Topic: Hundreds of thousand of bitcointalk accounts hacked - page 3. (Read 8800 times)

I'm not sure what the benefits of hacking a zero or one post newbie account are, but he has or had a very large stockpile of newbie accounts he created himself to do his shilling. See these ones:

https://bitcointalksearch.org/user/kusmaki-895304  kusmaki
https://bitcointalksearch.org/user/gherghina-895247 gherghina
https://bitcointalksearch.org/user/alpitvraj-393051     alpitvraj
https://bitcointalksearch.org/user/paraneens-889079 paraneens
https://bitcointalksearch.org/user/belvoir-886523     Belvoir
https://bitcointalksearch.org/user/chanway-918902     chanway
https://bitcointalksearch.org/user/arnold447-794655 arnold447
https://bitcointalksearch.org/user/clappen-225107 clappen
https://bitcointalksearch.org/user/iceker-213095 iceker
https://bitcointalksearch.org/user/lala-187976     Lala
https://bitcointalksearch.org/user/brucee-412652     Brucee
https://bitcointalksearch.org/user/apostolis21-501113 apostolis21
https://bitcointalksearch.org/user/mario23-500285     mario23
https://bitcointalksearch.org/user/gotcha007-406115 Gotcha007
https://bitcointalksearch.org/user/tigarete-503564     Tigarete
https://bitcointalksearch.org/user/vikingur-505675     vikingur
https://bitcointalksearch.org/user/americanth-507216 AmericanTH
https://bitcointalksearch.org/user/petrov-507493     petrov
https://bitcointalksearch.org/user/frenchois-507854     frenchois
https://bitcointalksearch.org/user/deutch87-508604 Deutch87
https://bitcointalksearch.org/user/pierreallan-508979 PierreAllan
https://bitcointalksearch.org/user/igorenko-509715     igorenko
https://bitcointalksearch.org/user/pascqul-539438     pascqul
https://bitcointalksearch.org/user/cats2dogs-539792     cats2dogs
https://bitcointalksearch.org/user/scultz23-539970     scultz23
https://bitcointalksearch.org/user/btyanoneal-542073     btyanoneal
https://bitcointalksearch.org/user/billkanty-544562 billkanty
https://bitcointalksearch.org/user/chenzu-543385     chenzu
https://bitcointalksearch.org/user/barbugeala-542662 barbugeala
https://bitcointalksearch.org/user/doitch2-548576 doitch2
https://bitcointalksearch.org/user/harryson2-549093 harryson2
https://bitcointalksearch.org/user/bigarmny-553241 bigarmny
https://bitcointalksearch.org/user/moris2pane-553521 Moris2pane
https://bitcointalksearch.org/user/mariutzko-660431     mariutzko
https://bitcointalksearch.org/user/gasparpop-662643     gasparpop
https://bitcointalksearch.org/user/arnold447-794655     arnold447
https://bitcointalksearch.org/user/gigarsfree-793362     gigarsfree
https://bitcointalksearch.org/user/poponautu-773056 poponautu

Most were just used once to make a bump of his thread then discarded but once he had his main accounts banned some of them suddenly returned back to life and he started selling with those ones.


He wasn't caught until recently and it was his inability to not follow the marketplace rules repeatedly that kept getting him into trouble. When he gets banned for the behaviour he just comes back on more alts and does the same and seems to have done this on multiple forums.


I'm not sure where you get the figure of 'hundreds of thousands' of accounts have been hacked from as it seems exaggerated but if you can provide evidence of that then I'll happily admit I'm wrong but the exact figure seems beside the point.


I'm not saying they are hacked in the same way but the outcome is still the same and staff can't win. How can we do anything about accounts that are not yet hacked? People were told to change their account passwords and if they didn't for whatever reason then their accounts are at risk but if they had a very strong password then they'd very likely be fine. What are you suggesting we do? Lock all accounts that haven't changed their passwords since the hack or if they haven't posted after x amount of time? If certain accounts are locked as a precautionary measure then what happens when the original owner can't prove that it belongs to him? Then he cries at the forum for unnecessarily doing this to his account. I'm not sure what you would like the admins to do but if you've got a foolproof plan I'd love to hear it.


If it takes months to restore accounts now then what do you expect when there's (in your words) hundreds of thousands to restore? Only admins can restore accounts and there's nothing that regular staff can do about it. Yeah, there should be another admin or two to deal with account recoveries and finding alts or whether but that's something only theymos can act on.

You agree on my figures (roughly) but you understand the dilemma facing admin?

It's quite easy to prove really, once you understand the relationship between uid#/reactivation time, and other things.
The inaccuracy rate would be tiny. Admin could easily do this.

Just like my 500+ list of (obvious to me and admin) farmed accounts where the inaccuracy rate is zero, as far as i know.
But admin refuse to acknowledge that either, which is great for you as you are a farmed "Alphabet account". 1 of several hundred alphabet accounts.
https://bitcointalksearch.org/topic/rizzs-500-1670807

Your opinion is manufactured and worthless.

Nearly all of these accounts probably are hacked, but one of the key problems is that the forum is very hands-off so they're faced with the dilemma of finding out how to prove that these accounts are hacked without intruding on people's privacy.  It must be pretty difficult.

I suppose the main problem is the security breach from a while ago, which people are now exploiting because these dormant users never managed to change their passwords as they haven't been on this forum for a long time.

So you basically just agree that hacking (old) newbie accounts do have benefits for scammer's, and illustrating those benefits to scammer's.

Steamproject ran his thread nearly 2 years on bct. What exactly was he supposed to "learn" from that?
If he "just farmed/created them himself" he must have been around since July 31, 2010, 07:44:15 PM https://bitcointalksearch.org/user/bcusr-657

Weather or not Steamproject farmed those accounts himself or hacked them or bought them is a different topic, probably known alts thread.
The fact remains that hundred's of thousands of accounts are "hacked" by someone.
bct members are left in the dark over the scale of this, while mods say there is nothing that can be done, admin haven't even responded.

------added before any reply after 1 reply i just spotted next page, sorry!------


I should respond here too.
You have no idea how many accounts have been compromised, Yet somehow "auto conclude" i'm wrong?

You compare "auto locked" accounts with "systemically hacked" account's, but they are not hacked in the same way. (afaik)
Security question accounts are by default "locked out" till staff action, while systemically (password) hacked accounts are by default "allowed in" until staff action?

You go on about those "auto locked" members weeping like widows, when many have clear proof but still have to wait for months for any action to be taken, then use the damnation of your (staff/admin) inaction's on restoring those few "auto locked" accounts as reason why you can't do anything about 100,000's of completely differently identifiable "systemically (password) hacked" accounts. Correct?

That boomin guy is the latest (caught) alt of MariusTi aka steamproject aka tberty aka Dorkslayz etc etc who uses an army of dozens of alts to fake vouch or spam bump his threads of torrent invites (and he's probably had around a 100 banned). He either has a massive stockpile of them or buys them from account sellers but I'm more inclined to believe that he has just farmed/created them himself as there's a lot that were just used to make one or two posts to bump/vouch for his thread then discarded, though some of the older ones recently came back to life and started selling the torrent invites when a lot of his other accounts got found out and banned. This behaviour with him has been going on for years with him and not just on this forum either as he's been banned from numerous forums and never learns.

It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database.

Another possibility is that some site Bitcoin related was hacked and people got their hands on their databases and are checking to see if there are reused passwords to get into bitcointalk accounts. For example, recently a database dump from 2014 of btc-e's database reached HaveIBeenPwned so it is likely that that database was floating around publicly for a bit of time beforehand and is still available. So people might be using that to match accounts on btc-e to accounts on the forum and then trying passwords to see if there is any reuse.

Unfortunately the forum can't really do much. If the admins lock accounts which have not changed their passwords and then send password reset emails to all of those accounts, a lot of people will be locked out because emails aren't validated and a lot are either invalid, or just point back to bitcointalk.

That's a problem with the forum's policy on account sales. There is little else you can do other than ask for some other information only the original owner would know (E.G a dox). This relies on the previous owner being something other than an account farmer though, which could prove to be difficult.

No. The breach on Bitcointalk happened in May 2015 IIRC, and was a result of an internal problem with the hosting provider. I don't believe that Bitcointalk has ever used Cloudflare.

Was this because of the cloudfare breach or the breach that happened last year ? I remember seeing a list of accounts that was hacked last year, was there another one after that ?

In cases of hacked accounts, a signed message from an old staked address is more than enough, that's right. But in case of account sales, nowadays accounts get sold with the private keys connected to the staked address.

From there it will be very difficult to know whether or not you're really dealing with the person you are supposed to deal with. Especially when the account has been kept active in the exact same manner it was before the sale.

It doesn't stop you doing anything. So long as you can sign a message from an old staked address there is no reason why you shouldn't be able to change your password.

The feature that displays message "This user has recently changed his password" prevents me and many like me to change password periodically for safety purpose.
This message keeps people away from trading with such users.
I hope this feature is not available in new forum.

I remember there was an incident happened when a Ponzi mining site cloudminr leaked its data [username, password] for btc at that time many accounts were hacked and I'm able to restore few of them and the grtthegreat was the one of them. someone is trying to sell it but before that i logged into that account and helped him to get his account back at that time I also takeover some accounts but no one claimed that back from me.
I still have those accounts and waiting for their owners to get them back.

https://bitcointalksearch.org/topic/m.11864925
https://bitcointalksearch.org/topic/m.11864392

can i sell them if no one claims them back?

No. real owners do not log in in rota.
When hacking, you take what you get?

Did you read this thread from op, https://bitcointalksearch.org/topic/m.17974610
Then did you spend more than 5 minutes looking into this?
Added - I'll bring the link here for clarity,

https://bitcointalksearch.org/user/jakeroxs-9000  jakeroxs               0 post    November 24, 2016, 08:47:41 AM
https://bitcointalksearch.org/user/micro333-9003  Micro333              0 post    February 19, 2017, 01:18:36 PM
https://bitcointalksearch.org/user/qrr-9005  Qrr                       2 post    February 19, 2017, 01:28:59 PM
https://bitcointalksearch.org/user/trance555-9009  Trance555             0 post    February 19, 2017, 01:28:07 PM
https://bitcointalksearch.org/user/twadsworth-9011  twadsworth            0 post   February 19, 2017, 01:16:27 PM
https://bitcointalksearch.org/user/fictionwobbles333-9012  FictionWobbles333  0 post   February 19, 2017, 01:27:05 PM
https://bitcointalksearch.org/user/moodfool333-9013  MoodFool333          0 post   February 19, 2017, 01:28:08 PM
https://bitcointalksearch.org/user/marish-9014  marish                   0 post   February 19, 2017, 01:38:06 PM
https://bitcointalksearch.org/user/blackrunner111-9015  BlackRunner111      0 post   February 19, 2017, 01:15:55 PM
https://bitcointalksearch.org/user/jhallsworth-9016  jhallsworth             0 post    February 19, 2017, 01:28:12 PM
https://bitcointalksearch.org/user/carter-9020  carter                     0 post   February 19, 2017, 01:20:13 PM

Funny how the price drove 10 of 20 consecutive, really old accounts, who have never posted in years, to all log in on Feb 19, all at 1 o'clock, then not since, don't you think?
You will find many, many more Feb 19 hacked accounts, if you have the time to look.

Did you see https://bitcointalksearch.org/user/blap-9183
A nice moving avatar, that will have some value.

I hope you give me some credit for my account analysis. I have studied many more than you. many orders of magnitude.
Try 9119, 9142, 9158, 9163, 9171, 9190, 9194.
You will either have to do more study or take my word for it.

Hundreds of thousands of accounts have recently been hacked. Until we hear otherwise from admin.

I mean the bitcoin price is enough to motivate them to posts again.

I've noticed a surge of dormant accounts joining in Bitmixer, all of them shitposting and most of them having the same/similar posting patterns (e.g. inactive since X month, start posting after Y date). I think the OP is at least somewhat correct with his statement.

Doubtful that account farmers activate only when there is Bitcoin news around.

Some of those dormants accounts could have been reactivated by real owners who happen to have heard the recent news and getting interested in bitcoin again.

Edit:

Most of those accounts are newbies. What are the benefits of hacking newbies?

I have no idea how many accounts have been compromised but I don't think it's as bad as you're claiming. I suppose certain accounts could be locked but people weep like widows when their accounts are auto locked as a precautionary measure when someone tries to reset the password via the security question and they cry even more when they have to wait for it to be restored. Also, if the account hasn't posted an address or they can no longer sign a message from one then they're screwed that way and they would then blame the forum for that so we're damned if we do and damned if we don't.

Obviously, dormant or unused accounts will likely not have changed their passwords.
That is why i ask "This hack has been anticipated for a while now, do admin have a planned response?"

The standard answer, nothing can be done.
There is plenty that could be done, even at this late stage.

Do you have any figures or guesstimates on hacked account numbers?