Topic: Nxt Coins stolen/ Hacked be warned (Read 4551 times)
There is no proof you're not lying.
No compromised pass phrase provided = didn't happen. Spreading FUD is so common these days on this forum, but without proof it's not credible.
Thanks for taking the time to read why I don't want to post it and thanks. There is all the proof on this thread. But obviously your accusations are far more important to you than actually making an informed decision. Hypocrites are really amusing I must say.
I posted this at the end of September on www.nxtforum.org
Since then there have been no new Nxt thefts, so we're left with 3 guys with a theft issue, 2 of which were definitely down to a weak password.
Without Gravitates old password, figuring out how his funds were stolen is more difficult, which is one of the reasons that I suggested that these 3 guys carry out further investigation themselves. Did you guys contact freeworm/BTER ?
There are extra bounties available for tracking down the thief or thieves, if you need any more incentive.
Quote
I'm going to take the unpopular route here and point that NXT security is pretty good, NXT has no wallet.dat file to lose/corrupt/get stolen for one thing. All cryptos suffer thefts, that can't be completely avoided. There are not very many NXT thefts, but even one is too many.
@shin: you are mostly correct: we need to be sure that newbies to NXT can make a safe, secure account.
I think that on the dev side we do need to prioritise Account Control with 2FA, and on the marketing side to keep on pushing safe password practices to people. Password security is almost always a contributing factor to crypto thefts, and so education about passwords will help everywhere, not just for NXT applications.
I have a feeling that there are at least 2 active thieves:
http://nxtreporting.com/?ac=NXT-WTCT-N6HZ-CCKY-4MLJF
is the guy/girl with donn2012 + 71586810(at)qq.com stolen funds:
https://bitcointalksearch.org/topic/robbed-more-than-100000-nxt-792600
https://nxtforum.org/general-discussion/help!-my-nxt-account-stolen-account-for-nxt-wczn-dgql-xm69-62l3n/
These 2 are obvious Rainbow Table attacks, as the passwords used were both direct quotes from literature.
and there is the gravitate thief:
https://nxtforum.org/general/have-i-been-hacked/
http://nxtreporting.com/?ac=NXT-URNF-7LNL-GDNW-EDRN6
and then on to the old BTER hot wallet:
http://nxtreporting.com/?ac=NXT-LSC3-VB9T-2W3V-BH7FB
I have a feeling this is not a Rainbow Table attack, but we'll see....
And I also have the feeling that there are more smaller thefts involved with both attacks.
I'm going to offer a bounty of 5000 NXT (from my own personal stash....ouch) to anyone who can help in the recovery process for the thefts above.
Talking to BTER sounds like a good first step......freeworm is the guy you need.
I would like to suggest that the 3 theft victims here (gravitate, donn2012, 71586810) take the lead in organising the chase....and they can qualify for the bounty for getting their own funds back.
@shin: you are mostly correct: we need to be sure that newbies to NXT can make a safe, secure account.
I think that on the dev side we do need to prioritise Account Control with 2FA, and on the marketing side to keep on pushing safe password practices to people. Password security is almost always a contributing factor to crypto thefts, and so education about passwords will help everywhere, not just for NXT applications.
I have a feeling that there are at least 2 active thieves:
http://nxtreporting.com/?ac=NXT-WTCT-N6HZ-CCKY-4MLJF
is the guy/girl with donn2012 + 71586810(at)qq.com stolen funds:
https://bitcointalksearch.org/topic/robbed-more-than-100000-nxt-792600
https://nxtforum.org/general-discussion/help!-my-nxt-account-stolen-account-for-nxt-wczn-dgql-xm69-62l3n/
These 2 are obvious Rainbow Table attacks, as the passwords used were both direct quotes from literature.
and there is the gravitate thief:
https://nxtforum.org/general/have-i-been-hacked/
http://nxtreporting.com/?ac=NXT-URNF-7LNL-GDNW-EDRN6
and then on to the old BTER hot wallet:
http://nxtreporting.com/?ac=NXT-LSC3-VB9T-2W3V-BH7FB
I have a feeling this is not a Rainbow Table attack, but we'll see....
And I also have the feeling that there are more smaller thefts involved with both attacks.
I'm going to offer a bounty of 5000 NXT (from my own personal stash....ouch) to anyone who can help in the recovery process for the thefts above.
Talking to BTER sounds like a good first step......freeworm is the guy you need.
I would like to suggest that the 3 theft victims here (gravitate, donn2012, 71586810) take the lead in organising the chase....and they can qualify for the bounty for getting their own funds back.
Since then there have been no new Nxt thefts, so we're left with 3 guys with a theft issue, 2 of which were definitely down to a weak password.
Without Gravitates old password, figuring out how his funds were stolen is more difficult, which is one of the reasons that I suggested that these 3 guys carry out further investigation themselves. Did you guys contact freeworm/BTER ?
There are extra bounties available for tracking down the thief or thieves, if you need any more incentive.
No compromised pass phrase provided = didn't happen. Spreading FUD is so common these days on this forum, but without proof it's not credible.
Now hacked through Nxt its a great shame.
You're doing it again.
Could you explain exactly how Nxt was hacked, which part of the algo is compromised that caused your hack? Please be specific.
If Nxt is so big like 10000 usd should be able to crack a device to use.
Well still no resolve. 2 Bitcoins could have been in my wallet. Now hacked through Nxt its a great shame. I suggest double auth like banks use or Trezor tech if you consider putting even a little bit of money into this.
WELL IT HAPPENED RECENTLY LIKE WEEKS AGO. NOT THAT OLD?
there are just so many similar threads around.
This should really be a lesson for all of you. If you are too stupid to set a strong password, you should stay away from Nxt or crypto in general. There are enough banks who'd like to take care of your money.
Thank you for your input coin trader. It is very good advice if you would give more elaboration. Lets hope that someone who is reading this is the organiser of the next bitcoin conference and they pencil you down to take the stage and tell us all about it.
Hold on a bit, guys, Gravitate is not the guy we should be whaling on here. I've followed his case, and taken a look at the blockchain evidence, and his funds were stolen, as far as I can see, so blame the bloody thief.
Heres the www.nxtforum.org thread on the current unresolved thefts:
Recent NXT thefts: blockchain info.
So far, almost every NXT theft has come back to a weak password choice, but Gravitates theft may not have been.
It'd be a lot easier to prove this if G. would release his password to us, but he has his reasons not to.
There are other possibilities left to investigate: keylogger/malware or 3rd party access to G.s PC. I'm leaning towards the malware theory.....
Gravitate has a right to be pissed off, and a legitimate reason to be starting this thread, he's not throwing FUD about, he's just genuinely unhappy about being robbed.
The NXT community is checking this out, but we're not making a massive amount of progress on finding the thieves.
If anyone else wants to take a look at the blockchain evidence and go on a thief hunt, there is a small (ish) bounty available, see the above link.
No I mean I followed recommendations about a secure pass phrase.... I thought nxt were ok as they were at every conference I was at I got sucked in. It is the security of the coins ' brain wallet' that I question.
you went to brainwash centers, even bitcoin conferences warn about the dangers, nxt is a scam
You are an idiot sir.
WELL IT HAPPENED RECENTLY LIKE WEEKS AGO. NOT THAT OLD?
quite old actually.
weeks in cryptoland, are well.. quite some time,
it happened like 200 ANN ago.
It just so happens that OP used "NXT" on the title, and we have seen a surge in threads attacking NXT the past week.
OP keep your pants up mate. whats with the caps?
WELL IT HAPPENED RECENTLY LIKE WEEKS AGO. NOT THAT OLD?
It is very good advice if you would give more elaboration.
"it doesn't make sense" =/= random
@cryptocarmen, it;s an old thread.
NXT was hacked /stolen again or this is an old thread?
This should really be a lesson for all of you. If you are too stupid to set a strong password, you should stay away from Nxt or crypto in general. There are enough banks who'd like to take care of your money.
Thank you for your input coin trader. It is very good advice if you would give more elaboration. Lets hope that someone who is reading this is the organiser of the next bitcoin conference and they pencil you down to take the stage and tell us all about it.
This should really be a lesson for all of you. If you are too stupid to set a strong password, you should stay away from Nxt or crypto in general. There are enough banks who'd like to take care of your money.
... trust me.
This is what I have been trying to avoid all along
I have re-raked enough old ground and nothing new has turned up, I'll leave it there.
dude tim cum sim prawn gin yuk bim rarl per tip pop from
Its no easier or more complex than that. It doesn't make sense in chinese or english trust me.
Its no easier or more complex than that. It doesn't make sense in chinese or english trust me.
no it was actually in the post written by someone else noit me... I will find it tonight
Don't worry, I found it. Apologies for doubting you, you are in control of the account.
That still doesn't explain what happened and posting your passphrase would allow us to eliminate that possibility. If you refuse to do this, I don't think it is fair to say things like:
Quote
1000usd flushed down the toilet from no fault of my own
It is the security of the coins ' brain wallet' that I question.
I got hacked after being scammed
If you want to call me a liar by not posting MY pass phrase to cover up security issues with nxt then carry on please.
It is the security of the coins ' brain wallet' that I question.
I got hacked after being scammed
If you want to call me a liar by not posting MY pass phrase to cover up security issues with nxt then carry on please.
And especially:
Quote
The fact is I was hacked and no body has said there is a problem with the pass phrase
You might have been angry and frustrated but the reason for ^this^ is that nobody else knows the passphrase. Until we do, nobody can comment and it will remain a probable case of weak passphrase as that is the most probable cause.
You say that your password is random to "any normal person". Would it be random to someone translating different combinations of pinyin and English dictionaries into well known phrases/literature/ordinary sentence at 'x' million attempts a second?
I don't know any pinyin but for all I know, the sample password you posted "tim cum sim prawn gin yuk bim rarl per tip pop from" could translate to "I cum in prawn salad dressing d!ck is where I pop from"
And you just change the subject "prawn salad dressing" for each use. A bad example but you get the idea. To re-cap, no full sentences in mixed languages used?
no it was actually in the post written by someone else noit me... I will find it tonight
Jump to: