Pages:
Author

Topic: Freshmarket.co.in compromised and closing - page 7. (Read 9799 times)

RJX
legendary
Activity: 1078
Merit: 1003
February 05, 2014, 06:00:04 AM
#49
sent def-ender pm for refund.

hope i get it...
hero member
Activity: 588
Merit: 500
Will Bitcoin Rise Again to $60,000?
February 05, 2014, 05:57:15 AM
#48
Is this really the dev of the site?

Site has been up every time I have logged into it.

No mention of the hack on their tweet either.

We need to get some exchanges for new coins that are stable and secure like cryptsy and coinedup. Or have them speed up the process of adding new coins.

Edit: also there isn't even a single mention about this in coinmarket.io 's thread.

https://bitcointalk.org/index.php?topic=422153.2000
full member
Activity: 140
Merit: 100
February 05, 2014, 05:56:17 AM
#47

We had ~300 ltc on our exchange wallet, and had ~1000 on our cryptsy wallet (cuz it's obvously more safe than our exchange).


Pretty much this sums it all, about freshmarket exchange. Even dev's didn't believed in good security of own exchange.

OMG, probably users didn't know that, right?
It is named "cold wallet", and i think every exchange uses this. Sometimes on other exchanges, sometimes on local wallets.
Its a shame really.

I used to trade there and I hope I can get my coins back.

Def, bounce back strongly rather than shutting it down completely.
Even we will bounce back, it wouldn't happen in next few weeks.
I don't know what i'm gonna do now, but if devs will try to recover exchange, i want them to completely rewrite it.

If the site is down for sure users can't help you.
If we don't have any infos it is difficult.
Your admin is sleeping ? Zzzz^^

gradual leak of coin during time = account brute forced consecutively . no ?
Users have to knwow if they are concerned.
>gradual leak of coin during time = account brute forced consecutively . no ?
Yes, i was thinking about it. That's why we made email confirmation 2 days ago, but it seems that it was not enough
newbie
Activity: 9
Merit: 0
February 05, 2014, 05:55:46 AM
#46
Hello.
I have really bad news for you - our base, as i see, was partly compromised and leaked to unknown hacker. Today i received a message from him, and threat that all our money will be withdrawn if we wouldn't pay him 10 BTC. Even though we stored user passwords as hashes, some of them was decrypted and used to steal people's money. We temporarily closed (or closed forever?) to think what we can do to refund our customers money, at least partially. We have lost ~40% of LTC, LEAF and part of NYANcoin amount. Sometimes i like the idea when no other exchange accept any money we trade...
Thank you, hacker. You just killed one of the part of cryptoworld bright future.

Sad( i have batcoin in your site Sad its ~ 1m batcoins please give me back my account is atun92
sr. member
Activity: 364
Merit: 250
February 05, 2014, 05:54:16 AM
#45
Quote
Proof of hack please.

If he really wanted to scam peoples he would close the site and just disappear instead of trying to advertise peoples.
This topic itself should be the proof.

Good luck def, hope you'll bounce back.
Maybe he is hoping to collect 10BTC from the community to pay the hacker since he is broke. That would be an extra bonus to "hacking".
member
Activity: 64
Merit: 10
February 05, 2014, 05:51:02 AM
#44
Holy f*ing cow.... Just had 1 LTC there but it was still mine...

When do you expect to refund what's left???



sr. member
Activity: 403
Merit: 250
February 05, 2014, 05:46:23 AM
#43

We had ~300 ltc on our exchange wallet, and had ~1000 on our cryptsy wallet (cuz it's obvously more safe than our exchange).


Pretty much this sums it all, about freshmarket exchange. Even dev's didn't believed in good security of own exchange.

OMG, probably users didn't know that, right?
hero member
Activity: 644
Merit: 500
February 05, 2014, 05:45:04 AM
#42
there was attack on https://www.swisscex.com too
full member
Activity: 140
Merit: 100
February 05, 2014, 05:42:00 AM
#41
Its a shame really.

I used to trade there and I hope I can get my coins back.

Def, bounce back strongly rather than shutting it down completely.
Even we will bounce back, it wouldn't happen in next few weeks.
I don't know what i'm gonna do now, but if devs will try to recover exchange, i want them to completely rewrite it.
sr. member
Activity: 350
Merit: 250
February 05, 2014, 05:39:48 AM
#40
Its a shame really.

I used to trade there and I hope I can get my coins back.

Def, bounce back strongly rather than shutting it down completely.
full member
Activity: 140
Merit: 100
February 05, 2014, 05:38:27 AM
#39
Quote
Proof of hack please.

If he really wanted to scam peoples he would close the site and just disappear instead of trying to advertise peoples.
This topic itself should be the proof.

Good luck def, hope you'll bounce back.
Thanks, atleast i'll try. I already found ~50 ltc to add it to refund pool, but it's still not enough.
member
Activity: 118
Merit: 100
February 05, 2014, 05:38:01 AM
#38
so, we just got scammed again?

nothing new in the crypto world.

i welcome regulation of crypto exchanges. this is the place where the most vile hacking/scamming activity takes place.
full member
Activity: 140
Merit: 100
February 05, 2014, 05:35:22 AM
#37
Proof of hack please.

As mentioned emails with full headers.
Any server logs showing pertinent information to share with community so others can harden their exchanges.
Relevant blockchain entries.

The passwords could well have been brute forced the easy ones first. Most probably bluffing about taking monies as if I had access to all accounts I would empty all. Which will probably happen anyway given enough time to brute force passwords.

If genuine Im gutted fir you...


.

stop ignoring!!
give proofs or never happen
newbie
Activity: 42
Merit: 0
February 05, 2014, 05:33:14 AM
#36
Quote
Proof of hack please.

If he really wanted to scam peoples he would close the site and just disappear instead of trying to advertise peoples.
This topic itself should be the proof.

Good luck def, hope you'll bounce back.
full member
Activity: 140
Merit: 100
February 05, 2014, 05:31:09 AM
#35
Hm, maybe it was mistake. Some of them was DEcrypted by hacker. If you know hashed password, within 5-20 hours you can decrypt it into unencrypted one.


This is complete BS.

md5 passwords, if used in a right way, take years to decrypt.

Of course a password like 12345 can be decrypted in matter of seconds using rainbow tablets, but if this is the case, then it's a slap in the face for your to allow such passwords

OK lets say this is true..  Let me understand this.

You received a message form a hacker claiming he has hacked site and got passwords.  He has taken coins from a few accounts and asked you for 10 btw or you will loose rest.

HUMMM..  OK

Firstly why didn't the hacker just take everything and make more?  Hackers who steal are not nice people that will just say,..  ok just give me a little and ill leave you rest.

SO think for a second..  He claims to have decrypted hashed passwords ( I DONT THINK SO )

Is it not more likely someone has created 10 + accounts..  Deposited coins to all accounts..  Empited all those accounts and then pretended to be a hacker and blackmail you for btw?
>Firstly why didn't the hacker just take everything and make more?
Because we don't store everything in one wallet. We had ~300 ltc on our exchange wallet, and had ~1000 on our cryptsy wallet (cuz it's obvously more safe than our exchange).
Proof of hack please.
As mentioned emails with full headers.
Any server logs showing pertinent information to share with community so others can harden their exchanges.
Relevant blockchain entries.
The passwords could well have been brute forced the easy ones first. Most probably bluffing about taking monies as if I had access to all accounts I would empty all. Which will probably happen anyway given enough time to brute force passwords.
If genuine Im gutted fir you...


.
Just now i know one adress to which was withdrawn 0.4 and 0.8 ltc (we blocked it and in a few time there were support ticket 'why so long to withdraw' and after this - DONT WITHDRAW THIS IT IS NOT MY WALLET STOP IT). After it i don't know which wallet was really hacker's one, and which was real one.
After it i have support ticket from some guy with threat, and now - message from this guy in our btalk thread.
Just now that's all.
I will post logs as soon as admin gives it to me.
full member
Activity: 196
Merit: 100
CLOAKCOIN. NOBLECOIN. VERICOIN.
February 05, 2014, 05:29:55 AM
#34
Quote
Is it not more likely someone has created 10 + accounts..  Deposited coins to all accounts..  Empited all those accounts and then pretended to be a hacker and blackmail you for btw?


Great idea.. Wink
full member
Activity: 196
Merit: 100
CLOAKCOIN. NOBLECOIN. VERICOIN.
February 05, 2014, 05:25:47 AM
#33
Proof of hack please.

As mentioned emails with full headers.
Any server logs showing pertinent information to share with community so others can harden their exchanges.
Relevant blockchain entries.

The passwords could well have been brute forced the easy ones first. Most probably bluffing about taking monies as if I had access to all accounts I would empty all. Which will probably happen anyway given enough time to brute force passwords.

If genuine Im gutted fir you...


.
full member
Activity: 140
Merit: 100
February 05, 2014, 05:25:14 AM
#32
LMAO.  create exchange.  watch serious amount of funds come in in crypto coins.  use excuse site got hacked.  close site down.  cash in on coins.  What a way to rob people Smiley
Nice idea, but no. If we rob people - why do we even refund anything? Why just don't run with all funds?

Please post all logs here.

Hacker activity log from website.

Hacker message to you.

IP of hacker who sent message.

And logs of funds returned to people Smiley  If any have been returned.
We will start refunds in 2 hours, if we find enough sponsors to refund all.
Just now we have 75% of needed money.

OK explain something.

Hacker threatening to take all funds if you don't pay him.  So you come to a PUBLIC forum and announce it rather than..  QUICKLY returning coins to people before hacker gets chance to do anything.  COME ON pull the other one it has bells on it

How can i QUICKLY RETURN coins to people, if part of the IS LOST? Devs decided to stop engine to prevent further losses and refund everything manually. Was it a mistake? What should be a better way?

Hm, maybe it was mistake. Some of them was DEcrypted by hacker. If you know hashed password, within 5-20 hours you can decrypt it into unencrypted one.


This is complete BS.

md5 passwords, if used in a right way, take years to decrypt.

Of course a password like 12345 can be decrypted in matter of seconds using rainbow tablets, but if this is the case, then it's a slap in the face for your to allow such passwords
Seriously, i don't even know how we have been hacked. The man who did it showed up in our thread, said smth like 'i have stolen onle 250,you are scammers, i couldnt steal more than 300 cuz you doesn't had it on wallet' and dissapeared. He haven't shown how he did it, and i don't see any good auths in SSH/any shit that could help me understand.
I will post logs as soon as admin gives them to me. (I'm the support guy, not admin guy, unfortunately)
member
Activity: 70
Merit: 10
February 05, 2014, 05:24:54 AM
#31
Hm, maybe it was mistake. Some of them was DEcrypted by hacker. If you know hashed password, within 5-20 hours you can decrypt it into unencrypted one.


This is complete BS.

md5 passwords, if used in a right way, take years to decrypt.

Of course a password like 12345 can be decrypted in matter of seconds using rainbow tablets, but if this is the case, then it's a slap in the face for your to allow such passwords

OK lets say this is true..  Let me understand this.

You received a message form a hacker claiming he has hacked site and got passwords.  He has taken coins from a few accounts and asked you for 10 btw or you will loose rest.

HUMMM..  OK

Firstly why didn't the hacker just take everything and make more?  Hackers who steal are not nice people that will just say,..  ok just give me a little and ill leave you rest.

SO think for a second..  He claims to have decrypted hashed passwords ( I DONT THINK SO )

Is it not more likely someone has created 10 + accounts..  Deposited coins to all accounts..  Empited all those accounts and then pretended to be a hacker and blackmail you for btw?
hero member
Activity: 2086
Merit: 761
To boldly go where no rabbit has gone before...
February 05, 2014, 05:19:47 AM
#30
Hm, maybe it was mistake. Some of them was DEcrypted by hacker. If you know hashed password, within 5-20 hours you can decrypt it into unencrypted one.


This is complete BS.

md5 passwords, if used in a right way, take years to decrypt.

Of course a password like 12345 can be decrypted in matter of seconds using rainbow tablets, but if this is the case, then it's a slap in the face for your to allow such passwords
Pages:
Jump to: