Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen

coinnewbit

sr. member

Activity: 266

Merit: 250

Quote from: rebel24 on March 02, 2014, 08:21:08 AM

I am pretty sure I have figured out what happened, I posted it in another thread so I thought I would share it with you guys-- apparently I am not the only one who has had coins recently stolen from them at poloniex--

what is going on is-
poloniex is being DDOS'ed, as well as cryptorush.io
I had the same robberies happen at both places. They are DDOS'ing the sites, taking the login info, and, for me, stupidly, I used the same login info for my email as my login there. So they logged into my email to confirm the withdrawls.

Now I have 2 way authentication and different passwords, I HIGHLY RECOMMEND EVERYONE DO THIS RIGHT NOW IF YOU HAVENT ALREADY

I just despoited into poloniex the day before. Crap

rebel24

member

Activity: 114

Merit: 10

I am pretty sure I have figured out what happened, I posted it in another thread so I thought I would share it with you guys-- apparently I am not the only one who has had coins recently stolen from them at poloniex--

what is going on is-
poloniex is being DDOS'ed, as well as cryptorush.io
I had the same robberies happen at both places. They are DDOS'ing the sites, taking the login info, and, for me, stupidly, I used the same login info for my email as my login there. So they logged into my email to confirm the withdrawls.

Now I have 2 way authentication and different passwords, I HIGHLY RECOMMEND EVERYONE DO THIS RIGHT NOW IF YOU HAVENT ALREADY

p-webcorp

newbie

Activity: 14

Merit: 0

Quote from: Nathonas on March 02, 2014, 01:49:18 AM

Quote from: philipmicklon on March 02, 2014, 01:16:37 AM

2FA is a must when you're dealing with BTC.

2FA with google authenticator.

/endthread

Oh, yes again a google product. Never ever use anything from google!
'g' give data, 'g' get protection for it, and the rest of the story is blablabla as the bitcoins are used by criminals etcetc, and the dollars are used only by honest people isn't it?

freebit13

hero member

Activity: 616

Merit: 500

I got Satoshi's avatar!

Use Google.../endthread?

Stop trusting a central authority to secure your information... that's just not bitcoin Wink

Krona Rev

full member

Activity: 129

Merit: 100

Does any service offer 2FA via bitmessage?

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

Yubikey is your friend.

corebob

full member

Activity: 238

Merit: 100

The problem with giving Google your phone number is that you also give NSA what they need to associate your telephone calls with your emails

Krona Rev

full member

Activity: 129

Merit: 100

OP: Sorry for your loss of 2btc. I'm glad to hear you keep most of your coins offline. I wish more people would.

Regarding 2FA, I would be very reluctant to trust google (either gmail or google authenticator) when it comes to security and/or cryptocurrency. No third party should be trusted, obviously, but at this point it is clear that trusting google means trusting the NSA and other dark forces in the US Govt. Don't do it. Please don't do it. One day this Mt. Gox fiasco could look minor compared to the damage someone could use google to do.

Just keep as many of your coins offline as possible, and be prepared to lose all coins that are online.

g27wr

full member

Activity: 221

Merit: 100

I like guns.

Quote from: rebel24 on March 02, 2014, 01:45:27 AM

Quote from: ?? on ??

Quote from: rebel24 on March 02, 2014, 01:13:09 AM

Just thought I'd let you guys know so you dont let it happen to you.
I never saw this coming and am pretty security conscious.

I lost about 2 bitcoins worth.. over $1000 worth at today's prices...

I have taken some new security precautions but I recommend you guys to do the same-
firstly, use a unique password for your main email account, that you dont use anywhere else.
also add a phone number for alerts to your phone if someone does pass a log-in verification

most my coins are offline... the only ones there were mainly ones I had open for trades....

but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well.

Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?)

You had you poloniex password saved on your computer somewhere?

Would this have been prevented if the only location of your passwords was written down on paper?

no it was not saved on my computer.. he initiated a password rest, then because he had access to my email, he accessed my account

the question is how did he get my email address login and password (and somehow know I used bitcoin too),
my idea is probably one of the smaller exchanges I signed up for (about half a dozen of em, nothing crazy), that is my guess..

You could be right. It may have been someone from an exchange. We really have no way of knowing who is behind the scenes. New passwords everywhere!!

Nathonas

sr. member

Activity: 280

Merit: 250

Knowledge is Power

Quote from: philipmicklon on March 02, 2014, 01:16:37 AM

2FA is a must when you're dealing with BTC.

2FA with google authenticator.

/endthread

rebel24

member

Activity: 114

Merit: 10

Quote from: ?? on ??

Quote from: rebel24 on March 02, 2014, 01:13:09 AM

Just thought I'd let you guys know so you dont let it happen to you.
I never saw this coming and am pretty security conscious.

I lost about 2 bitcoins worth.. over $1000 worth at today's prices...

I have taken some new security precautions but I recommend you guys to do the same-
firstly, use a unique password for your main email account, that you dont use anywhere else.
also add a phone number for alerts to your phone if someone does pass a log-in verification

most my coins are offline... the only ones there were mainly ones I had open for trades....

but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well.

Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?)

You had you poloniex password saved on your computer somewhere?

Would this have been prevented if the only location of your passwords was written down on paper?

no it was not saved on my computer.. he initiated a password rest, then because he had access to my email, he accessed my account

the question is how did he get my email address login and password (and somehow know I used bitcoin too),
my idea is probably one of the smaller exchanges I signed up for (about half a dozen of em, nothing crazy), that is my guess..

rebel24

member

Activity: 114

Merit: 10

I believe it did have 2 factor authentication, because it emailed my email to confirm the transaction, and he had access to my gmail.

You make a good point, but the only way it should be done is via phone authentication.

I will also add, the only reason I caught it quickly was because he hacked into my secondary email, which has duplicates sent to my main email.
when I logged into my secondary email, those confirmation emails were deleted (I suppose to prevent me from knowing I was hacked)

philipmicklon

full member

Activity: 176

Merit: 100

2FA is a must when you're dealing with BTC.

rebel24

member

Activity: 114

Merit: 10

Just thought I'd let you guys know so you dont let it happen to you.
I never saw this coming and am pretty security conscious.

I lost about 2 bitcoins worth.. over $1000 worth at today's prices...

I have taken some new security precautions but I recommend you guys to do the same-
firstly, use a unique password for your main email account, that you dont use anywhere else.
also add a phone number for alerts to your phone if someone does pass a log-in verification

most my coins are offline... the only ones there were mainly ones I had open for trades....

but for my wallets, I am using an encryption key now which I use nowhere else... and I am storing these encryption key passwords basically offline as well.

Was just shocking to me... I want to ask you guys too, because he hacked into my gmail account (can he see my other saved passwords I had? I use chrome and I have some saved passwords in there... but for me to access them on my computer I have to put my windows password in, but what if his on his own computer or an iphone/android? my iphone wouldn't show the passwords, but what if he is on another computer, can he see them then without anything but that gmail password?)

Topic: Just had my gmail, then poloniex and cryptorush.in hacked, bitcoins stolen (Read 1803 times)