Coinpayments robbed | Bitcointalksearch.org

CoinPayments

newbie

Activity: 10

Merit: 0

Quote from: vite on May 28, 2018, 07:09:53 AM

You cannot directly blame coin payment for your loss without any proof. It is very easier for a hacker to access details from your computer with a hidden Remote administration tool. A java virus can remains undetectable for a couple of weeks stealing data from your computer checking your emails, etc just because you click a button on some unsafe site. Keeping your Antivirus updated will reduce the chances of attack on your devices.

Great wisdom kind sir

Ridwan Fauzi

full member

Activity: 1330

Merit: 147

Quote from: eduardo001 on May 15, 2018, 12:53:41 AM

Hacker logged in to my account even I have 2FA there. Also I never received withdraw confirmation to email for those withdrawals. I sent ticket, but no reply yet.

I just wondering, is 2FA work with well? 2FA will give a message to email or your phone, have you received it?

If there is no notice at all, either through your phone or via email, I am not sure that the 2FA you have is going well.

solarion

hero member

Activity: 966

Merit: 513

Quote from: btc_enigma on August 01, 2018, 03:12:16 AM

Never keep your funds in an online wallet. In crypto there is an unwritten - Any online wallet will eventually get hacked !

Use hardware wallets like ledger/trezor to store your wallet. Use direct to wallet services like blockonomics to accept crypto

Coinpayments are available on Android platform as well. If you access the web wallet you may be access you wallet with the incorrect web wallet link as well. This is the biggest trouble on accessing wallet for many people.

Kindly ignore the web wallet if you careless person. If not no problem still you can continue to use the web wallet buddy. Kindly have the private key secured wallet for your own safety.

btc_enigma

hero member

Activity: 688

Merit: 565

Never keep your funds in an online wallet. In crypto there is an unwritten - Any online wallet will eventually get hacked !

Use hardware wallets like ledger/trezor to store your wallet. Use direct to wallet services like blockonomics to accept crypto

klaaas

hero member

Activity: 1568

Merit: 544

I didnt noticed anything strange yet but would assume all wallets would be empty from all users if its a exit scam/hack.
Will keep a eye out on the matter.

Pan Troglodytes

member

Activity: 392

Merit: 39

Quote from: dollarneed on May 25, 2018, 07:20:52 PM

First of all I'm sorry for your lost.
Well this is strange, it's kinda impossible for the hackers to pass the 2fa unless they got your email or phone. I'm using coinpayment too but I only enabled the email verification and I'm using a dynamic IP so every time I login to the site I have to confirm that I'm the owner of the account, well pretty safe isn't it? This is why I'm scared, storing crypto on exchange.

Actually I have seen a lot of reports by other forum members (who used a phone as a 2FA device) that their accounts were hacked. Usually it goes like that: (1) the phone is hacked and then (2) the user user logs into the exchange effectively compromising both authenticating factors.

Because then the 2FA code is sent to the same device, you see, the hacker at that point has got your both authentiacation factors!

nniecan001

member

Activity: 322

Merit: 21

Quote from: vite on May 28, 2018, 07:09:53 AM

You cannot directly blame coin payment for your loss without any proof. It is very easier for a hacker to access details from your computer with a hidden Remote administration tool. A java virus can remains undetectable for a couple of weeks stealing data from your computer checking your emails, etc just because you click a button on some unsafe site. Keeping your Antivirus updated will reduce the chances of attack on your devices.

A big YES, its not always the online wallet nor exchanges website. Sometimes, it's the hidden hacking movement on your computer and emails. Unfortunately, you encounter those kind of problems so learn from it, avoid risky website and update your anti-virus always.

vite

legendary

Activity: 1018

Merit: 1000

You cannot directly blame coin payment for your loss without any proof. It is very easier for a hacker to access details from your computer with a hidden Remote administration tool. A java virus can remains undetectable for a couple of weeks stealing data from your computer checking your emails, etc just because you click a button on some unsafe site. Keeping your Antivirus updated will reduce the chances of attack on your devices.

dollarneed

hero member

Activity: 742

Merit: 500

First of all I'm sorry for your lost.
Well this is strange, it's kinda impossible for the hackers to pass the 2fa unless they got your email or phone. I'm using coinpayment too but I only enabled the email verification and I'm using a dynamic IP so every time I login to the site I have to confirm that I'm the owner of the account, well pretty safe isn't it? This is why I'm scared, storing crypto on exchange.

MrData

sr. member

Activity: 290

Merit: 250

CoinPayments

Quote from: Zicadis on May 23, 2018, 03:08:19 PM

Ip whitelisting sounds like an effective way to protect valuables but the problem comes when you using a dynamic ip and you need to confirm your activities every time you try to login to get access which grows to a pen in the butt

For IP Whitelisting I'm talking about API keys, generally you would be using these on a server and their IPs usually don't change.

Zicadis

legendary

Activity: 1386

Merit: 1027

Dump it!!!

Don't know how much you lost but these are issues Coinpayments needs to put some keen interest into as this will dent their reputation.

And according to the OPs narration of how he lost his coins it's no rocket science that this has inside job written all over it unless hackers have gotten more sophisticated to pull this one off and Afaik I believed they are the payment processors that were supposed to be challenging competitors like bitpay

Quote from: MrData on May 22, 2018, 07:17:26 PM

-snip-

TLDR: For best results enable Google Authenticator/TOTP, if using API keys only enable permissions you need and IP whitelist and set limits if possible, if running your own server/software make sure you know how to secure your system.

Ip whitelisting sounds like an effective way to protect valuables but the problem comes when you using a dynamic ip and you need to confirm your activities every time you try to login to get access which grows to a pen in the butt

Lucius

legendary

Activity: 3220

Merit: 5630

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: nniecan001 on May 23, 2018, 02:17:58 AM

When I visit your link about " Can Two-Factor Authentication be hacked? " , . It seems that 2FA is not easy to find a glitch or even the author tell that " it is worth using to greatly increase the security of the digital assets it protects.". That's why most of online wallet is recommended to use the 2FA security ( for example HITbtc and many more).

2FA is just additional security, but also every user need to protect his account with unique&strong password, but e-mail account should also have same kind of password (not identical of course). I think you should read better that article, 8 possible ways are mentioned for 2FA can be compromised. Users often do not take seriously security of their smartphones, and that's something all need to pay attention these days.

nniecan001

member

Activity: 322

Merit: 21

Quote from: Lucius on May 22, 2018, 08:29:20 AM

Quote from: eduardo001 on May 15, 2018, 12:53:41 AM

Hello.

I noticed that someone stole bitcoin and litecoin from my 2 coinpayments wallet. Luckily, I transferring money from there almost daily so, stolen amount is not so high but still it makes me angry.

Hacker logged in to my account even I have 2FA there. Also I never received withdraw confirmation to email for those withdrawals. I sent ticket, but no reply yet.

One friend of mine also have same issue.

After XRP last year, seems like they leaking again.

Anybody else have same issue? Should we stop trust them?

Kind Regards,
Edin

Maybe some can say that I am not objective on this issue as I promote CoinPayments, but if there is a serious security breach in their system then there would be a lot more such threads. However, if your coins are missing from your account you have the right to seek explanation from CP and get answer how did this happen. I hope you get the answer as soon as possible and that you will post that info here.

You also need to know that 2FA is not 100% safe, and that hackers have ways to use 2FA against users, see this example of 2FA Hacking Coinbase or Ways To Hack 2FA

Also consider is there any possibility that you use very weak password for CP account, or did you use same password on some other service/site maybe?

When I visit your link about " Can Two-Factor Authentication be hacked? " , . It seems that 2FA is not easy to find a glitch or even the author tell that " it is worth using to greatly increase the security of the digital assets it protects.". That's why most of online wallet is recommended to use the 2FA security ( for example HITbtc and many more).

MrData

sr. member

Activity: 290

Merit: 250

CoinPayments

Yep, the most common things we see are:

1) The user's email gets hacked, then the hacker just logs in if the password is the same or does a password reset since they have access to the email. If the user enables Google Authenticator/TOTP it would prevent this from working. A lot of the time they delete the emails afterwards to the user doesn't get tipped off too fast they were hacked.

2) Leaked API keys with 'auto_confirm' permission enabled. This usually comes from people's servers or software having vulnerabilities; a lot of the time especially on more questionable sites they are using pirated (aka "nulled") scripts with backdoors and such in them.

TLDR: For best results enable Google Authenticator/TOTP, if using API keys only enable permissions you need and IP whitelist and set limits if possible, if running your own server/software make sure you know how to secure your system.

Lucius

legendary

Activity: 3220

Merit: 5630

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: eduardo001 on May 15, 2018, 12:53:41 AM

Hello.

I noticed that someone stole bitcoin and litecoin from my 2 coinpayments wallet. Luckily, I transferring money from there almost daily so, stolen amount is not so high but still it makes me angry.

Hacker logged in to my account even I have 2FA there. Also I never received withdraw confirmation to email for those withdrawals. I sent ticket, but no reply yet.

One friend of mine also have same issue.

After XRP last year, seems like they leaking again.

Anybody else have same issue? Should we stop trust them?

Kind Regards,
Edin

Maybe some can say that I am not objective on this issue as I promote CoinPayments, but if there is a serious security breach in their system then there would be a lot more such threads. However, if your coins are missing from your account you have the right to seek explanation from CP and get answer how did this happen. I hope you get the answer as soon as possible and that you will post that info here.

You also need to know that 2FA is not 100% safe, and that hackers have ways to use 2FA against users, see this example of 2FA Hacking Coinbase or Ways To Hack 2FA

Also consider is there any possibility that you use very weak password for CP account, or did you use same password on some other service/site maybe?

MrData

sr. member

Activity: 290

Merit: 250

CoinPayments

Quote from: teddy5145 on May 19, 2018, 11:53:28 PM

It's a brand new account, I doubt its the real Coinpayments account, it is easy to impersonate someone over the internet Roll Eyes

It is a real account, yes.

teddy5145

hero member

Activity: 714

Merit: 528

Quote from: fiulpro on May 17, 2018, 12:26:47 PM

Hacking coinpayments Wallet is no easy job ..
I think this is something grave since coinpayments is more or less Preety secure ... But day to day we are hearing news like these and the biggest companies are getting robbed thus I think the hackers might have something new that we know nothing about.

If this is the case, there would be news all over the internet because a security vulnerability that lets a hacker bypass 2FA can be used not just on Coinpayments.
This is more like an inside job, I would suggest for OP to move his coins and to not use Coinpayments anymore.

I take it that OP are selling items and using CoinPayments as his Processors, correct?
It'd be better to start using Open Source Payment Gateway, setting it up for the first time takes time and effort, but it is highly customizable and secure as the codes are being maintained by the community

Quote from: wiser on May 19, 2018, 12:01:59 AM

The fact that CoinPayments responded on this thread is a really good sign. Do contact support and PM your support ticket, like they asked. I hope you get this resolved promptly. And then be sure to take all reasonable security precautions for your account.

It's a brand new account, I doubt its the real Coinpayments account, it is easy to impersonate someone over the internet Roll Eyes

MrData

sr. member

Activity: 290

Merit: 250

CoinPayments

Quote from: Sony.UK on May 19, 2018, 03:59:22 PM

I have seen some thread says that payments are repaid to the people who have lost the money with the coinpayments wallet mate. Still you does not get the payment back from the team.
As pugman said you need to open the thread on scam and acussation section to report they are not else you can pm to Lauda. She can bael to direct the right person on that coinpayments team.

You are thinking of the bug that let people overdraw XRP, those funds were fully repaid to the users since that was an issue on our end.

Sony.UK

full member

Activity: 532

Merit: 103

Quote from: pugman on May 18, 2018, 06:06:39 PM

Coin payments should be help responsible for this, if you have done everything right. Open a scam accusation, post up enough proof, otherwise it's just your word against theirs.
Do contact their support before accusing them of anything.

I have seen some thread says that payments are repaid to the people who have lost the money with the coinpayments wallet mate. Still you does not get the payment back from the team.
As pugman said you need to open the thread on scam and acussation section to report they are not else you can pm to Lauda. She can bael to direct the right person on that coinpayments team.

wiser

legendary

Activity: 1806

Merit: 1029

The fact that CoinPayments responded on this thread is a really good sign. Do contact support and PM your support ticket, like they asked. I hope you get this resolved promptly. And then be sure to take all reasonable security precautions for your account.

Topic: Coinpayments robbed (Read 613 times)