Pages:
Author

Topic: Coinpayments robbed (Read 649 times)

newbie
Activity: 10
Merit: 0
August 22, 2018, 12:48:46 PM
#49
You cannot directly blame coin payment for your loss without any proof. It is very easier for a hacker to access details from your computer with a hidden Remote administration tool. A java virus can remains undetectable for a couple of weeks stealing data from your computer checking your emails, etc just because you click a button on some unsafe site. Keeping your Antivirus updated will reduce the chances of attack on your devices.


Great wisdom kind sir
full member
Activity: 1330
Merit: 147
August 18, 2018, 05:58:27 AM
#48
Hacker logged in to my account even I have 2FA there. Also I never received withdraw confirmation to email for those withdrawals. I sent ticket, but no reply yet.
I just wondering, is 2FA work with well? 2FA will give a message to email or your phone, have you received it?

If there is no notice at all, either through your phone or via email, I am not sure that the 2FA you have is going well.
hero member
Activity: 966
Merit: 513
August 02, 2018, 09:43:10 AM
#47
Never keep your funds in an online wallet. In crypto there is an unwritten - Any online wallet will eventually get hacked !

Use hardware wallets like ledger/trezor to store your wallet. Use direct to wallet services like blockonomics to accept crypto

Coinpayments are available on Android platform as well. If you access the web wallet you may be access you wallet with the incorrect web wallet link as well. This is the biggest trouble on accessing wallet for many people.

Kindly ignore the web wallet if you careless person. If not no problem still you can continue to use the web wallet buddy. Kindly have the private key secured wallet for your own safety.
hero member
Activity: 692
Merit: 569
August 01, 2018, 02:12:16 AM
#46
Never keep your funds in an online wallet. In crypto there is an unwritten - Any online wallet will eventually get hacked !

Use hardware wallets like ledger/trezor to store your wallet. Use direct to wallet services like blockonomics to accept crypto
hero member
Activity: 1568
Merit: 544
June 17, 2018, 06:34:09 AM
#45
I didnt noticed anything strange yet but would assume all wallets would be empty from all users if its a exit scam/hack.
Will keep a eye out on the matter.
member
Activity: 392
Merit: 39
May 30, 2018, 05:34:35 PM
#44
First of all I'm sorry for your lost.
Well this is strange, it's kinda impossible for the hackers to pass the 2fa unless they got your email or phone. I'm using coinpayment too but I only enabled the email verification and I'm using a dynamic IP so every time I login to the site I have to confirm that I'm the owner of the account, well pretty safe isn't it? This is why I'm scared, storing crypto on exchange.
Actually I have seen a lot of reports by other forum members (who used a phone as a 2FA device) that their accounts were hacked. Usually it goes like that: (1) the phone is hacked and then (2) the user user logs into the exchange effectively compromising both authenticating factors.

Because then the 2FA code is sent to the same device, you see, the hacker at that point has got your both authentiacation factors!
member
Activity: 322
Merit: 21
May 29, 2018, 04:57:34 AM
#43
You cannot directly blame coin payment for your loss without any proof. It is very easier for a hacker to access details from your computer with a hidden Remote administration tool. A java virus can remains undetectable for a couple of weeks stealing data from your computer checking your emails, etc just because you click a button on some unsafe site. Keeping your Antivirus updated will reduce the chances of attack on your devices.
A big YES, its not always the online wallet nor exchanges website. Sometimes, it's the hidden hacking movement on your computer and emails. Unfortunately, you encounter those kind of problems so learn from it, avoid risky website and update your anti-virus always.
legendary
Activity: 1018
Merit: 1000
May 28, 2018, 06:09:53 AM
#42
You cannot directly blame coin payment for your loss without any proof. It is very easier for a hacker to access details from your computer with a hidden Remote administration tool. A java virus can remains undetectable for a couple of weeks stealing data from your computer checking your emails, etc just because you click a button on some unsafe site. Keeping your Antivirus updated will reduce the chances of attack on your devices.
hero member
Activity: 742
Merit: 500
May 25, 2018, 06:20:52 PM
#41
First of all I'm sorry for your lost.
Well this is strange, it's kinda impossible for the hackers to pass the 2fa unless they got your email or phone. I'm using coinpayment too but I only enabled the email verification and I'm using a dynamic IP so every time I login to the site I have to confirm that I'm the owner of the account, well pretty safe isn't it? This is why I'm scared, storing crypto on exchange.
sr. member
Activity: 290
Merit: 250
CoinPayments
May 24, 2018, 08:55:33 PM
#40
Ip whitelisting sounds like an effective way to protect valuables but the problem comes when you using a dynamic ip and you need to confirm your activities every time you try to login to get access which grows to a pen in the butt

For IP Whitelisting I'm talking about API keys, generally you would be using these on a server and their IPs usually don't change.
legendary
Activity: 1372
Merit: 1027
Dump it!!!
May 23, 2018, 02:08:19 PM
#39
Don't know how much you lost but these are issues Coinpayments needs to put some keen interest into as this will dent their reputation.

And according to the OPs narration of how he lost his coins it's no rocket science that this has inside job written all over it unless hackers have gotten more sophisticated to pull this one off and Afaik I believed they are the payment processors that were supposed to be challenging competitors like bitpay
-snip-

TLDR: For best results enable Google Authenticator/TOTP, if using API keys only enable permissions you need and IP whitelist and set limits if possible, if running your own server/software make sure you know how to secure your system.

Ip whitelisting sounds like an effective way to protect valuables but the problem comes when you using a dynamic ip and you need to confirm your activities every time you try to login to get access which grows to a pen in the butt
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
May 23, 2018, 05:50:42 AM
#38

When I visit your link about " Can Two-Factor Authentication be hacked? " , . It seems that 2FA is not easy to find a glitch or even the author tell that " it is worth using to greatly increase the security of the digital assets it protects.". That's why most of online wallet is recommended to use the 2FA security ( for example HITbtc and many more).

2FA is just additional security, but also every user need to protect his account with unique&strong password, but e-mail account should also have same kind of password (not identical of course). I think you should read better that article, 8 possible ways are mentioned for 2FA can be compromised. Users often do not take seriously security of their smartphones, and that's something all need to pay attention these days.
member
Activity: 322
Merit: 21
May 23, 2018, 01:17:58 AM
#37
Hello.

I noticed that someone stole bitcoin and litecoin from my 2 coinpayments wallet. Luckily, I transferring money from there almost daily so, stolen amount is not so high but still it makes me angry.

Hacker logged in to my account even I have 2FA there. Also I never received withdraw confirmation to email for those withdrawals. I sent ticket, but no reply yet.

One friend of mine also have same issue.

After XRP last year, seems like they leaking again.

Anybody else have same issue? Should we stop trust them?

Kind Regards,
Edin

Maybe some can say that I am not objective on this issue as I promote CoinPayments, but if there is a serious security breach in their system then there would be a lot more such threads. However, if your coins are missing from your account you have the right to seek explanation from CP and get answer how did this happen. I hope you get the answer as soon as possible and that you will post that info here.

You also need to know that 2FA is not 100% safe, and that hackers have ways to use 2FA against users, see this example of 2FA Hacking Coinbase or Ways To Hack 2FA

Also consider is there any possibility that you use very weak password for CP account, or did you use same password on some other service/site maybe?
When I visit your link about " Can Two-Factor Authentication be hacked? " , . It seems that 2FA is not easy to find a glitch or even the author tell that " it is worth using to greatly increase the security of the digital assets it protects.". That's why most of online wallet is recommended to use the 2FA security ( for example HITbtc and many more).
sr. member
Activity: 290
Merit: 250
CoinPayments
May 22, 2018, 06:17:26 PM
#36
Yep, the most common things we see are:

1) The user's email gets hacked, then the hacker just logs in if the password is the same or does a password reset since they have access to the email. If the user enables Google Authenticator/TOTP it would prevent this from working. A lot of the time they delete the emails afterwards to the user doesn't get tipped off too fast they were hacked.

2) Leaked API keys with 'auto_confirm' permission enabled. This usually comes from people's servers or software having vulnerabilities; a lot of the time especially on more questionable sites they are using pirated (aka "nulled") scripts with backdoors and such in them.

TLDR: For best results enable Google Authenticator/TOTP, if using API keys only enable permissions you need and IP whitelist and set limits if possible, if running your own server/software make sure you know how to secure your system.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
May 22, 2018, 07:29:20 AM
#35
Hello.

I noticed that someone stole bitcoin and litecoin from my 2 coinpayments wallet. Luckily, I transferring money from there almost daily so, stolen amount is not so high but still it makes me angry.

Hacker logged in to my account even I have 2FA there. Also I never received withdraw confirmation to email for those withdrawals. I sent ticket, but no reply yet.

One friend of mine also have same issue.

After XRP last year, seems like they leaking again.

Anybody else have same issue? Should we stop trust them?

Kind Regards,
Edin

Maybe some can say that I am not objective on this issue as I promote CoinPayments, but if there is a serious security breach in their system then there would be a lot more such threads. However, if your coins are missing from your account you have the right to seek explanation from CP and get answer how did this happen. I hope you get the answer as soon as possible and that you will post that info here.

You also need to know that 2FA is not 100% safe, and that hackers have ways to use 2FA against users, see this example of 2FA Hacking Coinbase or Ways To Hack 2FA

Also consider is there any possibility that you use very weak password for CP account, or did you use same password on some other service/site maybe?
sr. member
Activity: 290
Merit: 250
CoinPayments
May 20, 2018, 10:17:28 AM
#34
It's a brand new account, I doubt its the real Coinpayments account, it is easy to impersonate someone over the internet Roll Eyes

It is a real account, yes.
hero member
Activity: 714
Merit: 528
May 19, 2018, 10:53:28 PM
#33
Hacking coinpayments Wallet is no easy job ..
I think this is something grave since coinpayments is more or less Preety secure ... But day to day we are hearing news like these and the biggest companies are getting robbed thus I think the hackers might have something new that we know nothing about.
If this is the case, there would be news all over the internet because a security vulnerability that lets a hacker bypass 2FA can be used not just on Coinpayments.
This is more like an inside job, I would suggest for OP to move his coins and to not use Coinpayments anymore.

I take it that OP are selling items and using CoinPayments as his Processors, correct?
It'd be better to start using Open Source Payment Gateway, setting it up for the first time takes time and effort, but it is highly customizable and secure as the codes are being maintained by the community Smiley

The fact that CoinPayments responded on this thread is a really good sign. Do contact support and PM your support ticket, like they asked. I hope you get this resolved promptly. And then be sure to take all reasonable security precautions for your account.
It's a brand new account, I doubt its the real Coinpayments account, it is easy to impersonate someone over the internet Roll Eyes
sr. member
Activity: 290
Merit: 250
CoinPayments
May 19, 2018, 05:32:34 PM
#32
I have seen some thread says that payments are repaid to the people who have lost the money with the coinpayments wallet mate. Still you does not get the payment back from the team.
As pugman said you need to open the thread on scam and acussation section to report they are not else you can pm to Lauda. She can bael to direct the right person on that coinpayments team.

You are thinking of the bug that let people overdraw XRP, those funds were fully repaid to the users since that was an issue on our end.
full member
Activity: 532
Merit: 103
May 19, 2018, 02:59:22 PM
#31
Coin payments should be help responsible for this, if you have done everything right. Open a scam accusation, post up enough proof, otherwise it's just your word against theirs.
Do contact their support before accusing them of anything.

I have seen some thread says that payments are repaid to the people who have lost the money with the coinpayments wallet mate. Still you does not get the payment back from the team.
As pugman said you need to open the thread on scam and acussation section to report they are not else you can pm to Lauda. She can bael to direct the right person on that coinpayments team.
legendary
Activity: 1806
Merit: 1029
May 18, 2018, 11:01:59 PM
#30
The fact that CoinPayments responded on this thread is a really good sign. Do contact support and PM your support ticket, like they asked. I hope you get this resolved promptly. And then be sure to take all reasonable security precautions for your account.
Pages:
Jump to: