Author

Topic: Paxful Account Hijacked - Social Engineering Scammer - Lesson Learned! (Read 526 times)

member
Activity: 112
Merit: 10
Paxful.com is a scam. Trade on localbitcoins . com next time

Take a look on their scam site from this links

1) https://www.reddit.com/r/BitcoinMarkets/comments/6jqlpp/stay_away_from_paxfulcom_the_moderators_are/

2) http://www.nairaland.com/3884643/www.paxful.com-fraud-scammer-site-founder

3) https://bitcointalksearch.org/topic/paxfulcom-moderators-stealing-people-bitcoins-codedly-scam-and-fraud-site-1987998

4) http://www.nairaland.com/3887327/never-trade-paxful.com-owner-start#57917835

They will ban the vendor, take all his coins and won't even resolve issue with the Card owner.  Scam both Vendor and Card seller




The owner were caught with drug weeks ago in Miami, USA.

Popular site in USA Posted this, read it here https://cointelegraph.com/news/paxful-exchange-ceo-and-cto-arrested-in-miami-on-weapons-and-drugs-charges






STAY AWAY FROM PAXFUL.COM PLEASE, THEY ARE DANGEROUS.

hero member
Activity: 686
Merit: 521
It is unfortunate this happened to you, that is why it's advised not share email addresses in public at all cost especially if email address is connected to other services it becomes quite easy for the so called hacker to make you an easy target and same user names are also a dead giveaway! Avoid those too good to be true trades as well.
But then again I know paxful has always warned users not to share Cell numbers during trades before you initiate a trade unless you ignored all these warnings, anyway lesson learned sorry for your loss mate.
newbie
Activity: 9
Merit: 0
Hi, I'm a newbie trader in Paxful. I would like to set up my 2FA (2 Factor Authentication). Where should I go?
newbie
Activity: 39
Merit: 0
Good on you!

Sometimes people tend to be biased to themselves and not listen
while screaming "muh expertise".

From day 1 at Paxful, I have been gobbling up the material and tips
they release, I have yet to have misigivings on this site.
newbie
Activity: 15
Merit: 0
On Paxfull on 6/13/16 my account "AruTrader" was hijacked after a social engineering attack. This member under the Screen Name "Profiter" had a very attractive AD to buy BTC. Very good deal. So I made him an offer,  he even showed an ID and one with Selfie.. He also asked for my Cell number pretending that he want to verify it. He already knew my email where to send payment to. The BTC were already in Escrow. So he asked if I received a code which I gived to him right away! That code he used it to reset my email account to get access to my paxfull then release the coins to himself. What a thief! I didn't realize that untill it was too late that I was a victim of a Social Engineering Attack!.

And still not satisfied he gain access to several of my btc wallets and tried to spend 500EU on one of them, which fortunately was canceled.

After changing my passwords and enabled 2FA (2 Factor Authentication) I reported him, and his account got suspended and banned. But It's not over yet. He still had access to my paxful account, using it to scam others under my behalf until my account was also banned and suspended!! I reported this to Marcos, the moderator, and he believed that Profit hacked my account but he also believed that I did the same thing also!! WTF! His IP location is from Morocco, but of course he could be using some proxy or VPN.

So I don't know how come he still had access to my account. I Enabled 2FA on my email and my paxful account also had 2FA enabled, but through SMS, and I heard it's possible for the Hacker to Port your SIM card Number to his phone, maybe that's how he got access.  But maybe there were also some settings in my email account that he knew about. So I reset all security codes and devices etc..and changed my password again with 2FA enabled. Also I started Enabling 2FA on the accounts that were compromised. Since then, no more issues!!  If I did that earlier, this would not have happened!.

Lesson learned: Becareful when giving numbers, and read the sms code verify carefully if it's from your email provider. Do not give numbers to any buyer. If you do then make sure is for legitimate purpose. Just because the buyer or seller provides ID doesn't mean it's real no matter how legitimate it looks!

Always Enable 2FA (2 Factor Authentication), Not SMS 2FA but Mobile App 2FA. This will make hard for the hacker to get access t your account. If my email had 2FA enabled, my account wouldn't be hijacked... I learned the hard way!!

Update:  The scumbag tried to gain access again to my Email, from an IP from Netherlands....but this time he failed!! Thanks to 2FA!!!







Jump to: