Help! Account Hacked | Bitcointalksearch.org

Kapz786

hero member

Activity: 697

Merit: 503

Quote from: EcuaMobi on August 21, 2015, 08:08:00 AM

I was the escrow on a deal between Clint and Kapz. Now the account Kapz786 is again under Kapz's control who (as far as I know, as per his signed address) is the original owner.

-----BEGIN BITCOIN SIGNED MESSAGE (DONT INCLUDE THIS PART IN MESSAGE) -----

I am the original owner of account Kapz786. This is a signed message confirming I have regained control of this account.

-----END BITCOIN SIGNED MESSAGE-----

-----BEGIN SIGNATURE-----

IGwutDJYs/o6x4wb1XS903qOlPpcayKQMV2wotolB+/nB0Kp+ITNbDSwvRI3WVvJCT01Up0LzzMSlZvvdmFapJE=

-----END SIGNATURE-----

My BTC address is 18JGHZdn8D7NthJxjHcWQkENwcJ5NJEfdF

EcuaMobi

legendary

Activity: 1876

Merit: 1475

I was the escrow on a deal between Clint and Kapz. Now the account Kapz786 is again under Kapz's control who (as far as I know, as per his signed address) is the original owner.

EcuaMobi

legendary

Activity: 1876

Merit: 1475

To make things worst Kapz786 (now under control of Clint as shown in the image he posted here) tried to bribe me to remove the feedback I left in the account.

Kapz

newbie

Activity: 7

Merit: 0

Quote from: EcuaMobi on July 12, 2015, 07:19:22 PM

Quote from: Kapz786 on July 12, 2015, 06:46:06 PM

I just realized I haven't posted on the thread the buyer listed in the digital goods section when I saw it. But here is an conversation after he handed me the account and I haven't paid yet. There is more PM he sent me in my actual btc talk account, but I decide to protect that one. Here is picture proof when I actually bought the account from this person and did not hack it. http://postimg.org/image/omt1kgthn/
I didn't pay him everything at once, that's why you can see, he says waiting for the 0.05 btc tonight, that's only the first part of the payment.
Hope this is enough proof for this account. As you even said, the posts Kapz786 was doing before I purchased it, was all on selling this account, so. Hope you can understand me

So you confirm you believe this account was stolen? Even if this wasn't hacked by you but by someone else if it was stolen then you shouldn't have it. I wish sellingbtctalk posted too, the fact he doesn't seems to confirm this version.

However one possibility could be that OP sold his account himself and is now trying to recover it. I guess we'll never know, people should really not buy accounts without a signed message as proof of ownership.

OP do you have any idea how your account was hacked? Did it have a very weak password? Do you suspect you got malware?
Clint how much did you pay for the account in total? 0.15BTC as initially asked? Can you post the TX ids?

I have multiple people such as dogedigital and monbux that can confirm I have done trades on this forum for amounts in the hundreds of $$ as recent as early this year. I am really not interested in ripping someone off for a measly 0.15 BTC.

I believe the account to have been compromised from the forum hack and nothing else.

EcuaMobi

legendary

Activity: 1876

Merit: 1475

Quote from: Kapz786 on July 12, 2015, 06:46:06 PM

I just realized I haven't posted on the thread the buyer listed in the digital goods section when I saw it. But here is an conversation after he handed me the account and I haven't paid yet. There is more PM he sent me in my actual btc talk account, but I decide to protect that one. Here is picture proof when I actually bought the account from this person and did not hack it. http://postimg.org/image/omt1kgthn/
I didn't pay him everything at once, that's why you can see, he says waiting for the 0.05 btc tonight, that's only the first part of the payment.
Hope this is enough proof for this account. As you even said, the posts Kapz786 was doing before I purchased it, was all on selling this account, so. Hope you can understand me

So you confirm you believe this account was stolen? Even if this wasn't hacked by you but by someone else if it was stolen then you shouldn't have it. I wish sellingbtctalk posted too, the fact he doesn't seems to confirm this version.

However one possibility could be that OP sold his account himself and is now trying to recover it. I guess we'll never know, people should really not buy accounts without a signed message as proof of ownership.

OP do you have any idea how your account was hacked? Did it have a very weak password? Do you suspect you got malware?
Clint how much did you pay for the account in total? 0.15BTC as initially asked? Can you post the TX ids?

Kapz786

hero member

Activity: 697

Merit: 503

I just realized I haven't posted on the thread the buyer listed in the digital goods section when I saw it. But here is an conversation after he handed me the account and I haven't paid yet. There is more PM he sent me in my actual btc talk account, but I decide to protect that one. Here is picture proof when I actually bought the account from this person and did not hack it. http://postimg.org/image/omt1kgthn/
I didn't pay him everything at once, that's why you can see, he says waiting for the 0.05 btc tonight, that's only the first part of the payment.
Hope this is enough proof for this account. As you even said, the posts Kapz786 was doing before I purchased it, was all on selling this account, so. Hope you can understand me

intrader

hero member

Activity: 659

Merit: 502

Quote from: teddy5145 on July 12, 2015, 02:36:46 AM

Quote from: intrader on July 12, 2015, 02:21:01 AM

Wonder how they hacked bitcointalk users account,any security tips?

Few months back this forum was attacked by hackers, and they managed to get some of the users password
at time Theymos recommend the users to change their password to something more stronger

Security tips?
Use strong password and change your password just in case this forum is hacked again

I see,thanks

teddy5145

hero member

Activity: 714

Merit: 528

Quote from: intrader on July 12, 2015, 02:21:01 AM

Wonder how they hacked bitcointalk users account,any security tips?

Few months back this forum was attacked by hackers, and they managed to get some of the users password
at time Theymos recommend the users to change their password to something more stronger

Security tips?
Use strong password and change your password just in case this forum is hacked again

intrader

hero member

Activity: 659

Merit: 502

Wonder how they hacked bitcointalk users account,any security tips?

Kapz

newbie

Activity: 7

Merit: 0

Quote from: Kapz786 on July 11, 2015, 11:01:01 PM

Hi, I am very sorry for what has happened. But this is the true story and you have to believe me, I will gather further evidence including my private messages and posts on thread with the seller later. So about 2 weeks ago, I saw a thread in the digital goods section selling a senior account by the name of sellingbtctalk. So I contacted him because I was interested, and he did not provide me any signed messages, I wasn't very experienced in how btc account really worked so I bought it anyways. I gave him everything I had in my 2 wallets. I did not realize this account was hacked, so I started joining campaigns and posting on this forum. You guys have to believe me, I will provide evidence for you to believe me. But this seller often sells btctalk accounts on this forum. Please understand me guys, that's all I'm asking from you.
Here was his thread I saw, and got the account from: https://bitcointalksearch.org/topic/m.11724697

That's a great story - now when can I get my HACKED account back from this thief

The guy you bought the account of joined 2 months ago and his ONLY posts are in regards to the sale of BTCTalk accounts. Pretty obvious to me.

Kapz786

hero member

Activity: 697

Merit: 503

Hi, I am very sorry for what has happened. But this is the true story and you have to believe me, I will gather further evidence including my private messages and posts on thread with the seller later. So about 2 weeks ago, I saw a thread in the digital goods section selling a senior account by the name of sellingbtctalk. So I contacted him because I was interested, and he did not provide me any signed messages, I wasn't very experienced in how btc account really worked so I bought it anyways. I gave him everything I had in my 2 wallets. I did not realize this account was hacked, so I started joining campaigns and posting on this forum. You guys have to believe me, I will provide evidence for you to believe me. But this seller often sells btctalk accounts on this forum. Please understand me guys, that's all I'm asking from you.
Here was his thread I saw, and got the account from: https://bitcointalksearch.org/topic/m.11724697

Kapz

newbie

Activity: 7

Merit: 0

Quote from: BadBear on July 10, 2015, 12:15:43 PM

Quote from: jambola2 on July 10, 2015, 12:09:07 PM

Hmm, have you seen any precedent to this?
Do the admins support someone who can prove that they have bought the account over someone who can prove that they originally owned the account?
I know that they are okay with account transfers, but I don't know to what extent they enforce account transfers.
Do you have any experience with admins stepping in and helping an account buyer over the original account owner?

Quote from: theymos on February 22, 2015, 05:31:48 PM

I think that the account was hacked, though this can never be known for certain.

The IP that posted the loan request from yussuf89's account also posted this:
https://bitcointalksearch.org/topic/selling-hero-member-bitcointalk-account-960603
Someone with the same IP was trying to sell another account here, presumably hacked:
https://bitcointalksearch.org/topic/selling-sr-member-and-full-member-account-925024

yussuf89's password wasn't changed/reset recently except for when marcotheminer did it, so the attacker must have somehow gotten his password. Keylogger or phishing, maybe.

Zeki's IP matches yussuf89.

Since ownership of the account is contested, I'm thinking that I should not restore the account and let people give trust ratings depending on what happens. For example, if marcotheminer needs to eat the entire cost of this when he's mostly not at fault, some people might want to give yussuf89 negative feedback.

Me? I'm not solidly in any camp, there are good arguments to be made all around.

BadBear are you able to help me with this?

Kapz

newbie

Activity: 7

Merit: 0

Quote from: KWH on July 10, 2015, 11:11:47 AM

This account was marked as possibly sold. Are you the new owner or the old one trying to take it back?

I never sold the account, I'd be very surprised if you could find a thread etc of me trying to sell it prior to the password change.

It was most likely hacked and sold. I hope this information is enough. Haven't heard from an admin yet.

BadBear

legendary

Activity: 1652

Merit: 1128

Quote from: jambola2 on July 10, 2015, 12:09:07 PM

Hmm, have you seen any precedent to this?
Do the admins support someone who can prove that they have bought the account over someone who can prove that they originally owned the account?
I know that they are okay with account transfers, but I don't know to what extent they enforce account transfers.
Do you have any experience with admins stepping in and helping an account buyer over the original account owner?

Quote from: theymos on February 22, 2015, 05:31:48 PM

I think that the account was hacked, though this can never be known for certain.

The IP that posted the loan request from yussuf89's account also posted this:
https://bitcointalksearch.org/topic/selling-hero-member-bitcointalk-account-960603
Someone with the same IP was trying to sell another account here, presumably hacked:
https://bitcointalksearch.org/topic/selling-sr-member-and-full-member-account-925024

yussuf89's password wasn't changed/reset recently except for when marcotheminer did it, so the attacker must have somehow gotten his password. Keylogger or phishing, maybe.

Zeki's IP matches yussuf89.

Since ownership of the account is contested, I'm thinking that I should not restore the account and let people give trust ratings depending on what happens. For example, if marcotheminer needs to eat the entire cost of this when he's mostly not at fault, some people might want to give yussuf89 negative feedback.

Me? I'm not solidly in any camp, there are good arguments to be made all around.

Quickseller

copper member

Activity: 2996

Merit: 2374

Quote from: jambola2 on July 10, 2015, 12:09:07 PM

Quote from: Quickseller on July 10, 2015, 11:54:17 AM

It looks like the last time the account was active prior to the forum hack was April 24, 2015, then the forum got hacked on May 21, 2015, then the account was active again on June 4, 2015.

Unfortunately the password log (the public one) does not go back that far, however there are three recent password changes ~2 weeks ago, one on June 27, one on June 28 and one on June 29, 2015. The first post since the June 4 post was after the last password change on June 29. I would conclude this to mean that the first password change was someone changing the password and giving it to an escrow, the second one was the escrow changing the password again and providing it to the buyer, and the June 29 password change was the buyer changing it from what the escrow provided to his own password.

If the account was really hacked or not is anyone's guess, although the presence of a signed message that the buyer has should be proof that the owner was the one who sold it. Unfortunately many people do not know to ask for a signed message, so even if it was the owner who sold the account, there may not be a signed message confirming the trade.

Hmm, have you seen any precedent to this?
Do the admins support someone who can prove that they have bought the account over someone who can prove that they originally owned the account?
I know that they are okay with account transfers, but I don't know to what extent they enforce account transfers.
Do you have any experience with admins stepping in and helping an account buyer over the original account owner?

There have been several instances where people have claimed their account was hacked, provided proof they at one point owned the account and then their account was not recovered. BadBear/theymos generally do not disclose the reasons why they do not recover accounts, however I suspect one reason would be that there is evidence that it was sold.

The reason why the buyer should get a signed message is because even if the account is not hacked, the owner would possibly be able make it appear that it was hacked in the eyes of BadBear/theymos

KWH

legendary

Activity: 1904

Merit: 1045

In Collateral I Trust.

Quote from: jambola2 on July 10, 2015, 12:09:07 PM

Quote from: Quickseller on July 10, 2015, 11:54:17 AM

It looks like the last time the account was active prior to the forum hack was April 24, 2015, then the forum got hacked on May 21, 2015, then the account was active again on June 4, 2015.

Unfortunately the password log (the public one) does not go back that far, however there are three recent password changes ~2 weeks ago, one on June 27, one on June 28 and one on June 29, 2015. The first post since the June 4 post was after the last password change on June 29. I would conclude this to mean that the first password change was someone changing the password and giving it to an escrow, the second one was the escrow changing the password again and providing it to the buyer, and the June 29 password change was the buyer changing it from what the escrow provided to his own password.

If the account was really hacked or not is anyone's guess, although the presence of a signed message that the buyer has should be proof that the owner was the one who sold it. Unfortunately many people do not know to ask for a signed message, so even if it was the owner who sold the account, there may not be a signed message confirming the trade.

Hmm, have you seen any precedent to this?
Do the admins support someone who can prove that they have bought the account over someone who can prove that they originally owned the account?
I know that they are okay with account transfers, but I don't know to what extent they enforce account transfers.
Do you have any experience with admins stepping in and helping an account buyer over the original account owner?

I would assume that the escrow could step in for clarification if one was used. Other than that, PM's may be used as proof unless they were deleted.

jambola2

legendary

Activity: 1120

Merit: 1038

Quote from: Quickseller on July 10, 2015, 11:54:17 AM

It looks like the last time the account was active prior to the forum hack was April 24, 2015, then the forum got hacked on May 21, 2015, then the account was active again on June 4, 2015.

Unfortunately the password log (the public one) does not go back that far, however there are three recent password changes ~2 weeks ago, one on June 27, one on June 28 and one on June 29, 2015. The first post since the June 4 post was after the last password change on June 29. I would conclude this to mean that the first password change was someone changing the password and giving it to an escrow, the second one was the escrow changing the password again and providing it to the buyer, and the June 29 password change was the buyer changing it from what the escrow provided to his own password.

If the account was really hacked or not is anyone's guess, although the presence of a signed message that the buyer has should be proof that the owner was the one who sold it. Unfortunately many people do not know to ask for a signed message, so even if it was the owner who sold the account, there may not be a signed message confirming the trade.

Hmm, have you seen any precedent to this?
Do the admins support someone who can prove that they have bought the account over someone who can prove that they originally owned the account?
I know that they are okay with account transfers, but I don't know to what extent they enforce account transfers.
Do you have any experience with admins stepping in and helping an account buyer over the original account owner?

Quickseller

copper member

Activity: 2996

Merit: 2374

It looks like the last time the account was active prior to the forum hack was April 24, 2015, then the forum got hacked on May 21, 2015, then the account was active again on June 4, 2015.

Unfortunately the password log (the public one) does not go back that far, however there are three recent password changes ~2 weeks ago, one on June 27, one on June 28 and one on June 29, 2015. The first post since the June 4 post was after the last password change on June 29. I would conclude this to mean that the first password change was someone changing the password and giving it to an escrow, the second one was the escrow changing the password again and providing it to the buyer, and the June 29 password change was the buyer changing it from what the escrow provided to his own password.

If the account was really hacked or not is anyone's guess, although the presence of a signed message that the buyer has should be proof that the owner was the one who sold it. Unfortunately many people do not know to ask for a signed message, so even if it was the owner who sold the account, there may not be a signed message confirming the trade.

KWH

legendary

Activity: 1904

Merit: 1045

In Collateral I Trust.

This account was marked as possibly sold. Are you the new owner or the old one trying to take it back?

OmegaStarScream

staff

Activity: 3500

Merit: 6152

Quote from: Kapz on July 10, 2015, 10:32:21 AM

I contacted him twice a couple of days ago no response but noticed he has been active - must just be really busy

I wont include email address here to reset to for security reasons.

-----BEGIN BITCOIN SIGNED MESSAGE (DONT INCLUDE THIS PART IN MESSAGE) -----

My account Kapz786 has been hacked. The current date is 10th July 2015

My BTC address is 18JGHZdn8D7NthJxjHcWQkENwcJ5NJEfdF it appears in multiple threads linked to the account Kapz786.

-----END BITCOIN SIGNED MESSAGE-----

-----BEGIN SIGNATURE-----

H06sc+xfnrq+QvrSXmLROTb4ES4kBydl3PyCn/nPKQ6rBFyGkL9MEf80ZXizqg5sfDjHBxXKs3uOOuwgE/JXtV4=

-----END SIGNATURE-----

My BTC address is 18JGHZdn8D7NthJxjHcWQkENwcJ5NJEfdF

Here is the unedited posts where I posted that address:

https://bitcointalksearch.org/topic/m.4753086

OR

https://bitcointalksearch.org/topic/m.5674982

Verified using Bitcoin COre , now just wait for Theymos or BadBear I guess .

Topic: Help! Account Hacked (Read 1938 times)