Topic: Lets talk Bitcointalk (Read 381 times)

Some updated information regarding the scammer 'David Cheung' a/k/a DC, DavidCheung87 - https://www.facebook.com/tedmorning.daydreak/

I am suprised that brute force has done it 
i am sorry that your account was hacked, upon seeing that these situation are repaeting , i am satarting to think that I need to increase my security level .

Also i believe that forum as a minimum should make a warning with suggestions have to make your account more secure.

Every site developer or owners has their own way of designing their own website or site, so if you want new thing or good thing for the forum then you can suggest they put i under consideration but if you are not satisfied then at least try to make your own if you want to help.

The right way to do that is to lock this thread so that no one can add a reply.

That isn't any of your business, As for what the point of this thread is? It's to start a dialog as to why one of the most popular BTC communities, Lacks such basic and essential features to secure its members accounts.


This is getting off-topic now so i'll leave it at this.

At no point was i encouraging anyone to 'take what isn't theirs' - I simply provided an example of what COULD be done with it based on the traffic stats the domain received.
Am i contributing to the problem? Maybe, So are hundreds of others, Keep that same energy with the same Legendary/Hero members who are ACTIVELY selling frauded GC's, VCC's & accounts.

Instead of harassing me over a 2-year old post.

If you sell something that can be used for nefarious purposes then you contribute to part of the problem.

It is not being on a moral high horse. Not taking something that is not yours or encouraging others to do so is not "high morality" - it is common decency.

And how do you plan to do that ?

If you were so confident of recovering the account on your own , what is the point of this thread ?

I really wish that I could use 2factor secutrty for this account.   
Just because I post publicly my wallet addresses so who knows who will see it

Its alright i'm confident i'll get it back with or without the admins help, That's cool you have the right to feel that way.

Either way its good to know the scammer has been exposed at-least lol.

As it stands you'll probably be waiting somewhere between never and forever to get your account back. I agree the excessive waiting/accounts not being recovered at all is unacceptable and something needs to be done about it, but this probably isn't going to happen anytime soon. Besides, looking at this post below I think your account should be put to the bottom of the pile:


If you haven't got a signed message or pgp then I would just forget about the account because there's little to no chance of you getting it back.

I don't mind waiting at all but my Issue is with how long the wait is as i stated previously, If you look throughout META you'll find hacking victims that have been waiting 2+
months for recovery which again comes off as lazy and inefficient on the admins part and frankly im surprised no one else is talking about it.

I mean really how hard can determining who the original owner of the account be? In my case my IP hasnt changed and i have the original email, also have my skype ID throughout thread history.

Karma for what exactly? Was i selling a phishing script along with the domain? Get off your moral high horse i've seen WORST sold on here and you dont seem to mind, besides you do know the domain had other uses non-related to phishing, I merely used that as the selling point.

I do appreciate you helping out by making the thread and atleast preventing others from getting scam!

wblockchain.info - phishing



Was it karma perhaps ?

hamporn & tedchain ICO scam investigation + Darkwin hacked account

It looks like someone hacked his account, then they sold it. The person who then purchased it had probably just offered him the cash as hushmoney instead of having to return it. Can't blame the op for attempting to take it if the option was losing his account anyway, but looks like that's already happened.


It's just not required for whatever reason, but I think it should be. It's very rare that a forum or website doesn't require such verification. Anyone can use your email without, not to mention bots take advantage of this. Requiring email verification would be one more hoop for them to jump though.

It is mentioned in the same thread that you will have to wait for recovery.

If you think that this is unacceptable for you, do not submit the request and keep yourself engaged at other places which you think are more appropriate for you.

Lots of work? All we need is an account changes confirmation email and it would have solved and prevented all of it. It isn't "lots of work" either, literally every single forum board software includes it as a default security feature from PHPBB, VB, MYBB etc. and yes even Simple Machines.

If recovery isn't a priority then why waste users time and forum thread space making a shitty post asking users to PM staff only to not hear from them after months later as seen in many posts throughout META? Again seems lazy and inefficient, I understand that admins have duties and possibly lack manpower but to put their users account security last or just completely disregard it, is unacceptable.

The forum has already made it clear that account recover is of less priority for them and thus it can take time. You will have to follow the same route like other members.

So far as improving the security of the forum is concerned, that involves a lot of work. Consider one person fighting against thousands of hackers to tackle this. No matter how much improvement is done to security features, there is always some chance of account hack happening.

Sorry but you're wrong, This has nothing to do with them emailing us requirements for using the forum safely but rather about broken policies put into place which are not only making the recovery process complicated for the community but also doing absolutely nothing to prevent issues in the future.

As i stated previously it makes absolutely zero sense for admins to require this type of information if its not even a requirement to begin with, If anything it seems like the lazy way out to basically shrug off the user.

Rather simple if you read the texts provided in the thread, The person who took-over the account claimed they'd purchased it off someone else and offered to buy it off the correct owner in exchange for me not going through with the recovery process to which i agreed. It wasnt until further research that it was determined that this person and the "hacker" were one in the same.

At which point i initiated the recovery process which has been a total waste of time.

Why is the email not validated while creating an account here ? Can a staff member throw some light on this ?

The forum does not require email validation either.  :/

I can't understand how you claim to have your account "hacked" and then offer to sell it to the "hacker".

Surely you can see the issue with that. 

You are willing to sell your account for a $100 to someone you are accusing of being a scammer.

It is your responsibility to read forum rules after you register here. Do you want them to mail you requirements on how to use this forum safely ?

OP  , you can put a good heading for this topic .

Anyways , look like that forum policy  makes hacking favorable.  Instead of asking user to confirm the change email in the current email , they are changing  the email and asking the original user to lock its own account.

No body knows how much time recovery takes.

Admins, should not allow change of email and passwords until it is confirmed on original/current email associated with the account.

On May 19th my Bitcointalk account was compromised via bruteforce, However it wasn't until July 9th 2018 that i found out as i'm not very active on the forum.
What surprised me about this situation wasn't that i was hacked but rather how EASY Bitcointalk made it for the "hacker", I'll elaborate.

Why does Bitcointalk offer NO security when it comes to its users accounts?

Since the beginning of the internet websites have always required the account-holder to verify ANY major changes to an account ie; password change, email etc.
Apparently Bitcointalk doesn't seem to require any verification of account changes, I mean sure we have the option to lock the account within 15-days of the changes happening
but that doesn't do much in my case or in the case of any casual member of the forum who doesn't realize until weeks after the fact.

See: https://gyazo.com/5a2dd6d9504e4af5acd5e0450edd0869

Your account recovery process is trash, Why?

I contacted Theymos on July 9th explaining what happened and how the hacker was attempting to scam the community via an ICO crowdsale, Received no response so i then reached out to Cyrus and still have not heard from either of the forum admins 2+ weeks later.

I'm aware i'm not the only one whom this has happened and it isn't as if my account was Hero/Legend status but when someone is attempting to scam your community and you as an admin are given weeks heads-up notice and don't even bother to read the message, Its concerning for the forum overall. I'm a member of several larger internet boards and they don't really seem to have this problem so what are the admins of Bitcointalk doing?

Recovery Method?

So in order to recover a stolen account we must supply admins with Bitcoin Address or PGP Key related to the account, EXCEPT none of which was REQUIRED upon signing up.
Why not make it clear to members that they MUST supply a wallet address or PGP key and/or store it somewhere as backup incase they're compromised?

In my case i used hundreds of different wallet addresses and never PGP signed my account that i recall.

With all the posts about accounts being compromised you'd think that there would be an urgency of sort to assist users of the community, Instead the entire procedure and account safety features seem rather moot.