Pages:
Author

Topic: Coinbase Investment fund email? - page 2. (Read 4979 times)

legendary
Activity: 2320
Merit: 1292
Encrypted Money, Baby!
April 08, 2015, 03:33:53 PM
#33
I got one of these today. It was sent to my BTC-E email address. (I have my own domain, so I sign up with every service under a different email address.)

I wonder how they got hold of that?

--Tom
Very clever!
This would make the origin of the problem pretty much clear. On the other hand, while BTCe is a bit shady, I cannot explain how the connection to the mails being sent through coinbase servers can be drawn…

Yes, you're right - there are one or two very obvious explanations for this Smiley But I have no opinion about what has actually happened here.

I've sent a support request to BTC-E, which seems like an obvious first thing to do. If I hear anything back, I'll post here.

--Tom
That would be very much appreciated. Would be nice if we get this solved… I don't like the idea of my data moving around uncontrollably (yes… the internet, but I guess you know what I mean). Smiley
legendary
Activity: 1316
Merit: 1003
April 08, 2015, 03:30:13 PM
#32
Everybody gets different wallets, at least in my 2 cases.
newbie
Activity: 12
Merit: 0
April 08, 2015, 03:29:04 PM
#31
Hi! Im received same email. I have  account at BTC-E and i received this wallet to send 1GX1tPvy4Y3PUeHzzpvtkWeyzhskVKTpf6

What wallet you are received? Maybe we will find correlation between exchanges and wallets from scam emails?
legendary
Activity: 1316
Merit: 1003
April 08, 2015, 03:28:08 PM
#30
Yup, used it for btc24, too.
This dirtbag will do anything to pump the community...
GH
member
Activity: 117
Merit: 10
April 08, 2015, 03:25:31 PM
#29
I received two mails. The sources of the recipient addresses are 100% clear in my case, as I also use one-time accounts.
First one was to my btcjam account, second one to bitcoin-24(!).
sr. member
Activity: 306
Merit: 250
Donations: http://tny.im/nx
April 08, 2015, 03:18:19 PM
#28
I too received the email (went into Gmail spam, with a note about being flagged as spam by other users but nothing about phishing). Just like others have reported, as far as the headers are concerned, it looks like it was sent by the legitimate Coinbase servers.
 - The email address where I received the message was "leaked" by a stupid Bitcoin-related service some months ago when they sent an email to all of their users and put everyone's email in the "to" field (endless spam since then);
 - I don't have a BTC-e account with this email address;
 - I have a Coinbase account, with this email address, which I created for the sole purpose of receiving the free BTC they were giving away at launch, and is abandoned since then;
 - I had a (never used) MtGox account on this email address.

Since there are people reporting to have received the phishing mail on a address used solely for BTC-E, but I don't have a BTC-E account on the address where I received it, probably whoever sent the emails is using a list built from various sources.
member
Activity: 84
Merit: 10
April 08, 2015, 03:06:38 PM
#27
"Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 50.31.37.137 as permitted sender)"

Either coinbase mail server was used, or the their DNS server was accessed and SPF record altered.
newbie
Activity: 28
Merit: 0
April 08, 2015, 02:59:34 PM
#26
I got one of these today. It was sent to my BTC-E email address. (I have my own domain, so I sign up with every service under a different email address.)

I wonder how they got hold of that?

--Tom
Very clever!
This would make the origin of the problem pretty much clear. On the other hand, while BTCe is a bit shady, I cannot explain how the connection to the mails being sent through coinbase servers can be drawn…

Yes, you're right - there are one or two very obvious explanations for this Smiley But I have no opinion about what has actually happened here.

I've sent a support request to BTC-E, which seems like an obvious first thing to do. If I hear anything back, I'll post here.

--Tom
legendary
Activity: 1316
Merit: 1003
April 08, 2015, 02:56:26 PM
#25
I got one of these today. It was sent to my BTC-E email address. (I have my own domain, so I sign up with every service under a different email address.)

I wonder how they got hold of that?

--Tom

Never registered at coinbase.
The only btc related stuff I registered to with that email address is Bitcointalk, Localbitcoins and Kraken (and havent used these in more than a year).  
So it is probably one of these that had their memberslist leaked/hacked.
(Or.. one of these fuckers sold their data)

I havent used this mail for any of those, including BTCJam.
I used it for Gox though.
It must be multiple sources.
legendary
Activity: 2320
Merit: 1292
Encrypted Money, Baby!
April 08, 2015, 02:51:14 PM
#24
I got one of these today. It was sent to my BTC-E email address. (I have my own domain, so I sign up with every service under a different email address.)

I wonder how they got hold of that?

--Tom
Very clever!
This would make the origin of the problem pretty much clear. On the other hand, while BTCe is a bit shady, I cannot explain how the connection to the mails being sent through coinbase servers can be drawn…
legendary
Activity: 1316
Merit: 1003
April 08, 2015, 02:49:07 PM
#23
got it too.
Never registered at coinbase.
The only btc related stuff I registered to with that email address is Bitcointalk, Localbitcoins and Kraken (and havent used these in more than a year).  
So it is probably one of these that had their memberslist leaked/hacked.
(Or.. one of these fuckers sold their data)
I am registered here (as you can see), but they don't have my first- and/or lastname, I think. I might have an account at localbitcoins, maybe with my name. I am not registered at Kraken.

Was there anything else? BTCJam maybe? Or any other exchange, Mt.Gox maybe? Their database is publicly available.

Goxed again.  Angry
newbie
Activity: 28
Merit: 0
April 08, 2015, 02:48:09 PM
#22
I got one of these today. It was sent to my BTC-E email address. (I have my own domain, so I sign up with every service under a different email address.)

I wonder how they got hold of that?

--Tom
legendary
Activity: 2320
Merit: 1292
Encrypted Money, Baby!
April 08, 2015, 02:47:30 PM
#21
got it too.
Never registered at coinbase.
The only btc related stuff I registered to with that email address is Bitcointalk, Localbitcoins and Kraken (and havent used these in more than a year).  
So it is probably one of these that had their memberslist leaked/hacked.
(Or.. one of these fuckers sold their data)
I am registered here (as you can see), but they don't have my first- and/or lastname, I think. I might have an account at localbitcoins, maybe with my name. I am not registered at Kraken.

Was there anything else? BTCJam maybe? Or any other exchange, Mt.Gox maybe? Their database is publicly available.
newbie
Activity: 32
Merit: 0
April 08, 2015, 02:46:15 PM
#20
...

mine looks the same.

hacked user account ([email protected]) is an option.
Still the question of how they got my emailaddress.
legendary
Activity: 1039
Merit: 1005
April 08, 2015, 02:41:07 PM
#19
Extremely interesting - they seem to be using coinbase's mail infrastructure, here are some headers from the mail that I got:

Received: from o1.em.coinbase.com (o1.em.coinbase.com [50.31.37.137])
   (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
   (No client certificate requested)
   by xxx (mail service) with ESMTPS id xxxx
   for ; Wed,  8 Apr 2015 xx:xx:xx +xxxx (xxx)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=coinbase.com;
   h=content-type:mime-version:content-transfer-encoding:from:to:subject;
   s=smtpapi; bh=xxxx; b=xxxx
Received: by filterxxx.sendgrid.net with SMTP id filterxxxx
        2015-04-08 xx:xx:xx.xxxxxxxx +0000 UTC
Received: from xxxx (unknown [5.101.xx.xx])
   by ismtpd-008 (SG) with HTTP id xxxx
   for ; Wed, 08 Apr 2015 xx:xx:xx +0000 (UTC)

(xxx'd all identifying information)

Maybe a hacked coinbase employee mail account?
The original source of the HTTP request is a DigitalOcean IP address, presumably a VPS. I don't know whether the whole run was sent from that IP, if it was, xxxing does not make much sense of course as it is not specific to me.

Onkel Paul
newbie
Activity: 32
Merit: 0
April 08, 2015, 02:38:17 PM
#18
Received it on my gmail account.  Obvious scam.  The only thing I wonder about is how it managed to dodge Google's spam/scam filters.

Check the email headers.
I don't know how DNS spoofing/hacking works, so I cant tell the details, But from here it it looks like this actually comes from coinbase servers.
newbie
Activity: 38
Merit: 0
April 08, 2015, 02:31:50 PM
#17
Received it on my gmail account.  Obvious scam.  The only thing I wonder about is how it managed to dodge Google's spam/scam filters.
legendary
Activity: 1316
Merit: 1003
April 08, 2015, 02:24:29 PM
#16
Never registered at coinbase.
The only btc related stuff I registered to with that email address is Bitcointalk, Localbitcoins and Kraken (and havent used these in more than a year).  
So it is probably one of these that had their memberslist leaked/hacked.
(Or.. one of these fuckers sold their data)

I havent used this mail for any of those.
legendary
Activity: 1652
Merit: 1007
DMD Diamond Making Money 4+ years! Join us!
April 08, 2015, 02:23:06 PM
#15
100% scam. I guess we have all registered for something and its not coinbase. Can anyone guess what that might be?
newbie
Activity: 6
Merit: 0
April 08, 2015, 02:22:34 PM
#14
I used to get a lot of random 1 satashi deposits from people I didn't know.  I think if someone sends you BTC on coinbase they can then see your email address and username.  I suspect someone sent out millions of 'free' satashis to harvest their email addresses and usernames.
Pages:
Jump to: