Author

Topic: My acc has been hacked and used to post scam thread! (Read 358 times)

sr. member
Activity: 645
Merit: 266
Thanks all for the understanding and help. I will be locking this thread cause all the problem is sorted out.
I will be cautious in the future, and im done with securing the password and full system scan overnight.
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
Hi zenhu,

I believe what you say is true that's why i've removed my negative tag.

As noted above, we've had these incidences with compromised accounts, posting malware wallets multiple times last year.

I also see that you've changed your password a few times already, i hope you scanned your system first and then did a clean install of your OS, otherwise you might end up being hacked again.
legendary
Activity: 3178
Merit: 3295
As i am German i found something for the IP you posted !

Quote
Details for IP-Adresse 5.61.43.220

% Information related to '5.61.32.0 - 5.61.47.255'

% Abuse contact for '5.61.32.0 - 5.61.47.255' is '[email protected]'

inetnum:        5.61.32.0 - 5.61.47.255
netname:        CLOUD-NETWORK-DE
descr:          ********************************************************
descr:          * As ISP we provide IP transit and bandwidth services.
descr:          *
descr:          * Those services are self managed by our customers
descr:          * therefore, we are not using this IP space ourselves
descr:          * and it could be assigned to various end customers.
descr:          *
descr:          * In case of issues related with SPAM, Fraud, Phishing
descr:          * DDoS, port scans or others, feel free to contact us
descr:          * with relevant info. Abuse email: [email protected]

Quote
org:            ORG-ISPR1-RIPE
country:        DE
admin-c:        ISPR1-RIPE
tech-c:         ISPR1-RIPE
status:         ASSIGNED PA
mnt-by:         ISPIRIA-MNT
mnt-routes:     LEASEWEB-MNT
remarks:        ISPIRIA Networks Ltd.
remarks:        Technical issues..............: [email protected]
remarks:        Services request..............: [email protected]
remarks:        Abuse departament.............: [email protected]
remarks:        Corporate web site............: https://ispiria.net
created:        2012-08-06T12:36:24Z
last-modified:  2019-09-26T09:26:35Z
source:         RIPE

The IP Adress is located and related to the German City Kassel



Source : http://www.utrace.de/?query=5.61.43.220

The main Company is based in Frankfurt and  is a Hosting Provider!

Leaseweb Deutschland Gmbh
https://www.leaseweb.com/de

You can submit on there Webpage an abuse for the IP here https://www.leaseweb.com/abuse-prevention

Hope it helps you a bit
Thanks for PM me .

Edit : Feedback is also removed !
sr. member
Activity: 645
Merit: 266
I had the same issue as you before, and mine was from Turkey instead.
snip~
Thanks for referring me to your thread, yeah I've been busy for this past few hours checking whether my pc has been compromised or they just brute force the password. Also, I never install any suspicious software or wallet.
sr. member
Activity: 1610
Merit: 264
I had the same issue as you before, and mine was from Turkey instead.
Logging out will also end your session as what Theymos told me in PM, just in case that changing password didn't do. Just make sure you scanned and cleaned your PC before you make these changes.

Here's my thread resolving my issue before : https://bitcointalksearch.org/topic/m.53594867
Read everyone's reply to my thread. I'd like to thank them again for helping me with the case.
legendary
Activity: 2338
Merit: 1261
Heisenberg
Code:
{
  "address": "0x4afaf049ca22dc654d55be5541ee41bd55cab3bc",
  "msg": "Im zenhu the owner of zenhu account on bitcointalk, this is to verify that my account has been breached. and as a proof that im the owner of this account. refer to this thread please https://bitcointalk.org/index.php?topic=5218316",
  "sig": "0x83568fc469516a84094257bf1513429a7eeb8ad068a7c35c5a2cd702bb8333751e58592c3547cec088e9675f7258fb9aa93ce7042c9416d257c0ef68cdf46a981b",
  "version": "3",
  "signer": "MEW"
}

I use this address on a lot of bounty and airdrop here, I don't have any bitcoin address posted here which I have access to the private key. I hope ethereum address will do. Please verify the msg here https://etherscan.io/verifySig
This is the verified msg will look like https://etherscan.io/verifySig/1945

Telegram Username: @zenhu
Ethereum Address: 0x4AfAF049ca22DC654D55BE5541Ee41BD55CAB3BC
Ref Code: 9587MU

Message verified:


and I have another question if I changed my password all the devices using this account automatically log-out, right?
Yes, all devices get logged out.



Thanks, I just check that and sure enough. the IP is not mine. I'm from Indonesia and almost never used a VPN or some sort of that thing to change IP. and this the IP of the hacker
2020-01-16 08:15:47   2020-01-16 08:15:47   5.61.43.220   (Unspecified city), Germany
If the person who tag me want to respond my PM I will give them the screenshot of the log
Good Luck, i hope you get helped  Wink
sr. member
Activity: 645
Merit: 266
Sure LoyceV, is this will do?

Code:
{
  "address": "0x4afaf049ca22dc654d55be5541ee41bd55cab3bc",
  "msg": "Im zenhu the owner of zenhu account on bitcointalk, this is to verify that my account has been breached. and as a proof that im the owner of this account. refer to this thread please https://bitcointalk.org/index.php?topic=5218316",
  "sig": "0x83568fc469516a84094257bf1513429a7eeb8ad068a7c35c5a2cd702bb8333751e58592c3547cec088e9675f7258fb9aa93ce7042c9416d257c0ef68cdf46a981b",
  "version": "3",
  "signer": "MEW"
}

I use this address on a lot of bounty and airdrop here, I don't have any bitcoin address posted here which I have access to the private key. I hope ethereum address will do. Please verify the msg here https://etherscan.io/verifySig
This is the verified msg will look like https://etherscan.io/verifySig/1945

Telegram Username: @zenhu
Ethereum Address: 0x4AfAF049ca22DC654D55BE5541Ee41BD55CAB3BC
Ref Code: 9587MU


and I have another question if I changed my password all the devices using this account automatically log-out, right?



~
Another option, if you are really desperate about clearing your name and don't mind much about privacy is PM them your  IP logs from https://bitcointalk.org/myips.php. If you are concerned about your privacy, You can blur IP address and City and then provide them with only time and the country the IP address that made the post was from in comparison with your previous or current IP addresses(This helps if you haven't been using different VPN locations)
Thanks, I just check that and sure enough. the IP is not mine. I'm from Indonesia and almost never used a VPN or some sort of that thing to change IP. and this the IP of the hacker
2020-01-16 08:15:47   2020-01-16 08:15:47   5.61.43.220   (Unspecified city), Germany
If the person who tag me want to respond my PM I will give them the screenshot of the log
legendary
Activity: 2338
Merit: 1261
Heisenberg
I have seen this kind of thing before, where a hacker gets into your account, doesn't change anything but then goes on to post malware or scam threads without your knowledge. You only get a wake up call when you are tagged.

It's so hard to prove that you were not the one who posted that stuff. However, the members who tagged you are understanding individuals and if you explain to them calmly and very well, they can remove the tags.

Another option, if you are really desperate about clearing your name and don't mind much about privacy is PM them your  IP logs from https://bitcointalk.org/myips.php. If you are concerned about your privacy, You can blur IP address and City and then provide them with only time and the country the IP address that made the post was from in comparison with your previous or current IP addresses(This helps if you haven't been using different VPN locations)
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
You should move (bottom-left) this topic to the Reputation board.

Can you sign a message from an address you posted a long time ago, to prove you're the real owner?
sr. member
Activity: 645
Merit: 266
Hi, I'm the original owner of this account. However, my account has been breached and the hacker uses it to post their scam wallet, this the archive of that post https://archive.is/kCWvJ so no one will have to click on the scam link. this is the post after I edit it https://bitcointalksearch.org/topic/my-account-has-been-hacked-5218174
How do I prove my innocence? and I already change the password for this account now, the previous password was "lkjhgfdsa" my bad that was a terrible password, just some brute force will crack that in 1 sec.
edit 1: I never make a thread in 2 years and all of sudden I make an announcement topic, how ridiculous that be. I'm not even that good in bounty campaign.
Jump to: