Topic: Hacked: lost all money on BTC-E. Please help!! - page 2. (Read 4154 times)
btc-e management is anonymous and there is no way to contact their owner directly
Yes the IPs they gave me were all mine. There was a login at 19:24, about 15 mins before the withdrawal happened but I don't think I logged in BTC-e then. Usually I would get a "Successful Authorization" email from btc-e after I log in too but there's no email like that at that time either? I checked all over my email, including trash, spams and there's no a single email from BTC-e. I highly doubt someone could bypass by 2 factor (which needed my iPhone), logged in to my btc-e, did all the trades, made the withdrawal, went to my email, confirmed the withdrawal, then deleted the email without me knowing anything. I use gmail and I check it very often.
I just don't understand if they made the trades from NMC to USD, USD to LTC, why aren't these trades on my notifications. Usually when an order is filled, it shows up on notification right? I still have all notifications from my last trades, but not these at 19:41.
Gmail 2 way comm seems exploited. I heard another story at cloudflare owner had his account under gmail 2 way comm passed.I just don't understand if they made the trades from NMC to USD, USD to LTC, why aren't these trades on my notifications. Usually when an order is filled, it shows up on notification right? I still have all notifications from my last trades, but not these at 19:41.
You should contact local police about it. Interpol can help to find thief.
If the IP's were yours someone has gained remote access to your computer. Key catchers the whole 9 yards.
You can setup your router so that it only allows devices you (their mac address's.)
Time to secure erase your HDD (SSD) and reinstall windows with all updates. Us real time virus like MSE, update it once a week.
Have your computer on an image backup schedule, once per week or after any big transactions to Multibit.
Also shouldn't you keep yu money in your multibit wallets, always seems more secure to me?
You can setup your router so that it only allows devices you (their mac address's.)
Time to secure erase your HDD (SSD) and reinstall windows with all updates. Us real time virus like MSE, update it once a week.
Have your computer on an image backup schedule, once per week or after any big transactions to Multibit.
Also shouldn't you keep yu money in your multibit wallets, always seems more secure to me?
That sucks man !
What kind of passwords did you use ? Do you use the same password for multiple sites and services ? That's pretty much the only likely option.
If so, I suggest you get into the habit of using a program like Keepass. It's free, safe, and easy. You'll only have to remember one good password, the program generates su[er strong ones for you. You can store the database ( encrypted, of course ) on dropbox, for example.
That saved me so much hassle
Good luck.
What kind of passwords did you use ? Do you use the same password for multiple sites and services ? That's pretty much the only likely option.
If so, I suggest you get into the habit of using a program like Keepass. It's free, safe, and easy. You'll only have to remember one good password, the program generates su[er strong ones for you. You can store the database ( encrypted, of course ) on dropbox, for example.
That saved me so much hassle
Good luck.
If everything you are saying is right then it sounds like a trojan... get someone that knows what they are doing to have a look at your computer.
Your 2 factor is needed to login or withdraw. So. If session was not closed for you, no need in 2 factor!
And you use windows-based computer. It's easy to hack! Use only linux!
So. Some one HACKED YOU. and STEAL YOUR MONEY. So why do you think, btc-e is responsible for that?
And you use windows-based computer. It's easy to hack! Use only linux!
So. Some one HACKED YOU. and STEAL YOUR MONEY. So why do you think, btc-e is responsible for that?
Except btc-e logs you out automatically after a short while of inactivity. The logins in question were several hours apart.
Your 2 factor is needed to login or withdraw. So. If session was not closed for you, no need in 2 factor!
And you use windows-based computer. It's easy to hack! Use only linux!
So. Some one HACKED YOU. and STEAL YOUR MONEY. So why do you think, btc-e is responsible for that?
And you use windows-based computer. It's easy to hack! Use only linux!
So. Some one HACKED YOU. and STEAL YOUR MONEY. So why do you think, btc-e is responsible for that?
really sad this happened to you Sipora, the problem is btc-e management is anonymous and there is no way to contact their owner directly.
Even with a trojan on your computer, how did he get through 2-factor ? that's not possible. there are 3 ways this could've happened:
1. the hack happened very quickly while you were logged in to ur btce account, you may have left your computer for a few minutes and the person executed the transfer from your computer remotely.
2. Inside job, lack of confirmation email is very fishy.
3. BTC-e system error, they withdrew from the wrong account.
the only way is to be patient and keep hammering BTCe support, look for their announcement post in this forum maybe PM the owner he might be able to help you.
Even with a trojan on your computer, how did he get through 2-factor ? that's not possible. there are 3 ways this could've happened:
1. the hack happened very quickly while you were logged in to ur btce account, you may have left your computer for a few minutes and the person executed the transfer from your computer remotely.
2. Inside job, lack of confirmation email is very fishy.
3. BTC-e system error, they withdrew from the wrong account.
the only way is to be patient and keep hammering BTCe support, look for their announcement post in this forum maybe PM the owner he might be able to help you.
Don't trust btc-e.support on skype. There's a number of fishy conversations posted with that account (disgruntled former employee?). It is no longer listed as a contact on the site either. The only way seems http://hdbtce.kayako.com/
Dropbox' implementation of 2FA has been hacked last year. Why not btc-e's?
What's confusing me is the missing login alert email. Since a hacker would have needed to login to turn it off.
Dropbox' implementation of 2FA has been hacked last year. Why not btc-e's?
What's confusing me is the missing login alert email. Since a hacker would have needed to login to turn it off.
I have no idea how someone could bypass all the security. that's why I think it might be an insider's job. Sigh* really hopeless now
Don't trust btc-e.support on skype. There's a number of fishy conversations posted with that account (disgruntled former employee?). It is no longer listed as a contact on the site either. The only way seems http://hdbtce.kayako.com/
Dropbox' implementation of 2FA has been hacked last year. Why not btc-e's?
What's confusing me is the missing login alert email. Since a hacker would have needed to login to turn it off.
Dropbox' implementation of 2FA has been hacked last year. Why not btc-e's?
What's confusing me is the missing login alert email. Since a hacker would have needed to login to turn it off.
Not at all. I have my own apt in a secured building.
This is what BTC-e gave me:
117 login success login [MY IP]
15.12.13
20:51 -> this is when i logged in and realized all was lost, i have this "successful authorization"
116 login success login [MY IP]
15.12.13
19:25 -> 15 mins before withdrawal, no record of this in my email
115 login success login [MY IP]
15.12.13
08:46 -> i logged in, did some trades and there's a "successful authorization" in my mailbox
117 login success login [MY IP]
15.12.13
20:51 -> this is when i logged in and realized all was lost, i have this "successful authorization"
116 login success login [MY IP]
15.12.13
19:25 -> 15 mins before withdrawal, no record of this in my email
115 login success login [MY IP]
15.12.13
08:46 -> i logged in, did some trades and there's a "successful authorization" in my mailbox
Anybody staying with you?
Hello all, I just want to follow up on this post to see if any of you would be able to help me out. I think the reason must be BTC-e withdrawing money from the wrong account. How is it that I didn't receive any successful authorization email for the login 15 mins before the withdrawal but I received that email for EVERY other login? How is it that I did not receive any confirmation email to confirm the withdrawal? AND I did have 2 factor authentication too!
Do you guys think BTC-e should be liable for my loss?
Do you guys think BTC-e should be liable for my loss?
Rollback?
BTC-e executed a rollback of trades after their master password was compromised in mid 2012 - this boiled down to an exchange resetting the trading floor and covering the losses out of reserves. However, I've never heard of an account rollback, nor do I believe it to be possible, so unless it passes the sniff test and is paid for with money recovered, I would stay well away.
BTC-e executed a rollback of trades after their master password was compromised in mid 2012 - this boiled down to an exchange resetting the trading floor and covering the losses out of reserves. However, I've never heard of an account rollback, nor do I believe it to be possible, so unless it passes the sniff test and is paid for with money recovered, I would stay well away.
I added Skype "btc-e.support" as suggested above and the guys said he could do a rollback service for 3 btc's. Is this a scam?
Again, there's no one that could have entered my computer. Maybe a trojan but I think btc-e is at fault too, all of this happened without a trace, how is it possible? We might need to question their security.
As long as you don't pay him to do the 'rollback' and you don't provide them with any login credentials to accounts that still hold fiat and or BTC there is nothing they can scam you off (as long as you don't give them any password you use on other sites). If they ask you for money to do this it is definitely a scam. Otherwise you have nothing to loose. Again, there's no one that could have entered my computer. Maybe a trojan but I think btc-e is at fault too, all of this happened without a trace, how is it possible? We might need to question their security.
I added Skype "btc-e.support" as suggested above and the guys said he could do a rollback service for 3 btc's. Is this a scam?
Again, there's no one that could have entered my computer. Maybe a trojan but I think btc-e is at fault too, all of this happened without a trace, how is it possible? We might need to question their security.
Again, there's no one that could have entered my computer. Maybe a trojan but I think btc-e is at fault too, all of this happened without a trace, how is it possible? We might need to question their security.
Sorry but looks like you're out of BTC. Looks like BTC-E did everything right, either someone physically jumped on your computer when you stepped out for a sec. Or you have a trojan on your PC.
I personally don't understand how this all happened, really. I live in a highly secured apartment building, by myself, plus it was on Sunday so I was at home. My computer is finger print protected (Thinkpad X1 Carbon). 2 factor authentication is on my iPhone.
My theory is BTC-e accidentally let someone in my account and that person cleared out everything. I've been hammering BTC-e support site but only got 2 responses from them so far, both of them are obviously useless.
My theory is BTC-e accidentally let someone in my account and that person cleared out everything. I've been hammering BTC-e support site but only got 2 responses from them so far, both of them are obviously useless.
This sounds moderately scary, but you want to consider the obvious, too.
Firstly - what is the *physical* security around your computer? Is your two factor password generator on your phone? Are you in a shared house or dorm?
In other words, could someone have walked into your room, found your computer logged in (or used auto login) and your phone next to it, and spent two minutes cleaning you out?
Is it hacking or straight theft (or hopefully a practical joke)?
Firstly - what is the *physical* security around your computer? Is your two factor password generator on your phone? Are you in a shared house or dorm?
In other words, could someone have walked into your room, found your computer logged in (or used auto login) and your phone next to it, and spent two minutes cleaning you out?
Is it hacking or straight theft (or hopefully a practical joke)?
How much have you lost there?
Jump to: