2-factor authorisation, I should be okay but as I didn't see any mention of this hack in progress here on the forum, I wanted to let people know.
Check your email, you may see multiple "Failed Authorisations" from CEX as the hacker repeatedly attempts to brute-force your password.
I was still able to log in with my correct credentials and through there, contacted support. They are aware of it.
Hopefully all your accounts are safe.
Please note: topic self-moderated to keep the CEX haters away.
Jump to: