Pages:
Author

Topic: Why I am leaving MintPal (Read 3090 times)

legendary
Activity: 1428
Merit: 1001
Fucker of "the system"
October 10, 2014, 11:52:50 AM
#31
yea its fucked
member
Activity: 77
Merit: 10
October 10, 2014, 04:25:08 AM
#30
Since the migration I have missing btc deposits. Also I cannot login because it will not accept the 2fa code !!!!!!
sr. member
Activity: 386
Merit: 250
May 02, 2014, 09:36:09 AM
#29
Whats wrong with Mintpal ? i can't reach the website anymore  Huh


Nothing.  I'm logged on right now.
sr. member
Activity: 252
Merit: 250
May 02, 2014, 06:28:24 AM
#28
Whats wrong with Mintpal ? i can't reach the website anymore  Huh
hero member
Activity: 798
Merit: 500
Time is on our side, yes it is!
May 01, 2014, 10:00:40 PM
#27
Hate to say it but I get the feeling your security could have been better.  Not placing any blame just giving an opinion.   
member
Activity: 65
Merit: 10
May 01, 2014, 03:05:43 PM
#26


Seriously, if this is so "dumb", why reply posting? Plus, I am a developer, and I have been near backends. Anybody with an IQ of over 100 and access to the database could do this. If you would of read the rest, maybe you could answer B

If you ever develop anything coin related please let me know so I can stay the fuck away from it.
sr. member
Activity: 364
Merit: 250
April 27, 2014, 07:48:18 AM
#25
I would have told people also if WC went up.
sr. member
Activity: 294
Merit: 250
April 27, 2014, 02:37:43 AM
#24
If WC went up 5000% would you have done the same thing? Mintpal is the shit, only exchange besides Coinbase I trust.
sr. member
Activity: 448
Merit: 254
April 27, 2014, 02:32:53 AM
#23
Maybe they will, we shall see

Keep using MintPal, that is fine. I had an issue, and I know it is not my fault. I am out of MintPal because I don't want to get hurt on the larger scale.




Never have used them but i have dealt with people who make mistakes and then wanted someone else to pay for it.

Thats what im seeing right here.
sr. member
Activity: 364
Merit: 250
April 26, 2014, 07:53:34 AM
#22
Maybe they will, we shall see

Keep using MintPal, that is fine. I had an issue, and I know it is not my fault. I am out of MintPal because I don't want to get hurt on the larger scale.


sr. member
Activity: 448
Merit: 254
April 26, 2014, 03:12:02 AM
#21
Quote
someone, either an attacker or insider at MintPal has come up with a way to do transactions on behalf of customers

Well, all they need is access to the database and the logs. They access the Database, find the password, log in, and complete the trade. They then log out, change the logs, and they are done.


This is so dumb that didn't bother reading the rest; you have obviously never been near the backend of any kind of web application or you'd know that:

A) Passwords are never stored in plain text, especially in a high security situation such as a bitcoin exchange.

B) If "all they had" was direct access to the database...why would they need your password?  And why would they do a single trade on your account with amounted to losing you what like $20??

If the hackers had direct access to the database they could (or at least attempt to) clear out your entire balance and everyone else on the system.
They basically could do anything they want with your account without having to login or need your password.

I really hope such a thing as "KaChingCoin" does not actually exist if you are the "dev" for it.

+1 For basically all of that

Passwords in even only semi-secure sites are not stored in plain text.......

So no someone didnt grab your username, password and user agent from the DB, make a quick transaction for stuff all money and then cover their tracks.

If someone was that damned good they would have emptied the exchanges hot wallets not brought you shares that lost money.
sr. member
Activity: 364
Merit: 250
April 25, 2014, 09:08:47 PM
#20


Seriously, if this is so "dumb", why reply posting? Plus, I am a developer, and I have been near backends. Anybody with an IQ of over 100 and access to the database could do this. If you would of read the rest, maybe you could answer B
legendary
Activity: 1190
Merit: 1001
April 25, 2014, 08:29:47 PM
#19
Quote
someone, either an attacker or insider at MintPal has come up with a way to do transactions on behalf of customers

Well, all they need is access to the database and the logs. They access the Database, find the password, log in, and complete the trade. They then log out, change the logs, and they are done.


This is so dumb that didn't bother reading the rest; you have obviously never been near the backend of any kind of web application or you'd know that:

A) Passwords are never stored in plain text, especially in a high security situation such as a bitcoin exchange.

B) If "all they had" was direct access to the database...why would they need your password?  And why would they do a single trade on your account with amounted to losing you what like $20??

If the hackers had direct access to the database they could (or at least attempt to) clear out your entire balance and everyone else on the system.
They basically could do anything they want with your account without having to login or need your password.

I really hope such a thing as "KaChingCoin" does not actually exist if you are the "dev" for it.
sr. member
Activity: 364
Merit: 250
April 25, 2014, 05:26:02 PM
#18



Quote
someone, either an attacker or insider at MintPal has come up with a way to do transactions on behalf of customers

Well, all they need is access to the database and the logs. They access the Database, find the password, log in, and complete the trade. They then log out, change the logs, and they are done.

Quote
it's sophisticated enough to tamper with their server logs to the point of inserting the same user agent that the customer normally uses

Copy and paste from the previous log. Not that hard.

Quote
their attack happens only at the times when the customer is actually logged in

Two things could of happened here:

I logged in, and they were watching and completed the trade
They logged in and then changed the records to show I logged in

I could of logged in, I was off and on at that time, but either way.
Quote
they used this tool to steal… 0.06BTC?

Yes, a small amount, but it could be:

They were testing it on a smaller amount
Proof of Concept


Quote
You made a mistake and are now lying about it

Well, I would of complained about my loss on BC that was almost double that. I take full responsibility for that, because I placed the trade.
Quote
Your friend did the trade
Possible, but my friend does not know anything about Cryptocurrencies.
Quote
Your friend's computer is compromised with something that your antivirus doesn't detect
Possible, but Bitcoin related malware, on a computer's first time use for Crypto related stuff?

Quote
MintPal's software is buggy and they are inventing logs to cover this up

Possible, but I think the logs were real and they were compromised.
Quote
MintPal has an insider doing fraud and they are inventing logs to cover it up

This is what I think, but that the logs exist and they were compromised.
Quote
MintPal was compromised by an outside attacker and they are inventing logs to cover it up
Possible, but I think the logs were real and they were compromised.
Quote
It's good that you reported it here though as it's probably the only way that people experiencing similar issues will ever find out that they're not alone.

Thanks  Wink Also, if it was a MintPal employee, if they see this it might scare them away from doing another "trade".


full member
Activity: 154
Merit: 100
April 25, 2014, 02:54:50 PM
#17
So you're saying that:

  • someone, either an attacker or insider at MintPal has come up with a way to do transactions on behalf of customers
  • it's sophisticated enough to tamper with their server logs to the point of inserting the same user agent that the customer normally uses
  • their attack happens only at the times when the customer is actually logged in
  • they used this tool to steal… 0.06BTC?

Assuming you and your friend are 100% honest then don't you think it is far more likely that your browser is infected with some sort of malware that automatically kicks off transactions and withdrawals?

Anything else implies a lot of effort or a conspiracy for very very little reward.

If more people start popping up with similar stories then it could be more likely that there's something wrong at MintPal, but until then in my opinion the balance of probability is something like this in order of decreasing likelihood:

  • You made a mistake and are now lying about it
  • Your friend did the trade
  • Your friend's computer is compromised with something that your antivirus doesn't detect
  • MintPal's software is buggy and they are inventing logs to cover this up
  • MintPal has an insider doing fraud and they are inventing logs to cover it up
  • MintPal was compromised by an outside attacker and they are inventing logs to cover it up

I appreciate that you say #1 and #2 are completely impossible and that you believe that #3 is not the case, but unless other people are also experiencing similar issues then anything but #1-#3 seems very unlikely.

It's good that you reported it here though as it's probably the only way that people experiencing similar issues will ever find out that they're not alone.
full member
Activity: 196
Merit: 100
April 23, 2014, 11:01:44 PM
#16
Just hold your WC.

Give it a few weeks, and be glad that you accidentally pressed the button.
sr. member
Activity: 364
Merit: 250
April 23, 2014, 05:44:39 PM
#15
Hello all!

I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.

Personal answer to each of you:

coiner8:

Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.

Wolf_Pack:

Security issue? Look at the news at the top of this site.

Quote
♦ Due to the OpenSSL heartbleed bug, changing your forum password is recommended.

I got hit by that before I was able to change it.

Bit_Happy:

Suit yourself!

MrWDunne:

That is not true, but believe what you want.

Rulishix:

I believe this was a server error on there end, but yes, I agree.



Why do you feel that yourself being hacked entitles you to a reimbursement of any sorts?


I don't feel I was hacked. I think this was a server error on there end.

The support gave you session information, including the user agent and the exact data and time that the requests were sent. If this was serverside the requests would not have been sent.

Records can malfunction, they can be forged.

I am not saying this is what happened, but the agent could have been lying.
sr. member
Activity: 322
Merit: 250
April 23, 2014, 05:39:08 PM
#14
Hello all!

I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.

Personal answer to each of you:

coiner8:

Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.

Wolf_Pack:

Security issue? Look at the news at the top of this site.

Quote
♦ Due to the OpenSSL heartbleed bug, changing your forum password is recommended.

I got hit by that before I was able to change it.

Bit_Happy:

Suit yourself!

MrWDunne:

That is not true, but believe what you want.

Rulishix:

I believe this was a server error on there end, but yes, I agree.



Why do you feel that yourself being hacked entitles you to a reimbursement of any sorts?


I don't feel I was hacked. I think this was a server error on there end.

The support gave you session information, including the user agent and the exact data and time that the requests were sent. If this was serverside the requests would not have been sent.
sr. member
Activity: 364
Merit: 250
April 23, 2014, 05:36:28 PM
#13
Hello all!

I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.

Personal answer to each of you:

coiner8:

Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.

Wolf_Pack:

Security issue? Look at the news at the top of this site.

Quote
♦ Due to the OpenSSL heartbleed bug, changing your forum password is recommended.

I got hit by that before I was able to change it.

Bit_Happy:

Suit yourself!

MrWDunne:

That is not true, but believe what you want.

Rulishix:

I believe this was a server error on there end, but yes, I agree.



Why do you feel that yourself being hacked entitles you to a reimbursement of any sorts?


I don't feel I was hacked. I think this was a server error on there end.
sr. member
Activity: 322
Merit: 250
April 23, 2014, 05:35:32 PM
#12
Hello all!

I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.

Personal answer to each of you:

coiner8:

Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.

Wolf_Pack:

Security issue? Look at the news at the top of this site.

Quote
♦ Due to the OpenSSL heartbleed bug, changing your forum password is recommended.

I got hit by that before I was able to change it.

Bit_Happy:

Suit yourself!

MrWDunne:

That is not true, but believe what you want.

Rulishix:

I believe this was a server error on there end, but yes, I agree.



Why do you feel that yourself being hacked entitles you to a reimbursement of any sorts?
Pages:
Jump to: