Topic: [Guide] Bitcointalk account security (Read 2376 times)

Yes I was editing the OP, you were quick!  For now I added a note with links and eventually plan to revise the OP more when I have sufficient time.  Anyhow this is a good news for people whose accounts were hacked or locked.

Hi @sncc. I was wondering if you are planning to revise and adapt the content of your guide is sight of the resent procedure change, announced yesterday:
Recovering hacked/lost accounts.
Account recoveries are moving again.

Note: if you do, the forum recovery email changes over time, and @theymos indicated that it would be better to refer to the OP to retrieve the contact email each time: re:Account recoveries are moving again.

Good point, it is worthwhile to emphasize it.  Added in the OP.

Perhaps it would be interesting to add a warning in the OP in relation to Bitcointalk non-official apps that can be found either being promoted on this same forum, or on some online app stores such as Google Play. These apps are of potential high risk to one’s account credentials.

Good to know that, at least in the non-local board we do not have the issue.  However non-Cyrillic characters like

ą ç í î ị ň ṇ ö ó ọ ú

are not replaced and one needs to be careful about it.  They are actually different characters but still could be used for a similar kind of attack like the Binance phishing website, they are less dangerous than the previous ones though.  For example,

True https://bitcointalk.org/
Fake https://bitcoiṇtalk.org/ (link to google.com)

All homograph attacks should be automatically replaced on all non-local boards. This means fake links can still be posted in (for instance) a Russian thread.

Now it seems that
- (some?) homograph attacks are automatically replaced, and
- fake link is automatically replaced

Yes I was aware of your story.  It is a difficult issue whether the method should be disclosed or not, as the hackers will notice it as well.  Added a note to the OP.

I think it is a little bit off-topic as it is not related to the security of the Bitcointalk account.  Also, the collection of email addresses and personal data always happens for any kind of registration, not only bounties.  Focusing on the registration of Bitcointalk, the OP already recommended to use new email address.  Having said that I understand your concern and added a remark as a related topic. 

I wouldn't also , if i have to I make new email to register with them.
I think that warning about this should be included in original post, since a lot of users do not know this or just haven't thought about this problem.

Hi,

I was able to recover my account as well here: https://bitcointalksearch.org/topic/peter0425-account-hacked-4497259
The method I used was similar to Swenna (probably the same hacker) but prior to him/her spilling the beans.. I just didn't put in Meta how I recovered my account because I don't want the hacker/s to have a idea how I did it. But since Swenna reveal the method, (she/he did it in good faith though),I confirmed that its the step I took to get back my account, just saying.

This has happened in the past, and continues to happen today. These bounties are an easy way to collect data, because people are willing to put in anything for the promise of free coins. There's been numerous fake bounties in an attempt to farm user details from native users signing up to everything, and anything.

Honestly, I wouldn't trust half of them, and would be using a disposable email. But, that's just me.

I just recently came across a possible security problem in this forum which seems not to be mentioned here and i believe should be.

Do not give out your frequently used email address to bounty managers , there are a lot managers who do not protect email addresses which they collect during bounty and they can be easily copied.

Also this applies to bounties who asks for registration to their websites, this could be attempt of stealing your details.

As the account security is fundamental and important thing, it would be good to have more exposure.  I would appreciate if this thread is in the stickies and translated into other languages.

Sure feel free to translate this thread.  

You deserve the position, we'll see

I think it is normal that forum search requires you to login.  It should have not been a phishing site.

It might have been a combination of data breach and brute force hacking if you added a symbol to the old password.  I think now we really need to be careful about the protection of our accounts.  

Honestly I'm not sure, I cannot recall if I was victim of phishing by making click on some URL posted on the forum. However, I remember using the search engine of btctalk days before being hacked (which asked me to login). Fake site bitcointalk.to I don't think so because I never remember my credentials so password-managers take care of it.
I always use different user names & random passwords on each site, also have several emails for different uses. The only thing that I regret is that my password wasn't that strong (12 characters) and after the 2015 data breach I changed the password by just adding a symbol. Also I should have done the homework of regularly changing all my password on January of this year but I didn't.
Even though, I still blame Admins because it could have been prevented just by being proactive.

Although I appreciate the endorsements, I don't think it's very likely for a user to go from "foot soldier" to Admin

Thanks for a great guide and yes, it should be on sticky threads i guess, and it will be great if it can be on every local board too.


I support hillariousandco and LoyceV to be one of the authority person to do some account recovery task. They are one of the oldest and best member in here and is active in Meta and want to spare their time for the sake of the forum. I believe there are more members like that but they are the most members i have seen since the day i joined the forum.

By the way, mind if i translate it for my local board??

It would be useful as the account security is a fundamental issue of the forum.  Even if it is not going to be in the stickies, I plan to continue to bump the thread and hope more forum members become aware of how to improve their account security.

hilariousandco would be one the most natural candidates.  He already has a permission to unlock accounts as well.  I am sure LoyceV is also capable of it as he has been helping recovery of hacked accounts and made key contributions for several cases to be resolved.

Theymos mentioned recently that he's not complete opposed to delegating more responsibilities onto others for account recoveries. I imagine he would have to make sure that they were capable of it, but I'm sure hilariousandco and the like would be more than capable of it.

I think this should be in the stickies, for better exposure. Wonder why it's not there yet.

sry, hilarious I could't resist it..

Bump.  Still see many accounts are hacked, hope more users learn the security.

Thanks for taking time to put together this guide. I obtained some tips to make my password stronger from this.

Thanks!

Thanks, looks good, this will be very useful.

Yes this is a nice index thread covering a wide range of topics.  This one https://bitcointalksearch.org/topic/overview-the-one-thread-to-link-them-all-1217042 is also useful.

It was written so in the OP.

Yes go ahead for any languages except Japanese since I've started to work on it no need to duplicate the effort.

Great guide! It brings together all the informations new members and hacked members need to have. A very good summary.

Do you allow translations of this guide into other languages?

Thanks for the guide! It looks good

I would also add in the password section that one shouldn't use the same password for multiple websites.

This is the main issue with many of the account hacks (along side phishing of course), there are a lot of people requesting others to sign-up on their new website (bounty campaign, new coin etc) and people make the mistake to use their bitcointalk credentials or use the same password.

It is extremely easy to setup a site that only collects that information and people may unknowingly give away their credentials for a couple bucks.

nice,
I found a good thread about the index made by xtraelv with use search "[GUIDE]", maybe you can just add a topic that isn't there yet.
https://bitcointalksearch.org/topic/index-to-popular-bitcointalk-threads-2018-4422529

How about I just create an index thread? I'll start working on it later today. This doesn't have to wait for a child board, and if the list gets long enough, it can be used as an argument for a child board.
Update: [GUIDES] on Bitcointalk. Index thread (work in progress).
When there is a child board, insubstantial topics can be Reported and moved. As an alternative: if users can't create new topics on that board, only Mods can move existing good topics, which keeps the quality high.

Good catch, will work on them.

Actually I had the same idea of the index thread and opened it in Japanese local board collecting the links to the guide threads in Japanese board with basic FAQs for Newbies, which has been pinned and seems to be working well.  While the index thread is sufficient for Japanese local board rather than guide section as it is not so active board but for English main board I am not quite sure which option suits better.  One thing is that for index thread we could also discuss the qualities of guides using replies to the index thread so not necessarily completely depending on one person's decision.

You were extremely lucky and yes the recovery of the hacked/lost accounts is one of the biggest issue so I hope the guide thread will work and partially remedy the problem. 

Thanks for making this very detailed guide about Bitcointalk account security. I hope that people will use your advices to secure their accounts.. I see that you mentioned my name in your article . Well, I'm so happy that Cyrus recovered my account so fast. But at the same time I'm feeling so sad for users who are waiting long months or years for account recovery. I hardly can imagine their feelings. Unfortunately, in recent months I haven't saw users who regained access to their accounts. It seems that admins stopped to recover accounts. But theymos said that he are making automated account recovery system, I hope that he will release it soon and users will get chance to get their accounts back.

Perhaps. Nevertheless the way it is organized on the Italian board seems easy to find too. If only one sticky acts as an index, and is maintained by a specific user, then he/she can sort of "supervise" the guide quality/utility before adding it to the sticky post. On the other hand, the Italian solution allows for a decentralized approach, where all guides are concentrated under one child board. The downside to this is what I mentioned previously: not all guides there are good really, but anyone can add a guide to something there.

I guess that, from a quality point of view, the single user managed sticky thread would be better, but from the freedom to add a guide point of view, then the latter option is fine. One option is like an index, and the other like a directory.

Wouldn't a sticky thread with links be better than a child board? If one person maintains it with updated links to all new guides, the guides don't even have to be on the same board.

Very nice guide indeed. Well done and thank you.

By the way, the Italian board already has a child board for guides which looks rather neat and has plenty of usefull guides there: https://bitcointalk.org/index.php?board=153.0. This should be a general practice and perhaps some of the OPs of the guides could get them translated for other guide child boards alike.

The only drawback I’ve seen there is that not all guides are thorough, and some of them are basically a link to an external article or video. There are therefore good looking guides and vail attempts in the guide child board, but at least they are all in a single place for reference.

Great guide, man. I think now we need what Vod suggested earlier, a separate section only for guides, we have have enough guides to support the suggestion.

And don't tell about it anyone. It should be applied to that registration only - not communications nor registrations in other services.


This also concerns browser scripts and extensions.


Not only browser and device. It includes:
 - all the software you use (especially related to cryptocurrencies - wallets, for example);
 - all the devices you use on a par with your computer (smartphones, tablets, routers etc.).
Some of these need extra tuning to be secure. Also some of them could be more or less secure from the start.


I guess you mean that [Suspicious link removed] thing.


You can always see the URL in the status bar while hovering the link (it usually is displayed somewhere at the bottom of the window).


It seems that it doesn't work for some links with anchors (see some of the links in your original post for example).


Mind the viruses. Viruses also can change your hosts file. They even can change the DNS in your router to achieve the same effect.


I consider it to be a little different here (though I didn't yet receive the whole picture).


And old bumps should be deleted (according to p.21 of the forum rules).

No, I don't use physical keys.

Thanks guys for corrections and feedback, will revise OP.


Right I checked it in preview but in the post it was replaced to the real link.  The homograph attack is also interesting one, seems like o is the cyrillic letter.


Related to the password manager, I was wondering if anyone is using physical security keys?  Google started requiring employees to use physical security keys and neutralized phishing.  KeePass has portable version so LoyceV are you using it by installing it in e.g. USB drive?


That's one of the ideas, hope you will be also listed there eventually.


Thanks for tips, actually I was wondering why your account was hacked since you did these security measures?  If you have somehow identify the reason why your account was hacked and potential loophole of the above strategies that would be worthwhile to share.

Correct the spelling on the table of contents it should be "Basics" not "Basis". So far, this thread is worth reading. +1

Very useful, thanks. Glad to read those 'Recent successful cases of recovery' it give us (the hacked victims) some sort of hope / relief.
 
By the way, I would like to mention some other useful general security tips:
 
 

• 1- Using multiple web-browsers on the same machine for different purposes (chrome, waterfox, opera, safari, brave, etc.) For example: one for social media purposes, another for banking / crypto, another one for surfing / researching, other for entertainment and so on. Also make sure to configure them properly installing useful add-ons. Like the following:
• 1.1- Password manager Add-ons like LastPass or KeePass are essential both for storing + generating random combinations of characters, just make sure to setup 2FA as well as never losing access to the associated email.
• 1.2- Ad-blockers will censor most of the annoying ads including scams / phishing pop-ups. uBlock Origin is the best.
• 1.3- Disconnect add-on is great for saving time + bandwidth by blocking 3rd party scripts used for social media metrics, advertising, analytics, etc. Also enhances privacy.
• 1.4- Privacy Badger add-on blocks all those undesirable trackers that let others monitor your activity.
• 1.5- EtherAddressLookup is a must for crypto enthusiasts, it performs an automated address lookup as well as warns you against blacklisted domains. it prevents you against phishing / loosing money.
• 1.6- Running proxy scripts on your browsers is highly recommended because hides your real IP from websites by sending fake headers with anonymous IP addresses. it is easy to setup and gives you peace of mind.
• 1.7- Finally replace your default search engine Google with a more reliable one like Duckduckgo.com. it is private & simplified without Ads fighting to be on top of the results. You will less likely fall into fake sites, with a plus of a more personalized experience. Highly recommended doing this switch.
• 2- Using a VPN (paid or free) in order to prevent man-in-the-middle attacks, specially if your connection is wifi and you carry a laptop, also to prevent / bypass government censorship. There are a lot of services worth trying, just pick one that doesn't keep user logs + accept crypto as payment. Also keep in mind that the free ones are great but much slower: ultrasurf.us & riseup.net
• 3- Incorporate the habit of changing your passwords more often, let say 6 months minimum to 1-2 years max.
• 4- Make backups more often, or make it automated. Be prepared to deal with data-loss and ransomware. Also always keep your sensitive data offline to prevent identity theft.

I am the only one who use my laptop, yes I understand other possible factors too.


That's what I need.

Thanks mate. I never had this in mind. I will check it tomorrow early morning.

That's very insecure! You should seriously consider getting a password manager. I use KeePassX on Linux (for Windows it's called KeePass), but there are other options too. It's worth the time to set it up once, and add all new passwords in the future.
See for instance The Five Best Password Managers.

I wouldn't trust a website for this. My password manager does this for me.

Actually you can.
Profile > Account Related Settings >
Remove anything you have on the Secret Question field
Remove anything you have on the Answer field
Then update the profile. I have done it before when I realized that account recovery using secret question feature will lock your account. So, there are no use of it, in-fact extra risky.

---

Oops! LoyeceV already have it  

https://passwordsgenerator.net is very helpful.

I hope you are working on it since information about secret questions are wrong.

Don't, account will be locked.

You really need to update this section.

I doubt it if it's not related to 2015 hack.

---

Anyway read the whole post and you just need to fix everything that is related to secret question other than that well done!

Did you mean this:
True https://bitcointalk.org/
Fake https://www.google.com/  (link to google.com)
Theymos is smart Fake links work in preview, but get fixed when posted.

However, a homograph attack can still be used to create a fake link:
True https://bitcointalk.org/
Fake https://www.google.com/  (link to google.com)

I normally don't look close enough to notice this (high resolution on a low quality screen), but it works indeed.

That's incorrect. You can simply remove the secret question and answer (credits to SFR10).

---

An addition: use a password manager! I have hundreds of different passwords, and there's no way to remember them all. They're all safely encrypted inside my password manager, so I only have to remember the master password (and make backups).

- Feedback, corrections (if any), and/or more information that you wish to be added to OP are welcome.

- Translation of this thread to post to local board is encouraged for better exposure.

- NB: Needless to say, machine translation is not allowed by the forum rule.  In addition, duplicating the whole thread without translation like this https://archive.fo/bFH96 is also breaking the forum rule and it ends up deleted.

---

Translations

• Japanese: [ガイド] Bitcointalkアカウントのセキュリティ by sncc
• French: [Guide] Sécurité des comptes Bitcointalk by F2b
• Pilipinas: [Gabay] Seguridad sa Bitcointalk account by Colt81

Note: For recovery of hacked/lost accounts, follow new process announced by theymos.
[1] Recovering hacked/lost accounts
[2] Account recoveries are moving again
Send email to the address written in the OP of [1].  Since the addresses will be periodically changed, check the latest ones in the OP.

---

Everyday we see threads about hacked/locked accounts, which are not only beginners' accounts but also for Legendary members'.  In addition to the brute force hacking risk, there are peculiar risks in the current system and by data breach on May 22, 2015.  The security of the forum account has been one of the biggest issue.  The improvement of security, e.g. requiring email verification for changing password/email, introduction of 2FA, automated account recovery system, and the new forum software with stronger security would be ideal.  

Meanwhile, until these features are implemented, what we can do now is to learn how the current bitcointalk system works, how to improve the security of your bitcointalk account, and also what you should do in case your account is hacked/locked.  In this thread, I tried to provide a thorough guide about these topics.  I hope it helps to reduce the number of hacked/lost accounts.  


Table of contents

• Basics
• Change password and email / Forgot password
• Stake Bitcoin address
• Lock your account
• Unlock your account
• How to notice your account is hacked
• Recovery of your hacked/lost account
• Recent successful cases of recovery

---

1. Bookmark https://bitcointalk.org/ and always login from the bookmark.  Avoid bitcointalk.to, thebitcointalk.net or any other phishing site.

2. Use new email address that you don't use for any other purposes.

3. Use new password that you don't use for any other websites, with sufficient length using a combination of letter/capital characters, numbers, and special characters.  

4. You could set a secret question and its answer for password reset but most likely it increases the risk of your account to be hacked/locked.  For more details, see Tips below and Change password and email / Forgot password.

5. Do not download untrusted softwares and keep your device clean from malware.  

6. Keep all your devices and softwares updated to the latest version.

7. Stake your Bitcoin address.  See Stake Bitcoin address below for more detail.  


Tips

Tips for 1: Phishing site

- You could also bookmark the link to bypass the login captcha, see Captcha bypass for more details.

- Some phishing links are automatically replaced by [phishing] but that feature has not been introduced for bitcointalk.to and thebitcointalk.net yet, see this post.

- In case you enter your login information to phishing site, you should immediately change the password of bitcointalk.org to avoid your account to be hacked.

- Before clicking the link, make sure its true URL.  Some browsers show URL when you mouse over the link.  

- The link to bitcointalk.org internal webpage (except anchors) will be shown by green when you mouse over, whereas the link to an external site will remain blue.  This feature enables you to distinguish a link to phishing site even if a hacker pretend it to be an internal link.  

True Bitcointalk
Fake Bitcointalk  (link to google.com)

You can recognize that the second one is the fake link as it remains blue when you mouse over.  

- Be aware of homograph attack, while some of them are automatically replaced.

- There is a way to prevent your computer to access the phishing site by editing hosts file.  For more details see this post by LoyceV.


Tips for 2: Email address

- Gmail allows you to have an alias, but in this case the original mail address is exposed since for a gmail address [email protected] alias will be [email protected] though you can choose any letters in "add".

- Avoid yopmail as anyone can access yopmail address.

- As a related tip, it is recommended to use new or disposable email address rather than your main address for registration of bounties in the forum in order to avoid potential data breach or data collection by fake/scam bounties.


Tips for 3: Password

- For password, do not use dictionary words, your birth date, pets’ name, phone number, or anything which is easy to guess for hackers or falls into The Worst 25 Passwords of 2017.

- Since the password data breach occurred in 2015, if you have been around the forum since 2015 or before and have not change your password, it is recommended to change your password.  

- If you are using autofill feature of your browser, make sure if it checks URL or simply fill in your passwords.  For the latter case, it is recommended to turn off the autofill.  Even for the former case, the rule may be changed when the browser is updated, so you need to be careful.

- You can use "Always stay logged in" option so that you do not need to enter the password every time.  

- For password manager, see e.g. The Five Best Password Managers.

- See also this post by mapuche33 for further tips.


Tips for 4: Secret question

- There are several important things to know about the secret question feature.  

1) There is no email verification process, so most likely the secret question option increases the risk of your account being hacked or locked.  

2) If password reset via secret question is used, your account will be locked, and you need to follow Unlock your account process.  If the account is under your control, this feature is a drawback.  If it is hacked, you can use this feature to lock the account, but this case would be rare as the hacker likely to changes the secret question and you have another option to lock your account from email notification of email change within 14 days.

3) You can remove the secret question and answer.  For reference, see this post by SFR10.


Tips for 5: Untrusted softwares

- Untrusted softwares include Bitcointalk unofficial apps, whose security is not guaranteed by the forum and in principle they can steal the password of your account.

- You could use a virtual machine for those untrusted softwares or altcoin wallets.  

---

- You can change the password either by

1) Profile page.

2) "Forgot password" link at the login page.

3) Password reset via secret question.  Note that the account will be locked.

- In the Trust page, a password change/reset by 1) or 2) is shown for 3 days, whereas a password reset by 3) is shown for 30 days.  Both are shown in security log page for 30 days.

- You can change the email from the Profile page.  Email change history is also shown in Trust.

- Once you change your password or email, email notification will be sent to your (old) email address.


Tips

Tips for 2): How to use "Forgot password"

Click "Forgot your password?" link at the login page.  
After filling out username or email, click "send".  
You will receive the following email with the link to reset your password.  

---

If your account is hacked and the hacker changed the password and email, or you forgot the password and do not have an access to the registered email address and cannot use the password reset option, or admin locked your account as you had been inactive after data breach in 2015, the last resort is to request of the recovery of your account to admins.  However, do not expect too much, as the recovery of accounts seems a low priority for admin and it will typically take a long time or there is a chance you end up with no recovery.  The official announcement by theymos is given in: Recovering hacked accounts or accounts with lost passwords

1. Create a signed message using the Bitcoin address you staked to prove your ownership of the hacked account.  Example:


2. Before sending the signed message to admins, verify it by yourself with Brainwallet, Blockexplorer etc.

3. Create a temporal account by using an email address different from the one you want to use for the recovery of the hacked/lost account.

4. Send PM to theymos, Cyrus including the above signed message and the link to the post where you staked your bitcoin address.


Typically it will take some time, could be months to years, during which you could optionally try the following processes:

5. Create a topic on Meta section by using the temporal account.

6. Ask members to check if your PM included all necessary information for recovery of the account or other general advice.  

7. Ask DT member to red tag your hacked account with a signed message as the proof of your ownership.  


Tips

Tips for 1: Bitcoin address

If you haven't staked your Bitcoin address in advance, you could still look for other options for the proof of your ownership of your account.  While it is not the best option, the other option could be your address in a spreadsheet of addresses of participants of a bounty campaign (basically hacker cannot edit it), in any post in the past e.g. in marketplace or bounty threads (since hacker can edit/delete your posts in the past, it can be proven as the original post if it is unedited post or the last edit date is before hacking, or it is in a locked thread), or in your profile (hacker can edit/delete it so it may not be accepted without some strong support or special circumstances).  They might be regarded as proof but the best option is to stake your address and ask other member to quote and verify it in advance.

Tips for 3: PM

First time PM is the most important one, make sure to include every information necessary for admin, otherwise you would lose your chance.

Tips for 5: Bump

Bump is allowed for each 24 hours and old bumps should be deleted.  

Tips for 7: Red trust

Red tag with comments by DT clarifies the account is hacked, and prevents the hacker to fully exploit your account for e.g. participating bounty campaigns, scamming in marketplace, or selling the account, and reduce the possibility of other members being scammed by the hacker.  Once your account is back under your control, you will need to ask the DT to remove the tag with a signed message notifying the recovery of your account.

---

Among many accounts waiting for recovery for a long time, there are several lucky guys who succeeded to recover their hacked/lost accounts.  While these real stories provide us important lessons, things do not always go like these examples and the situation has been changing, so do not expect too much if you are in the same situation.


Account: LTU_btc Hero

Thread: Hacked account recovery. Cyrus, please help November 17, 2017

LTU_btc noticed the account was hacked by email notification for change of password and/or email, and soon after that he/she locked the account using the link in the email.  He/She created temporary account LTU_btc/2, and sent PM to Cyrus with a signed message from the bitctoin account staked the other day.  Fortunately the process went very smoothly in this case, and he/she recovered the account only in a few days.  


Account: Shazam!!! Full Member

Thread: Need help with Unlock---Please December 12, 2017

Shazam!!! had been inactive for years after the password hashes were leaked in 2015.  Such accounts were locked automatically for the high risk of being hacked.  When he/she tried to login at the end of 2017, he/she noticed that the account was locked.  He/She sent PM to Cyrus from his/her temporary account !!!Shazam!!! with a signed message.  However, he/she had not staked the address in the Tomatocage's thread.  Fortunately, Vod and minifrij helped to find out that the address was posted in several bounty threads in 2015.  Strictly speaking, if the account was hacked, the hacker can edit/delete all previous posts so the address without quotation by other member is a weaker proof of the ownership.  However in this case, it is simply locked account without being hacked, and the posts were unedited ones as well, which are sufficient for the proof.  hilariousandco also helped him/her and sent PM to theymos and Cyrus.  Within the same day as the topic was opened, the account was successfully unlocked.  After the unlock, Shazam!!! immediately staked the address to the staking thread.


Account: premium_domainer Legendary

Thread: Account Regained with the help of Loyce. Thank you all January 10, 2018

This case is a bit tricky.  BitcoinBazaar.net is a temporary account created for the recovery of the original account premium_domainer which was claimed to be hacked, but later it was claimed that the account was bought, while from the thread it is not clear how it was bought.  The owner did not stake his/her address, which is why LoyceV made a lot of effort to confirm the ownership.  LoyceV opened a thread to ask how to help out BitcoinBazaar.net and resolved the bug of incomplete private key for blockchain.info read only address.  It attracted attention of DT and the hacked account was red tagged.  Still,  the account had not been regained, and BitcoinBazaar.net continued to bump the thread.  6 months after the OP, the buyer finally asked $200 to give the account back.  He/She posted a password in the thread, claiming that if password and email are changed and $200 is not paid the account will be locked.  As you see this approach has a loophole since admin can unlock the account.  Presumably the buyer noticed it and deleted the post.  However, LoyceV noticed the post before deleted, and immediately took the account.  Later, LoyceV gave back the account to BitcoinBazaar.net.


Account: Swenna Full Member

Thread: Hacked and Changed Email addresses Account using Yopmail accounts July 15, 2018
(See also peter0425's post who independently discovered the method.)

As already mentioned above, this thread tells us how to regain your account by yourself if the hacker uses yopmail.  Recently several accounts have been hacked by the same IP address using yopmail as a new address.  The yopmail is disposable email address which does not require login.  It means that you can also access the hacker's yopmail account and change the registered email back to your email following the method: