Topic: My account got hacked (Read 2200 times)
How does one person's computer being compromised meet the terms of the CPA insurance contract? GLBSE didn't default.....
When BTC grows up (if it ever does) there will be real corps offering real CDS and insurance and reinsurance that will payout on benchmark able items...and not just someone's gut.
Then again...we'd actually have to have some sort of jurisprudence that governed.
So how do they prevent insurance fraud? Seems simple, cash out, claim hax, and collect insurance. What am I missing?
I asked the same when I was asked to help fund CPA. :/
This thread smells funny. Just saying.
This +1. Personally, I would avoid CPA before usagi explained everything.
Have you sent an information request e-mail to [email protected]?
Have you read the contract?
Have you been following the discussion thread?
It seems to me all your questions have already been answered, I could be wrong on that but I do notice you have not actually asked me anything.
As to the other person's question on how we prevent insurance fraud, let me assure you that this company is run by some very smart people, and if someone tries to commit insurance fraud they probably will not get away with it. However, people do get away with fraud all the time. If you'd like to give us a run for our money please be our guest. Your risk is the premium you pay.
Took a look around the original CPA thread just now, and my question directed at https://bitcointalksearch.org/topic/your-91316 still stands. In the real world, insurance companies regularly conduct an extensive background check on claims. How are you going to conduct that in the Bitcoin realm, where everyone is hidden under some pseudonym?
Good luck, but how will you account for fraudulent claims?
This concerns me as well.
Assume that I have insured my GLBSE account against hack/theft.
What will prevent me from selling everything and withdrawing bitcoins, then asking for compensation?
If you want to do this, we would write into your contract at least two provisions; you have to have an authenticator on your account, and you have to choose a strong password that you don't use anywhere else. We would also have to check with the GLBSE, and as there is a subrogation clause in every contract (see the preamble in post #2 or #3 I think) this acts as permission for GLBSE to reveal any details of the incident to us as if he were speaking to you or your lawyer. So we would figure out what happened. In short, if someone logged into your account from an IP you've used a lot in the past, and they typed in your authenticator to log in and then again to do the transfer, we can't cover you.
Another case. If it turns out you got hacked ala the GPUMax scandal recently, where users who didn't have authenticators used their GLBSE password on GPUMax (no comment), we won't cover you, as you would have broken your contract by not having an authenticator on your account. We will know this in our investigation with the GLBSE. There are mitigation and good faith clauses in the contract. You will be informed of these in any contract we write. Really, the authenticator is the big thing. But let's say somehow someone steals your phone and somehow finds your password. Let's say it's a home invasion so it's from your IP address. Just send us a copy of the police report, we will verify that the crime actually occurred, and we'll pay out.
Beyond a certain point we just have to trust you. But if you could give me a specific scenario of someone trying to defraud us, I could try to answer how we would handle that situation.
How would you verify that the person is indeed using a strong password that he/she is not using elsewhere? GLBSE does not (and should not) keep your password in plaintext; only the hash is kept. IP addresses are trivial to fake, with TOR and proxies providing a literally infinite number of them. About the only reasonable clause is the use of an authenticator - OP would have been either:
(a) Got hacked physically, as in phone/yubikey stolen for a short while
(b) Be a victim of a MITM attack.
(c) Have his/her time-based token stolen within a short timeframe and used.
Also, OP states:
you better format your PC
OP seems to bed doing SEO on the forum, watch out glbse being hacked in a few weeks... just saying
What do you mean? I haven't installed any weird applications on my computer. I think my account got hacked because I used same password at somewhere else too.
How would he get the payout, as this violates the provisions you have stated above?
I'm certainly happy to see insurance companies springing up within the Bitcoin ecosystem as it fills an important niche for a successful economy. I apologize for sounding defensive/hostile in my posts, but the anonymity of the Bitcoin system is a factor that causes scam cases to happen like wildfire. I am sceptical of everything that is not proven, and security through obscurity is not an option for me. I am always ready to invest in another new opportunity, so I would be glad to grab some shares too if my questions are answered.
usually when you admit you left the keys in the car you cant get an insurance claim.
So how do they prevent insurance fraud? Seems simple, cash out, claim hax, and collect insurance. What am I missing?
I asked the same when I was asked to help fund CPA. :/
This thread smells funny. Just saying.
This +1. Personally, I would avoid CPA before usagi explained everything.
As a potential investor in CPA I am not comfortable with insuring individualing 'hacking' cases as they would be near impossible to prove. Maybe require that there was some known breach of security that lead to multiple, verifiable instances. very unlikely, which is fine. ;p
or Make the premiums for unverifiable hacking insurance such that;
A.The premium is 10% of insured value per period and insured is only qualified for n% of payout per x amount of premium periods up until incident.
or Make the premiums for unverifiable hacking insurance such that;
A.The premium is 10% of insured value per period and insured is only qualified for n% of payout per x amount of premium periods up until incident.
So how do they prevent insurance fraud? Seems simple, cash out, claim hax, and collect insurance. What am I missing?
I asked the same when I was asked to help fund CPA. :/
aye, that's my first and biggest question.
Reading what the OP linked; How did you get insurance without a secondary authentication on GLBSE?
"4. Insuring assets kept in the GLBSE (hacking insurance)
If you have taken proper security precautions such as adding an authenticator, we offer hacking insurance at rates as low as 1% for 6 months."
I take that just to mean they charge a higher rate for non authenticator accounts.
----------------------------------
I wonder if this may apply here;
"5. Subrogation
The insurance company acquires legal rights to pursue recoveries on behalf of the insured; for example, the insurer may sue those liable for insured's loss. This includes but is not limited to repo clauses in which the customer's assets may be seized in the event of a fraudulent insurance claim."
I agree with pekv2 - why drag the GLBSE name through the mud because of your mistake? please change the title of the thread.
This thread smells funny. Just saying.
So how do they prevent insurance fraud? Seems simple, cash out, claim hax, and collect insurance. What am I missing?
you better format your PC
OP seems to bed doing SEO on the forum, watch out glbse being hacked in a few weeks... just saying
What do you mean? I haven't installed any weird applications on my computer. I think my account got hacked because I used same password at somewhere else too.
*facepalm* People that exercise this kind of way to be exploited must learn about keepass or lastpass and use 100 mix character passwords, use different passwords for each account.
When will you's learn?
Edit:
You didn't get hacked, should change title to, I was dumb and used same password on two dif accounts.
Insurance company CPA recovered my losses completely (a couple tens of BTC).
Wow, nice. How does one get insured for this kind of thing? Did you contact CPA over the forums?
I used IRC to contact usagi from CPA. Ask them for insurance and they will help you to make contract.
Insurance company CPA recovered my losses completely (a couple tens of BTC).
Wow, nice. How does one get insured for this kind of thing? Did you contact CPA over the forums?
you better format your PC
OP seems to bed doing SEO on the forum, watch out glbse being hacked in a few weeks... just saying
What do you mean? I haven't installed any weird applications on my computer. I think my account got hacked because I used same password at somewhere else too.
you better format your PC
OP seems to bed doing SEO on the forum, watch out glbse being hacked in a few weeks... just saying
you better format your PC
My account at GLBSE got hacked recently.
Insurance company CPA recovered my losses completely (a couple tens of BTC). Just wanted to share this information with you guys.
Insurance company CPA recovered my losses completely (a couple tens of BTC). Just wanted to share this information with you guys.
Jump to: