Author

Topic: My account on pool hacked - remember to use strong unique passwords! (Read 1511 times)

member
Activity: 98
Merit: 10
Cheers Bushstar.  I'll check out those tools.  It's hard to find good ones with a light footprint that also provide you with an amount of control as to what is flagged for removal.

Seems that the attacker either brute forced or had my password.  

Lesson learned.
hero member
Activity: 617
Merit: 531
Realized afterwards it was only 8 LTC that was redirected.  I actually received the previous payout.

Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again.  I can't find any holes in my system.

Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.

Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi

Not sure what tools you are using but the following is what I use to disinfect most computers that come into the office.

ComboFix, TDSS Killer, Malwarebytes Antimalware and ADWCleaner

However think about where else you have signed up with the same credentials as Coinotron, it could be that one of those sites is malicious.
legendary
Activity: 1182
Merit: 1000
Realized afterwards it was only 8 LTC that was redirected.  I actually received the previous payout.

Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again.  I can't find any holes in my system.

Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.

Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi

It seems that attacker had your password or simply was really lucky. It took him only 2 attemps to log in as you.
member
Activity: 98
Merit: 10
Realized afterwards it was only 8 LTC that was redirected.  I actually received the previous payout.

Really not too concerned about the limited loss of LTC, but would be nice to know how it was compromised so that I can ensure it won't happen again.  I can't find any holes in my system.

Just goes to show the importance of keeping tabs on your accounts, and using strong passwords.

Address that funds got redirected to is Lg6ex4ufeN8Vqoh6jLa73Mn6FooPqxjEMi
legendary
Activity: 1182
Merit: 1000
Looks like it's just me then which is good.  I'm assuming then that my system was compromised somehow.  I've run several scans and nothing has been found though.  Wish I knew, but I'll probably be doing a full reformat now if I end up finding nothing.

I did have Java installed so it could have just been an attack using Armitage or CobaltStrike.  Thankfully wallets are all offline.

Coinotron db is safe, not compromised. There are no suspicious payouts. So it seeems that it is related only to your account.
Lately there was quite a few attacks on LTC pools, BTC pools. Maybe you used same password in two places?
PM me your username. I checked out user Kryptox, and it doesn't look like it is yours.


 
sr. member
Activity: 301
Merit: 260
FLO dev
Looks like it's just me then which is good.  I'm assuming then that my system was compromised somehow.  I've run several scans and nothing has been found though.  Wish I knew, but I'll probably be doing a full reformat now if I end up finding nothing.

Same thing happened to me about a month ago on Coinotron. I contacted Coinotron and they found a login from an IP from a different continent I'm in. Make sure you use different passwords (even different user names) on the different sites.
member
Activity: 98
Merit: 10
Looks like it's just me then which is good.  I'm assuming then that my system was compromised somehow.  I've run several scans and nothing has been found though.  Wish I knew, but I'll probably be doing a full reformat now if I end up finding nothing.

I did have Java installed so it could have just been an attack using Armitage or CobaltStrike.  Thankfully wallets are all offline.
hero member
Activity: 631
Merit: 501
I checked all my accounts and balances.
I am happy to report -- everything is right where it should be.
full member
Activity: 203
Merit: 100
You may want to put a ? after your title.
full member
Activity: 140
Merit: 100
Logged into my account today and found the payout address changed and payout threshold changed to 1.  LTC from my account are gone - thankfully they only got about 17 LTC.

I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while.  Not sure if it's related, but I was also getting close to 10% on some of my rigs.  (one was 30%).  Either way, I've switched pools now and am getting less than 1% rejects now.

Anyone else get hacked?  My account credentials couldn't be guessed.  Either I have a keylogger on my system or Coinotron's database got hacked.

Can you post the address that the 17 LTC were sent to?
hero member
Activity: 686
Merit: 500
Whoa, there are a lot of cats in this wall.
Logged into my account today and found the payout address changed and payout threshold changed to 1.  LTC from my account are gone - thankfully they only got about 17 LTC.

I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while.  Not sure if it's related, but I was also getting close to 10% on some of my rigs.  (one was 30%).  Either way, I've switched pools now and am getting less than 1% rejects now.

Anyone else get hacked?  My account credentials couldn't be guessed.  Either I have a keylogger on my system or Coinotron's database got hacked.

If it was coinotron, we probably would have already heard about it by now.  Some big hashing dudes mine there.  I would take immediate steps to secure any coins that you have in wallets on that machine. 
member
Activity: 98
Merit: 10
Logged into my account today and found the payout address changed and payout threshold changed to 1.  LTC from my account are gone - thankfully they only got about 17 LTC.

I've seen complaints about Coinotron's LTC pool having an unusually high number of rejected shares in the last while.  Not sure if it's related, but I was also getting close to 10% on some of my rigs.  (one was 30%).  Either way, I've switched pools now and am getting less than 1% rejects now.

Anyone else get hacked?  My account credentials couldn't be guessed.  Either I have a keylogger on my system or Coinotron's database got hacked.
Jump to: