Topic: Someone Loan using My Account - page 6. (Read 2638 times)

If I'm not wrong then the method is called as "session hijacking" or "session cookie theft." In such type of attacks the hacker often send you a malicious link, and when a users clicks on the link then the hacker take advantage of the vulnerabilities of the browser that the user is using to access the link. The hacker then steal the session cookies of the user and then use that cookie on his/her browser with the help of extensions like cookie editor. Such type of attacks are often planned by the hackers who have access to some hidden vulnerabilities of the browsers that no-one knows yet. Those hackers can steal session cookies of any website they want, and that way they hack the access of the users.

I'm quite sure that the same thing happened with @Peanutswar when he clicked on that malicious link without even thinking about such exploits. The hacker knew that the user would click on the link, and he would be able to steal the cookies one the user will click the link. It's better to be aware of such type of hacks because they can easily hack someone's account and ask for loans that the user isn't asking for. It's our responsivity to protect ourselves from such type of hacking attacks, and we should never click on the links sent by a unknown user. That way we will be able to protect ourselves from such kind of hacks.

Until one gets scammed, he would never believe scam exist, and sometimes we build blind trust based on past transactions. Op will know the usefulness of linking his forum account to his regular email and the lender will also learn how to secure his deals.

I've never received a loan from Shahan, but if he's giving out loans based on reputation and active signature participants without additional checks, he has to add another layer of security to his loan business to avoid this from happening again.

There was another such case happened here, I can't remember who was it. Will try to find it out.
I'm not an expert in such cases though I didn't the guy who claimed this few months back. However, I heard such a case recently where hacker got access of facebook account just because the victim clicked on a link. It was not a phishing password steal method. There was a group who recently got arrested in Bangladesh. They used to access facebook account by this trick and blackmail many people by collecting their private data.

This is what I was thinking.  I see shasan often giving loans without requesting a signed message, and I think it adds undue risk.  If for whatever reason the borrower doesn't have the ability to sign a message, at the very least check to see if the funding address has been posted by the borrower on the forum in the past.

That makes sense, but I'm still having trouble understanding what exactly happened here. How did the scammer get into OP's account if he didn't have his password?
I noticed that Peanutswar mentioned receiving a link for Discord community management. Is it really possible for someone to gain access to your bitcointalk account just by clicking on such a link? Sorry if this sounds like a silly question, but I'm genuinely curious to learn about the countermeasures against this type of attack.


Peanutswar, could you please provide more details? When did you first realize that your account had been compromised? Have you noticed any suspicious activity on your system? Also, could you elaborate on the links you mentioned?

I guess requesting a signed message from an old staked address should be part of procedure from now on. These streets are really so slippery  

---

Sorry about terrible ordeal OP and Shashan

That will be up to the lender. At least he'll see a warning telling him to be extra careful.

I've left 2 neutral "no loan" tags so far. If someone ever asks me to remove them, I'll require a signed message from an old staked address, and I'll probably wait for 30 days (a cooldown period).

If the scammer changes the password, he gets noticed quickly. By not changing the password, the scammer can stay under the radar and impersonate the real account owner for a while. It has happened before.

I don't understand how something like this is even possible if the user's password is not compromised. I tried Googling about the DOM attack, but I couldn't find an explanation that I could understand given my current level of knowledge. Have there been previous cases similar to this? And how can we prevent and defend against these types of attacks?

You can also add to that extension per user request
1- This user confirmed he never wants to take a loan without signing a message from the staked address.....
2- This user confirmed he never wants to take a loan without a collateral
To attract more people to enroll in that and arrange with lenders to force request this feedback first before someone requests a loan and if he choose num 1 should be an old address if he's adding a new one must disclose his ip log and use the account for a week before requesting a loan

It seems a good idea and increase the real usage of neutral feedback rather than for criticism or conflict

I don't want to be mean, but you, me, or anyone could disappear in the future and the tag always remain in their accounts. I'm just thinking if someone decided to ask a loan when there's a neutral tag where the account will not ever ask any loan in this forum. Do you think if he can sign a message on his old address, the account is still controlled by the real owner?

It's your real IP addresses in this forum? I think it's better for you to remove the images if you're consider about your privacy. But if you not care about your privacy, then you can refuse my suggestion.

Was the password unique to bitcointalk or did you shared it with other places? I highly advice you to make a full format of your PC (I don't know how deep was your cleaning) and change immediately all the passwords to essential services that you have (banking, services, governmental websites, e-mail...). You don't know for how long did the hacker had access to your account (or PC?) so one can never be too careful. If you don't use it, password managers[1][2][3] are also a great addition to increase the security of your accounts (it isn't foolproof, the greatest anti virus is always between the ears ).

---

[1]https://psono.com/
[2]https://keepassxc.org/
[3]https://bitwarden.com/

Yes, I want to ask you, LoyceV, to leave a neutral tag on my profile that I will never take loans on this forum.
Thank you.

That's really sad. The discord link was clicked from phone or pc? Do you still have the link? Did it download anything or just redirects? Does that mean all bounty and community managers and signature campaign managers may post false loan requests by the time passing? As that hacker would have sent to all the possible targets.

Before, there was a link sent to me for discord community management, the sender have a link makes a redirect link to other page and the message sent multiple times so i suspected immediately could be an attack, I immediately cleaned my PC for possible preventive attacks, I got confident by that time but my mistake too I didn't change my password, my email are on my PC but not in my device itself that notifies the information of my account, I mislook before that there's a change of wallet address in my profile, I thought I just paste my other address so I ignore this.

LoyceV recently give the IP addresses as I suspected the unknown user makes a move since he make a loan Date of 7-06-23.





Seems like this person lurking around first in the bitcointalk community and checking my activity before committing this trouble.


Only every morning before i go to office i check the forum and message if there's any translations i need to revise, and also after going to work, I didn't use any mod apps i know the possible malware they can inject with those free software. At the end I don't want to ruin my reputation here even though its too painful to pay that amount.

Let's make the forum clean.. give me that tag!

@Peanutswar: Check https://bitcointalk.org/myips.php

The hacked borrower can't help that, if the lender doesn't ask for it.
I can only hope nobody would fall for this if someone ever manages to compromise my account. I've never taken a loan, and if I do, that should raise a big red flag (and there's only one exception).

I can give you neutral feedback if you want, with a link to your post. Something like:
"This user confirmed he never wants to take a loan. If his account asks for it, it's not him."
If anyone else wants such feedback: post your confirmation here and I'll add it once I see it. I assume my account will be on DT for many years to come

I think I have also seen a similar case although this one was spotted fast by the original owner before the loan was accepted.

Op it isn't a pleasant experience having to pay for money that you had no idea how it was spent and that has brought some curiosity to my mind to know how they were able to gain access to your account; like how often do you log in your account in a different device? Do you frequent those funny sites? like the ones that offer free downloads for apps or software meant to be paid for, Do you use mod apps? I just wanted to know if there's any activity you have done recently or in the past that could have resulted in those hackers getting access to your device, as it could help others avoid making such errors.


That is very interesting info, but we need also to keep in mind that it could be another hack unless otherwise confirmed...

I'm not sure if @mdgabrielzim uses a Telegram bot, but if he does, he should be aware of this thread. To be safe, I think sending him a PM would also be nice, just in case he doesn't use any notification tool.

Here is the TRC20 USDT address which has been used to take the loan from shasan.


shasan has accepted your loan request and sent the USDT to the above address. Then, you or the hacker has sent 999+ USDT to a different address in 3 transactions. The USDT was sent to this address




This address was posted by user mdgabrielzim whose loan request was declined by shasan one month ago. The user 'mdgabrielzim' had also deleted his post from the lending thread. I'm wondering what is the connection between the hacker and mdgabrielzim!

That wallet address has connection with this Tron address: TXtp6FhA3NXP2eZehTu3W1CptFjaMECDcJ which seems like an exchange address that is mostly used for depositing funds from various investors who then become the victim of Ponzi scam mostly by this person. It kind of feels like that exchange is a safe haven for scammers and frauds.


Reference:
https://www.hyiper.net/blog/421.html
https://invest-tracing.com/detail-FinssConLimited.html
https://scamwatcher.org/Finnscon-review/
https://www.forexpeacearmy.com/forex-reviews/5098/fbs-forex-brokers?per-page=15
https://graspgold.com/details/lid/80/

Do you have any web wallet? This hacker couldn't hack them? I believe I saw DM problems here before but posting a lending comment is the most advanced part. Nothing to say but it seems like a couple of loans got stolen these couple of days.