Topic: FreeBitco.in-$200 FreeBTC⭐Win Lambo🔥0.2BTC DailyJackpot🏆$32,500 Wager Contest - page 145. (Read 566340 times)

I did not know exchanges that allow to set up 3 confirmations together for account security and withdrawals, what I know is you can choose confirmation code through: emails and 2FA.

2FA itself can be a code from an authentication application or SMS code/ Telegram.

Did I miss something like three layers of protections, not 2 layers?

Maybe they wanted to avoid people being locked out if they've lost their email box password or if their email account has been closed for inactivity or something else. I don't know. On some exchanges you can cumulate up to 3 confirmation options : 2FA code, link through email and code through SMS or Telegram. Unfortunately, if you've enabled the 3 options together and you've lost access to one of them, you won't be able to withdraw your funds anymore. They maybe wanted to avoid that. Anyway, now we've seen that hackers are attacking users' deposits and withdrawals through malicious scripts or through other ways, they should at least add an option allowing it IMO.

I guess the support won't help me. It turns out that fbc has problems with depositing and withdrawing funds on its side and does not want to correct its mistakes. I guess my money went to them forever. The moderator should change this project as a scam

Yes. I always receive a payment sent confirmation email with or without 2FA.

I think the payment request confirmation email should be sent regardless whether 2FA is enabled or not.

The payment request confirmation email provides an additional layer of security to accounts that have not opted to enable 2FA.

I don't understand why this layer is removed for accounts that have 2FA enabled.

Thanks, I was just wondering about slaman29 saying "I can confirm if you don't use 2FA you won't get a confirmation email..." but I'm now thinking it's probably as Saint-loup suggests that "maybe he made a mistake when he wrote his message and he wanted to say the opposite instead?"

If what exactly makes a difference? You using a slow withdrawal option or that you receive a payment request confirmation?

Anyways, sorry if I misunderstood you though, but if what you are asking is if you using a slow option in your withdrawal request makes a any difference, then you should be rest assured that it does definitely, the slow option simply means that you will be charged less bitcoins as withdrawal fees, which is used to settle the bitcoin miners for a confirmation of your transaction, but also on the other hand, it also means that you transaction will stay on the blockchain a bit longer before it gets confirmed; which is as a result of the low fees you paid for a confirmation.
So, in other words, we can say that, the higher the fees you pay, the faster your transaction get confirmed on the blockchain as soon as when the site processes and sends the transaction, and then, the lower the fees, the more time it will take to get the transaction confirmed after the site processes and sends the transaction.
Hope this makes sense though.

I'm surprised too, but maybe he made a mistake when he wrote his message and he wanted to say the opposite instead? It works in the same way as you, for me. Except I receive a "payment" email once the withdrawal has been processed including a link towards the transaction, even when the 2FA option is enabled. So if a hacker manages to withdraw my funds to any address I would see it in my email box at least, even if it's too late to do something against it (if the system is still working normally though).

Same here, I tried a couple of withdrawals recently using 2fa and just got the notification at the top of several Freebitco pages of a pending withdrawal

I used the slow option so I was wondering if that makes a difference, doubt it though.

3-4-5 SUPER BONANZA is LIVE for 48 hours!

Get 3x Golden Tickets, 4x Lottery Tickets, and 5x Reward Points for your wagers!

3X GOLDEN TICKETS: Get 3 times the Golden Tickets every time you wager or bet a total of 500,000 satoshi (0.005 BTC)

4X LOTTERY TICKETS: Earn 4 Lottery Tickets for every single one you earn through Multiply BTC or Betting and Win $7,500 this Sunday

5X REWARD POINTS: Get 5 Reward Points for Each Earned via Multiply BTC or Betting. Choose between Exciting Prizes or BTC Conversion

What?

You are contradicting what Saint-loup, BayAreaCoins and myself have said.

Either you are wrong or we're all wrong.

Alternatively, 2FA on freebitco.in works differently for different users.

I always receive a payment request confirmation email when 2FA is NOT enabled.

I did NOT receive a payment request confirmation email when 2FA was enabled.

So does your account work differently to mine

Fair donation? Sorry, thank you!

Bitcoin: bc1qry0a98az7xlm452z36p8xxzzwmwp785w5hrjmj

Legacy bitcoin address: 19WMiXxQtBNaEYdPj97teDu9YfbxGs9aK8

Peace and love for community.

I can confirm if you don't use 2FA you won't get a confirmation email, your withdraw gets right into the line and you wait. Usually around 15 minutes or faster if you choose instant like I always do.

And if you think this makes it easier to hack, bear in mind that my account had an unauthorized withdrawal several years ago WITHOUT 2FA, and WITHOUT email confirmation.

I use different password on email, and I saw it was never accessed, never got the email, so I never clicked confirm.

So trust me you want to use 2FA.

Also can all you guys please stop quoting the whole chat when you quote? Especially Stake guys you should know better

I'm joining you.
Send my funds to
bc1qncasm898lfrjmzks4aa69nv5td5khp4ek3jf6c
User ID 4548360

We could report it to the Federal Trade Commission (FTC) at www.reportfraud.ftc.gov. They specialize in investigating allegations related to consumer fraud, including fraud involving cryptocurrency exchanges or financial servicces we may also file a complaint with  local or state Consumer Protection Agency to bring the issue to their attention. Local or state law enforcement may also be interested in this type of matter, so we could report our concerns to their fraud or cybercrime units.

Actually I'm gonna do just that if I don't get my wager prize, hardware wallet, or reward points back in no more than 2 days this is absolutely ridiculous and if Quinn has to sit in prison for awhile so be it im tired of trying to track this man down  I'm serious Quinn you know what's going on and your hiding in the shadows but the light of justice will expose this darkness you chose to allow. 2 days Quinn.

USER ID 53314860

And I want my funds sent to this address


bc1q6rj7z0h5h7vnylk3t6k0hptlh69cqqdkrepfnn

If what you are saying is true then my freebitco.in account could be more vulnerable to an attack with 2FA enabled.

When 2FA was NOT enabled I was simply able to ignore the unauthorised payment request confirmation email and the bitcoin was refunded back to my account after an hour.

It's important to keep in mind that I had NOT made a payment request, so the attackers were able to trigger a payment request without any action on my part.

This happened immediately after I received an email notification that I had won tenth place in the referral wagering contest. I believe the attackers may have been using the wagering contest results to target contest winners.

Only after changing my password and enabling 2FA did I attempt a withdrawal. The attackers somehow managed not only to change the destination Bitcoin address, but also the withdrawal amount. Additionally, it seems they were able to hide the pending withdrawal notification on the freebitco.in site.

In summary, the attackers can hijack or trigger a payment request with or without any user interaction. They can set or change the destination Bitcoin address and the withdrawal amount with or without any user interaction. With 2FA enabled we do not receive a payment request confirmation email.

Note that if the attackers can change a withdrawal destination address then it is likely that they can also change a deposit destination address too.

Given the current situation, it is no longer safe to deposit or withdraw from freebitco.in

It may seem that my account could be less vulnerable with 2FA disabled as long as I do not attempt a withdrawal or confirm any unauthorised payment requests.

Without any further advice from support I am tempted to consider that my account may be more secure with 2FA disabled. However, this may allow the attackers to change my email or other personal info on my profile.

I'm damned if I do and damned if I don't.

The same thing that happened to @BayAreaCoins also happened to me. I responded to the situation exactly as he did

Until this situation is resolved and in light of other forum topics talking about the possibility that the freebitco.in html code has been infected with a malicious JavaScript (cash travel) I think my only option at this stage is to go to site settings and block JavaScript.

Unfortunately, with JavaScript disabled, i am unable to do anything with the site. The site menu doesn't work. The faucet doesn't work. Nothing works.

I don't have the tools, knowledge or skills to sniff packets, but I'm sure there are members and developers on this forum that do

It looks like fbc has been hacked or it's their serious internal site error. The saddest thing is that support is not responding in all sources

Same here, I was playing HI/LO, and suddenly my balance went to 0.
I checked my emails, and I received this withdrawal confirmation, which I did not make, and to an unknown address:



Since I did not confirm, the payment was canceled and returned to my balance:


I changed my password, and enabled 2FA.

One day later, I decided to withdraw my entire balance, with the Instant option, using the address on my profile.
I did not receive a confirmation email, and the withdrawal was made direct, again to the unknown address, this is where I lost everything:



The strange thing is that this unknown address also appears in my deposit address:



ID: 51895659

I checked on two smartphones and this deposit address is available on all my devices. I checked this malicious script in my browser's log and it was not detected. Obviously, the money went to the fbc address, but for some reason they do not credit it to my balance. My account balance is still not credited and support continues to be unresponsive.
I took two screenshots from two of my smartphones.
I am waiting for a response from the support...

The email is definitely from FreeBitco.in.  

This is when it was canceled.






The account didn't have 2fa.  I installed that while waiting for the first withdrawal attempt to expire.

This was my first 2fa withdraw.  Normally, if I withdraw to my account on file (which is what I did), it doesn't even require an email.  It did however require 2fa.

I never received a second email attempting to withdraw to the hackers address... just the email saying it was sent.






It has to be FreeBitcoin's side + a targeted hack because why would I get pwned along with all these other folks, but not on 4/10 or 4/11...?

I didn't copy/paste an address or anything.  I clicked "Use Profile Address".