Someone changed my BTCguild wallet address.

wolftaur

member

Activity: 112

Merit: 10

Quote from: PcChip on June 22, 2011, 01:35:23 PM

Here's an interesting note: After first installing BitCoin, I've always only used the address that was generated for me by the client, but when I actually paid attention to the addresses, the payout address across slush's pool, deepbit, and BTCGuild are all different for me! So at first I thought I had been hacked and the payout's changed, but upon further inspection (scrolling down the payment history in the client) they all belonged to me! How did different addresses get generated for me when I never clicked "Generate New Address" ?

The client automatically makes you a new address, whether you ask it to or not, when you receive coins at the address currently selected and displayed in the client's main window.

It's because you're supposed to use different receiving addresses for everything to be able to keep track of what you got from where.

PcChip

sr. member

Activity: 418

Merit: 250

Here's an interesting note: After first installing BitCoin, I've always only used the address that was generated for me by the client, but when I actually paid attention to the addresses, the payout address across slush's pool, deepbit, and BTCGuild are all different for me! So at first I thought I had been hacked and the payout's changed, but upon further inspection (scrolling down the payment history in the client) they all belonged to me! How did different addresses get generated for me when I never clicked "Generate New Address" ?

bitcoin0918

newbie

Activity: 70

Merit: 0

If you tend toward "weakass passwords", you may want to use a pool that doesn't even have accounts, and instead your wallet address is your username. That way there is no way they can screw you over, unless they get the wallet.dat from your computer, or change your mining client.

Yatta99

member

Activity: 84

Merit: 10

I need an new box...

Quote from: eleuthria on June 22, 2011, 01:35:41 AM

To date, only a few accounts at BTC Guild have had funds taken from them. In all cases it was an MtGox user. So far every case has fallen into one of three scenarios.

1) Email was shared between BTC Guild and MtGox and the email shared the MtGox password, which was used to reset the BTC Guild password.
2) The password was the same with the number '1' either added to or taken off the password.
3) The password was the exact same between the two sites.

I've had a notice placed on the site within minutes of the leaked database, and the payout lock feature would have prevented every single one of them from happening if users turned it on. This is why the Payout Lock bugs you to be enabled until you explicitly decide to hide the warnings.

First, great work over the last 2 weeks Cheesy

Not quite sure how you stayed sane through it all Grin

Now, several suggestions that everyone will probably hate:
- make the account lockout feature default to ON instead of OFF when you create an account and have a final 24 hour lockout when you turn it off.
- require a second password, different from the account password, to request a payout.

Anyway, keep up the great work Cool

Shevek

sr. member

Activity: 252

Merit: 250

Take a look at this: http://world.std.com/~reinhold/diceware.html

eleuthria

legendary

Activity: 1750

Merit: 1007

To date, only a few accounts at BTC Guild have had funds taken from them. In all cases it was an MtGox user. So far every case has fallen into one of three scenarios.

1) Email was shared between BTC Guild and MtGox and the email shared the MtGox password, which was used to reset the BTC Guild password.
2) The password was the same with the number '1' either added to or taken off the password.
3) The password was the exact same between the two sites.

I've had a notice placed on the site within minutes of the leaked database, and the payout lock feature would have prevented every single one of them from happening if users turned it on. This is why the Payout Lock bugs you to be enabled until you explicitly decide to hide the warnings.

lemonginger

full member

Activity: 210

Merit: 100

firstbits: 121vnq

just use a password generator and safe.

too easy to fallback to using "default" passwords across sites otherwise.

nemo

sr. member

Activity: 500

Merit: 253

It was a weakass password. I'm going to take my favorite book and flip the page to my lucky number. Then I'll take the first letter of every line and combine them until I have 16. Otherwise I know my lazy ass would keep the password written down or even stored on my computer somewhere. With a 16 letter password, are the numbers and symbols necessary?

RyNinDaCleM

legendary

Activity: 2408

Merit: 1009

Legen -wait for it- dary

I'd recommend you change your PW to something 16+ chars using uppercase, lowercase, numbers, and symbols!

nemo

sr. member

Activity: 500

Merit: 253

Thank god for their optional 24 hour lock that I set up. My username is on the MTGox password list, but my password wasn't the same. Has anyone else noticed suspicious activity?

Topic: Someone changed my BTCguild wallet address. (Read 4360 times)