Pages:
Author

Topic: Stealing Bitcoins from online wallets with 2FA - page 2. (Read 1291 times)

hero member
Activity: 700
Merit: 500
Everyone watch out for the fake websites which steal your login info, they look exactly like the exchange website only the domain is different (they will change 1 letter) and then login to your account and ask for 2FA code which they use and boom, just like that all your Bitcoin is gone instantly.
sr. member
Activity: 784
Merit: 262
AZBI NETWORK - Multichain system
In most cases, you should be fine using an online wallet with 2FA. It is sufficient to keep any email hijackers away from your wallet.

The chances of having a wallet with 2FA accessed is slim, I wouldn't worry using one, unless you have a significant amount of BTC.

2FA access is a very good security level not only can give us a sense of comfort in storing bitcoin,
but this is one of the most trusted level of security for us to use
I think it is impossible and is just a small possibility for a domet equipped with 2FA security can be stolen
I have been using this security system for many years
sr. member
Activity: 322
Merit: 253
Property1of1OU
why people still confusing 2 step authentication by 2 factor authentication ?

for me two factor means one thing you have (device... whatever) and one thing you know (pin, password)

so if somebody can recover your account after you lost one of those factors then your account is something else but 2FA ...


newbie
Activity: 57
Merit: 0
This is only for SMS 2FA and not for apps like Google Authenticator?
copper member
Activity: 658
Merit: 284
I see people calling for 2FA as a safety mechanism for their accounts even tho there is a huge vulnerability in the mobile networks known for years now.
2FA just increases the complexity of the attack, it doesn't stop it at all. Here is an article from The Hacker News that came out today about using 2FA on Bitcoin online wallets like Coinbase, although they say that it isn't a vulnerability in Coinbase at all but in the mobile system design flaws instead.

https://thehackernews.com/2017/09/hacking-bitcoin-wallets.html

The conclusion here is that you shouldn't consider a mobile network safe.

Yes, I heard it from "Asian Whales Club" channel on YouTube, saying hackers engineered some tool that helped them bypass 2FA security on POLONIEX.
I think the only solution to get rid of this certain issue is by saving your coins in offline/hardware wallet because that will be more safer than web wallet, since hardware wallets are completely offline and no one can have access to it but you and that makes it unhackable at all. 
full member
Activity: 518
Merit: 103
there is a possibility but having someone steal your bitcoins when you are using 2FA has a low low chance f happening, since it is much secured. We should do out part on protecting our bitcoins, we must always have back up whenever we need them, do not store you key on the cloud or have anyone know what they are. we must always take caution in this times, since a lot of people already knows the technology and some are even advance, though the technology we use is relatively new, a lot of sites are also phishing sites, they will get your information, every time you log in, so you must at least change you password every now and then. there has also been some breach on the cloud, so i suggest, not to use clouds for storage and do not input your important details there, sooner or late, i think, we might create a newer and far more advance security system for our wallets and be sure that what you download on your phones or desktop will not monitor every movement you do, since that is also a way on how you can be hacked, let;s all be vigilant and not be too careless when it comes o our storage.
full member
Activity: 262
Merit: 100
that possibility is just a threat from them.
very difficult to penetrate 2FA because the code is often changed

I agree with you. With a code that often changes I think it will still be difficult. and also to get into the wallet, I think there is a mistake made by the user of the wallet itself. eg using a malicious internet connection. A few hours ago I read there was lost about $ 550K in one wallet. and the cause is malicious wi-fi.
It is very interesting that it led to loss of money.Specify the source of information please.
sr. member
Activity: 630
Merit: 267
Just follow the rules
that possibility is just a threat from them.
very difficult to penetrate 2FA because the code is often changed

Agree but if the hackers have the algorithm used into your account maybe they can access it. But before this happen they should have the codes or if it happens I suspect that its an inside job. 2FA is hard to hack as it changed often and also you need to hack first their emails before you have the main target which is the bitcoin wallet.
legendary
Activity: 1330
Merit: 1003
There is a way to do this that is going around and everyone who reads this should read carefully and make sure to avoid it happening to you.

See, it is not hard to buy a domain and clone an exchange to make it look like another one. What is the trick? You must buy a domain which looks similar to the exchange you are targeting, but is actually your site. Then simply record their password and also 2FA text code and use them to login on your end at the same time they are.
hero member
Activity: 1680
Merit: 845
In most cases, you should be fine using an online wallet with 2FA. It is sufficient to keep any email hijackers away from your wallet.

The chances of having a wallet with 2FA accessed is slim, I wouldn't worry using one, unless you have a significant amount of BTC.
sr. member
Activity: 518
Merit: 271
well that's why i didn't use an online wallet/exchange for example coinbase or in my country coins.ph because there is still a possibility that you can still be hacked even the 2fa is enabled. for example in coins.ph there is another way to sign in to your account eventhough by sending 2fa code to your email if your email account is comprimised you will lose your bitcoins.
member
Activity: 77
Merit: 10
2FA isn't impossible to penetrate but it makes it harder to get hacked.  If you want to be safer, invest in a hardware wallet.
full member
Activity: 1890
Merit: 101
wow this is good news, I'm still a bit hesitant too, is this true, because I think 2FA google authenticor is very safe, because it uses double security from laptop and smartphone ..
sr. member
Activity: 308
Merit: 251
As technology upgraded humans innovate, that’s what this is all about. Vulnerability has been and will always be present on any mobile, desktop and et. al as long as hackers doesn’t have the satisfaction of exploiting it, this is always a threat. Do we need to be worried about this, i don’t think so because only you can solve and prevent this from happening. So take yourself much farther than surfing the internet and using your mobile, learn and teach yourself a way how this will be prevented and avoided. 2fa and any security protocol can be no used when you don’t put an extra effort to it.
member
Activity: 112
Merit: 10
As you said 2 factor authentication doesn't protect at all. It only helps when someone guesses or steals your password using a keylogger. That's why I use online wallets only when I'm going to a shop which accepts Bitcoin as a payment (there aren't any in my area). The same thing is with Google Auth. There's no way to perform MIM attack but the exchange or online wallet provider can still be hacked.
copper member
Activity: 1050
Merit: 294
The explanation in the article shows the real threat, it is true that SS7 protocol has so many flaws and by taking advantage of these flaws hackers can attack on the protocol and can steal your private codes of two-factor authentication by redirecting your messages and phone calls. Still cellular companies did nothing to make it secure and modify the protocol by removing the flaws in it, so we have to be careful.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
Hmmmm.... Ya I don't know they make it sound like it is so easy when its not. What is this ss7 ?

There is a wikipedia article for more information https://en.wikipedia.org/wiki/Signalling_System_No._7

I still don't think it's easy and it is ment to be a second defense not primary. I dont use SMS though I use the authenticator and I'm sure it's very safe.

It is true that it is usually a second defense, although there are often account recovery options using a mobile phone. I am not sure about the authenticator, but if it works when your phone is not connected to the Internet then it is using SMS and the SMS might not be encrypted.

So,

In May 2017, O2 Telefónica, a German mobile service provider, confirmed that cybercriminals had exploited SS7 vulnerabilities to bypass two-factor authentication (2FA) to make unauthorized withdrawals from users' bank accounts. The criminals first installed malware on people's computers, allowing them to steal online banking users' account credentials and phone numbers. Then the attackers purchased access to a fake telecom provider and set up redirects from the victims' phone numbers to lines controlled by them. Finally, the attackers logged into victims' online bank accounts and transferred money from them to accounts of their own. 2FA confirmation calls were made, but had been routed to phone numbers controlled by the attackers.[22]

First step was
- install malware on stupid user computer  (not the fault of 2fa or ss7)
Second which is unclear
- purchasing fake telephone lines  ( there is some bad English here as you can't purchase access to something that is fake).

The point is that unless you download some bitcoin generator or porn movies in rar archives you are safe.
And even then, a long as you don't have your bank credential stored in your computer (I don't )  they can ....


sr. member
Activity: 434
Merit: 250
that possibility is just a threat from them.
very difficult to penetrate 2FA because the code is often changed
I definitely know that 2FA account codes change every 20 seconds or 30 and it makes it hard for hackers to gain access to the wallet and we all know that not system is really totally secure and the best we can do to prevent hackers from stealing our bitcoins is to make it harder for them to get to it if they ever get access to it.
legendary
Activity: 1904
Merit: 1074
Google Authenticator (or WinAuth on PC) is secure and does not rely on any network exchange.  Coinbase no longer recommends Authy and tells its users to use Google Authenticator.  If you use one of these programs, be sure to record the QR code (or the secret phrase) so you can recover the authenticators if you need to get a new phone.

Too many people have reported that their coins were stolen when they activated Google Authenticator and 2FA for it to be

secure. I still activate 2FA but I make sure that I keep as little as possible coins in the services that use 2FA. My main hoard

is in paper wallets and hardware wallets.  Cheesy
full member
Activity: 239
Merit: 100
CAT.EX Exchange


I think they should be involved even if there are possible constraints on the mobile application system, preferably the coinbase to investigate and experiment to close the loopholes in mobile applications.
Pages:
Jump to: