Coinbase Investment fund email? - page 2.

allyouracid

legendary

Activity: 2321

Merit: 1292

Encrypted Money, Baby!

Quote from: to3m on April 08, 2015, 03:59:34 PM

Quote from: allyouracid on April 08, 2015, 03:51:14 PM

Quote from: to3m on April 08, 2015, 03:48:09 PM

I got one of these today. It was sent to my BTC-E email address. (I have my own domain, so I sign up with every service under a different email address.)

I wonder how they got hold of that?

--Tom

Very clever!
This would make the origin of the problem pretty much clear. On the other hand, while BTCe is a bit shady, I cannot explain how the connection to the mails being sent through coinbase servers can be drawn…

Yes, you're right - there are one or two very obvious explanations for this

But I have no opinion about what has actually happened here.

I've sent a support request to BTC-E, which seems like an obvious first thing to do. If I hear anything back, I'll post here.

--Tom

That would be very much appreciated. Would be nice if we get this solved… I don't like the idea of my data moving around uncontrollably (yes… the internet, but I guess you know what I mean).

bernard75

legendary

Activity: 1316

Merit: 1003

Everybody gets different wallets, at least in my 2 cases.

Azzot88

newbie

Activity: 12

Merit: 0

Hi! Im received same email. I have account at BTC-E and i received this wallet to send 1GX1tPvy4Y3PUeHzzpvtkWeyzhskVKTpf6

What wallet you are received? Maybe we will find correlation between exchanges and wallets from scam emails?

bernard75

legendary

Activity: 1316

Merit: 1003

Yup, used it for btc24, too.
This dirtbag will do anything to pump the community...

GH

member

Activity: 117

Merit: 10

I received two mails. The sources of the recipient addresses are 100% clear in my case, as I also use one-time accounts.
First one was to my btcjam account, second one to bitcoin-24(!).

gbl08ma

sr. member

Activity: 306

Merit: 250

Donations: http://tny.im/nx

I too received the email (went into Gmail spam, with a note about being flagged as spam by other users but nothing about phishing). Just like others have reported, as far as the headers are concerned, it looks like it was sent by the legitimate Coinbase servers.
- The email address where I received the message was "leaked" by a stupid Bitcoin-related service some months ago when they sent an email to all of their users and put everyone's email in the "to" field (endless spam since then);
- I don't have a BTC-e account with this email address;
- I have a Coinbase account, with this email address, which I created for the sole purpose of receiving the free BTC they were giving away at launch, and is abandoned since then;
- I had a (never used) MtGox account on this email address.

Since there are people reporting to have received the phishing mail on a address used solely for BTC-E, but I don't have a BTC-E account on the address where I received it, probably whoever sent the emails is using a list built from various sources.

timeofmind

member

Activity: 84

Merit: 10

"Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 50.31.37.137 as permitted sender)"

Either coinbase mail server was used, or the their DNS server was accessed and SPF record altered.

to3m

newbie

Activity: 28

Merit: 0

Quote from: allyouracid on April 08, 2015, 03:51:14 PM

Quote from: to3m on April 08, 2015, 03:48:09 PM

I got one of these today. It was sent to my BTC-E email address. (I have my own domain, so I sign up with every service under a different email address.)

I wonder how they got hold of that?

--Tom

Very clever!
This would make the origin of the problem pretty much clear. On the other hand, while BTCe is a bit shady, I cannot explain how the connection to the mails being sent through coinbase servers can be drawn…

Yes, you're right - there are one or two very obvious explanations for this

But I have no opinion about what has actually happened here.

I've sent a support request to BTC-E, which seems like an obvious first thing to do. If I hear anything back, I'll post here.

--Tom

bernard75

legendary

Activity: 1316

Merit: 1003

Quote from: to3m on April 08, 2015, 03:48:09 PM

I got one of these today. It was sent to my BTC-E email address. (I have my own domain, so I sign up with every service under a different email address.)

I wonder how they got hold of that?

--Tom

Quote from: lexico on April 08, 2015, 03:20:26 PM

Never registered at coinbase.
The only btc related stuff I registered to with that email address is Bitcointalk, Localbitcoins and Kraken (and havent used these in more than a year).
So it is probably one of these that had their memberslist leaked/hacked.
(Or.. one of these fuckers sold their data)

I havent used this mail for any of those, including BTCJam.
I used it for Gox though.
It must be multiple sources.

allyouracid

legendary

Activity: 2321

Merit: 1292

Encrypted Money, Baby!

Quote from: to3m on April 08, 2015, 03:48:09 PM

I got one of these today. It was sent to my BTC-E email address. (I have my own domain, so I sign up with every service under a different email address.)

I wonder how they got hold of that?

--Tom

Very clever!
This would make the origin of the problem pretty much clear. On the other hand, while BTCe is a bit shady, I cannot explain how the connection to the mails being sent through coinbase servers can be drawn…

bernard75

legendary

Activity: 1316

Merit: 1003

Quote from: allyouracid on April 08, 2015, 03:47:30 PM

Quote from: lexico on April 08, 2015, 03:20:26 PM

got it too.
Never registered at coinbase.
The only btc related stuff I registered to with that email address is Bitcointalk, Localbitcoins and Kraken (and havent used these in more than a year).
So it is probably one of these that had their memberslist leaked/hacked.
(Or.. one of these fuckers sold their data)

I am registered here (as you can see), but they don't have my first- and/or lastname, I think. I might have an account at localbitcoins, maybe with my name. I am not registered at Kraken.

Was there anything else? BTCJam maybe? Or any other exchange, Mt.Gox maybe? Their database is publicly available.

Goxed again. Angry

to3m

newbie

Activity: 28

Merit: 0

I got one of these today. It was sent to my BTC-E email address. (I have my own domain, so I sign up with every service under a different email address.)

I wonder how they got hold of that?

--Tom

allyouracid

legendary

Activity: 2321

Merit: 1292

Encrypted Money, Baby!

Quote from: lexico on April 08, 2015, 03:20:26 PM

got it too.
Never registered at coinbase.
The only btc related stuff I registered to with that email address is Bitcointalk, Localbitcoins and Kraken (and havent used these in more than a year).
So it is probably one of these that had their memberslist leaked/hacked.
(Or.. one of these fuckers sold their data)

I am registered here (as you can see), but they don't have my first- and/or lastname, I think. I might have an account at localbitcoins, maybe with my name. I am not registered at Kraken.

Was there anything else? BTCJam maybe? Or any other exchange, Mt.Gox maybe? Their database is publicly available.

lexico

newbie

Activity: 32

Merit: 0

Quote from: OnkelPaul on April 08, 2015, 03:41:07 PM

...

mine looks the same.

hacked user account ([email protected]) is an option.
Still the question of how they got my emailaddress.

OnkelPaul

legendary

Activity: 1039

Merit: 1005

Extremely interesting - they seem to be using coinbase's mail infrastructure, here are some headers from the mail that I got:
Received: from o1.em.coinbase.com (o1.em.coinbase.com [50.31.37.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by xxx (mail service) with ESMTPS id xxxx for ; Wed, 8 Apr 2015 xx:xx:xx +xxxx (xxx) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=coinbase.com; h=content-type:mime-version:content-transfer-encoding:from:to:subject; s=smtpapi; bh=xxxx; b=xxxx Received: by filterxxx.sendgrid.net with SMTP id filterxxxx 2015-04-08 xx:xx:xx.xxxxxxxx +0000 UTC Received: from xxxx (unknown [5.101.xx.xx]) by ismtpd-008 (SG) with HTTP id xxxx for ; Wed, 08 Apr 2015 xx:xx:xx +0000 (UTC)
(xxx'd all identifying information)

Maybe a hacked coinbase employee mail account?
The original source of the HTTP request is a DigitalOcean IP address, presumably a VPS. I don't know whether the whole run was sent from that IP, if it was, xxxing does not make much sense of course as it is not specific to me.

Onkel Paul

lexico

newbie

Activity: 32

Merit: 0

Quote from: erik__ on April 08, 2015, 03:31:50 PM

Received it on my gmail account. Obvious scam. The only thing I wonder about is how it managed to dodge Google's spam/scam filters.

Check the email headers.
I don't know how DNS spoofing/hacking works, so I cant tell the details, But from here it it looks like this actually comes from coinbase servers.

erik__

newbie

Activity: 38

Merit: 0

Received it on my gmail account. Obvious scam. The only thing I wonder about is how it managed to dodge Google's spam/scam filters.

bernard75

legendary

Activity: 1316

Merit: 1003

Quote from: lexico on April 08, 2015, 03:20:26 PM

Never registered at coinbase.
The only btc related stuff I registered to with that email address is Bitcointalk, Localbitcoins and Kraken (and havent used these in more than a year).
So it is probably one of these that had their memberslist leaked/hacked.
(Or.. one of these fuckers sold their data)

I havent used this mail for any of those.

crazyivan

legendary

Activity: 1652

Merit: 1007

DMD Diamond Making Money 4+ years! Join us!

100% scam. I guess we have all registered for something and its not coinbase. Can anyone guess what that might be?

dboldt

newbie

Activity: 6

Merit: 0

I used to get a lot of random 1 satashi deposits from people I didn't know. I think if someone sends you BTC on coinbase they can then see your email address and username. I suspect someone sent out millions of 'free' satashis to harvest their email addresses and usernames.

Topic: Coinbase Investment fund email? - page 2. (Read 4957 times)