Topic: WARNING Cryptostocks.com INVESTORS SECURITY FLAW (Read 17133 times)

I invested in Shrembeck fee shares and lost everything i bought a lot to. I thought when Mr. Shrem came back it would moon.Just checked on it but the website is now down and asking for .1 btc just to withdraw. im sure the price has crashed so low its not even worth that much.

I hope you are part of the cryptsy lawsuit. If u are a us citizen then you could have been.  I am part of the suit.  You cant sue and be a cryptsy shareholder though.  Paul has access to cryptostocks and has made trades of his stock. I think he might have been th person who stole my btc.  Maybe thats why I only put $25 in there but no matter it still sucks that my $ got straight jacked.

I lost quite an amount of BTC at Cryptsy, then found out about what's happening at cryptostock just makes me more and more skeptical to all this exchange sites.

Cryptostocks stole my BTC . Someone accessed my acct and withdrew entire balance.  This site has no cust service It is chinese so us residents have no recourse.   Plus paul the dbag Vernon has access to site the wanted embezzler  from Cryptsy ,  most likely he is stealing the money.  He probably bought the site.  continuing the cycle of owning fraudulent exchanges do not send any money to this site they are straight thieves. 

Wallet has been offline for a week  somebody got a glue whats happning?

CS is USA based? Its management is in China, so SEC has nothing to say, whatever they are doing. On the platform there are still up to ten good projects running.

THE END

https://www.cryptocoinsnews.com/sec-sends-inquiry-letters-hundreds-bitcoin-companies-unregistered-securities/

today i withdrew, no problem

Cryptostocks is working fine again. They fixed issues with withdrawals.

I just traded there yesterday and got my funds out without a problem. Also, trading volume got up again

c-cex.com but there are scams everywhere

Is cryptoctock no longer working? but they still seem to be working.

Date   Announcement   
10 Sep 05:37   Bug Fix - Unable to issue shares for a new listing   
18 Aug 07:02   Cryptostocks Email Service   
18 Aug 06:23   Listing SCRYPT put on trade stop   
05 Aug 07:37   Changes to Share Issues   
05 Aug 07:36   Changes to IPO Flag functionality   
05 Aug 07:33   Request deactivation of Yubikey and Google 2FA via email   
31 Jul 07:15   Upcoming changes to IPO Flag and additional share issues   
31 Jul 05:30   Bitcoin wallet is online again   
29 Jun 01:26   Non-delivered emails   
21 Jun 02:10   Email confirmations required for withdrawals

and also check the cryptsy shares. they seem to be still trading? Can anyone confirm definitively if they are still trustable and working?

Also is there any similar site where you can raise capital like in cryptostock.

Withdraw from cryptostocks isn't possible anymore

I tried to withdraw 0.05 BTC while i have 0.1 BTC available (without orders)

For more than two days:

"We're sorry, but something went wrong." in red.

I also get no reply's from cryptostock support

Alack, I double this.

I lost my authenticator code and I cannot log in...there is $100.00 there.

Hope you didn't have too much in your account. They are known to not respond to their e-mails, and one I sent them a few months ago has never been answered.

I have been emailing their support department at Crypto::Stocks... [email protected]

I have a log-in issue and I cannot get into my account. They do not answer the emails. It has be a few weeks now. I keep sending new emails asking them why they do not answer? They seem to be ignoring me or they are not reading their emails.

ES

why cryptsy is there?

Big Vern did not drink coffee? 

The magic sentence "We have been hacked". The money is gone....we are really sorry.

People it's a scam....don't you get it....wake up and smell the coffee!!!!

Heatherai and Wolftech were hacked by the same person on the same day.
How is that possible?
I'm getting tired of this.

from news report it was said that Vircurex is beijing-based company.

further more FAS guys said the owner of both of the platform in china , i saw his words on one of his thread here in this forum.

remark: FAS is a project on cryptostock, they said they located in USA, but obey chinese law. someone in thread asked why.

FAS answered that because cryptostock in china.... things like that.  you can search it on forum.

To judge if a project is legitimate or not??

What about knowing where your money goes? Who are the people behind the project? Do they have a face, an adress or just talk. Where can you go when they run with your money, with only a email adress that nobody responds to? Decentalized doesn't mean that they don't need to show that they are for real.  You have the stuff that they are after...MONEY, BTC, WHATEVER.... so you need to make your rules.

Cryptostocks is a Scam. The owner (Kumala), nobody knows who he is, where he lives....is it a man or woman??? Also the owns Vircurex. Vircurex went public on it's own exchange (VCX).

He took the money from his clients and nobody knows where to find this person....

Now you judge.... would you spent your money on a project that is listed on Cryptostocks....knowing thathe is a scammer??

sorry i can not agree with you on this point.

no matter exchange platform or crypto-token stock platform, they are not forum like bitcointalk,org where warn you with '' caveat emptor''.

they are doing business by means of charging 2 or 1 bitcoin from project owners for listing.

people do business for money, but money is not everything that humanity in pursuit of.

It's the responsibility of the buyer to judge if a project is legitimate or not. Cryptos are decentralized, so there's no police to do the job for us, nor do Cryptostock have the ressource to do that. Beside, what could they do in this anonymous environment?

what you said sounds reasonable.

but problem is the scam project there, such as ALTSWAP or DIGIMINE. only stop trading is enough? how about the loss of investors?

cryptostock as platform has zero resposibility on these kind of shit? I doubt.

another problem is due to Vircurex problem recently as we all know.....

although i still trade small amount there rightnow but i already quit idea to list my project there.  

Trading on Cryptostocks seems less risky to me than trading on exchange, because most of the funds involved there are held by the projects creator. And if you invest with them, it's because you have good reasons to trust them. Even if Cryptostocks failed completely, the projects owners still have a way to contact you. Although, indeed, it's probably not a good idea to keep a lot of unused BTC there.

I think Cryptostock.com is not a qualified exchange as it did.
Such as the labcoin scam, when the BTC-TC closed , the community ask Sam to show some evidence that Labcoin is a real work.
But Sam did nothing, and Cryptostock.com just let it trade with no evidence.
When labcoin scam exposed, Cryptostock says nothing just stop the trading.
So trade in Cryptostock.com is a terrible idea.

Yeah, we need to find this guy and set an example for all the wannabe scammers....  Can't we get info from the hosting company ( GODADDY.COM ) 

Check out the developers log on Cryptostock.  Kumala posted regularly until Feb 1 - nothing since.
I'm curious, has anybody on this thread heard from Kumala in the last month?

BTW, Vircurex went public on it's own exchange (VCX).  Want to see how that's going?  Check out the link below.  Kumala got the scamming hat-trick.

https://bitcointalk.org/index.php?topic=140700.60

mark

I can personally attest to it.  When Kumala realized he couldn't repay his hacked funds, he allowed select people to retrieve their funds.  That dried up his wallet.  When he realized he needed more funds to make himself and his friends whole, he surreptitiously allowed traders to deposit and trade but generated an error when you tried to withdraw.  For almost a week, he encouraged trades then stole the funds under the guise of a technical error.  Those funds were then given to himself and his friends and accounts were frozen.

If you don't believe me, go ahead and contact him to ask about it.  He won't reply.  His last post on bitcointalk was almost a month ago.  Does that sound like someone still in the game?

I traded BTC for almost 450 LTCs on March 21st.  Kumala accepted my funds, allowed the trade, then generated a system error when I tried to retrieve them a few minutes later.  The total time my funds were on Vircurex was less than 45 minutes.  For people who traded during this time period, Kumala is not holding your coins - he stole them.  He took them knowing full well you would not get them back then gave them to insiders to protect himself.  I have reached out to Kumala both on this site and Vircurex and he's not replying.  I know he logs on every single day so he sees the messages.  The hacking problems with his accounts many months ago do not warrant criminal behavior on his part.

I am committing a total of 450 LTCs (the amount he stole from me) as bounties in order to get information about Vircurex and Kumala, specifically.  I already know some important things but want to learn as much as I can.  He can be held civilly liable, but more importanly, criminally liable.  

If you have any information that can help me prosecute Kumala (personal info, anecdotes, evidence), contact me and give me the nature of what you have.  We can then negotiate a bounty for the actual information.  I will eventually share everything I learn publically on this board.

If anyone wants to contribute their own bounty, let me know and I'll include you in the process.  I don't want your coins.  I'll just include your bounty information and you'll be responsible for delivering the bounty as you see fit.

Flying to Kumala's current location and knocking at his residence?  Yes, I am one of those guys.  My passport is in my top drawer and I'm ready to go.  Had Kumala intended on making good eventually, he wouldn't have stolen trade deposits to pay off himself and silence his friends.  

Please contact me ASAP with the nature of any information you think is valuable.

Well then please disclose it

I have the prove in my hands...

and have a look overhere:  https://bitcointalksearch.org/topic/m.5966415

You have been warned!!!

Nonsense. Being legit and collecting fees is way more profitable for them in the long term than stealing a few BTC and jeopardizing their reputation.

BE AWARE ..... CRYPTOSTOCKS.COM IS A SCAM!!!!!!

They are the owners of VIRCUREX.COM.

They took the money from the people who where trading there, they will do the same here!!!!

YOU HAVE BEEN WARNED!!!!!

Don't put your money in the hands of persons you don't know!!!

Setup a password pin on your phone for security

I was not use GA (I am afraid  losing my phone)
The hacker  changed my password.I don't know How could do it.
My email's password was not be changed, so I used my mail changed my cs's password.

Now I used GA.

the hacker is :

------------------------------------my email:

Dear voxblake2013,

You have withdrawn 485910.0 DVC to address 1BwEXLmnb2PvFH2shMCBwCCNubAyJBmBNV

Thanks for using Cryptostocks for your trading activities
Your Cryptostocks Team


----------------------------------------------------dvc block explorer
Balance: 16534240 DVC
Transactions in: 7
Received: 17020125 DVC
Transactions out: 1
Sent: 485885 DVC
Transactions

Transaction   Block   Approx. Time   Amount   Balance   Currency
b5c5f191ae...   129143   2014-03-10 11:05:57   1702236   1702236   DVC
c6408bb24a...   129145   2014-03-10 11:18:44   11999975   13702211   DVC
cbbcc92a0d...   129146   2014-03-10 11:26:48   655407   14357618   DVC
faccab74cf...   129146   2014-03-10 11:26:48   1407525   15765143   DVC
009abe623d...   129149   2014-03-10 11:58:45   605272   16370415   DVC
8de09a9aa4...   129149   2014-03-10 11:58:45   163825   16534240   DVC
3a4093d116...   129207   2014-03-10 23:20:37   485885   17020125   DVC
d207c8383e...   129260   2014-03-11 10:44:25   (485885)   16534240   DVC

Highest return in the industry... Can you multiply 0.04% by ZERO.

I'd be surprised if they'd have been removed at all. ALTSWAP and the gang are still there.

Another cancer. They've made 11 separate announcements since the 9th all basically saying "BUY ME, BUY ME!", I'm surprised they haven't been removed yet.

What a joke this guy is, their website look like a 12yo made it.

They use the name cryptoworld all over, yet their domain is cryptowrld.com without the 'o'.

On their website it show @cryptoworld.

Crypto::stocks seems to be a losing proposition all around.  Now P2PDVC asset is turning out to either be another scam, or yet another "hacked" account.  This is completely unprofessional either way.

Would it even really matter if you had 2FA? Cause if you're using 2FA wouldn't you likely have the login auth sent to your email anyway? Thus if they have access to e-mail they can get the auth then.
Then again if you are using a site/email that is this important your password needs to be pretty much un-bruteforceable, not just "smokeweed555" but rather like "diu@E3O-)SvV1!n^mk#9iPz$"
*shrug*
I bought some shares of Altswap a while back thinking it showed promise but watching the launch deadline come and go a month ago does not bode well, glad it wasn't much.
But, as a project co-owner on cryptostocks, I can say this doesnt help people feel safe about using the exchange :/

FIREMINE, MINECO, and ALTSWAP exceptionally high scam-probability.  Avoid at all costs!!

Yes they need to improve there customer relationship.

The owner of Cryptostocks is Kumala https://bitcointalksearch.org/user/kumala-41776 last logged in March 05, 2014, 03:30:37 PM on this forum so you should be able to reach him by PM here on bitcointalk to if you need to get in touch with him.
Kumala is also the majority(70%) owner of Vircurex exchange. I did read somewhere that Cryptostocks is under Vircurex as in owned by Vircurex/registered under it, if that is the case you probably have a few hundred small partial owners of Cryptostocks to in the form of shareholders in Vircurex but i haven't seen Kumala either confirm or deny whether Vircurex owns Cryptostocks. But in either case Kumala is the one running the ship on those two company's.

The sooner that people stop using Cryptostocks, the better. When scams are discovered on Cryptostocks, the 'contract' levels drop from White/Gray/Black, then there is a trade stop, and then the stock is delisted so that the 'projects' page isn't filled up by the numerous scams that have been perpetrated there.

Labcoin? Delisted and gone. Scrypt Asic International? Delisted and gone. Litecoinbank.org? Delisted and gone. The place requires 1BTC and no verification for someone to list a security - it shouldn't be that much of a surprise that scams abound there.

Cryptsy and Cannabit are the ONLY stocks that anyone should be looking at there - don't even think about the others and the new ones. If a stock on Cryptostocks doesn't even have a bitcointalk thread? Forget about it.

Cryptsy gets a pass because of how big it is (and was verified by the announcement directly on Cryptsy).

Don't use Cryptostocks, Kumala could care less about people getting scammed.

There's no doubt that FIREMINE/ALTSWAP/MINECO is a scam and it's unbelievable that CS allow them to keep going, one second they claim to have been hacked, the next they are leaving CS and after that they try to promote there next scam MINECO, can CS/Kumala please be kind and explain exactly what's going on there.

1) The know kickbacks Kumala/Cryptostocks gets is 1 btc per listed project so 3 btc from this obvious scammers listings.

2) 0,15% from both sides on bought/sold shares so before the mess started in altswaps listings maby 35 btc*0,003=0,105 btc from altswap and 63 btc*0,003=0,189 btc from firemine Mineco seems to have sold 150 shares so 7.5 btc*0,003=0,0225 btc the rest of the 5020 must be a few that transfered over shares but i look more likely that it's alswaps way of scamming investors from the dividend that they now pretend to be paying some of, but in reallity most of it is probably going back to themselfs throu accounts they control witch would be breaking Cryptostocks rules as the issuer is not allowed to get dividend on the shares they have in there possestion.

Each transfer(not per share as far as i understand it) Cryptostocks take a fee of 0.005btc*2(both the one trading in and the issuer pays that) for. The 0.01 per stock that firemine announced for traing in firemine to mineco goes to firemine.

Each withdrawal Cryptostocks charge 0.005 btc for.

If Cryptostocks actually takes bribes to let actual and obvious scams to carry on scamming people on there exchange i don't know, hopefully not.
 

I agree that it's possible that cryptostocks might be getting kickbacks.

When we created our account, immediately we sent all our information for verification.  Even with all this going on we still have not received anything back from cryptostocks.  We send image for the home page to be recognized more, but all the miners images get posted such as COIN which disappeared within  a few days.

It makes it extremely difficult to start an legitimate IPO, when the service you selected is doing nothing to protect from these scams.

Cryptostocks owner, (I am assuming one person) need to improve the customer relationship or it a sinking ship.

Yeah, I couldn't agree more. It brings down the integrity of the whole exchange. I have a very limited amount of stock on CS now, mostly because the quality of companies are so poor. I'll being moving out of those asap. Havelock, at least from my experience seems to quality check the companies that they exchange a little more thoroughly. 

Could not agree with this gentleman more.  Obvious firemine, mineco, and altswap are a singular scam effort at this point.  These are only a few in a long-line of scam-shares that have been posted on CS.  The fact that the CS admin can lead one to only one of two conclusions:
1.) Some sort of obvious kick-back in the aftermath of each scam
2.) Admin is earning so much with transaction fee's he figures, if it ain't broke (insofar as to what it earns me) why fix it? 

What the hell is going on.  It's obvious at this point that FIREMINE/ALTSWAP/MINECO/maybe others?  Are a SCAM!!!  This "hack" has nothing to do with cryptostocks, altswap is just trying to rip all of us off by dumping all the shares they have to clean up the order books and abscond with the money.  They even went so far as to issue 100000 more altswap shares to clear the really low buy orders out.  What is more absurd is that their mineco is still listed, and being traded!  All of these listings have the same owner "[email protected]".  This is freaking absurd.  Why hasn't cryptostocks come here to a) Refute claims that they are easily hacked and b) Warn traders about this OBVIOUS SCAM!?!?

After seeing this thread I lost 0.12 BTC to altswap assuming they were acting in good faith.  Had cryptostocks been paying any damned attention to how altswap is manipulating their system, they would have halted trading on these SCAM stocks immediately and refunded as many traders as they could out of ALTSWAP's account balance.

Scammers will be scammers, but cryptostocks.com making no attempt at all to monitor and resolve this situation makes me extremely weary of their service.

lol thats funny coming from someone running a lottery.  what a fucking con job.

So what is going on with FireMine? I cannot upgrade my shares...it says under trade-in that I am allowed max 0 shares. I have 16 shares...

We do live by what we say.  

We have sent everything into Cryptostocks that they required, beyond that, it's in their hands.  Once we get the added information from them, we are sure things will get updated.

Yes, we re-posted, felt it needed to be said again.


*********************
Thy:

Would you not agree that most (if not all) mining stocks are scams?
It's unbelievable that hundreds of BTC BTC are getting tossed into these.

All we wanted to point out is more due diligence need to be taken.

Foremost, I am the President/CEO of PM Poker, SA, which owns Quinto BTC.

Seeking investors for a Bitcoin business is extremely difficult, given the bad press on Bitcoin.  So it seems the most logical solution would be to seek investors from the Bitcoin community; Bitcoin holders who are already aware of the digital currency and its present value. After reading favorable articles, I elected to use Cryptostocks to seek investors for my own company, Quinto BTC.  I would note though, that none of the articles I read mentioned anything about "Bitcoin mining".

As for all these claims of hacking and losing shares, ironic that it is only the mining stocks that have these issues.  When investors are sending funds to companies on Cryptostocks, they are doing so at their own risk, especially since Cryptostocks does not verify anyone's identity.  In my opinion, this should be an integral and mandatory process for every company seeking investors on Cryptostocks.  It would add some layer of protection for the investor, and would benefit Cryptostocks as well.

Security is critical, if accounts at Cryptostocks have 2FA, then reset password also requires this level of security.  Cryptostocks, please change this policy as soon as possible.

A little due diligence can still be done, so the investor can have more confidence that their investment is being used as publicized.  We've all seen/heard of the scammers who publicize an investment in a company, only to see that "company" spend 1BTC, then earn 90BTC, then disappear.  This is why due diligence is a must.  It's tempting to try the "get rich quick" scheme when investing, but you also have to understand that there are shady people ready and waiting to take those Bitcoin from you, and will employ every technique at their disposal.  "A fool and his money...", so to speak.
 
My point is: Be wise. Take your time to research the company before investing.
 
Is their information public on WHOIS?
When they give an address, is it verifiable?
Do you pick up the phone and call?
Can they actually produce a verifiable business license?
 
These steps may take a couple of days, but will be well worth it in the long run.
 
In closing, to everyone on Cryptostocks:  If it sounds like a "get rich quick" type of posting, step back, take a moment and ask yourself: Am I willing to lose what I put in?  If yes, then proceed with caution.  If no, do your due diligence.
 
Sincerely,
Steven Swanson,
President/CEO
Quinto BTC

FIrst off get your facts straight.  Im not the CEO of fasbit which you alreaday eluded to and as far as I know I am the first one to inform him at the very time i posted about the comprimise here.  Second  I am not aware of FASBIT e-mail being hacked, i was aware that ALTSWAP shareholders had a similar issue and that is why i posted here.  The only proof I have is my drained account and the confirmation emails in my e-mail account which show everything being sold off.   they didnt have access to my email.  the email to confirm the password reset was sitting in my inbox unopened.  Take your unintelligent trollish comments somewhere else.

So you have no proof that the site was in trouble.
You also have no proof that you were hacked.

You do know that fasbit ceo email HAS BEEN COMPROMISED as they admitted,
yet

you go around in every thread blaiming cryptostocks, as they did.

You are a moron.  Im not attempting to start panic and im not a CEO i am a regular shareholder and my shares are gone!!!!  Cryptostocks has a flaw somewhere.  The hacker didnt have access to my email account either.  the password reset e-mail was just sitting in my inbox still unopened as were every other automated e-mail that was sent in relation to it.    Go troll somewhere else!!!

read carefully:

They (fasbit/grid/mineco etc) have compromised their email account, or so they say. They are posting announcements right now, copypasted if you please, saying that the site was compromised. They have mentioned nothing on any of their products listings about their failure, nor they did so in any of their forums.

They are are attempting to start a panic in cryptostocks now, with those announcements.

I had all my FAS and GRID shares stolen last night on cryptostocks and the thief did not have access to my e-mail. 

I agree too- I don't have a lot of faith in this thing ever getting off the ground- and most likely they are probably aware of how much they've screwed things up and are looking for the exit. It's better that these operators get called out for some of these practices though, rather than silently getting away with things. Of course they may do a brilliant job, and make a superb exchange- lord knows that a good escrow service is actually something that would be really useful. Unfortunately, the chances of that are probably about 0.000001% right now.
Please, someone from Altswap come and correct me, or at the least post some notifications on the stock issue and a launch date that you are going to stick too.

I'm a shareholder as well and I agree with you.
But seriously... Come on.
Would I trade in a site which:
1) Is owned by a guy who couldn't even secure his own email
2) Launch is delayed for over a month with lame excuses and lies
3) Smells like a scam for quite a while now

The answer is no.
Crypto-traders is a small community and therefore the word of this will get out so this site is doomed to fail (and I will lose the 0.1 BTC I've stupidly spent on it).

Yes, well, I AM a stock holder, and what I'm saying is that it is up to Altswap to compensate shareholders for what has happened. The most straight forward thing to do would have been to put a full trade stop on shares straight after the security breach, and then for Altswap to buy back the shares that had sold in the meantime for the market price that they were sold for- covering a loss of a few BTC in order to correct the fidelity of the shares should be a given. Why this didn't happen I have no clue- you say that you couldn't have stopped trading? Why the heck not!?!
Instead what you are suggesting is that it is ordinary shareholders who absorb the loss- ie anyone that bought after the incident (a great deal of those who already most likely had holding from the IPO 0.005 price).
In a vacuum the 'math' as you put it is correct, but it does NOT compensate buyers who bought after the incident.
You say 'We don't set stock price, the buyers and sellers set stock price.' - well actually that's EXACTLY what you are proposing to do- to reset the stock price so that a great deal of people will loose out- all of whom ARE legitimate shareholders!
So here's an idea. Altswap needs to look at doing a share buyback to restore some faith in this project- not at 0.000001 but at a level in between- perhaps you can average the orderbook since the incident? This way 0.005 sellers will choose to keep hold of their shares, but later buyers can at least recoup some of their loss- Altswap will then hold a majority of shares again, and then be able re-sync the market through either a second IPO or holding onto these shares until after the site is launched.
Most importantly, launch the site, show value, and the value of the shares will increase accordingly.

Both Altswap and Firemine have been tradestopped and trade has been reopened again on both stocks before it had been announced on cryptostocks what had happened(there's still no announcement of it on cryptostocks).
That action alone will of course make the one that reopened trades, Altswap/Firemine and/or Cryptostocks responsible to compensate anyone that (during the time after trade was reopened) will become victim of loosing on the now announced partial split for buying stocks(above lowest sold price they will recalculate from on respective stocks).

No announcement had been made on either Altswap or Firemine's stock on Cryptostock by the way when they announced here how the fix/split should work and it still haven't been made so more shady business from there side.

Hold up.

I can't understand what half of you are asking.

Nothing is decided yet.  We have stock holders, and they vote.

The 5000x idea is correct.  Our shareholders bought stock at 0.005 for a total of 8000 shares
The account was compromised (by us?  are you crazy?  how would this help us?)  The other 42,000 shares sold at 0.000001 each.
0.000001 x 5000 = 0.005  

So that is the correct math.  Now if those stocks have since been sold for .00003 or 0.02 or 7 btc it makes no difference.  We don't set stock price, the buyers and sellers set stock price.  We first and foremost have to make this fair for the 8000 original shares. Everything else is secondary.  We can't just delete stocks or as you said, stop the sale.  That's not possible.  Welcome ideas

But again, we have shareholders, they will make the decision.

my question was answered .. they are NOT .. 5000x reduction in their value . .just dumped them off .. at a .12btc loss .. great ..

this.

The correct move would be recognition that you're using, and thereby enabling, a contemptible piece of crud (a fact well known to those actually in the bitcoin finance space), and full rectification. That includes taking time off to figure out how the decision that using and thereby enabling a contemptible piece of crud would be okay was made.

This is just madness! Why not put a trade stop on the stock if this was the plan? What about those who have bought in the last few days below 0.005 but well above 0.000001!

All shares will be reissued.

Basically 8000 shares were sold at 0.005btc ea.
42000 shares were sold (due to hack) at 0.000001btc ea.

Therefore since the shares at the correct price were 5000x that of those at the lowest price, all shares purchased at 0.005 will be given an additional 5000 shares per 1 owned.

The price of stock is determined by buyer demand so yes, those are safe to buy however, with 40.000,000 shares coming aboard, everything is a little wacky and unless you see them at a great deal, I'd steer clear.

https://cryptostocks.com/securities/80 are shares bought today legitamite?

I do appreciate the backing here guys, I really do.

Just want to set a few things straight because a few people are confused...

I'm Jeran, in charge of Customer Service.  I am also a stock holder who purchased shares like you all did at 0.005

The CEO is Seth, he has backroom access and is the account holder at cryptostocks.com

----  Someone here said that stocks were selling at 0.00001 or something.  I said no they aren't, and then went to check for myself.  I saw it was true and could not reach the CEO so I started thinking the worst that possibly Seth was selling off the remaining stocks. I had no backroom access and all I saw was the same thing.  I finally talked to Seth who said he had 2fA so there was no way that the stocks were selling that low and that there was a mistake.  He tried to log-in and couldn't and when sending service emails to crypto, was having all emails bounce back as spam.  He contacted me and asked me to email and see what had happened.

He then called me and said that there is a major flaw in the Crypto site regarding 2FA and overrides with new password.  It didn't seem believable to me, because he said someone must have got his email password, and I said surely it would take more than this.  So, I tested with my account which also has 2Fa, and all was proven true...

When clicking the link in the email and being taken to a new password screen, once you create your password, you are logged in, bypassing 2fa. The thief then went in and lowered the 42000 additional shares to about 0.000001.  The profit that he made was about 1 btc, he then withdrew it to a wallet.

Everyone should see the issue that a password reset should at least start a hold on 1. price change, 2. withdraw, but easiest would be, upon password reset, an auto logoff to where you must enter it all again including 2fa.

Thanks

I'm gonna have to say someone is spreading some FUD

buy all cheap fee,s now ( they cant roll it back any way lolk ) nom nom nom nom cheap fee,s

+1 on this

they can buypass everything buy just hacking your email witch is stupid as fuck

As you can see from the comments, you're the only one that thinks it makes sense.
I don't use gmail for my account on CryptoStocks which means I don't have 2FA on my email...
It doesn't make sense to allow access to an account through the lost password flow as it simply renders the whole point of 2fa useless on your site.

Please fix so we can feel safer with the funds we hold on your site.

Thanks

This is the stupidest shit I have ever read. The whole point of 2FA is to protect from keyloggers getting your password details on your computer including your email.

A common approach is for things like 2FA-resets to come with a mandatory waiting period between 1 and 4 weeks, during which a reminder email is sent periodically to the users email address informing them of the requested change and the waiting period remaining. This gives a user ample time to react before an attacker gains access to the account.

Right now, you make the users email security a single point of failure for the account-security of your website. It's not a good idea to have a single point of failure being something that is completely out of your control.

Wow an exchange this cheap.  Ill support this price 

buy buy buy

so should i buy this stock at this price? are they valid?

I say it again, Im not in design and development.  They are doing a reskin and we are looking at this weekend to drop the beta

Beyond all this...
If you want to see the stock price rerise the community needs to see some sort of progress on the site and not just a 15 minutes UI work as it is now.
You should have a working exchange now - put it up to see it, at least as a demo...
We need to see something to believe it isn't a scam

Why not have 2FA for withdrawals? And some sort of 7 or 14 day waiting period for 2FA disabling?

I think the Altswap/Firemine listings looks strange. For example the fact that they reused the webpage for those listings and how they haven't been very clear about what they actually mine with or what they buy for the investors money and some other things in how the contract was formulated, also the price they seems to have payed per GH and what each GH seems to be generating don't seem to make much sence, but with that beeing said:


If this is what happened it's a bad flaw in CS system that they should fix as soon as possible, the whole point with 2FA is to make it impossible for someone that may get access to an email/password from doing any harm, even CS should realize that and maby they should compensate the issuer at least partially for that and if the losses "only" were 1 btc there shouldn't be any problems for Cryptostocks to take that cost as they charge each company 1 btc to list at there site. But it's stll up to everyone to protect there emailadress so even if the 2FA don't work the way one can expect it to do it's not fully CS's fault. 

Cryptostocks support is known to take long time in most cases, some exceptions exists thou when they acted and fixed things within minutes/hours.


How Kumala is thinking here i can't see, he clearly haven't realized what the 2FA used on CS is for then and some email accounts dont even have the possibility to protect the email with 2FA. Kumala if someone have 2FA on at CS, then no one should be able to reset there password without access to both the email and the 2nd authentication used, they should not be able to log in, not be able to buy or sell anything and not be able to withdraw anything.

I think i read way back something about that CS was sending out a postcard after a week or two to those that wanted to advanced verification to verify that there address was real as a step in getting that advanced verification. Maby something similar could be done to make sure resets of 2FA or changing of password is done by the correct person, or maby have people register there accounts with 2 emailadresses and both emails would have to confirm a change of password or reset of 2FA there could also be an automatic delaying of the change by a week or two if someone wants to change password or reset 2FA to make things safer.



Edit reading what you said a bit closer
Shouldent you have seen pretty mutch directly that something was wrong, if someone changed your password your old one sholulden't work, how have you been able to log into CS up until recently if CS support diden't answer you for 2 days ?

Thanks!  It wasn't my email that was accessed and according to the CEO he must have been hit by a keylogger

This is not a flaw but a design (as it stands today). We must assume that the email address you are using with our site can be trusted, that is the very basic assumption that we must take. If someone has access your email then that person can also contact us from that email and ask us to do various activities to your account, e.g. we often get requests to reset the 2FA because the device is lost. We do so, based on the very same assumption, your email account is not compromised. Hence please implement some sort of 2FA on your email account. The email account is the weakest link in the chain and it needs to be protected accordingly.

In addition, we are planning to implement a 2FA reset function, and guess what it does? It sends you an email to confirm that action. Therefore, if an attacked has access to your email account he/she can request the 2FA reset as well.

Having said that, we are interested to further harden the security by implementing additional restrictions, e.g. delayed reset requests, withdrawal blocks for a period of time.   But all these are not solving the root cause, weak or compromised email accounts.
 

And again, I am not fucking with anyone about anything.  I operate honestly and if you'd like to talk to me, feel free to chat at altswap.com today, I am on chat all day.

He is not the owner but is helping a friend with the stock management.  Again, it isn't my email but the CEO's, regardless, he would have just run with all the money if he wanted, all of this mess accounts for a bitcoin worth of theft that we will cover. We may issue stock certificates and manage the stocks outside of cryptostocks because they diluted the shares.  We have a shareholder spreadsheet with those who bought at 0.000001 taken off.

So someone had access to your email? What kind of password did you have at your email?
Are you sure it is not the owner of the email shitting with you?
Did Altswap solve the firemine issue and the late announcemebts, or are you fucking with people to cover your asses?

EDIT: Did you guys address this? https://bitcointalksearch.org/topic/cryptostocksfiremine-another-listing-that-seems-to-have-taken-5-min-to-make-472265

Are you absolutely sure that the owner of the altswap email account IS NOT the firemine account?

That's pretty shocking. 2fa should be enforced on withdrawals, account login is not enough
2fa should be mandatory, reset should be a manual procedure, with verification required by requester and the process can take a long period to ensure a hacker can not make a quick getaway.

THIS IS SERIOUS

If you have stocks at cryptostocks, please read.

Long story short: Our companies stock was sold at pennies and we realized that someone gained access to the CEO account, lowered the price and sold all our remaining stock for pennies and cashed out about 1 bitcoin.  We could not figure out how they gained access but I just tested it and it is, in my opinion a very serious flaw yet I just got the answer from cryptostocks.com and they say it is not a flaw....  (see email below)

If someone has access to your email, despite you having 2fA set-up, they can click lost password, and then a new password link will be sent, when you click that link and make a new password, it logs you in and overrides or disables your 2FA!!!!

To me, this is an issue as our CEO felt safe since he had 2fA on but someone got into his email and that's all they needed.  SECURE YOUR EMAIL WITH LONG PASSWORDS IMMEDIATELY

I emailed cryptostocks for 2 days trying to get a response about this....  first email I got was the following:

Dear user, we are have quite a backlog of emails to answer and thus please bear
with us, we will surely come back to you but this might take a few days. We hope
to have completed the backlog by latest Monday next week.

Finally the addressed my concern by saying this....

Dear user, assuming that you have protected your email account (e.g. with 2FA) then this is not a flaw, you can only reset the password if you have access to the email account.

It is the same process as when you request 2FA reset (currently being implemented). We have to contact you somehow and that is by email, hence an email is send and if you click the link the 2FA will be disabled. Therefore it does not make sense to have a different approach for email resets.

==================================
Best regards
Your Cryptostocks Team

To me, there is no reason why if you click reset password, that it should not force you to re-sign in using 2FA?

Anyone?