Author

Topic: Online exchange accounts all got hacked (Read 1888 times)

sr. member
Activity: 389
Merit: 250
March 06, 2014, 09:01:16 PM
#14
What is the best program I can use for scanning Bitcoin related malware and stuff that would harm my computer and compromise my accounts?


I've been looking into this. haven't tried yet. But keep in mind the programs they recommend could have malware.

http://malwaretips.com/forums/malware-removal-assistance.10/

http://malwaretips.com/blogs/malware-removal-guide-for-windows/


sr. member
Activity: 252
Merit: 250
March 06, 2014, 04:08:37 PM
#13
BTC-e support came a little late and hacker got enough time to withdraw... "For security purposes, after a e-mail change your account will be locked for withdrawal within 2 days."

From BTC-e
Hello!
We are sorry but your money was transferred out from BTC-E.
We can't refund and return your money.
We can provide you IP logs of potential hacker.

Withdrawal has been confirmed with your mail:


60   logout   logout use logout button   201.235.236.171   
06.03.14
16:01
59   login   success login   201.235.236.171   
06.03.14
15:55
58   logout   logout use logout button   201.235.236.171   
06.03.14
15:49
57   login   success login   201.235.236.171   
06.03.14
15:46
56   login   success login   201.235.236.171   
06.03.14
06:10
55   logout   logout use logout button   201.235.236.171   
06.03.14
04:05
54   login   success login   201.235.236.171   
06.03.14
04:04
53   logout   logout use logout button   190.220.132.218   
05.03.14
20:59
52   login   success login   190.220.132.218   
05.03.14
20:57
51   logout   logout use logout button   201.235.236.171   
05.03.14
15:50
50   login   success login   201.235.236.171   
05.03.14
15:49
49   logout   logout use logout button   201.235.236.171   
05.03.14
10:20
48   login   success login   201.235.236.171   
05.03.14
10:19
47   login   success login   201.235.236.171   
05.03.14
06:28
46   logout   logout use logout button   201.235.236.171   
05.03.14
02:42
45   login   success login   201.235.236.171   
05.03.14
02:42
44   logout   logout use logout button   201.235.236.171   
04.03.14
21:35
43   login   success login   201.235.236.171   
04.03.14
21:28
42   logout   logout use logout button   201.235.236.171   
04.03.14
20:32
41   login   success login   201.235.236.171   
04.03.14
20:31
40   logout   logout use logout button   201.235.236.171   
04.03.14
13:47
39   logout   logout use logout button   93.167.245.178   
04.03.14
13:23
38   edit   email changed [email protected] -> [email protected]   201.235.236.171   
04.03.14
13:13
37   login   success login   201.235.236.171   
04.03.14
13:13
36   login   success login   109.163.234.10   
04.03.14
11:48
35   login   success login   201.235.236.171   
04.03.14
10:51
34   edit   pass reset   201.235.236.171   
04.03.14
10:51



Looks like the ip address is from Argentina http://whatismyipaddress.com/ip/201.235.236.171... is there anything I can do with this information?
sr. member
Activity: 252
Merit: 250
March 05, 2014, 01:35:02 PM
#12
What is the best program I can use for scanning Bitcoin related malware and stuff that would harm my computer and compromise my accounts?
sr. member
Activity: 252
Merit: 250
March 05, 2014, 05:11:33 AM
#11
Thx for help guys... I have never heard of Keepass before, wondering how reliable it is?  Like is there any chance of the program corrupting and messing up the passwords? Also do you guys use armoury for BTC wallet?

I was able to get my BTC on poloniex back Smiley.... did not log off account and waited til withdrawals were ok... I dumped most of my coins cheap and withdrew my BTC right away... left a small amount of BTC cause I had some nice coins I bought cheap that I did not want to sel, and had no wallet for... check back in a hr and hacker dumped all my coins  Sad and tried to withdraw lol... too bad I already changed email and he could not confirm withdrawal... I just took the remaining BTC out and made will make a new account.

For cryptsy, I tried to contact @cryptsy through twitter, but no reply.  Support did not send an email back to me yet(even though I prob can't check without my account login)... but weird thing is I check the hackers BTC address 19S7zj2X5xQZcaCKpi2z3Q5HAMNSVdgSnv on blockchain and it still says 0 transaction.  It was the same thing around 10-12hours after the hack, when I was still logged into cryptsy, the transactions were pending and had no tx id... It has almost been 24 hrs now and blockchain still shows 0 transaction... is that normal and could it mean that the BTC is still in cryptsy account?


BTC-e - I have never tried withdrawing my BTC from this site yet(is email conf required?), but the BTC address 19S7zj2X5xQZcaCKpi2z3Q5HAMNSVdgSnv were used for both poloniex and cryptsy... mayb it was used for BTC-e too and hacker could not withdraw because of some reason, or is waiting for better price?  It says my account does not exist when I request new password.  I have not figured out how to contact BTC-e support without using account yet...

Thx again for help
kronicblazer


Edit: Well fuck... the cryptsy BTC just went through and updated on hackers address 19S7zj2X5xQZcaCKpi2z3Q5HAMNSVdgSnv while I was typing this msg... I prob had a chance if it was easier to reach the dam support...
newbie
Activity: 36
Merit: 0
March 04, 2014, 05:32:48 PM
#10
There is only one solution. Its called Keepass.

keepass.info

There is malware that targets KeePass so even it is not secure unless you keep it on a separate computer that isn't ever connected to a network.
legendary
Activity: 1001
Merit: 1005
March 04, 2014, 05:18:10 PM
#9
There is only one solution. Its called Keepass.

keepass.info
full member
Activity: 196
Merit: 100
★Bitvest.io★ Play Plinko or Invest!
March 04, 2014, 01:50:00 PM
#8
shit i got logged out of cryptsy now and can't get into that account anymore... hopefully i don't get logged out of poloniex before my account is fixed... is there anyway I can contact cryptsy besides a support ticket through the account?

you can try tweeting the owner:

https://twitter.com/cryptsy
sr. member
Activity: 252
Merit: 250
March 04, 2014, 01:23:17 PM
#7
shit i got logged out of cryptsy now and can't get into that account anymore... hopefully i don't get logged out of poloniex before my account is fixed... is there anyway I can contact cryptsy besides a support ticket through the account?
sr. member
Activity: 252
Merit: 250
March 04, 2014, 12:58:27 PM
#6
i have 3 same passwords I use on all my sites... but i think i might be able to get my coins back if I can talk to cryptsy and poloniex support.. any1 have suggestions?  I will be reformating my computer once this gets sorted out... if I do it now, I will be logged off cryptsy and poloniex and lose those accounts since the passwords are changed. 

LOL No one's going to give you your coins back because you failed to secure your own PC.

I did not mean to request my coins back from exchange, but if I can reach support and they reset my password, and cancel the pending withdrawals than i might get some of my coins back that way.  It might be possible at poloniex because the exchange is frozen due to a hack on their site.  Cryptsy might also be possible(but less likely) because I still do not see transaction for the address hacker withdrew to on blockchain and the 'view all deposits' page on cryptsy shows the transactions as pending, but with no tx id.  My withdrawal from before shows a txid, but this is just all me guessing. Talking with support can give me a shot at least but I can't reach them

Ya I definitely need to work on my security... and better to learn early than when I build up even more bitcoins.  Still really sucks though, waking up to see the spike and than realising your accounts got hacked.

 I had to replace my motherboard and cpu couple weeks ago... did a large windows update on reformat(My old comp only did windows update once when installed couple years ago)... could this be the problem?  Would windows still be ok if I did no windows update after I reformat my computer? 
full member
Activity: 196
Merit: 100
★Bitvest.io★ Play Plinko or Invest!
March 04, 2014, 11:46:49 AM
#5
i have 3 same passwords I use on all my sites... but i think i might be able to get my coins back if I can talk to cryptsy and poloniex support.. any1 have suggestions?  I will be reformating my computer once this gets sorted out... if I do it now, I will be logged off cryptsy and poloniex and lose those accounts since the passwords are changed. 

LOL No one's going to give you your coins back because you failed to secure your own PC.
sr. member
Activity: 252
Merit: 250
March 04, 2014, 11:10:20 AM
#4
i have 3 same passwords I use on all my sites... but i think i might be able to get my coins back if I can talk to cryptsy and poloniex support.. any1 have suggestions?  I will be reformating my computer once this gets sorted out... if I do it now, I will be logged off cryptsy and poloniex and lose those accounts since the passwords are changed. 
sr. member
Activity: 266
Merit: 250
March 04, 2014, 10:49:37 AM
#3
Looks like you have fallen for some phishing site and you had same password on every account, didn't you?
or you got your pc keylogger...
sr. member
Activity: 434
Merit: 250
March 04, 2014, 10:48:10 AM
#2
Looks like you have fallen for some phishing site and you had same password on every account, didn't you?
sr. member
Activity: 252
Merit: 250
March 04, 2014, 10:46:11 AM
#1
So I wake up a couple hours ago and see the nice spike in LTC and was really happy... went to BTC-e to check my account and can't log in... check my cryptsy account and theres 0.003 left in estimated BTC, withdrawals and sells show the hack was around 2-3:00AM EST(on cryptsy).  My email, bitcoin exchanges(polo, mint, cryptsy, cavirtex, btc-e, mcx) all was hacked and passwords changed. My computer was left on mining with browsers opened for some of these sites(would it matter). I do not have any google auth. or 2fa stuff and not strong password(around 16 chars), which I really regret now.

BTC-e - can't log in, tried to request new password says no such account
Cryptsy - still logged in from before, can't change password, coins sold and withdrawals still in pending status
Poloniex - account password got changed, still logged in from before like cryptsy, some coins in withdrawal status, while other coins remain(polo got hacked, trading frozen)
CAVirtex - can't log in, password changed, luckily I withdrew into wallet a few days ago

Email - recovered account and made new pass, no new emails(withdrawal msg/conf from sites) were seen from when it was hacked(prob deleted)
MCXNow - pass was changed, funds still remain, successfully changed password
Cryptostocks - pass was changed, everything still here, successfully changed password

local wallets - all safe(unfortunately not much kept here)

I have not checked my other stuff yet except Facebook which was untouched, mining pool accounts were also untouched(the couple i checked that was still open in browser)


So right now I need some help with these sites if possible...

BTC-e - how can I retrieve my account, I have previous email/password details from day 1 of account creation until 7-8hrs ago. I think you need to have login details to request a support ticket? How else can I contact them?

Poloniex - withdrawals pending, site is frozen? Sounds good at first but... I am only signed in from before, the password has already been changed(I try changing to test)... I don't know how long I will still be signed in... is there a way I can contact support quickly?

Cryptsy - I submitted a request ticket and it went to my email, but cant check it since I don't have my account details... password was changed, I don't know for how long I will still be logged in for.
The following is the addresses that the hacker sent my coins to after selling most of them for BTC at dirt cheap prices... weird thing is I check blockchain info on 19S7zj2X5xQZcaCKpi2z3Q5HAMNSVdgSnv and there is no transactions... cryptsy withdrawal says pending and does not show tx id.  Is it possible I can get my coins back? How can I contact Cryptsy fast?

Cryptsy
Currency   Send to Address                                    Amount   Conf   Request Date
BitCoin   19S7zj2X5xQZcaCKpi2z3Q5HAMNSVdgSnv   0.08817937 BTC   Yes   2014-03-04 02:44:50
Pending
TagCoin   TRoPFsPJnHNK5qdqTCbQAt5kiU6wNkAEmv   9.00000000 TAG   Yes   2014-03-04 02:34:00
Pending
PrimeCoin   AKtezFR3mVLUoWWVpHPdnjNn8zHLs28n9F   2.37956309 XPM   Yes   2014-03-04 02:30:26
Pending
BitCoin   19S7zj2X5xQZcaCKpi2z3Q5HAMNSVdgSnv   0.17844366 BTC   Yes   2014-03-04 02:25:03
Pending
BitCoin   19S7zj2X5xQZcaCKpi2z3Q5HAMNSVdgSnv   0.17211333 BTC   Yes   2014-03-04 02:15:51
Pending
BitCoin   19S7zj2X5xQZcaCKpi2z3Q5HAMNSVdgSnv   0.49571229 BTC   Yes   2014-03-04 02:03:47
Pending



These are transactions for Poloniex, same BTC address, no transaction here shown on blockchain would make sense since polo is frozen. I don't think he bothered to cancel my trades and withdraw everything since polo was frozen.  Time zone is different  from cryptsy so I am not sure when those were sent

MEOW   500   K87EzaqDcniecdit1DLbgi8EEAnGktrpRJ   2014-03-04 08:00:48   PENDING
SMC   64.86999999   SfkmQdQxZ9J2UKVCK2KfUbpQzH4Ry3QceX   2014-03-04 07:59:34   PENDING
VTC   3.487   VjiPkNX2QuWaZKFRQWP36PEsS2RMBkWPgw   2014-03-04 07:58:55   PENDING
BTC   0.03928356   19S7zj2X5xQZcaCKpi2z3Q5HAMNSVdgSnv   2014-03-04 07:54:35   PENDING


I can not log into my other accounts to check where or if there are withdrawals

Thx for the help... hopefully I can get some of them back(especially btc-e, but doesnt look too hopeful)
Jump to: