sent def-ender pm for refund.
hope i get it...
Topic: Freshmarket.co.in compromised and closing - page 7. (Read 9787 times)
Is this really the dev of the site?
Site has been up every time I have logged into it.
No mention of the hack on their tweet either.
We need to get some exchanges for new coins that are stable and secure like cryptsy and coinedup. Or have them speed up the process of adding new coins.
Edit: also there isn't even a single mention about this in coinmarket.io 's thread.
https://bitcointalk.org/index.php?topic=422153.2000
Site has been up every time I have logged into it.
No mention of the hack on their tweet either.
We need to get some exchanges for new coins that are stable and secure like cryptsy and coinedup. Or have them speed up the process of adding new coins.
Edit: also there isn't even a single mention about this in coinmarket.io 's thread.
https://bitcointalk.org/index.php?topic=422153.2000
We had ~300 ltc on our exchange wallet, and had ~1000 on our cryptsy wallet (cuz it's obvously more safe than our exchange).
Pretty much this sums it all, about freshmarket exchange. Even dev's didn't believed in good security of own exchange.
OMG, probably users didn't know that, right?
Its a shame really.
I used to trade there and I hope I can get my coins back.
Def, bounce back strongly rather than shutting it down completely.
Even we will bounce back, it wouldn't happen in next few weeks.I used to trade there and I hope I can get my coins back.
Def, bounce back strongly rather than shutting it down completely.
I don't know what i'm gonna do now, but if devs will try to recover exchange, i want them to completely rewrite it.
If the site is down for sure users can't help you.
If we don't have any infos it is difficult.
Your admin is sleeping ? Zzzz^^
gradual leak of coin during time = account brute forced consecutively . no ?
Users have to knwow if they are concerned.
Yes, i was thinking about it. That's why we made email confirmation 2 days ago, but it seems that it was not enough
Hello.
I have really bad news for you - our base, as i see, was partly compromised and leaked to unknown hacker. Today i received a message from him, and threat that all our money will be withdrawn if we wouldn't pay him 10 BTC. Even though we stored user passwords as hashes, some of them was decrypted and used to steal people's money. We temporarily closed (or closed forever?) to think what we can do to refund our customers money, at least partially. We have lost ~40% of LTC, LEAF and part of NYANcoin amount. Sometimes i like the idea when no other exchange accept any money we trade...
Thank you, hacker. You just killed one of the part of cryptoworld bright future.
I have really bad news for you - our base, as i see, was partly compromised and leaked to unknown hacker. Today i received a message from him, and threat that all our money will be withdrawn if we wouldn't pay him 10 BTC. Even though we stored user passwords as hashes, some of them was decrypted and used to steal people's money. We temporarily closed (or closed forever?) to think what we can do to refund our customers money, at least partially. We have lost ~40% of LTC, LEAF and part of NYANcoin amount. Sometimes i like the idea when no other exchange accept any money we trade...
Thank you, hacker. You just killed one of the part of cryptoworld bright future.
( i have batcoin in your site its ~ 1m batcoins please give me back my account is atun92 Quote
Proof of hack please.
If he really wanted to scam peoples he would close the site and just disappear instead of trying to advertise peoples.
This topic itself should be the proof.
Good luck def, hope you'll bounce back.
Holy f*ing cow.... Just had 1 LTC there but it was still mine...
When do you expect to refund what's left???
When do you expect to refund what's left???
We had ~300 ltc on our exchange wallet, and had ~1000 on our cryptsy wallet (cuz it's obvously more safe than our exchange).
Pretty much this sums it all, about freshmarket exchange. Even dev's didn't believed in good security of own exchange.
OMG, probably users didn't know that, right?
there was attack on https://www.swisscex.com too
Its a shame really.
I used to trade there and I hope I can get my coins back.
Def, bounce back strongly rather than shutting it down completely.
Even we will bounce back, it wouldn't happen in next few weeks.I used to trade there and I hope I can get my coins back.
Def, bounce back strongly rather than shutting it down completely.
I don't know what i'm gonna do now, but if devs will try to recover exchange, i want them to completely rewrite it.
Its a shame really.
I used to trade there and I hope I can get my coins back.
Def, bounce back strongly rather than shutting it down completely.
I used to trade there and I hope I can get my coins back.
Def, bounce back strongly rather than shutting it down completely.
Quote
Proof of hack please.
If he really wanted to scam peoples he would close the site and just disappear instead of trying to advertise peoples.
This topic itself should be the proof.
Good luck def, hope you'll bounce back.
so, we just got scammed again?
nothing new in the crypto world.
i welcome regulation of crypto exchanges. this is the place where the most vile hacking/scamming activity takes place.
nothing new in the crypto world.
i welcome regulation of crypto exchanges. this is the place where the most vile hacking/scamming activity takes place.
Proof of hack please.
As mentioned emails with full headers.
Any server logs showing pertinent information to share with community so others can harden their exchanges.
Relevant blockchain entries.
The passwords could well have been brute forced the easy ones first. Most probably bluffing about taking monies as if I had access to all accounts I would empty all. Which will probably happen anyway given enough time to brute force passwords.
If genuine Im gutted fir you...
.
As mentioned emails with full headers.
Any server logs showing pertinent information to share with community so others can harden their exchanges.
Relevant blockchain entries.
The passwords could well have been brute forced the easy ones first. Most probably bluffing about taking monies as if I had access to all accounts I would empty all. Which will probably happen anyway given enough time to brute force passwords.
If genuine Im gutted fir you...
.
stop ignoring!!
give proofs or never happen
Quote
Proof of hack please.
If he really wanted to scam peoples he would close the site and just disappear instead of trying to advertise peoples.
This topic itself should be the proof.
Good luck def, hope you'll bounce back.
Hm, maybe it was mistake. Some of them was DEcrypted by hacker. If you know hashed password, within 5-20 hours you can decrypt it into unencrypted one.
This is complete BS.
md5 passwords, if used in a right way, take years to decrypt.
Of course a password like 12345 can be decrypted in matter of seconds using rainbow tablets, but if this is the case, then it's a slap in the face for your to allow such passwords
OK lets say this is true.. Let me understand this.
You received a message form a hacker claiming he has hacked site and got passwords. He has taken coins from a few accounts and asked you for 10 btw or you will loose rest.
HUMMM.. OK
Firstly why didn't the hacker just take everything and make more? Hackers who steal are not nice people that will just say,.. ok just give me a little and ill leave you rest.
SO think for a second.. He claims to have decrypted hashed passwords ( I DONT THINK SO )
Is it not more likely someone has created 10 + accounts.. Deposited coins to all accounts.. Empited all those accounts and then pretended to be a hacker and blackmail you for btw?
Because we don't store everything in one wallet. We had ~300 ltc on our exchange wallet, and had ~1000 on our cryptsy wallet (cuz it's obvously more safe than our exchange).
Proof of hack please.
As mentioned emails with full headers.
Any server logs showing pertinent information to share with community so others can harden their exchanges.
Relevant blockchain entries.
The passwords could well have been brute forced the easy ones first. Most probably bluffing about taking monies as if I had access to all accounts I would empty all. Which will probably happen anyway given enough time to brute force passwords.
If genuine Im gutted fir you...
.
Just now i know one adress to which was withdrawn 0.4 and 0.8 ltc (we blocked it and in a few time there were support ticket 'why so long to withdraw' and after this - DONT WITHDRAW THIS IT IS NOT MY WALLET STOP IT). After it i don't know which wallet was really hacker's one, and which was real one. As mentioned emails with full headers.
Any server logs showing pertinent information to share with community so others can harden their exchanges.
Relevant blockchain entries.
The passwords could well have been brute forced the easy ones first. Most probably bluffing about taking monies as if I had access to all accounts I would empty all. Which will probably happen anyway given enough time to brute force passwords.
If genuine Im gutted fir you...
.
After it i have support ticket from some guy with threat, and now - message from this guy in our btalk thread.
Just now that's all.
I will post logs as soon as admin gives it to me.
Quote
Is it not more likely someone has created 10 + accounts.. Deposited coins to all accounts.. Empited all those accounts and then pretended to be a hacker and blackmail you for btw?
Great idea..
Proof of hack please.
As mentioned emails with full headers.
Any server logs showing pertinent information to share with community so others can harden their exchanges.
Relevant blockchain entries.
The passwords could well have been brute forced the easy ones first. Most probably bluffing about taking monies as if I had access to all accounts I would empty all. Which will probably happen anyway given enough time to brute force passwords.
If genuine Im gutted fir you...
.
As mentioned emails with full headers.
Any server logs showing pertinent information to share with community so others can harden their exchanges.
Relevant blockchain entries.
The passwords could well have been brute forced the easy ones first. Most probably bluffing about taking monies as if I had access to all accounts I would empty all. Which will probably happen anyway given enough time to brute force passwords.
If genuine Im gutted fir you...
.
LMAO. create exchange. watch serious amount of funds come in in crypto coins. use excuse site got hacked. close site down. cash in on coins. What a way to rob people 
Nice idea, but no. If we rob people - why do we even refund anything? Why just don't run with all funds?Please post all logs here.
Hacker activity log from website.
Hacker message to you.
IP of hacker who sent message.
And logs of funds returned to people
If any have been returned.Just now we have 75% of needed money.
OK explain something.
Hacker threatening to take all funds if you don't pay him. So you come to a PUBLIC forum and announce it rather than.. QUICKLY returning coins to people before hacker gets chance to do anything. COME ON pull the other one it has bells on it
Hm, maybe it was mistake. Some of them was DEcrypted by hacker. If you know hashed password, within 5-20 hours you can decrypt it into unencrypted one.
This is complete BS.
md5 passwords, if used in a right way, take years to decrypt.
Of course a password like 12345 can be decrypted in matter of seconds using rainbow tablets, but if this is the case, then it's a slap in the face for your to allow such passwords
I will post logs as soon as admin gives them to me. (I'm the support guy, not admin guy, unfortunately)
Hm, maybe it was mistake. Some of them was DEcrypted by hacker. If you know hashed password, within 5-20 hours you can decrypt it into unencrypted one.
This is complete BS.
md5 passwords, if used in a right way, take years to decrypt.
Of course a password like 12345 can be decrypted in matter of seconds using rainbow tablets, but if this is the case, then it's a slap in the face for your to allow such passwords
OK lets say this is true.. Let me understand this.
You received a message form a hacker claiming he has hacked site and got passwords. He has taken coins from a few accounts and asked you for 10 btw or you will loose rest.
HUMMM.. OK
Firstly why didn't the hacker just take everything and make more? Hackers who steal are not nice people that will just say,.. ok just give me a little and ill leave you rest.
SO think for a second.. He claims to have decrypted hashed passwords ( I DONT THINK SO )
Is it not more likely someone has created 10 + accounts.. Deposited coins to all accounts.. Empited all those accounts and then pretended to be a hacker and blackmail you for btw?
Hm, maybe it was mistake. Some of them was DEcrypted by hacker. If you know hashed password, within 5-20 hours you can decrypt it into unencrypted one.
This is complete BS.
md5 passwords, if used in a right way, take years to decrypt.
Of course a password like 12345 can be decrypted in matter of seconds using rainbow tablets, but if this is the case, then it's a slap in the face for your to allow such passwords
Jump to: