Pages:
Author

Topic: CEX.IO "hacked"........? (Read 5433 times)

brand new
Activity: 0
Merit: 0
November 22, 2022, 05:07:37 AM
#27
CEXs could be under hacking attacks a lot, also there are some other disadvantages. Consider this article to read more about DEXs vs CEXs
https://oneart.digital/en/blog/dexs-vs-cexs-which-to-choose
hero member
Activity: 518
Merit: 500
January 29, 2014, 11:34:20 PM
#26
Two days ago I could not access my CEX.IO account anymore.

Says username or password wrong, but when I tried to reset the password (even knowing I am entering it right), it replies that the username or email address are wrong. I use always same email adress and username, never requested to change the email address.

Contacted CEX support.

First reply goes like "you are retarded, please remember usernames are case sensitive" and then THEY write the wrong way my username, (it is all lowercase) with a capital first letter. And they ask the email I used to register (it is the one I am using to write the emails to them!!)

Second reply (24 hs later) they "inform" me what MY username and email is (I already knew that, kids!). They ask me if I changed my email address and to check all the mails from CEX.IO.  No, no email change address by me, and no email from CEX telling about any change.

Third reply (24 hs more). I must now send a photograph of myself holding a government-issued ID (can I hang the ID somewhere instead of holding it? Shocked)
The verification process is going to take two weeks. Meanwhile I can not get the funds I OWN, I can not trade, etc.
I must take a loss because they can not fix their security holes.

CEX.IO sucks.

Unfortunately a pair of days ago I bought another voucher for more GHashes on CEX. And it is not on paper so it can not be used for cleaning purposes.  Cry



Don't you love it when companies remind you passwords are case-sensitive. Assuming we are morons who've never used the web before ....
full member
Activity: 148
Merit: 100
January 29, 2014, 12:10:08 PM
#25
By the way, I do not use any trading bot.
And my password was never typed, so that keyloggers can not harm me.
And I can not use 2FA because my cellphone is a Motorola C115  Huh
full member
Activity: 148
Merit: 100
January 29, 2014, 11:55:59 AM
#24
Two days ago I could not access my CEX.IO account anymore.

Says username or password wrong, but when I tried to reset the password (even knowing I am entering it right), it replies that the username or email address are wrong. I use always same email adress and username, never requested to change the email address.

Contacted CEX support.

First reply goes like "you are retarded, please remember usernames are case sensitive" and then THEY write the wrong way my username, (it is all lowercase) with a capital first letter. And they ask the email I used to register (it is the one I am using to write the emails to them!!)

Second reply (24 hs later) they "inform" me what MY username and email is (I already knew that, kids!). They ask me if I changed my email address and to check all the mails from CEX.IO.  No, no email change address by me, and no email from CEX telling about any change.

Third reply (24 hs more). I must now send a photograph of myself holding a government-issued ID (can I hang the ID somewhere instead of holding it? Shocked)
The verification process is going to take two weeks. Meanwhile I can not get the funds I OWN, I can not trade, etc.
I must take a loss because they can not fix their security holes.

CEX.IO sucks.

Unfortunately a pair of days ago I bought another voucher for more GHashes on CEX. And it is not on paper so it can not be used for cleaning purposes.  Cry




legendary
Activity: 1890
Merit: 1058
Vave.com - Crypto Casino
January 20, 2014, 01:18:03 PM
#23
Was just logged in to cex.io chat and got 2 javascript alerts minutes apart with simply the text "1".

I logged back in a few minutes later to investigate, and discovered this in the "russian" tab of their chat window:

Code:
z66 : 20:25
“>Ramirez : 20:26
>Ramirez : 20:26
doesnt work
kickbit : 20:27
xe2x80x9c>Ramirez : 20:28
-->
Ramirez : 20:29
->

They have been alerted via twitter by others that noticed the problem too:
https://twitter.com/chrisfarms/status/423913046512128001
https://twitter.com/vvedma/status/423920180750610432

As a professional web developer, this is deeply concerning.

I am not sure that this is necessarily related to people having their accounts cleaned out, but it is certainly something to consider regardless as a "possibility".  Anyone who has studied computer information security knows how serious the potential for an XSS attack is, and it certainly should not be taken lightly.

You are free to draw your own conclusions, but personally I withdrew all my BTC from there a while ago.

I'm going to clear some things up regarding this. I do work for support with cex.io and have been for months I was on shift during the execution of this XSS vulnerability immediately called our technical department and had the hole patched within under a minute. No user data was compromised during this failed attack. The reason for this is because what he tried to download was blocked by our censor in the trollbox.

Now the reality on why the users are getting compromised over 99% of them are because of our users are not securing their emails with 2factor authentication nor securing their cex.io accounts. I've seen countless tickets where people have downloaded trading bots and lost all of there BTC and GHS, going to a site like c-cex.com and submitting their information. It all starts with the users email account being compromised. 10 out of 10 times every user who has been hacked has not had their 2 factor authentication enabled which would have prevented the withdraw from ever happening.

Also be aware its not very hard to stick a remote administration tool and keylogger on any PC if you are not properly protecting your PC and downloading a trading bot which could very well work it just comes with an added feature. I have suggested to numerous people if you plan on keeping financial assets online do it on a freshly imaged PC use strong password and always use the added security precautions that the site does provide. We are also looking into adding yubikeys as well which was my personal suggestion to the company since I love the security a yubikey offers over 2FA.

"Jeffrey Smith" who replies to all cex.io correspondance is aparently a TradeFortress clone: http://mentaso.com/bitcoin-news/cex-part-2-the-hacked-account-and-children-playing-grownups.html

This sort of thing is becoming far too commonplace. While I like the premise of cex.io, I wish there was a more stable and secure platform like it and not the constant dodgy behavior Mr. Smith seems to exhibit.

Now you have me really worried!

With all I've heard, multiple account "hacks" etc. at cex.io, I wouldn't put a single bitcoin in a wallet with them. I don't trust any wallet service with domain ending in .io, scared of who the real owner might be Sad

This is a registered company check the SSL and the contact us page https://cex.io/support and search the company number. Just because tradefortress used an .io domain does not mean that its a domain owned by tradefortress..
hero member
Activity: 518
Merit: 500
January 16, 2014, 11:21:31 PM
#22
"Jeffrey Smith" who replies to all cex.io correspondance is aparently a TradeFortress clone: http://mentaso.com/bitcoin-news/cex-part-2-the-hacked-account-and-children-playing-grownups.html

This sort of thing is becoming far too commonplace. While I like the premise of cex.io, I wish there was a more stable and secure platform like it and not the constant dodgy behavior Mr. Smith seems to exhibit.

Now you have me really worried!

With all I've heard, multiple account "hacks" etc. at cex.io, I wouldn't put a single bitcoin in a wallet with them. I don't trust any wallet service with domain ending in .io, scared of who the real owner might be Sad
sr. member
Activity: 280
Merit: 250
January 16, 2014, 04:07:44 PM
#21
Good job I left them yesterday.  Grin
newbie
Activity: 4
Merit: 0
January 16, 2014, 04:06:36 PM
#20
Was just logged in to cex.io chat and got 2 javascript alerts minutes apart with simply the text "1".

I logged back in a few minutes later to investigate, and discovered this in the "russian" tab of their chat window:

Code:
z66 : 20:25
“>Ramirez : 20:26
>Ramirez : 20:26
doesnt work
kickbit : 20:27
xe2x80x9c>Ramirez : 20:28
-->
Ramirez : 20:29
->

They have been alerted via twitter by others that noticed the problem too:
https://twitter.com/chrisfarms/status/423913046512128001
https://twitter.com/vvedma/status/423920180750610432

As a professional web developer, this is deeply concerning.

I am not sure that this is necessarily related to people having their accounts cleaned out, but it is certainly something to consider regardless as a "possibility".  Anyone who has studied computer information security knows how serious the potential for an XSS attack is, and it certainly should not be taken lightly.

You are free to draw your own conclusions, but personally I withdrew all my BTC from there a while ago.
hero member
Activity: 518
Merit: 500
January 08, 2014, 08:45:59 AM
#19
i doubt cex.io is hacked ... i bet users have fallen for phising sites or keyloggers

You can't possibly know that. I haven't heard of of any cex.io phishing emails going around, but I have heard of several cex.io accounts being emptied recently .........
legendary
Activity: 1974
Merit: 1003
January 08, 2014, 07:08:39 AM
#18
i doubt cex.io is hacked ... i bet users have fallen for phising sites or keyloggers
member
Activity: 77
Merit: 10
January 08, 2014, 02:08:33 AM
#17
Cex.io said "sorry for your loss"
hero member
Activity: 518
Merit: 500
January 05, 2014, 10:12:39 PM
#16
Earlier today my cex.io account was hacked and also my email. The hacker sold the GHS I had and withdrew the funds. I had deposited 10 btc into my cex account. My cex account is now frozen by cex and they are investigating - whatever that means. Does not cex have the obligation to make this right??
If it was their fault, they should. If you fucked up, they don't have to.

Several reports of lost funds from cex.io these last few days. Hope its not another .io site getting "hacked".
copper member
Activity: 3948
Merit: 2201
Verified awesomeness ✔
January 05, 2014, 11:12:51 AM
#15
Earlier today my cex.io account was hacked and also my email. The hacker sold the GHS I had and withdrew the funds. I had deposited 10 btc into my cex account. My cex account is now frozen by cex and they are investigating - whatever that means. Does not cex have the obligation to make this right??
If it was their fault, they should. If you fucked up, they don't have to.
member
Activity: 77
Merit: 10
January 05, 2014, 10:35:12 AM
#14
Earlier today my cex.io account was hacked and also my email. The hacker sold the GHS I had and withdrew the funds. I had deposited 10 btc into my cex account. My cex account is now frozen by cex and they are investigating - whatever that means. Does not cex have the obligation to make this right??
hero member
Activity: 518
Merit: 500
December 11, 2013, 08:02:46 PM
#13
"Jeffrey Smith" who replies to all cex.io correspondance is aparently a TradeFortress clone: http://mentaso.com/bitcoin-news/cex-part-2-the-hacked-account-and-children-playing-grownups.html

This sort of thing is becoming far too commonplace. While I like the premise of cex.io, I wish there was a more stable and secure platform like it and not the constant dodgy behavior Mr. Smith seems to exhibit.

Seriously? That explains all then .............

Nobody going to investigate him, the police I mean.

This is giving a bad name to the .io domain space  Wink

Re: 2 factor authentication "solving all", it didn't stop all the coins disappearing from inputs.io, owned by "Mr" TradeFortress. he was unfortunately (cough cough) "hacked", even though he claimed the best security of any online wallet. Make your own mind up.
legendary
Activity: 1064
Merit: 1000
December 11, 2013, 05:32:30 PM
#12
http://mentaso.com/bitcoin-news/cex-part-2-the-hacked-account-and-children-playing-grownups.html

+100!

Gotta love those 3 questions..... Cheesy Cheesy Cheesy

TBH, cex.io are dodgy full stop. They've even accused me of getting paid to criticize them..... Cheesy Cheesy Cheesy Cheesy

It's all gonna end in tears.

My criticism is free lol. Cheesy
hero member
Activity: 686
Merit: 500
WANTED: Active dev to fix & re-write p2pool in C
December 11, 2013, 02:31:11 PM
#11
 http://mentaso.com/bitcoin-news/cex-part-2-the-hacked-account-and-children-playing-grownups.html

+100!

Gotta love those 3 questions..... Cheesy Cheesy Cheesy

TBH, cex.io are dodgy full stop. They've even accused me of getting paid to criticize them..... Cheesy Cheesy Cheesy Cheesy

It's all gonna end in tears.
legendary
Activity: 1064
Merit: 1000
December 11, 2013, 12:12:57 PM
#10
"Jeffrey Smith" who replies to all cex.io correspondance is aparently a TradeFortress clone: http://mentaso.com/bitcoin-news/cex-part-2-the-hacked-account-and-children-playing-grownups.html

This sort of thing is becoming far too commonplace. While I like the premise of cex.io, I wish there was a more stable and secure platform like it and not the constant dodgy behavior Mr. Smith seems to exhibit.
full member
Activity: 158
Merit: 100
December 11, 2013, 08:59:27 AM
#9
If the user had setup two-factor authentication, this would not have happened.

I put more blame on the user here than CEX.  Sorry, you just don't leave large sums of BTC unprotected.
hero member
Activity: 518
Merit: 500
December 10, 2013, 08:18:02 PM
#8
Quote
Apart from the volatility of bitcoin, I see "hacking" as the number thing that could cause it to fail.
It's the same with every other online banking account. It takes a while to build up good security and people just have to be careful with their stuff.

Umm ..... how many stories have we heard from banks recently saying "oh sorry, we've got hacked, and all your money has gone".

No, I'm not defending banks for a minute, just pointing out that you can have all the "good security" in the world but if the website owner decides to steal the coins, he can do so in 5 mins.

Greed does funny things to people. Inputs.io claimed the most amazing levels of security, yet they claim they were hacked and had all their coins stolen. Make your own mind up  Undecided
Pages:
Jump to: