Topic: CEX.IO "hacked"........? (Read 5396 times)

CEXs could be under hacking attacks a lot, also there are some other disadvantages. Consider this article to read more about DEXs vs CEXs
https://oneart.digital/en/blog/dexs-vs-cexs-which-to-choose

Don't you love it when companies remind you passwords are case-sensitive. Assuming we are morons who've never used the web before ....

By the way, I do not use any trading bot.
And my password was never typed, so that keyloggers can not harm me.
And I can not use 2FA because my cellphone is a Motorola C115 

Two days ago I could not access my CEX.IO account anymore.

Says username or password wrong, but when I tried to reset the password (even knowing I am entering it right), it replies that the username or email address are wrong. I use always same email adress and username, never requested to change the email address.

Contacted CEX support.

First reply goes like "you are retarded, please remember usernames are case sensitive" and then THEY write the wrong way my username, (it is all lowercase) with a capital first letter. And they ask the email I used to register (it is the one I am using to write the emails to them!!)

Second reply (24 hs later) they "inform" me what MY username and email is (I already knew that, kids!). They ask me if I changed my email address and to check all the mails from CEX.IO.  No, no email change address by me, and no email from CEX telling about any change.

Third reply (24 hs more). I must now send a photograph of myself holding a government-issued ID (can I hang the ID somewhere instead of holding it? )
The verification process is going to take two weeks. Meanwhile I can not get the funds I OWN, I can not trade, etc.
I must take a loss because they can not fix their security holes.

CEX.IO sucks.

Unfortunately a pair of days ago I bought another voucher for more GHashes on CEX. And it is not on paper so it can not be used for cleaning purposes. 

I'm going to clear some things up regarding this. I do work for support with cex.io and have been for months I was on shift during the execution of this XSS vulnerability immediately called our technical department and had the hole patched within under a minute. No user data was compromised during this failed attack. The reason for this is because what he tried to download was blocked by our censor in the trollbox.

Now the reality on why the users are getting compromised over 99% of them are because of our users are not securing their emails with 2factor authentication nor securing their cex.io accounts. I've seen countless tickets where people have downloaded trading bots and lost all of there BTC and GHS, going to a site like c-cex.com and submitting their information. It all starts with the users email account being compromised. 10 out of 10 times every user who has been hacked has not had their 2 factor authentication enabled which would have prevented the withdraw from ever happening.

Also be aware its not very hard to stick a remote administration tool and keylogger on any PC if you are not properly protecting your PC and downloading a trading bot which could very well work it just comes with an added feature. I have suggested to numerous people if you plan on keeping financial assets online do it on a freshly imaged PC use strong password and always use the added security precautions that the site does provide. We are also looking into adding yubikeys as well which was my personal suggestion to the company since I love the security a yubikey offers over 2FA.


This is a registered company check the SSL and the contact us page https://cex.io/support and search the company number. Just because tradefortress used an .io domain does not mean that its a domain owned by tradefortress..

Now you have me really worried!

With all I've heard, multiple account "hacks" etc. at cex.io, I wouldn't put a single bitcoin in a wallet with them. I don't trust any wallet service with domain ending in .io, scared of who the real owner might be

Good job I left them yesterday. 

Was just logged in to cex.io chat and got 2 javascript alerts minutes apart with simply the text "1".

I logged back in a few minutes later to investigate, and discovered this in the "russian" tab of their chat window:


They have been alerted via twitter by others that noticed the problem too:
https://twitter.com/chrisfarms/status/423913046512128001
https://twitter.com/vvedma/status/423920180750610432

As a professional web developer, this is deeply concerning.

I am not sure that this is necessarily related to people having their accounts cleaned out, but it is certainly something to consider regardless as a "possibility".  Anyone who has studied computer information security knows how serious the potential for an XSS attack is, and it certainly should not be taken lightly.

You are free to draw your own conclusions, but personally I withdrew all my BTC from there a while ago.

You can't possibly know that. I haven't heard of of any cex.io phishing emails going around, but I have heard of several cex.io accounts being emptied recently .........

i doubt cex.io is hacked ... i bet users have fallen for phising sites or keyloggers

Cex.io said "sorry for your loss"

Several reports of lost funds from cex.io these last few days. Hope its not another .io site getting "hacked".

If it was their fault, they should. If you fucked up, they don't have to.

Earlier today my cex.io account was hacked and also my email. The hacker sold the GHS I had and withdrew the funds. I had deposited 10 btc into my cex account. My cex account is now frozen by cex and they are investigating - whatever that means. Does not cex have the obligation to make this right??

Seriously? That explains all then .............

Nobody going to investigate him, the police I mean.

This is giving a bad name to the .io domain space 

Re: 2 factor authentication "solving all", it didn't stop all the coins disappearing from inputs.io, owned by "Mr" TradeFortress. he was unfortunately (cough cough) "hacked", even though he claimed the best security of any online wallet. Make your own mind up.

My criticism is free lol.

 http://mentaso.com/bitcoin-news/cex-part-2-the-hacked-account-and-children-playing-grownups.html

+100!

Gotta love those 3 questions.....

TBH, cex.io are dodgy full stop. They've even accused me of getting paid to criticize them.....

It's all gonna end in tears.

"Jeffrey Smith" who replies to all cex.io correspondance is aparently a TradeFortress clone: http://mentaso.com/bitcoin-news/cex-part-2-the-hacked-account-and-children-playing-grownups.html

This sort of thing is becoming far too commonplace. While I like the premise of cex.io, I wish there was a more stable and secure platform like it and not the constant dodgy behavior Mr. Smith seems to exhibit.

If the user had setup two-factor authentication, this would not have happened.

I put more blame on the user here than CEX.  Sorry, you just don't leave large sums of BTC unprotected.

Umm ..... how many stories have we heard from banks recently saying "oh sorry, we've got hacked, and all your money has gone".

No, I'm not defending banks for a minute, just pointing out that you can have all the "good security" in the world but if the website owner decides to steal the coins, he can do so in 5 mins.

Greed does funny things to people. Inputs.io claimed the most amazing levels of security, yet they claim they were hacked and had all their coins stolen. Make your own mind up