I too am currently attemping to withdraw my funds from BTCe.
I only signed up for an account with them a few weeks back but I've already formed a bad impression of their service.
As said by others here, you get cryptic one or two word replies from their support in bad English which are hard to decipher the meaning of.
Their web interface is threadbare and does not inspire confidence.
Nor does the fact that they are based in Russia inspire confidence. I don't think I'm being prejudiced here, but I do not trust businesses that are based in Russia.
Ive already having bad experiences right now with an exchange in Western Europe and their incompetence.
God knows what a Bitcoin exchange in Russia will manage to cook up by comparison.
So I'm out.
Topic: **OFFICIAL? - My BTC-e Account Got Hacked and All Funds Stolen thread - page 3. (Read 20533 times)
April 15, 2013, 07:44:00 AM
April 15, 2013, 07:21:17 AM
Seems you were lucky to have any useful reply, by now I'm still stuck at the "pass recovery+use email to login" loop.
It's clear that someone logged into my account and changed password+reference email locking me out, I just want a confirmation for that and for me it's over.
The only thing I will do is delete my account (if they ever give it back) and stop using Btc-e forever.
It's clear that someone logged into my account and changed password+reference email locking me out, I just want a confirmation for that and for me it's over.
The only thing I will do is delete my account (if they ever give it back) and stop using Btc-e forever.
April 15, 2013, 01:44:36 AM
@brad,
I got into BTC-e chat the other day and got harassed by who I found out later was a chat moderator.
They're not interested in restoring our funds as it was clearly "not their fault" so it must be our fault.
However they sure have beefed up the security on their site in the last week. Hmmm.
The last email I sent to BTC-e support requesting a refund got a reply back full of IP addresses that had accessed my account.
I got into BTC-e chat the other day and got harassed by who I found out later was a chat moderator.
They're not interested in restoring our funds as it was clearly "not their fault" so it must be our fault.
However they sure have beefed up the security on their site in the last week. Hmmm.
The last email I sent to BTC-e support requesting a refund got a reply back full of IP addresses that had accessed my account.
This is craziness... How did they harass you?
It's probably less than one days profit to refund us all... What a shame.
April 15, 2013, 12:21:59 AM
... some text here...
Ok, you win. I won't get my coins back anyway
April 15, 2013, 12:01:31 AM
@brad,
I got into BTC-e chat the other day and got harassed by who I found out later was a chat moderator.
They're not interested in restoring our funds as it was clearly "not their fault" so it must be our fault.
However they sure have beefed up the security on their site in the last week. Hmmm.
The last email I sent to BTC-e support requesting a refund got a reply back full of IP addresses that had accessed my account.
I got into BTC-e chat the other day and got harassed by who I found out later was a chat moderator.
They're not interested in restoring our funds as it was clearly "not their fault" so it must be our fault.
However they sure have beefed up the security on their site in the last week. Hmmm.
The last email I sent to BTC-e support requesting a refund got a reply back full of IP addresses that had accessed my account.
April 14, 2013, 08:51:04 PM
THAT is why you shouldn't use an exchange, esp with that sort of volume, when you dont know a single thing about the owner, not even his name. People here demand escrow for a $20 item, and SCREAM scammer if anyone hesitates, but look at all these people blindly throwing money at btc-e. Im not trying to make you feel worse here, and it sucks that this happened to you. All of you should know if you use this exchange, and your money disappears, there will be nothing that you can do. You will end up just like this guy.
Your 100% right... Lesson learned. An expensive one to have to learn, but I will not make that mistake again. I was actively trading with that amount and had been doing it for a few months. At first I would withdraw a lot of the money every time I was done, but then I started getting lazy and also didn't want to pay the fees. It did happen while I was logged it, but regardless I was trusting my money on a site I really knew nothing about. Guess trading crytocurrencies in that volume is not a smart thing to do at this point in time. We will just have to wait until more reputable ones appear who focus more on security and who will be willing to help if something does go wrong.
April 14, 2013, 08:33:36 PM
90% of exchanges we don't really know who the owners are, and even if we do they often disappear or go scam. CryptoXchange, Bitcoinica, Bitfloor massive coin theft, Bitcoin-24 is up in the air, WBX exchange lost everything, the Polish exchange that terminated their ec2 instance and deleted wallet.dat, there's probably a few I forgot. Point is none of the above people got their coins back.
The only exchange I generally trust with large amounts is cavirtex.ca because they've been solid, and owner is well known and accessible. There's been many thefts on MtGox and they didn't get any help either. All we can do in the cryptoanarchy world of decentralized currency and shady exchanges is enable 2 factor ID on everything and hope for the best, unless you use localbitcoins and are standing in front of the trader with cash in hand.
#bitcoin-otc also has some good scam preventions, like recommending to only transfer a few coins at a time to avoid being scammed for everything all at once.
The only exchange I generally trust with large amounts is cavirtex.ca because they've been solid, and owner is well known and accessible. There's been many thefts on MtGox and they didn't get any help either. All we can do in the cryptoanarchy world of decentralized currency and shady exchanges is enable 2 factor ID on everything and hope for the best, unless you use localbitcoins and are standing in front of the trader with cash in hand.
#bitcoin-otc also has some good scam preventions, like recommending to only transfer a few coins at a time to avoid being scammed for everything all at once.
April 14, 2013, 08:22:50 PM
Again I will say this...
I use a unique randomly generated password containing uppercase lowercase and numbers for every different site I use...
I'm using chromium on linux. I do not have Flash or Java enabled. Java is not even installed on my system.
Support at btc-e initially told me that my email had been changed to a random address @mailinator.com and that my funds had been withdrawn. You say btc-e has always had email confirmation for email addresses changes. If this is the case, how were they able to change my email without me ever getting a confirmation??
I initially had a suspicion that an employee at btc-e may have been the culprit, but I no longer believe that was the case or am going to make that accusation. Seems to me they don't have many employees anyway, and anyone involved over there probably has a claim in the 'company' so they would not want to have something like this happen publicly.
The hacker stole my money, and I'm not getting it back. At current value it's about 20k dollars, so it does hurt. But btc-e has made it clear that they are not going to do anything about it, and that they don't appreciate my continued pursuit of the matter...
Therefore there is nothing I can do, and I am moving on.
I use a unique randomly generated password containing uppercase lowercase and numbers for every different site I use...
I'm using chromium on linux. I do not have Flash or Java enabled. Java is not even installed on my system.
Support at btc-e initially told me that my email had been changed to a random address @mailinator.com and that my funds had been withdrawn. You say btc-e has always had email confirmation for email addresses changes. If this is the case, how were they able to change my email without me ever getting a confirmation??
I initially had a suspicion that an employee at btc-e may have been the culprit, but I no longer believe that was the case or am going to make that accusation. Seems to me they don't have many employees anyway, and anyone involved over there probably has a claim in the 'company' so they would not want to have something like this happen publicly.
The hacker stole my money, and I'm not getting it back. At current value it's about 20k dollars, so it does hurt. But btc-e has made it clear that they are not going to do anything about it, and that they don't appreciate my continued pursuit of the matter...
Therefore there is nothing I can do, and I am moving on.
THAT is why you shouldn't use an exchange, esp with that sort of volume, when you dont know a single thing about the owner, not even his name. People here demand escrow for a $20 item, and SCREAM scammer if anyone hesitates, but look at all these people blindly throwing money at btc-e. Im not trying to make you feel worse here, and it sucks that this happened to you. All of you should know if you use this exchange, and your money disappears, there will be nothing that you can do. You will end up just like this guy.
April 14, 2013, 08:17:32 PM
Again I will say this...
I use a unique randomly generated password containing uppercase lowercase and numbers for every different site I use...
I'm using chromium on linux. I do not have Flash or Java enabled. Java is not even installed on my system.
Support at btc-e initially told me that my email had been changed to a random address @mailinator.com and that my funds had been withdrawn. You say btc-e has always had email confirmation for email addresses changes. If this is the case, how were they able to change my email without me ever getting a confirmation??
I initially had a suspicion that an employee at btc-e may have been the culprit, but I no longer believe that was the case or am going to make that accusation. Seems to me they don't have many employees anyway, and anyone involved over there probably has a claim in the 'company' so they would not want to have something like this happen publicly.
The hacker stole my money, and I'm not getting it back. At current value it's about 20k dollars, so it does hurt. But btc-e has made it clear that they are not going to do anything about it, and that they don't appreciate my continued pursuit of the matter...
Therefore there is nothing I can do, and I am moving on.
I use a unique randomly generated password containing uppercase lowercase and numbers for every different site I use...
I'm using chromium on linux. I do not have Flash or Java enabled. Java is not even installed on my system.
Support at btc-e initially told me that my email had been changed to a random address @mailinator.com and that my funds had been withdrawn. You say btc-e has always had email confirmation for email addresses changes. If this is the case, how were they able to change my email without me ever getting a confirmation??
I initially had a suspicion that an employee at btc-e may have been the culprit, but I no longer believe that was the case or am going to make that accusation. Seems to me they don't have many employees anyway, and anyone involved over there probably has a claim in the 'company' so they would not want to have something like this happen publicly.
The hacker stole my money, and I'm not getting it back. At current value it's about 20k dollars, so it does hurt. But btc-e has made it clear that they are not going to do anything about it, and that they don't appreciate my continued pursuit of the matter...
Therefore there is nothing I can do, and I am moving on.
April 14, 2013, 03:29:13 PM
This is just seeing if none of this affected you, because everybody comes in crying OMG SCAM and turns out they handed over their password by falling for simple security pitfalls and the exchange had nothing to do with it. I'm not saying you are "stupid" or anything, just getting you to answer questions to see if there's a problem with the exchange. Sorry for rambling message.
Credit cards are worth $2 they're a dime a dozen on fraud forums, bitcoin = instant cash. The reason they go after BTC-e is because of the chatbox. It hands out information, and you can con people to click links. Since they are all logged into a bitcoin exchange, pretty good chance they'll have coins to steal. They can steal wand.dat (opera) where the logins are kept in the browser. Then go to town on the encryption but would be unable to break wallet.dat encryption.
Also, are you logging in with a cellphone/tablet? If so and you use Opera, it does a MITM attack on your https encrypted traffic for 'optimization'. Maybe employee of Opera saw some bitcoin login passwords fly past the logs. It just takes one employee with access to information he/she shouldn't have and motivation to steal untraceable, pseudoanon bitcoins. I know the mobile browser (chrome) that came built into Gingerbread was never updated again. Lot's of phones are running old telco builds that do not do security updates.
Except you can host .TIFF files on imgur. There's .TIFF browser exploits for safari galore. I don't know about Opera or FF.
A trollbox hacker uploaded a Jar/gif hybrid that when viewed automatically ran as a .jar file and infected whoever viewed it if running certain versions of Windows. The image passes all validity checks because of top headers are a pic, then below is all java code waiting to be executed when displayed in the browser. There was a guy St0rmbringer dropping exploit links one after another once when I was watching the trollbox. (Links now all disabled finally.. but you can still drop links without http:// and get people to cut+paste them)
A trollbox hacker hellbent on coins would also go attack some low hanging fruit, like a bitcoin charts site that wasn't secure and set it up to host exploits then spam the link in chat. If cryptome could get owned by Black Hole Exploit Kit, any site can.
Ignore all links in the trollbox, or open them using lynx browser. Remember these aren't run of the mill script kiddies they're seasoned antichat.ru script kiddies and the bounty is untraceable bitcoins.
Granted, however botnets they peddle on antichat.ru use jpeg as a covert channel for command and control. You open browser and it would report to the commanding bot server via a covert outbound HTTP Port 80 connection and receive commands within a mailicious JPG EXIF data image. They also peddle linkedin status command and control using linkedin API to break through corporate firewall.
That sucks you got 1 word answer after losing all your coins, but there was such a total shitfest of dropped exploit links in the trollbox for like a month that everybody was being robbed. It was open season to see who on antichat and xakepy.cc could come up with the most stolen coins dumping links.
tl;dr 60% chance something is wrong with btc-e and you got scammed. 40% chance you got owned by the trollbox simply by posting in it revealing user login name you use elsewhere, or clicking links.
Wouldn't it be easier if they steal credit cards? More importantly, How can they only target btc-e and not other important accounts like mt.gox etc. ? If they can access my Password manager wouldn't they have complete access to my wallet.dat? Why bother with btc-e when you can simply steal the wallet.dat?=
Credit cards are worth $2 they're a dime a dozen on fraud forums, bitcoin = instant cash. The reason they go after BTC-e is because of the chatbox. It hands out information, and you can con people to click links. Since they are all logged into a bitcoin exchange, pretty good chance they'll have coins to steal. They can steal wand.dat (opera) where the logins are kept in the browser. Then go to town on the encryption but would be unable to break wallet.dat encryption.
Also, are you logging in with a cellphone/tablet? If so and you use Opera, it does a MITM attack on your https encrypted traffic for 'optimization'. Maybe employee of Opera saw some bitcoin login passwords fly past the logs. It just takes one employee with access to information he/she shouldn't have and motivation to steal untraceable, pseudoanon bitcoins. I know the mobile browser (chrome) that came built into Gingerbread was never updated again. Lot's of phones are running old telco builds that do not do security updates.
Quote
Besides, when the site is insecure enough that doesn't need confirmation to change the email (and only puts it after tens of accounts were hacked) Why would the hacker care? They can just change the email and then confirm the email withdraw request.
It's always emailed a change when I've done it, unless mail servers were down. Then I couldn't withdraw anything. It could be possible for somebody to get in your account, and enable the api themselves, then withdraw without email confirmation.Quote
Click trollbox links? Yes i did. bitcointalk.org and imgur.com links seem safe to me.
Except you can host .TIFF files on imgur. There's .TIFF browser exploits for safari galore. I don't know about Opera or FF.
A trollbox hacker uploaded a Jar/gif hybrid that when viewed automatically ran as a .jar file and infected whoever viewed it if running certain versions of Windows. The image passes all validity checks because of top headers are a pic, then below is all java code waiting to be executed when displayed in the browser. There was a guy St0rmbringer dropping exploit links one after another once when I was watching the trollbox. (Links now all disabled finally.. but you can still drop links without http:// and get people to cut+paste them)
A trollbox hacker hellbent on coins would also go attack some low hanging fruit, like a bitcoin charts site that wasn't secure and set it up to host exploits then spam the link in chat. If cryptome could get owned by Black Hole Exploit Kit, any site can.
Ignore all links in the trollbox, or open them using lynx browser. Remember these aren't run of the mill script kiddies they're seasoned antichat.ru script kiddies and the bounty is untraceable bitcoins.
Quote
I hardly believe so, If my machine was a zombie, Not only it wouldn't have access to internet because the only programs in my computer that are allowed to access internet are: opera.exe firefox.exe steam.exe dota.exe
The rest need my confirmation first. And i don't confirm if i don't know wtf i'm doing
The rest need my confirmation first. And i don't confirm if i don't know wtf i'm doing
Granted, however botnets they peddle on antichat.ru use jpeg as a covert channel for command and control. You open browser and it would report to the commanding bot server via a covert outbound HTTP Port 80 connection and receive commands within a mailicious JPG EXIF data image. They also peddle linkedin status command and control using linkedin API to break through corporate firewall.
Quote
I personally admire the hackers for pulling a nice job that noone except those who were hacked distrust btc-e. Oh their support. didn't even give me a 1 word misspelled answer to my emails. Oh well..
OK good luck for you. I'd like to see your face if you ever get hacked, Although i think btc-e fixed their bugs by now
OK good luck for you. I'd like to see your face if you ever get hacked, Although i think btc-e fixed their bugs by now
That sucks you got 1 word answer after losing all your coins, but there was such a total shitfest of dropped exploit links in the trollbox for like a month that everybody was being robbed. It was open season to see who on antichat and xakepy.cc could come up with the most stolen coins dumping links.
tl;dr 60% chance something is wrong with btc-e and you got scammed. 40% chance you got owned by the trollbox simply by posting in it revealing user login name you use elsewhere, or clicking links.
April 14, 2013, 08:24:10 AM
*what earlier here stands was obsolote*
but the last 2 posts show good security options :thumbsup:
but the last 2 posts show good security options :thumbsup:
April 14, 2013, 03:35:06 AM
javascript is not the same thing as java plugins. i'm talking java runtime, not script.
why is your browser asking you to confirm if you want to run java if you've supposedly nuked it from your computer? obviously it's still there. what about flash plugins? are they gone too?
Security checklist:
- is the 'name' you picked similar to your email name? if so, and you use the trollbox, they will test @hotmail @gmail @yahoo and every other domain they can to bruteforce. they will also try to bruteforce your bitcoin-e login if your password is something stupid like 'trader321'
- are all your passwords different with high entropy? are you using the same password on BTC as your email?
- is your name unique, like NerfU1944 so hackers can crawl insecure forums looking for similar name you used elsewhere and yank that forum's db to get your password? which they can then use on exchanges to clean out your account because you didn't choose unique passwords on every website.
- do you have 2 factor ID set up with gmail and using withdraw email req on BTC-E?
- did you click any trollbox links?
- did you click any links PM'd to you?
- did you enable API?
- is your box a botnet drone?
- did you connect over Tor and a malicious exit note spoofed cert or ran sslstrip?
- is java plugins actually disabled or just javascript?
I've never had any problems on BTC-e and nobody has magically sql injected to reset my email. Clearly that is not the problem or everybody using the trollbox would have their coins drained instantly. This didn't happen. Just keep contacting support and ask wtf is going on in the meantime go through security checklist and see what you didn't do
why is your browser asking you to confirm if you want to run java if you've supposedly nuked it from your computer? obviously it's still there. what about flash plugins? are they gone too?
Security checklist:
- is the 'name' you picked similar to your email name? if so, and you use the trollbox, they will test @hotmail @gmail @yahoo and every other domain they can to bruteforce. they will also try to bruteforce your bitcoin-e login if your password is something stupid like 'trader321'
- are all your passwords different with high entropy? are you using the same password on BTC as your email?
- is your name unique, like NerfU1944 so hackers can crawl insecure forums looking for similar name you used elsewhere and yank that forum's db to get your password? which they can then use on exchanges to clean out your account because you didn't choose unique passwords on every website.
- do you have 2 factor ID set up with gmail and using withdraw email req on BTC-E?
- did you click any trollbox links?
- did you click any links PM'd to you?
- did you enable API?
- is your box a botnet drone?
- did you connect over Tor and a malicious exit note spoofed cert or ran sslstrip?
- is java plugins actually disabled or just javascript?
I've never had any problems on BTC-e and nobody has magically sql injected to reset my email. Clearly that is not the problem or everybody using the trollbox would have their coins drained instantly. This didn't happen. Just keep contacting support and ask wtf is going on in the meantime go through security checklist and see what you didn't do
Like i said, you think you are smart and everyone else are stupids who touched the computer checklist.
Quote
javascript is not the same thing as java plugins. i'm talking java runtime, not script.
why is your browser asking you to confirm if you want to run java if you've supposedly nuked it from your computer? obviously it's still there. what about flash plugins? are they gone too?
Just for you to know, i know the difference between java and javascript. I believe we've been told the differences of these two for enough times already. why is your browser asking you to confirm if you want to run java if you've supposedly nuked it from your computer? obviously it's still there. what about flash plugins? are they gone too?
I don't have java installed on my computer. Javascript is enabled and i don't see a reason for it to not be. It is used far too often on different websites to have it disabled. Flash plugins enabled too. But i allow them selectively using noscript plugin.
Your pathetic security checklist:
Quote
- is the 'name' you picked similar to your email name? if so, and you use the trollbox, they will test @hotmail @gmail @yahoo and every other domain they can to bruteforce. they will also try to bruteforce your bitcoin-e login if your password is something stupid like 'trader321'
They changed the login from username to email after users claimed they were hacked. So this question is irrelevant.
Brute force you say? How can someone Brute force Accounts of a website without having password hashes? Writing a script to check all passwords one by one through login page? How many tries does it take to bruteforce a 'abcdefghijk' password? 1 million? 2 million? How many tries per second can you get brute forcing through the login page? 100 try per second? 200? 5000? Lets say it takes 2 million tries in average to brute force your way in an account. How are you going to know that one particular account has an easy password to brute force it? Let's say the script gives up after 2 million tries. How many accounts can you hack in 5 days? 10? 20? How many do you think had any coin at all in their account? How many would claim they were hacked in this forum? 10%? 30%?
- are all your passwords different with high entropy? are you using the same password on BTC as your email?
Something like KDiQc65oH70&NkOz%SH@9*5!RRF#7P Is it unsafe? Too easy to bruteforce? Why would i use the same password when my password manager can remember them? And if you are wondering how can one hack into my password manager easily? Why would they want one's bitcoins if they can hack into password managers? Wouldn't it be easier if they steal credit cards? More importantly, How can they only target btc-e and not other important accounts like mt.gox etc. ? If they can access my Password manager wouldn't they have complete access to my wallet.dat? Why bother with btc-e when you can simply steal the wallet.dat?
- is your name unique, like NerfU1944 so hackers can crawl insecure forums looking for similar name you used elsewhere and yank that forum's db to get your password? which they can then use on exchanges to clean out your account because you didn't choose unique passwords on every website.
Jumping to conclusions eh? who said they use similiar passwords for every account they have? I for one have password manager and don't need same password anywhere. Let's say they hacker have my username. What can they do with it? How would they know my password is not safe so they can try to bruteforce it?
- do you have 2 factor ID set up with gmail and using withdraw email req on BTC-E?
Why one would want to bother with something like that when it simply doesn't work? I personally didn't use that because i heard it doesn't work. Besides, when the site is insecure enough that doesn't need confirmation to change the email (and only puts it after tens of accounts were hacked) Why would the hacker care? They can just change the email and then confirm the email withdraw request.
- did you click any trollbox links?
Yes i did. bitcointalk.org and imgur.com links seem safe to me. And if you think i'm not smart to read a url to make sure it's not a fake think again. I already listed bitcoin related websites visited perior to my getting hacked. If you want, here it is again:
I removed Sites i trust. like bing, my email provider etc.
- did you click any links PM'd to you?
The only pm i received was from support answering about depositing things. And no, there was no links in it.
- did you enable API?
I don't know what their API is capable of, but no.
- is your box a botnet drone?
I hardly believe so, If my machine was a zombie, Not only it wouldn't have access to internet because the only programs in my computer that are allowed to access internet are: opera.exe firefox.exe steam.exe dota.exe
The rest need my confirmation first. And i don't confirm if i don't know wtf i'm doing.
- did you connect over Tor and a malicious exit note spoofed cert or ran sslstrip?
I do use tor to access .onions But for clearnet, no. But i don't think that Tor is not secure enough to not allow such things to be done on it.
- is java plugins actually disabled or just javascript?
Like i said, I don't have java installed on my system. Javascript however is enabled but i have to allow it through noscript for websites i don't trust.
They changed the login from username to email after users claimed they were hacked. So this question is irrelevant.
Brute force you say? How can someone Brute force Accounts of a website without having password hashes? Writing a script to check all passwords one by one through login page? How many tries does it take to bruteforce a 'abcdefghijk' password? 1 million? 2 million? How many tries per second can you get brute forcing through the login page? 100 try per second? 200? 5000? Lets say it takes 2 million tries in average to brute force your way in an account. How are you going to know that one particular account has an easy password to brute force it? Let's say the script gives up after 2 million tries. How many accounts can you hack in 5 days? 10? 20? How many do you think had any coin at all in their account? How many would claim they were hacked in this forum? 10%? 30%?
- are all your passwords different with high entropy? are you using the same password on BTC as your email?
Something like KDiQc65oH70&NkOz%SH@9*5!RRF#7P Is it unsafe? Too easy to bruteforce? Why would i use the same password when my password manager can remember them? And if you are wondering how can one hack into my password manager easily? Why would they want one's bitcoins if they can hack into password managers? Wouldn't it be easier if they steal credit cards? More importantly, How can they only target btc-e and not other important accounts like mt.gox etc. ? If they can access my Password manager wouldn't they have complete access to my wallet.dat? Why bother with btc-e when you can simply steal the wallet.dat?
- is your name unique, like NerfU1944 so hackers can crawl insecure forums looking for similar name you used elsewhere and yank that forum's db to get your password? which they can then use on exchanges to clean out your account because you didn't choose unique passwords on every website.
Jumping to conclusions eh? who said they use similiar passwords for every account they have? I for one have password manager and don't need same password anywhere. Let's say they hacker have my username. What can they do with it? How would they know my password is not safe so they can try to bruteforce it?
- do you have 2 factor ID set up with gmail and using withdraw email req on BTC-E?
Why one would want to bother with something like that when it simply doesn't work? I personally didn't use that because i heard it doesn't work. Besides, when the site is insecure enough that doesn't need confirmation to change the email (and only puts it after tens of accounts were hacked) Why would the hacker care? They can just change the email and then confirm the email withdraw request.
- did you click any trollbox links?
Yes i did. bitcointalk.org and imgur.com links seem safe to me. And if you think i'm not smart to read a url to make sure it's not a fake think again. I already listed bitcoin related websites visited perior to my getting hacked. If you want, here it is again:
Code:
Cryptocoinexplorer.com <= i clicked this from btc-e
bitcoin.clarkmoody.com
bitcoinrush.p4o.net
zerohedge.com
xcannabis.com
wallet.litehosting.eu
thebitcoinchannel.com
coinad.com
cryptocoincharts.info
kamikaze.litecoinland.com
litecoin-store.com
litecoingames.com
litefaucet.com
m-obmen.com
medium.com
minecraftcc.com
otn.dsparking.com
weusecoins.com
bitcointalk.org
I removed Sites i trust. like bing, my email provider etc.
- did you click any links PM'd to you?
The only pm i received was from support answering about depositing things. And no, there was no links in it.
- did you enable API?
I don't know what their API is capable of, but no.
- is your box a botnet drone?
I hardly believe so, If my machine was a zombie, Not only it wouldn't have access to internet because the only programs in my computer that are allowed to access internet are: opera.exe firefox.exe steam.exe dota.exe
The rest need my confirmation first. And i don't confirm if i don't know wtf i'm doing.
- did you connect over Tor and a malicious exit note spoofed cert or ran sslstrip?
I do use tor to access .onions But for clearnet, no. But i don't think that Tor is not secure enough to not allow such things to be done on it.
- is java plugins actually disabled or just javascript?
Like i said, I don't have java installed on my system. Javascript however is enabled but i have to allow it through noscript for websites i don't trust.
Quote
I've never had any problems on BTC-e and nobody has magically sql injected to reset my email. Clearly that is not the problem or everybody using the trollbox would have their coins drained instantly. This didn't happen. Just keep contacting support and ask wtf is going on in the meantime go through security checklist and see what you didn't do
Ofcourse you didn't. I personally admire the hackers for pulling a nice job that noone except those who were hacked distrust btc-e. Oh their support. didn't even give me a 1 word misspelled answer to my emails. Oh well..OK good luck for you. I'd like to see your face if you ever get hacked, Although i think btc-e fixed their bugs by now
April 13, 2013, 08:33:51 PM
you guys, antichat.ru hackers and fraudsters are constantly posting links in the trollbox to get you to click them. when you do your passwords all kept in browser are leaked
I think what your trying to describe is an XSS ( Cross Server Scripting ) attack that steals your cookies. I'm not sure how "your passwords all kept in browser are leaked"... that's just not possible on any modern browser I am aware of.
This XSS attack is possible if there was a bug in btc-e's site that allowed for code to be injected into the page through a GET request, but probably not the case as many of us who's accounts were hacked never clicked any links in the "trollbox". As far as botnets and virus and java exploits, many of us also run linux which is the most secure desktop available and also chrome which does not allow java to be ran without a confirmation first!
java zero day. Chrome://Plugins then disable any Java plug-ins. this is different than javascript. Linux is not immune.
has anybody tested if you can create API key, then withdraw with it? probably no email confirmation.
LOL for real?? did you read my other posts?? My browser WILL NOT run java without confirming with me first. In fact I even have java disabled completely on my computer!
There is absolutely no way my computer is the culprit. Looks like to me people are still getting hacked on btc-e the issue has not been fixed. They are just going to keep getting accounts hacked and any money stolen until they fix the issue. Some hacker is having a field day just cleaning out accounts at will. If I were them I would shut down the exchange until they figure out where the injection attack is happening.
AGAIN, how is it possible with a Java (or XSS) attack for them to change my email with no confirmation from my current email? This is a server side SQL attack... nothing else makes sense.
javascript is not the same thing as java plugins. i'm talking java runtime, not script.
why is your browser asking you to confirm if you want to run java if you've supposedly nuked it from your computer? obviously it's still there. what about flash plugins? are they gone too?
Security checklist:
- is the 'name' you picked similar to your email name? if so, and you use the trollbox, they will test @hotmail @gmail @yahoo and every other domain they can to bruteforce. they will also try to bruteforce your bitcoin-e login if your password is something stupid like 'trader321'
- are all your passwords different with high entropy? are you using the same password on BTC as your email?
- is your name unique, like NerfU1944 so hackers can crawl insecure forums looking for similar name you used elsewhere and yank that forum's db to get your password? which they can then use on exchanges to clean out your account because you didn't choose unique passwords on every website.
- do you have 2 factor ID set up with gmail and using withdraw email req on BTC-E?
- did you click any trollbox links?
- did you click any links PM'd to you?
- did you enable API?
- is your box a botnet drone?
- did you connect over Tor and a malicious exit note spoofed cert or ran sslstrip?
- is java plugins actually disabled or just javascript?
I've never had any problems on BTC-e and nobody has magically sql injected to reset my email. Clearly that is not the problem or everybody using the trollbox would have their coins drained instantly. This didn't happen. Just keep contacting support and ask wtf is going on in the meantime go through security checklist and see what you didn't do
April 13, 2013, 08:08:46 PM
I'm no longer going to pursue a refund from btc-e as it is apparent that is not going to happen. The fact that I was completely ignored via email then called and sort of laughed at in Russian is kind of disturbing to me, so I chose to drop it at this point.
If anyone reading this would like to help restore my faith in bitcoin please feel free to donate :-/
18dtrtAUAvPvvEX3ZpqWdVeiHKLR33nRHj
If anyone reading this would like to help restore my faith in bitcoin please feel free to donate :-/
18dtrtAUAvPvvEX3ZpqWdVeiHKLR33nRHj
April 13, 2013, 04:46:27 PM
Great, now I have someone named Georgiy (caller ID) speaking Russian calling my business line. I can not understand what they are saying but I assume its related to my posts here and correspondence with btc-e support (who have been completely rude).
This is totally weird and I'm really starting to get ticked off.
This is totally weird and I'm really starting to get ticked off.
April 13, 2013, 12:34:17 PM
I've been a programmer for over 10 years... I'm a Linux and security enthusiast. I use randomly generated passwords on every site I ever sign up for. I have Java disabled, I use Linux/chromium on my desktop, and I'm very cautious when going to any website always checking the URL first.
btc-e support has made it VERY CLEAR that they couldn't care less about the victims of their lack of security. Very sad indeed...
Every response I've received from their "support" has been less than 5 words and NEVER addresses my questions/concerns. They keep just sending me to their "news" posting telling me how to enable email notifications for withdrawals (as if this somehow is helpful to me now after I've been taken for 200BTC ).
They are a total joke... A better exchange will emerge soon, just watch, people will move away from them in flocks once the word gets around. They could have saved their reputation by doing the community right, but they are too greedy.
btc-e support has made it VERY CLEAR that they couldn't care less about the victims of their lack of security. Very sad indeed...
Every response I've received from their "support" has been less than 5 words and NEVER addresses my questions/concerns. They keep just sending me to their "news" posting telling me how to enable email notifications for withdrawals (as if this somehow is helpful to me now after I've been taken for 200BTC ).
They are a total joke... A better exchange will emerge soon, just watch, people will move away from them in flocks once the word gets around. They could have saved their reputation by doing the community right, but they are too greedy.
April 13, 2013, 12:10:07 PM
you guys, antichat.ru hackers and fraudsters are constantly posting links in the trollbox to get you to click them. when you do your passwords all kept in browser are leaked
I think what your trying to describe is an XSS ( Cross Server Scripting ) attack that steals your cookies. I'm not sure how "your passwords all kept in browser are leaked"... that's just not possible on any modern browser I am aware of.
This XSS attack is possible if there was a bug in btc-e's site that allowed for code to be injected into the page through a GET request, but probably not the case as many of us who's accounts were hacked never clicked any links in the "trollbox". As far as botnets and virus and java exploits, many of us also run linux which is the most secure desktop available and also chrome which does not allow java to be ran without a confirmation first!
java zero day. Chrome://Plugins then disable any Java plug-ins. this is different than javascript. Linux is not immune.
has anybody tested if you can create API key, then withdraw with it? probably no email confirmation.
LOL for real?? did you read my other posts?? My browser WILL NOT run java without confirming with me first. In fact I even have java disabled completely on my computer!
There is absolutely no way my computer is the culprit. Looks like to me people are still getting hacked on btc-e the issue has not been fixed. They are just going to keep getting accounts hacked and any money stolen until they fix the issue. Some hacker is having a field day just cleaning out accounts at will. If I were them I would shut down the exchange until they figure out where the injection attack is happening.
AGAIN, how is it possible with a Java (or XSS) attack for them to change my email with no confirmation from my current email? This is a server side SQL attack... nothing else makes sense.
It has come clear to me that anyone who wasn't hacked likes to make idiots of victims and call them stupid.
The hacker(s) on the other hand, is pulling a nice job by slowly removing people's funds from their account so that noone gets suspicious. (They think those who were hacked are idiots who touched a computer for their first time, remember?)
As for BTC-e, they are aware of the issue and trying what they can to fix it. Just look at how they changed their login system after a few users claimed they were hacked. However they won't admit it becausethey don't like to take a hit and refunding their members.
Their supportacts so stupid that its's not even funny. They went from IM support to email support then to a ridiculous helpdesk then changed back to e-mail support all in 3 days.. Just WTF are they doing?
Ultimately it's us the victims who have to pay for BTC-e's lack of security and this thread will be forgotten one BTC-e figures how to stop the hacks.
April 13, 2013, 04:47:16 AM
Just got another 5 word email from support.... Looks like they are blaming the users and are not going to help us. PM with contact info if you want help take action.
April 13, 2013, 04:35:04 AM
you guys, antichat.ru hackers and fraudsters are constantly posting links in the trollbox to get you to click them. when you do your passwords all kept in browser are leaked
I think what your trying to describe is an XSS ( Cross Server Scripting ) attack that steals your cookies. I'm not sure how "your passwords all kept in browser are leaked"... that's just not possible on any modern browser I am aware of.
This XSS attack is possible if there was a bug in btc-e's site that allowed for code to be injected into the page through a GET request, but probably not the case as many of us who's accounts were hacked never clicked any links in the "trollbox". As far as botnets and virus and java exploits, many of us also run linux which is the most secure desktop available and also chrome which does not allow java to be ran without a confirmation first!
java zero day. Chrome://Plugins then disable any Java plug-ins. this is different than javascript. Linux is not immune.
has anybody tested if you can create API key, then withdraw with it? probably no email confirmation.
LOL for real?? did you read my other posts?? My browser WILL NOT run java without confirming with me first. In fact I even have java disabled completely on my computer!
There is absolutely no way my computer is the culprit. Looks like to me people are still getting hacked on btc-e the issue has not been fixed. They are just going to keep getting accounts hacked and any money stolen until they fix the issue. Some hacker is having a field day just cleaning out accounts at will. If I were them I would shut down the exchange until they figure out where the injection attack is happening.
AGAIN, how is it possible with a Java (or XSS) attack for them to change my email with no confirmation from my current email? This is a server side SQL attack... nothing else makes sense.
April 13, 2013, 03:42:53 AM
I didn't have java installed in my system
And i already listed all my last week's visited websites somewhere in this forum. So i'm pretty sure i didn't get hacked because of a java exploit. Just because someone had his btc stolen from mt. Gox because of java doesn't mean everyone hacked because of java
I have yet to receive an answer from btc-e support. All i got from them was a misspelled "accout locked" answer. And i still can't access my account. I learnt my lesson to never use another exchange until a safe one appears. I just wish i get my coins back
And i already listed all my last week's visited websites somewhere in this forum. So i'm pretty sure i didn't get hacked because of a java exploit. Just because someone had his btc stolen from mt. Gox because of java doesn't mean everyone hacked because of java
I have yet to receive an answer from btc-e support. All i got from them was a misspelled "accout locked" answer. And i still can't access my account. I learnt my lesson to never use another exchange until a safe one appears. I just wish i get my coins back
Jump to: