Author

Topic: CEX.IO user just got hacked. User loses $7000 USD (Read 1408 times)

newbie
Activity: 1
Merit: 0
I am a new miner.
I Have a Question. what does it mean when you keep getting message from the [CEX.IO]  stating "Successful authorization" with a time stamp like - 2014-04-04 17:37 (GMT) and your IP address?

should I be worried?
newbie
Activity: 27
Merit: 0
if that person really got hacked where is the detail of the information? screenshot ?
and detail about him contacting support? and what the support did about it?

i think this is a bogus story.

i wonder how "DeathAndTaxes" know that person didnt had 2FA on.
maybe he did, maybe he didnt. he havnt hearing anything other than he lost his money.

again this rumor on reddit was just trying to attract traffic. my 2 cents.
i know people who have over 100BTC on Cex.io for months on trading.


my first incident i had with CEX.io was my withdraw problem. i try to withdraw. its say i didnt had enough fund to withdraw when i did. i contact support and they fixed it within 24hrs.

my second incident when i successful withdraw fund, i waited 24hrs and the funds wasn't transfered yet. it say it was transfer from my history but i never got it. i contact support they took care of it within 12hrs.

 Smiley so far only good experience from cex.io
legendary
Activity: 1274
Merit: 1004
I dont think malware of keylogger could have accessed a password management tool... Is that possible?

His security setup

1. Password management software randomly generated a 10 plus digit password, using numbers, letters, Caps, no Caps, special characters
2. At no time was the password every keyed in. This eliminates the "key-logger" issue
3. The password was never used elsewhere and was unique to this one account.


Formgrabber 1 : Security 0 Smiley
legendary
Activity: 974
Merit: 1000
so without a smartphone you can't use 2FA? Ohkay, wonder how it works for me all the time.

No offense, but the whole story sounds like complete BS to me.
legendary
Activity: 966
Merit: 1004
Keep it real
Updated title and moving to the correct section!
member
Activity: 63
Merit: 10
Bitcoin News-Reviews
I dont think malware of keylogger could have accessed a password management tool... Is that possible?

His security setup

1. Password management software randomly generated a 10 plus digit password, using numbers, letters, Caps, no Caps, special characters
2. At no time was the password every keyed in. This eliminates the "key-logger" issue
3. The password was never used elsewhere and was unique to this one account.
legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
Could a mod please change the title to "Maleware/user error leads to theft. Again."
full member
Activity: 140
Merit: 100
Very misleading title, FUD.

"Streets of the wolrd unsecure, someone got hit today!"
donator
Activity: 1218
Merit: 1079
Gerald Davis
So no 2FA and limited to a single account and your conclusion is it must be someone with access to the database?  Unless CEX is utterly incompetent passwords are stored hashed so a long random password would be beyond brute force even if the password table was leaked.  

It is far more likely the attacker stole the password from the users computer (keylogger) but then again who needs facts.  

Note I have been highly critical of CEX and the insane prices for hashpower but a spade is a spade and your article is weak.
legendary
Activity: 2058
Merit: 1452
Quote
The account holder had a randomly generated password which would have been difficult to Brute Force, so there is a very good possibility that the hacker has access to the database. With all due credit, CEX.IO does have 2 stage authentication which the user could not access as he did not have a smart phone to perform the security. So far, no comment fro CEX.IO
or his computer was keylogged, which is far more likely because there's no large number of hack incidents.
member
Activity: 63
Merit: 10
Bitcoin News-Reviews
Just when we get emails from CEX.IO that they have great security, this dude gets his account hacked and all his GHS gets converted to Bitcoin and withdrawn.
Jump to: