Topic: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion - page 4293. (Read 26713795 times)

Explanation

Sorry for breaking your hat-trick El duderino_  

These dips Don't hurt me at all because :


Still bouncing back a little and pump for the ants when turned to pumps for the whales will be perfect Christmas gift for the holders.

Explanation

Man, that's nasty. Thanks for sharing/warning us.

I like Kraken's way of securing their exchange. Different non-SMS 2FAs for logging-in / funding / trading, account kept in a locked state and only unlocks after a specific number of days, unless you enter a master password that is unrelated to the 2FAs. Never had any issues with hacking in my entire life, and after reading your post I can't help but feel a little worried. Should re-evaluate my security methods ASAP just in case.

Explanation

Let's not forget that at least Ledger and this very forum amongst probably many others have been subject to attacks that have leaked email addresses. That likely provides a very fruitful pool to start from.

very easy... return their $154 million say sorry it was mistake and keep $26million in BTC. Case closed everyone is happy

Here is an interesting case:

https://www.yahoo.com/entertainment/employee-embezzled-154-million-sony-165821367.html

To me what is interesting is how it was recovered.
The link in the text goes to more description and it seems that the perp transferred stolen funds (that he converted to bitcoin) to what they called "offline cryptocurrency cold wallet".
Yet, they recovered the funds. I guess it depends on what that "offline cold wallet " means and on the perp cooperation.
If he cooperated, that's one story, but if not, than it is completely different and could mean something important.

Explanation

I was thinking that all you need is a Name of the Person and you can hack him all the time no matter how much security he has ...

Hackers might not know in advance whether you have bitcoin for sure, and they might be confused about who you are or various kinds of participation in clubs, but if they get access to one or more of your e-mail accounts, they might be able to see some of your e-mails that could show those kinds of things... so maybe they get into one of your e-mail accounts first and do some exploring.. however, from my earlier experience with my early 2017 sim swap and hacking of various accounts, it seemed pretty clear from me that there was some kind of team behind how fast they had appeared to have been doing various things and I would even get them locked out of some accounts and they would get back in.. .. lasted for quite a while and some weird stuff that I do not even want to talk about... at least not at this time, and it has been nearly 5 years ago.. fuck..

I am very sorry to say this, but you have to also look at people you deal with often.

Binance have default triple verification enabled on withdrawals  Email + SMS + Third Party Authenticator but but but

since all these app SMS, Email and even authenticator is usually on the same phone and if your phone is compromised (Android or even iOS Pegasus) these authentications can be hacked.

Just yesterday saw this on reddit how this guy lost his 0.6BTC

Well you are likely already implying this, but surely one of the ways into any account is to say that you forgot password, and so you then need the password recovery method which could be e-mail and sms.. .. and I suppose that is what you are saying, just saying it differently, no?

Interesting... looks like a targeted attack.


you are lucky they couldn't withdraw any thing, now you need to do some investigation... for sure someone knew you have bitcoins :p

if you find any thing please share with us so we could be more vigilant.

Hopefully that is not the whole story.

If you are in BTC accumulation stage, you should not be selling your bitcoin, so if you do sell, then you replace.

I know that paypal does not allow self custody... so if you sell then you replace in another location.. and therefore, your net situation is the same amount of bitcoin (and sometimes if you are going to error you error on the side of buying a little extra BTC just to make sure that you are holding the right asset - so for example, I recall when I was in accumulation stage, especially 2014, 2015 and 2016, I was always nervous about net selling BTC, so for example, even if I sent $5 of bitcoin to a friend, I would replace them within a day or two... or if I bought a membership or any kind of situation in which I might be forced to sell any bitcoin.. for example, I would sometimes do transactions on Local bitcoins, so the replacement would most frequently error on the side of making sure that i was stacking more bitcoin, whether I sold my minimum amount of $300 or if they wanted more, maybe up to $7k or $8k.. I would usually NOT do more than $8k because I did not want to get close to having transactions that were close to $10k.




Holding for others becomes way more stressful.. that's for sure.


Like I already mentioned, hopefully you did not change the actual allocations of BTC versus dollars, unless it was completely of your own choosing... which it sounds as if all of these actions were triggered by the security breach.


Porting a phone allows you to receive text messages on that phone, but authenticator is tied to the device itself.. so you would not get the authenticator codes on your phone unless you had some kind of authenticator backup code...so that's part of the reason that some of the guys here are focusing on criticizing SMS 2nd factor specifically.. because the sms messaging mode remains so vulnerable to the sim swap attack.

Well, if they port your phone they have your SMS number and can respond to challenge codes. However that doesn't give them access to your phone's memory and junk, and that's where the TOTP seed is kept. It's possible to hack your phone (here install this app my good fellow) but that's a bit more complex and more in your control.

The other thing they would need is the password, unless coinbase allows account access with only an SMS (which makes it a one factor auth system).

Fair, I'll take your word for it. I wasn't using 2FA 5 years ago admittedly, more like 4.5 years, so to me it's simply always been a no go for any real security since security issues had already emerged by then.


For sure, I used to trust TOTP on mobile devices, but now realising how vulnerable mobile phones are I went back to device based, Linux specifically, for better security. I'd like to assume the TOTP encrypted seed remains safe on a phone, even if it's hacked, but this would also be completely dependant on the app developers method of encryption I guess. Overall using a separate device (connected to the internet) isn't necessarily more secure it seems, especially if it's a common system like Windows, Android and iPhone where the exploits are the most common (due to their popularity for widespread targeting).

Also agree generally keeping any amount on exchanges you can't afford to lose (or willing to lose) is never a good idea. It's been a while since MtGox scenario, but they are always possible, even with the likes of Coinbase. They probably have enough in cold storage to refund customers if it were to happen (and the breach is on their end not the customer), but even so, wouldn't want to risk that insurance policy.