yea its fucked
Topic: Why I am leaving MintPal (Read 3068 times)
Since the migration I have missing btc deposits. Also I cannot login because it will not accept the 2fa code !!!!!!
Whats wrong with Mintpal ? i can't reach the website anymore 
Nothing. I'm logged on right now.
Whats wrong with Mintpal ? i can't reach the website anymore
Hate to say it but I get the feeling your security could have been better. Not placing any blame just giving an opinion.
Seriously, if this is so "dumb", why reply posting? Plus, I am a developer, and I have been near backends. Anybody with an IQ of over 100 and access to the database could do this. If you would of read the rest, maybe you could answer B
If you ever develop anything coin related please let me know so I can stay the fuck away from it.
I would have told people also if WC went up.
If WC went up 5000% would you have done the same thing? Mintpal is the shit, only exchange besides Coinbase I trust.
Maybe they will, we shall see
Keep using MintPal, that is fine. I had an issue, and I know it is not my fault. I am out of MintPal because I don't want to get hurt on the larger scale.
Keep using MintPal, that is fine. I had an issue, and I know it is not my fault. I am out of MintPal because I don't want to get hurt on the larger scale.
Never have used them but i have dealt with people who make mistakes and then wanted someone else to pay for it.
Thats what im seeing right here.
Maybe they will, we shall see
Keep using MintPal, that is fine. I had an issue, and I know it is not my fault. I am out of MintPal because I don't want to get hurt on the larger scale.
Keep using MintPal, that is fine. I had an issue, and I know it is not my fault. I am out of MintPal because I don't want to get hurt on the larger scale.
Quote
someone, either an attacker or insider at MintPal has come up with a way to do transactions on behalf of customers
Well, all they need is access to the database and the logs. They access the Database, find the password, log in, and complete the trade. They then log out, change the logs, and they are done.
This is so dumb that didn't bother reading the rest; you have obviously never been near the backend of any kind of web application or you'd know that:
A) Passwords are never stored in plain text, especially in a high security situation such as a bitcoin exchange.
B) If "all they had" was direct access to the database...why would they need your password? And why would they do a single trade on your account with amounted to losing you what like $20??
If the hackers had direct access to the database they could (or at least attempt to) clear out your entire balance and everyone else on the system.
They basically could do anything they want with your account without having to login or need your password.
I really hope such a thing as "KaChingCoin" does not actually exist if you are the "dev" for it.
+1 For basically all of that
Passwords in even only semi-secure sites are not stored in plain text.......
So no someone didnt grab your username, password and user agent from the DB, make a quick transaction for stuff all money and then cover their tracks.
If someone was that damned good they would have emptied the exchanges hot wallets not brought you shares that lost money.
Seriously, if this is so "dumb", why reply posting? Plus, I am a developer, and I have been near backends. Anybody with an IQ of over 100 and access to the database could do this. If you would of read the rest, maybe you could answer B
Quote
someone, either an attacker or insider at MintPal has come up with a way to do transactions on behalf of customers
Well, all they need is access to the database and the logs. They access the Database, find the password, log in, and complete the trade. They then log out, change the logs, and they are done.
This is so dumb that didn't bother reading the rest; you have obviously never been near the backend of any kind of web application or you'd know that:
A) Passwords are never stored in plain text, especially in a high security situation such as a bitcoin exchange.
B) If "all they had" was direct access to the database...why would they need your password? And why would they do a single trade on your account with amounted to losing you what like $20??
If the hackers had direct access to the database they could (or at least attempt to) clear out your entire balance and everyone else on the system.
They basically could do anything they want with your account without having to login or need your password.
I really hope such a thing as "KaChingCoin" does not actually exist if you are the "dev" for it.
Quote
someone, either an attacker or insider at MintPal has come up with a way to do transactions on behalf of customers
Well, all they need is access to the database and the logs. They access the Database, find the password, log in, and complete the trade. They then log out, change the logs, and they are done.
Quote
it's sophisticated enough to tamper with their server logs to the point of inserting the same user agent that the customer normally uses
Copy and paste from the previous log. Not that hard.
Quote
their attack happens only at the times when the customer is actually logged in
Two things could of happened here:
I logged in, and they were watching and completed the trade
They logged in and then changed the records to show I logged in
I could of logged in, I was off and on at that time, but either way.
Quote
they used this tool to steal… 0.06BTC?
Yes, a small amount, but it could be:
They were testing it on a smaller amount
Proof of Concept
Quote
You made a mistake and are now lying about it
Well, I would of complained about my loss on BC that was almost double that. I take full responsibility for that, because I placed the trade.
Quote
Your friend did the trade
Possible, but my friend does not know anything about Cryptocurrencies. Quote
Your friend's computer is compromised with something that your antivirus doesn't detect
Possible, but Bitcoin related malware, on a computer's first time use for Crypto related stuff?Quote
MintPal's software is buggy and they are inventing logs to cover this up
Possible, but I think the logs were real and they were compromised.
Quote
MintPal has an insider doing fraud and they are inventing logs to cover it up
This is what I think, but that the logs exist and they were compromised.
Quote
MintPal was compromised by an outside attacker and they are inventing logs to cover it up
Possible, but I think the logs were real and they were compromised.Quote
It's good that you reported it here though as it's probably the only way that people experiencing similar issues will ever find out that they're not alone.
Thanks
Also, if it was a MintPal employee, if they see this it might scare them away from doing another "trade".
So you're saying that:
Assuming you and your friend are 100% honest then don't you think it is far more likely that your browser is infected with some sort of malware that automatically kicks off transactions and withdrawals?
Anything else implies a lot of effort or a conspiracy for very very little reward.
If more people start popping up with similar stories then it could be more likely that there's something wrong at MintPal, but until then in my opinion the balance of probability is something like this in order of decreasing likelihood:
I appreciate that you say #1 and #2 are completely impossible and that you believe that #3 is not the case, but unless other people are also experiencing similar issues then anything but #1-#3 seems very unlikely.
It's good that you reported it here though as it's probably the only way that people experiencing similar issues will ever find out that they're not alone.
- someone, either an attacker or insider at MintPal has come up with a way to do transactions on behalf of customers
- it's sophisticated enough to tamper with their server logs to the point of inserting the same user agent that the customer normally uses
- their attack happens only at the times when the customer is actually logged in
- they used this tool to steal… 0.06BTC?
Assuming you and your friend are 100% honest then don't you think it is far more likely that your browser is infected with some sort of malware that automatically kicks off transactions and withdrawals?
Anything else implies a lot of effort or a conspiracy for very very little reward.
If more people start popping up with similar stories then it could be more likely that there's something wrong at MintPal, but until then in my opinion the balance of probability is something like this in order of decreasing likelihood:
- You made a mistake and are now lying about it
- Your friend did the trade
- Your friend's computer is compromised with something that your antivirus doesn't detect
- MintPal's software is buggy and they are inventing logs to cover this up
- MintPal has an insider doing fraud and they are inventing logs to cover it up
- MintPal was compromised by an outside attacker and they are inventing logs to cover it up
I appreciate that you say #1 and #2 are completely impossible and that you believe that #3 is not the case, but unless other people are also experiencing similar issues then anything but #1-#3 seems very unlikely.
It's good that you reported it here though as it's probably the only way that people experiencing similar issues will ever find out that they're not alone.
Just hold your WC.
Give it a few weeks, and be glad that you accidentally pressed the button.
Give it a few weeks, and be glad that you accidentally pressed the button.
Hello all!
I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.
Personal answer to each of you:
coiner8:
Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.
Wolf_Pack:
Security issue? Look at the news at the top of this site.
I got hit by that before I was able to change it.
Bit_Happy:
Suit yourself!
MrWDunne:
That is not true, but believe what you want.
Rulishix:
I believe this was a server error on there end, but yes, I agree.
I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.
Personal answer to each of you:
coiner8:
Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.
Wolf_Pack:
Security issue? Look at the news at the top of this site.
Quote
♦ Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
I got hit by that before I was able to change it.
Bit_Happy:
Suit yourself!
MrWDunne:
That is not true, but believe what you want.
Rulishix:
I believe this was a server error on there end, but yes, I agree.
Why do you feel that yourself being hacked entitles you to a reimbursement of any sorts?
I don't feel I was hacked. I think this was a server error on there end.
The support gave you session information, including the user agent and the exact data and time that the requests were sent. If this was serverside the requests would not have been sent.
Records can malfunction, they can be forged.
I am not saying this is what happened, but the agent could have been lying.
Hello all!
I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.
Personal answer to each of you:
coiner8:
Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.
Wolf_Pack:
Security issue? Look at the news at the top of this site.
I got hit by that before I was able to change it.
Bit_Happy:
Suit yourself!
MrWDunne:
That is not true, but believe what you want.
Rulishix:
I believe this was a server error on there end, but yes, I agree.
I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.
Personal answer to each of you:
coiner8:
Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.
Wolf_Pack:
Security issue? Look at the news at the top of this site.
Quote
♦ Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
I got hit by that before I was able to change it.
Bit_Happy:
Suit yourself!
MrWDunne:
That is not true, but believe what you want.
Rulishix:
I believe this was a server error on there end, but yes, I agree.
Why do you feel that yourself being hacked entitles you to a reimbursement of any sorts?
I don't feel I was hacked. I think this was a server error on there end.
The support gave you session information, including the user agent and the exact data and time that the requests were sent. If this was serverside the requests would not have been sent.
Hello all!
I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.
Personal answer to each of you:
coiner8:
Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.
Wolf_Pack:
Security issue? Look at the news at the top of this site.
I got hit by that before I was able to change it.
Bit_Happy:
Suit yourself!
MrWDunne:
That is not true, but believe what you want.
Rulishix:
I believe this was a server error on there end, but yes, I agree.
I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.
Personal answer to each of you:
coiner8:
Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.
Wolf_Pack:
Security issue? Look at the news at the top of this site.
Quote
♦ Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
I got hit by that before I was able to change it.
Bit_Happy:
Suit yourself!
MrWDunne:
That is not true, but believe what you want.
Rulishix:
I believe this was a server error on there end, but yes, I agree.
Why do you feel that yourself being hacked entitles you to a reimbursement of any sorts?
I don't feel I was hacked. I think this was a server error on there end.
Hello all!
I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.
Personal answer to each of you:
coiner8:
Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.
Wolf_Pack:
Security issue? Look at the news at the top of this site.
I got hit by that before I was able to change it.
Bit_Happy:
Suit yourself!
MrWDunne:
That is not true, but believe what you want.
Rulishix:
I believe this was a server error on there end, but yes, I agree.
I understand what you are all saying. I know for a fact I am not lying, but I understand if you think I am. I am just looking to watch out for other people, and that is why I posted this. If you do not want to believe, suit yourself.
Personal answer to each of you:
coiner8:
Chose what you want to believe. I know for a fact that I was the only one on that computer, and I did not enter the trade.
Wolf_Pack:
Security issue? Look at the news at the top of this site.
Quote
♦ Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
I got hit by that before I was able to change it.
Bit_Happy:
Suit yourself!
MrWDunne:
That is not true, but believe what you want.
Rulishix:
I believe this was a server error on there end, but yes, I agree.
Why do you feel that yourself being hacked entitles you to a reimbursement of any sorts?
Jump to: