Author

Topic: [SOLVED]: possible compromise at bitdaytrade.com (Read 2097 times)

hero member
Activity: 602
Merit: 500
Maybe you should update the title of the thread, ....so that people don't freak out when they see it in the list of topics.
Thanks for the hands-up!
full member
Activity: 154
Merit: 100
Bottom line: seems to be a false alarm, Problem solved

Maybe you should update the title of the thread, to use something like "[SOLVED] Discrepancies in withdrawals listing" so that people don't freak out when they see it in the list of topics.
hero member
Activity: 602
Merit: 500
...it was simply showing withdrawals not pertaining to the logged in account and gave the impression of an account compromission. We fixed all the issues at the moment of writing. Apologizes for all the troubles caused.

Agreed, the spurious withdrawal entries in the history are gone.
There are some additional details only exchanged in PM with Bitdaytrade. Especially I didn't mention on this public forum thread is that I didn't receive any confirmation mail for those withdrawals. This would line up with the explanation that these where just withdrawals belonging to another account.

Bottom line: seems to be a false alarm, Problem solved
sr. member
Activity: 287
Merit: 250
The issue was caused by a bug in the Withdrawal history panel, it was simply showing withdrawals not pertaining to the logged in account and gave the impression of an account compromission. We fixed all the issues at the moment of writing. Apologizes for all the troubles caused.

BDT
legendary
Activity: 1666
Merit: 1057
Marketing manager - GO MP
ah hai grammar nazi, tell me.

kthxbye
donator
Activity: 2058
Merit: 1054
Alberto has found and is fixing an issue that could be related to what Ichthyo is seeing.

You alas Ichthyo alas possible bitdaytrade shill.  Tongue
You keep using that word. I do not think it means what you think it means.
legendary
Activity: 1666
Merit: 1057
Marketing manager - GO MP
Wouldn't surprise me, makes sense from a controlled opposition perspective.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
...possible bitdaytrade shill.  Tongue

hey, come on. Would a shill point out possible technical problems as I did in the past? Doesn't make any sense for me.
Looks like he is seeing ghosties all around. Roll Eyes
hero member
Activity: 602
Merit: 500
...possible bitdaytrade shill.  Tongue

hey, come on. Would a shill point out possible technical problems as I did in the past? Doesn't make any sense for me.
legendary
Activity: 1666
Merit: 1057
Marketing manager - GO MP
You alas Ichthyo alas possible bitdaytrade shill.  Tongue
hero member
Activity: 602
Merit: 500
You have been warned that would happen.

Whom do you mean with "you"?

As far as I am concerned, I am rather relaxed, but want to find out if indeed, and in case where the weak spot would be on my side.
legendary
Activity: 1666
Merit: 1057
Marketing manager - GO MP
You have been warned that would happen.
hero member
Activity: 602
Merit: 500
  • Bitdaytrade support was very responsive and helpful
  • They didn't approve those suspicious withdrawals at first place, which indeed protected my BTC for now. Thanks!
  • I didn't find any obvious signs of suspicios activity on my system (processes, logins, sudo). But need to have a more close look


Btw, if someone captured my password, this trojan must have hooked into my X server and capture the X clipboard, since I never type in those passwords. Does anyone know if this is a likely / typical / probable attack vector? How would an attacker correlate the contents of the clipboard with the specific website I'm accessing? Any thoughts?

hero member
Activity: 602
Merit: 500
Keylogger? Just an idea. Dont blast me... I am just trying to help Shocked

of course anything is possible. Investigating my system right now.

Must have been an rather skillful and dedicated attempt. I won't claim that I'm running a high security system, but its for sure not the "average windows box"
hero member
Activity: 546
Merit: 500
Keylogger? Just an idea. Dont blast me... I am just trying to help Shocked
hero member
Activity: 602
Merit: 500
With this message, I want to put up a warning to everyone participating in the beta test of Bitdaytrade.com

Please excuse me in case I am overreacting --
it is not clear yet, if bitdaytrade.com had a breach, is just malfunctioning, or if just my account got hacked.


Anyway, when logging into the site right now, I've found that earlier this day 3 withdrawals had been initiated (now in processing state), which would result in removing all of the BTC in my underlying currency account. I've allerted the Bitdaytrade support, requesting to halt these transfers, if possible (they manually approve withdrawals).


The withdrawals where initiated at
2012-08-02 11:44:10
2012-08-02 09:15:56
2012-08-02 03:16:57

I am absolutely sure these weren't initiated by me. My PC was off during that time. I'm using secure passwords, access from a linux box, and changed my password just yesterday.

I'll follow up if I find out any new information


Update
Further investigation uncovered a bug in the display of withdrawals at Bitdaytrade.com
So these withdrawals turned out to belong to another customer, and just summed up to the size of my currency account by coincidence.

Jump to: