Topic: WARNING! 40 000 USD was stolen fom BTC-e.com account! - page 3. (Read 10771 times)

• From a legal standpoint I assume it would still be theft.
• From a literal standpoint, no money actually left his account--only unauthorized transactions took place.

Regardless of anyone's personal feelings the distinction between these two is vitally important is that he falls into the second category and is asking the exchange to reveal confidential information about other users of the service without a court order/warrant. The idea that any exchange or organisation would reveal such private information about its customers with no court order/warrant would basically never happen in a million years.

Even with a court order/warrant you're assuming that anyone who was "the other half" of his transactions is guilty and putting their privacy at stake--this is likely impossible to ascertain and sounds more like a matter for a legal investigation.

Should an exchange breach other user's privacy because some guy didn't bother to use 2FA? No, and if the answer was yes then no one would ever use that exchange ever again.

Personally I abhor people that steal or gain access to other users accounts and then proceed to do malicious things, I believe they should be persecuted to the fullest extent of the law. Having said that, in this instance the victim (i.e. the author of this thread) should realize how their naivety and laziness was likely the primary reason for their loss and also that no reputable organization on Earth would go about releasing information about other users in this same situation without a court order/warrant.

I strongly disagree with the title of this thread and the initial post as they are both greatly misleading to most readers who won't bother to be critical and will take it as face value (and no, I'm not associated with the exchange). I think the victim in this situation refuses to admit that their arrogance and naivety when it comes to security caused this issue and nothing else. If you have 40,000 USD on a website you should take security a lot more seriously.

It is also disheartening to see people learning about promising technologies like bitcoin etc while failing to adequately research basic account security. If anyone is reading this right now and has anything of worth stored on their exchange accounts, gmail/dropbox/banking websites and currently does not use 2FA I strongly urge you to start using it. It isn't some fantasia bullshit, it is the 6 digit code that stands between you accessing your account and some random on the internet being able to essentially rob you of 40k USD. Regardless of what anyone says about it being imperfect it still does a lot more to protect your accounts and private data than having nothing at all in place.

Bottom line:
Not having 2FA enabled = 40,000 USD mistake.

Wouldn't his BTC/Cash still be considered stolen? I mean if someone breaks into your house while your away and you only locked the one door lock, would it make it any less of a break in or explained as a 'unauthorized entry' because the home owner had a dead bolt and/or alarm system that he didn't use? Sure he had extra precautions he didn't utilized that may have prevented the break in, but it doesn't lessen the fact that someone still broken in to his house all the same, no?


As to the OP, you should defiantly enable 2FA if you haven't yet. Say your house gets broken into, you are basically using the argument "I didn't bother to lock my door because thieves could have just picked the lock anyway". Hopefully that puts it into a better perspective.

Very sorry for that loss though, I do hope you get some form of resolution from it

Its not any single point of failure that causes these situations.

Its a multitude of different problems (mostly attributed to people being lazy):
-not activating 2FA
-not activating logging features on their accounts
-sharing email addresses and/or passwords between accounts
-not running antivirus/malware scanner
-assuming your operating system is 100% immune to viruses or malware (dear mac users your operating system is not, has not and cannot be 100% immune to being compromised)
-sharing your computer with idiots
-installing stupid applications and/or opening stupid links
-assuming people you know won't steal your shit when it can never be traced back to them
-letting other people know how much money you have and where
-blindly trusting web-based wallets etc that aren't decentralized
-installing pirated software which can compromise your system
-using wifi, wireless keyboard/mice or stupid technology that could easily compromise your internet money (if you live in the jungle use wifi, if you live in a crowded urban area where anyone within 50 metres of you could sniff all your personal data then you're an idiot)
-keeping all your eggs in one basket; even if I was trading anything even remotely approaching 40,000 USD, let alone 1000 USD I would sure as shit not store it all on one exchange with no fucking 2FA.

You should not be storing 30 btc on a web wallet like blockchain. Period.
You should not be storing 40,000 USD worth of anything on any online account that doesn't have 2FA. Period.

Part of the responsibility does fall on this exchange for not requiring 2FA or not requiring authentication of transactions via email account, however the problem is that this user is basically incompetent (proven by the fact they refuse to believe 2FA is important) and they then go and write misleading statements regarding their account (no, your money wasn't actually stolen which is what prevents the exchange from helping you) and tries to brush off their own irresponsibility and laziness as not having attributed to the situation (if this user had 2FA enabled then I would be in no position to criticize as much).

thats an expensive lesson learned.. always use 2fa.

but even sometimes using 2fa incidents still occur, like the whole blockchain.info wallet madness a couple weeks back or a month ago.

people got like 30 btc stolen forwarded to other accounts etc.

thats a huge fuken loss.. but they had a history of missing deposits in the past. or honoring the deposits they get from other countries.

that sucks though that this could of been prevented if 2fa was setup..

I'd say more like 100% his fault. The best part is that because he didn't have 2FA enabled it is pretty much impossible to ascertain how much of his system/accounts are compromised. If he had bothered to use 2FA and this actually happened then he could be certain that 2FA was hacked (meaning his entire system is compromised).

Without 2FA he is going to have to get some scooby snacks and hire a crew of hippies to drive around the internet in a van looking for the criminal. Good luck with that.

At the end it is his fault at 99% , because he didn't set up the 2FA on his btc-e account. Now the unique way is to contact the support and his police station.

There is a trend here from 'hacked accounts' gambling site stole money cheated etc if they was true they would be very welcome but chances are they are not.

Always newbie accounts and that makes me take little no notice anymore, unlucky on losing that amount of money if i am wrong and you actually did however 'doubtful' but you deserved it keeping that amount of money on an exchange with no 2fa in the first place.

lol

BTW if you're still in doubt about 2FA you should check out the comments on the reddit post for this thread (someone submitted it to reddit):
http://www.reddit.com/r/Bitcoin/comments/2vv2ss/someones_complaining_on_bitcointalk_that_his_btce/

Almost all the comments mention the fact that you didn't use 2FA. You should be spending your time right now formatting your computer (or using another computer which is known to be clean) and then checking the security settings of all of your accounts.

If you really feel that 2FA is that stupid then so be it, it feels like you're impossible to reason with on this point. Don't let the fact that Google/Gmail, Facebook, Lastpass, Dropbox, Steam and dozens of other prominent websites rely and promote 2FA to help increase account security greatly change your mind.

A bitcoin exchange is not a bank. Bitcoin and cryptocurrency itself aren't defined as actual currency in most places.

On the topic of whose responsibility security is you should probably try to better familiarize yourself with the terms of services that you use when it comes to cryptocurrency:

source: BTC-E Terms & Conditions ( https://btc-e.com/page/1 )

Today is 2FA tomorrow is 4FA and so on. When I bring my money to bank they say to me what is modern and latest security! If my security measure was out of date they should warn me. Everybody should do what they are professionals in! I don't understand weather it is safe 2fA or not. But they are crypto exchange and they are professionals in it. If it is necessary to install it they should have warned me that my security is under threat

It's no better or worse than a wired connection.

You connection to whichever website you're visiting is due to HTTPS/SSL, not because you have a wire plugged into your computer. That's what public key cryptography is about, being able to exchange information along channels that other people can watch. If someone can break your security by watching your wifi connection, then public key cryptography is flawed. But, to the best of our knowledge, that's not the case yet.

Besides which, lets say you're connected to a site that's not secure. Supposing you live anywhere but a city with thousands of people around, do you think the greater risk to your security is going to be the kid who happens to be within snooping range of your wifi, or the dedicated hackers that are picking up the traffic flows to the insecure website you and hundreds or thousands of other people are visiting?

I've used wifi almost exclusively for 10 or maybe even 15 years now. I've traded stocks, bought mutual funds, filed taxes, bought and sold bitcoin litecoin prime coin, done all my online banking, though it, etc... From my house, from the coffeeshop, from the airport. Not a single penny has gone missing. What I do do is make sure that i'm connected to each site securely (look for the padlock... when in serious doubt, and this might be more of a stretch for some people, I've even SSH'ed to a free shell account just to double-check a keys fingerprint (usually at airports, honestly).

What the greater issue is, is how do you connect to things like your email? If you're connecting via port 110 (POP) or 143 (IMAP), your credentials, your emails themselves, everything, are being transmitted across the internet, through who knows how many routers that may or may not be up to date, all in clear text. And being that email access is how services authenticate us, that's the BIGGEST risk, right there, I think.

Sorry... I just think that the whole "don't use wifi, its not secure" thing is way overplayed...

You are to blame though, and if you think anyone else is or that anyone else's privacy should be compromised because you didn't take security seriously you are seriously deluded.

Why even bother with 1password if you don't even activate 2FA on an account that holds more than forty thousand USD?

Correct! That is the point! I think that they saw that I have a great amount an my account and took it and made me to be blame of not installing 2FA!
But if they know that not using it is not safe they should insist on using it!

I don't expect them to share the transactions or identity of the account, i just think it would be quite simple for BTC-E to work out the accounts which profited the most from the unauthorized transactions. perhaps monitor said accounts and maybe even suspend operation on those accounts. If btc-e put more effort into tracking the accounts of those who did things like this it would happen less often. they just let them continue though. I like btc-e, i do most of my trading there, but things like this piss me off, but so does people not using two factor authentication.

From what I understand the funds never left the user's account. As such, identifying people/persons who profited from these unauthorized transactions would require revealing other users transactions. This would constitute a major invasion of other user's privacy--this should not be investigated without a police/court order for very obvious reasons.

I sure as hell don't want my private transactions being shared with someone who didn't bother to use 2FA in the first place.