ik_do



Offline



Activity: 522

Merit: 500







Hero MemberActivity: 522Merit: 500 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 12:17:04 PM #22 Quote from: FanEagle on February 14, 2015, 11:56:37 AM Quote from: ik_do on February 14, 2015, 11:43:35 AM Quote from: FanEagle on February 14, 2015, 11:40:42 AM and I'm still wondering how the hell they hacked into my email too.

The password I personally used was a complex one, but they still managed to enter and change it, and they even gone to my cex.io without issues and that password was one time used and they searched for any btc in it(luckily it was empty, I was only lurking there)

but still, they managed to reset some of many not bitcoin related websites/games password

But hell, I would never trust a website to hold 40K dollars, maybe only on my computer, inside a virtual machine.(If I break that virtual machine im damned to hell but, I would use that method.



Again if you're going to say your email address or any account was hacked please provide the following information:

-What operating system?

-What browser do you use?

-Were you using wifi?

-Were you using a wireless keyboard?

-Does anyone else use your computer (at ALL)?

-Do you share your wifi access with anyone else?

-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.

-Do you share the same password on ANY other service ANYWHERE?



Again if you're going to say your email address or any account was hacked please provide the following information:-What operating system?-What browser do you use?-Were you using wifi?-Were you using a wireless keyboard?-Does anyone else use your computer (at ALL)?-Do you share your wifi access with anyone else?-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.-Do you share the same password on ANY other service ANYWHERE?

Firefox

Yes

No

No, only me.

No

15 chars, it was a mix of latin word number and special chars.

No, that password was unique, at least for the email.



I'm still wondering why he requested password change of a game "Trion Worlds", of an empty cex.io account, and another account of stellarix(empty too) and all those passwords were differents.

Side Note, why he didn't asked to change passwords to my porn sites? maybe because they were all free accounts.

Windows 7FirefoxYesNoNo, only me.No15 chars, it was a mix of latin word number and special chars.No, that password was unique, at least for the email.I'm still wondering why he requested password change of a game "Trion Worlds", of an empty cex.io account, and another account of stellarix(empty too) and all those passwords were differents.Side Note, why he didn't asked to change passwords to my porn sites? maybe because they were all free accounts.

Using wifi isn't the greatest idea when money is at stake. Using wifi isn't the greatest idea when money is at stake.

ik_do



Offline



Activity: 522

Merit: 500







Hero MemberActivity: 522Merit: 500 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 12:20:50 PM #23 Quote from: monsanto on February 14, 2015, 12:07:24 PM Quote from: ik_do on February 14, 2015, 11:20:24 AM Quote from: redsn0w on February 14, 2015, 10:30:29 AM Quote from: Godzilla99 on February 14, 2015, 10:13:02 AM Quote from: Rannasha on February 14, 2015, 10:03:28 AM So you had $40K in your account and you didn't even set up 2FA?



Without 2FA there are so many ways an attacker can obtain your password.



If they have a thief inside a company, 2FA also will be hacked.

So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?

If they have a thief inside a company, 2FA also will be hacked.So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?

Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.

Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.

2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same.



Any service that runs without these basic features is just asking for money to be stolen.

2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same.Any service that runs without these basic features is just asking for money to be stolen.

btc-e does require email verification for withdrawals. Which is why this is probably OPs funds being stolen:





btc-e does require email verification for withdrawals. Which is why this is probably OPs funds being stolen:

So its more a case of unauthorized trades rather than OP's claim that "40 000 USD was stolen".



I guess it serves as a great lesson on why bothering to learn about 2FA (which takes about 2-3 minutes) could save your account from unauthorized access. Just because a mobile can also be hacked it doesn't make it any less useful of a security feature.



Another question I have is what email address/username was used in this situation, is it one that is shared among other websites of the same nature or was it a unique email address that was never actually used for email purposes?



If your email address even shows up on a Google search that means it is vulnerable. You should have a unique, unknown, unused (besides verification and sign up) email address/username that is not listed on any search engine to maximize security. If you don't have a unique username then you should have a super common one that shows up everywhere. So its more a case of unauthorized trades rather than OP's claim that "40 000 USD was stolen".I guess it serves as a great lesson on why bothering to learn about 2FA (which takes about 2-3 minutes) could save your account from unauthorized access. Just because a mobile can also be hacked it doesn't make it any less useful of a security feature.Another question I have is what email address/username was used in this situation, is it one that is shared among other websites of the same nature or was it a unique email address that was never actually used for email purposes?If your email address even shows up on a Google search that means it is vulnerable. You should have a unique, unknown, unused (besides verification and sign up) email address/username that is not listed on any search engine to maximize security. If you don't have a unique username then you should have a super common one that shows up everywhere.

ik_do



Offline



Activity: 522

Merit: 500







Hero MemberActivity: 522Merit: 500 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 12:31:57 PM #25 Quote from: user2 on February 14, 2015, 12:25:18 PM Quote from: ik_do on February 14, 2015, 12:20:50 PM

Another question I have is what email address/username was used in this situation, is it one that is shared among other websites of the same nature or was it a unique email address that was never actually used for email purposes?



If your email address even shows up on a Google search that means it is vulnerable. You should have a unique, unknown, unused (besides verification and sign up) email address/username that is not listed on any search engine to maximize security. If you don't have a unique username then you should have a super common one that shows up everywhere.



btc-e doesn't allow email-address as a login.



Edit: and they lock your account after 3 failed login attempt.

btc-e doesn't allow email-address as a login.Edit: and they lock your account after 3 failed login attempt.

Thanks for the info. The same applies though, if you share the same username between services then it is relatively easy for someone to then find your email address and then expand from that to find other information about you.



Anyone that engages with you in a conversation and provides a link could gather your IP address from your visit to said link (depending on what website it is obviously) or install malware directly onto your PC.



It is a good practice to use a VPS when using these sites to mask your true IP address at all times. Thanks for the info. The same applies though, if you share the same username between services then it is relatively easy for someone to then find your email address and then expand from that to find other information about you.Anyone that engages with you in a conversation and provides a link could gather your IP address from your visit to said link (depending on what website it is obviously) or install malware directly onto your PC.It is a good practice to use a VPS when using these sites to mask your true IP address at all times.

FanEagle



Offline



Activity: 1624

Merit: 1045







LegendaryActivity: 1624Merit: 1045 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 12:32:10 PM #26 Quote from: ik_do on February 14, 2015, 12:17:04 PM Quote from: FanEagle on February 14, 2015, 11:56:37 AM Quote from: ik_do on February 14, 2015, 11:43:35 AM Quote from: FanEagle on February 14, 2015, 11:40:42 AM and I'm still wondering how the hell they hacked into my email too.

The password I personally used was a complex one, but they still managed to enter and change it, and they even gone to my cex.io without issues and that password was one time used and they searched for any btc in it(luckily it was empty, I was only lurking there)

but still, they managed to reset some of many not bitcoin related websites/games password

But hell, I would never trust a website to hold 40K dollars, maybe only on my computer, inside a virtual machine.(If I break that virtual machine im damned to hell but, I would use that method.



Again if you're going to say your email address or any account was hacked please provide the following information:

-What operating system?

-What browser do you use?

-Were you using wifi?

-Were you using a wireless keyboard?

-Does anyone else use your computer (at ALL)?

-Do you share your wifi access with anyone else?

-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.

-Do you share the same password on ANY other service ANYWHERE?



Again if you're going to say your email address or any account was hacked please provide the following information:-What operating system?-What browser do you use?-Were you using wifi?-Were you using a wireless keyboard?-Does anyone else use your computer (at ALL)?-Do you share your wifi access with anyone else?-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.-Do you share the same password on ANY other service ANYWHERE?

Firefox

Yes

No

No, only me.

No

15 chars, it was a mix of latin word number and special chars.

No, that password was unique, at least for the email.



I'm still wondering why he requested password change of a game "Trion Worlds", of an empty cex.io account, and another account of stellarix(empty too) and all those passwords were differents.

Side Note, why he didn't asked to change passwords to my porn sites? maybe because they were all free accounts.

Windows 7FirefoxYesNoNo, only me.No15 chars, it was a mix of latin word number and special chars.No, that password was unique, at least for the email.I'm still wondering why he requested password change of a game "Trion Worlds", of an empty cex.io account, and another account of stellarix(empty too) and all those passwords were differents.Side Note, why he didn't asked to change passwords to my porn sites? maybe because they were all free accounts.

Using wifi isn't the greatest idea when money is at stake.

Using wifi isn't the greatest idea when money is at stake.

And no, I'm not OP so they can even steal my password of my wallet, there is 0 in it. To be precise: I missinterpreted your question about wifi, im connected with the cable to my router, but can do wifi aswell. sorryAnd no, I'm not OP so they can even steal my password of my wallet, there is 0 in it.

ik_do



Offline



Activity: 522

Merit: 500







Hero MemberActivity: 522Merit: 500 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 12:50:52 PM #28 Yes I realized you and OP were separate but I asked because most people jump onto websites saying "oh no everything has been stolen" and then don't provide any information about the situation.



All we know about the original poster so far is that he didn't even have 2FA enabled, my other questions would help readers understand what other factors could have contributed to the unauthorized access of his account.



If people want to blame particular services/exchanges then that is their right, but in doing so they should at least present their side of the story in a transparent manner and let readers know all possible contributing factors to their situation before trying to point the finger at an "inside job". I believe they can answer all the questions I've asked without compromising their personal privacy too, so there is no excuse to not provide this basic information to us, it just serves as a detriment to people who may want to investigate security issues now or at any time in the future.



As a community we should also be noting down the shortcomings of particular exchanges--part of this relies on knowing the customers side of the story too.



If they did take every conceivable precaution (such as activating 2FA, running regular antivirus/malware scans etc etc) then I wouldn't even need to ask these questions. As it is, anyone who is reading this thread and doesn't have 2FA enabled for their accounts should be dedicating the next few minutes of their life to start using it.

Godzilla99



Offline



Activity: 28

Merit: 0







NewbieActivity: 28Merit: 0 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 12:53:32 PM #29 Quote from: ik_do on February 14, 2015, 11:16:40 AM Before you go assuming your mac is perfect and your password alone is enough to protect you--it isn't. I've seen macs firsthand with viruses. Nowadays visiting a single website is enough to completely compromise your system.



My opinion:

-Not having 2FA enabled = asking for money to be stolen

-Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen

-Acting as if macs can't get viruses = asking for money to be stolen

-Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen

-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc)



My questions (please answer all of these so we can see what factors may have attributed to this situation):

-Were you using wifi? -

-Were you using a wireless keyboard?

-What browser do you use?

-Does anyone else use your computer?

-Do you share your wifi access with anyone else?

-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters.

-Do you share the same password on ANY other service ANYWHERE?



Regardless of you being slightly naive (my personal opinion anyway) with a lot of these, this service should still be assisting you (once they have identified you are the legitimate account holder).



-Not having 2FA enabled = asking for money to be stolen - 2FA is safier probably (But there are cases when it is also hacked) if they don't demand it How can I know what other security measures were done. I can't know about them I do my business they do there. Safety of my money it is there business. All bitcoins is a question of trust! I chose to trust btc-e because I had to make such a choice otherwise I wouldn't earn my 40 K

-Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen - Where to keep 40 - Where to keep 40 k in bitcoins considering that exchange rate of the bitcoin can make 20 % a day?

-Acting as if macs can't get viruses = asking for money to be stolen - It can but I've checked it has not!

-Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen

-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc) - 2FA can be hacked as well as https if they mean that the password was stolen through that door, especially if an employee envolved.



My questions (please answer all of these so we can see what factors may have attributed to this situation):

-Were you using wifi? - Rarely most of the time I use private modem

-Were you using a wireless keyboard? - never

-What browser do you use? - tor over vpn

-Does anyone else use your computer? - no

-Do you share your wifi access with anyone else? - no

-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters. - of cause my passowrd is made by 1password

-Do you share the same password on ANY other service ANYWHERE - never -Not having 2FA enabled = asking for money to be stolen --Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen --Acting as if macs can't get viruses = asking for money to be stolen --Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc) -My questions ():-Were you using wifi? - Rarely most of the time I use private modem-Were you using a wireless keyboard? - never-What browser do you use? - tor over vpn-Does anyone else use your computer? - no-Do you share your wifi access with anyone else? - no-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters. - of cause my passowrd is made by 1password-Do you share the same password on ANY other service ANYWHERE - never

ik_do



Offline



Activity: 522

Merit: 500







Hero MemberActivity: 522Merit: 500 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 12:54:53 PM #30 Quote from: elasticband on February 14, 2015, 12:44:27 PM btc-e must be able to see where the majority of those funds went. things like this piss me off, they continually refuse to work with customers in situations like this........



From what I understand the funds never left the user's account. As such, identifying people/persons who profited from these unauthorized transactions would require revealing other users transactions. This would constitute a major invasion of other user's privacy--this should not be investigated without a police/court order for very obvious reasons.



I sure as hell don't want my private transactions being shared with someone who didn't bother to use 2FA in the first place. From what I understandAs such, identifying people/persons who profited from these unauthorized transactions would require revealing other users transactions. This would constitute a major invasion of other user's privacy--this should not be investigated without a police/court order for very obvious reasons.

elasticband



Offline



Activity: 1036

Merit: 1000





Nighty Night Don't Let The Trolls Bite Nom Nom Nom







LegendaryActivity: 1036Merit: 1000Nighty Night Don't Let The Trolls Bite Nom Nom Nom Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 01:00:07 PM #31 Quote from: ik_do on February 14, 2015, 12:54:53 PM Quote from: elasticband on February 14, 2015, 12:44:27 PM btc-e must be able to see where the majority of those funds went. things like this piss me off, they continually refuse to work with customers in situations like this........



From what I understand the funds never left the user's account. As such, identifying people/persons who profited from these unauthorized transactions would require revealing other users transactions. This would constitute a major invasion of other user's privacy--this should not be investigated without a police/court order for very obvious reasons.



I sure as hell don't want my private transactions being shared with someone who didn't bother to use 2FA in the first place.

From what I understandAs such, identifying people/persons who profited from these unauthorized transactions would require revealing other users transactions. This would constitute a major invasion of other user's privacy--this should not be investigated without a police/court order for very obvious reasons.

I don't expect them to share the transactions or identity of the account, i just think it would be quite simple for BTC-E to work out the accounts which profited the most from the unauthorized transactions. perhaps monitor said accounts and maybe even suspend operation on those accounts. If btc-e put more effort into tracking the accounts of those who did things like this it would happen less often. they just let them continue though. I like btc-e, i do most of my trading there, but things like this piss me off, but so does people not using two factor authentication. I don't expect them to share the transactions or identity of the account, i just think it would be quite simple for BTC-E to work out the accounts which profited the most from the unauthorized transactions. perhaps monitor said accounts and maybe even suspend operation on those accounts. If btc-e put more effort into tracking the accounts of those who did things like this it would happen less often. they just let them continue though. I like btc-e, i do most of my trading there, but things like this piss me off, but so does people not using two factor authentication.

Godzilla99



Offline



Activity: 28

Merit: 0







NewbieActivity: 28Merit: 0 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 01:01:27 PM #32 Quote from: elasticband on February 14, 2015, 12:44:27 PM btc-e must be able to see where the majority of those funds went. things like this piss me off, they continually refuse to work with customers in situations like this........



Correct! That is the point! I think that they saw that I have a great amount an my account and took it and made me to be blame of not installing 2FA!

But if they know that not using it is not safe they should insist on using it! Correct! That is the point! I think that they saw that I have a great amount an my account and took it and made me to be blame of not installing 2FA!But if they know that not using it is not safe they should insist on using it!

ik_do



Offline



Activity: 522

Merit: 500







Hero MemberActivity: 522Merit: 500 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 01:07:01 PM

Last edit: February 14, 2015, 01:23:03 PM by ik_do #33 Quote from: Godzilla99 on February 14, 2015, 12:53:32 PM -Not having 2FA enabled = asking for money to be stolen - 2FA is safier probably (But there are cases when it is also hacked) if they don't demand it How can I know what other security measures were done. I can't know about them I do my business they do there. Safety of my money it is there business. All bitcoins is a question of trust! I chose to trust btc-e because I had to make such a choice otherwise I wouldn't earn my 40 K

-Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen - Where to keep 40 - Where to keep 40 k in bitcoins considering that exchange rate of the bitcoin can make 20 % a day?

-Acting as if macs can't get viruses = asking for money to be stolen - It can but I've checked it has not!

-Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen

-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc) - 2FA can be hacked as well as https if they mean that the password was stolen through that door, especially if an employee envolved.



My questions (please answer all of these so we can see what factors may have attributed to this situation):

-Were you using wifi? - Rarely most of the time I use private modem

-Were you using a wireless keyboard? - never

-What browser do you use? - tor over vpn

-Does anyone else use your computer? - no

-Do you share your wifi access with anyone else? - no

-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters. - of cause my passowrd is made by 1password

-Do you share the same password on ANY other service ANYWHERE - never



-Not having 2FA enabled because "it might be hacked" = inexcusable . You made the decision not to use an easy to use security feature, not your exchange. Safety of your cryptocurrency is 100% your business and 100% your responsibility--if you rely on anyone else for it you're probably going to get stung. It is a non-reversible transaction medium. Once someone can access your account with no safeguards in place, chances are slim that you will ever have recourse against said person.

-That is the risk you take if you want to make that kind of money--you should be using better account security if you have that much at stake.

-Viruses/malware/trojans can & do go undetected; someone who really wants to (especially when 40k is at stake) can easily write custom malware that is undetectable for a long time. This applies to all operating systems.

-Yes it may well be possible to hack 2FA, but you didn't have it enabled in the first place so making that sort of accusation is completely baseless. You can only make that claim when you have 2FA enabled in the first place. You didn't.



-If you've ever used your accounts over wifi it is possible someone has eavesdropped on your account details (although somewhat unlikely depending upon your exact situation)

-Tor nodes can monitor/sniff/save your traffic. I would think it is a better idea to use a reputable VPS provider than tor for financial transactions.

-Did you have 2FA enabled with your 1password account? If not then this is another possibility of where your password was copied from.



As much as I feel bad for you, the reality is your money was not stolen--you didn't use 2FA, someone used your account to create unauthorized transactions and you are now demanding the exchange reveal confidential transaction data of its other customers (who probably had 2FA enabled) without a court/police order?



Your thread title is inaccurate. Your money was not 'stolen'. You didn't use 2FA which helps to prevent unauthorized access. Someone gained unauthorized access to your account and made unauthorized trades. This can at least be partially attributed to your refusal to use 2FA, using Tor and a number of other factors that are completely outside of your exchange's control.



If btc-e actually cooperated and provided any information of other customers in this situation (without a police/court order) it would set an alarming precedent and I am sure they would lose many customers over it. -Not having 2FA enabled because "it might be hacked" =. You made the decision not to use an easy to use security feature, not your exchange.-That is the risk you take if you want to make that kind of money--you should be using better account security if you have that much at stake.-Viruses/malware/trojans can & do go undetected; someone who really wants to (especially when 40k is at stake) can easily write custom malware that is undetectable for a long time. This applies to all operating systems.-Yes it may well be possible to hack 2FA, but you didn't have it enabled in the first place so making that sort of accusation is completely baseless. You can only make that claim when you have 2FA enabled in the first place.-If you've ever used your accounts over wifi it is possible someone has eavesdropped on your account details (although somewhat unlikely depending upon your exact situation)-Tor nodes can monitor/sniff/save your traffic. I would think it is a better idea to use a reputable VPS provider than tor for financial transactions.-Did you have 2FA enabled with your 1password account? If not then this is another possibility of where your password was copied from.As much as I feel bad for you, the reality is your money was not stolen--you didn't use 2FA, someone used your account to create unauthorized transactions andYour thread title is inaccurate. Your money was not 'stolen'. You didn't use 2FA whichto prevent unauthorized access. Someone gained unauthorized access to your account and made unauthorized trades. This can at least be partially attributed to your refusal to use 2FA, using Tor and a number of other factors that are completely outside of your exchange's control.If btc-e actually cooperated and provided any information of other customers in this situation (without a police/court order) it would set an alarming precedent and I am sure they would lose many customers over it.

ik_do



Offline



Activity: 522

Merit: 500







Hero MemberActivity: 522Merit: 500 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 01:09:38 PM #34 Quote from: Godzilla99 on February 14, 2015, 01:01:27 PM Quote from: elasticband on February 14, 2015, 12:44:27 PM btc-e must be able to see where the majority of those funds went. things like this piss me off, they continually refuse to work with customers in situations like this........



Correct! That is the point! I think that they saw that I have a great amount an my account and took it and made me to be blame of not installing 2FA!

But if they know that not using it is not safe they should insist on using it!

Correct! That is the point! I think that they saw that I have a great amount an my account and took it and made me to be blame of not installing 2FA!But if they know that not using it is not safe they should insist on using it!

You are to blame though, and if you think anyone else is or that anyone else's privacy should be compromised because you didn't take security seriously you are seriously deluded.



Why even bother with 1password if you don't even activate 2FA on an account that holds more than forty thousand USD? You are to blame though, and if you think anyone else is or that anyone else's privacy should be compromised because you didn't take security seriously you are seriously deluded.

Godzilla99



Offline



Activity: 28

Merit: 0







NewbieActivity: 28Merit: 0 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 01:23:18 PM #35 Quote from: ik_do on February 14, 2015, 01:07:01 PM Quote from: Godzilla99 on February 14, 2015, 12:53:32 PM -Not having 2FA enabled = asking for money to be stolen - 2FA is safier probably (But there are cases when it is also hacked) if they don't demand it How can I know what other security measures were done. I can't know about them I do my business they do there. Safety of my money it is there business. All bitcoins is a question of trust! I chose to trust btc-e because I had to make such a choice otherwise I wouldn't earn my 40 K

-Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen - Where to keep 40 - Where to keep 40 k in bitcoins considering that exchange rate of the bitcoin can make 20 % a day?

-Acting as if macs can't get viruses = asking for money to be stolen - It can but I've checked it has not!

-Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen

-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc) - 2FA can be hacked as well as https if they mean that the password was stolen through that door, especially if an employee envolved.



My questions (please answer all of these so we can see what factors may have attributed to this situation):

-Were you using wifi? - Rarely most of the time I use private modem

-Were you using a wireless keyboard? - never

-What browser do you use? - tor over vpn

-Does anyone else use your computer? - no

-Do you share your wifi access with anyone else? - no

-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters. - of cause my passowrd is made by 1password

-Do you share the same password on ANY other service ANYWHERE - never



-Not having 2FA enabled because "it might be hacked" = inexcusable . You made the decision not to use an easy to use security feature, not your exchange. Safety of cryptocurrency is 100% your business and if you rely on anyone else for it you're probably going to get stung.

-That is the risk you take if you want to make that kind of money--you should be using better account security if you have that much at stake.

-Viruses/malware/trojans can & do go undetected; someone who really wants to (especially when 40k is at stake) can easily write custom malware that is undetectable for a long time. This applies to all operating systems.

-Yes it may well be possible to hack 2FA, but you didn't have it enabled in the first place so making that sort of accusation is completely baseless. You can only make that claim when you have 2FA enabled in the first place. You didn't.



-If you've ever used your accounts over wifi it is possible someone has eavesdropped on your account details (although somewhat unlikely depending upon your exact situation)

-Tor nodes can monitor/sniff/save your traffic. I would think it is a better idea to use a reputable VPS provider than tor for financial transactions.

-Did you have 2FA enabled with your 1password account? If not then this is another possibility of where your password was copied from.



As much as I feel bad for you, the reality is your money was not stolen--you didn't use 2FA, someone used your account to create unauthorized transactions and you are now demanding the exchange reveal confidential transaction data of its other customers (who probably had 2FA enabled) without a court/police order?



Your thread title is inaccurate. Your money was not 'stolen'. You didn't use 2FA which helps to prevent unauthorized access. Someone gained unauthorized access to your account and made unauthorized trades.



If btc-e actually cooperated and provided any information of other customers in this situation (without a police/court order) it would set an alarming precedent and I am sure they would lose many customers over it.

-Not having 2FA enabled because "it might be hacked" =. You made the decision not to use an easy to use security feature, not your exchange.-That is the risk you take if you want to make that kind of money--you should be using better account security if you have that much at stake.-Viruses/malware/trojans can & do go undetected; someone who really wants to (especially when 40k is at stake) can easily write custom malware that is undetectable for a long time. This applies to all operating systems.-Yes it may well be possible to hack 2FA, but you didn't have it enabled in the first place so making that sort of accusation is completely baseless. You can only make that claim when you have 2FA enabled in the first place.-If you've ever used your accounts over wifi it is possible someone has eavesdropped on your account details (although somewhat unlikely depending upon your exact situation)-Tor nodes can monitor/sniff/save your traffic. I would think it is a better idea to use a reputable VPS provider than tor for financial transactions.-Did you have 2FA enabled with your 1password account? If not then this is another possibility of where your password was copied from.As much as I feel bad for you, the reality is your money was not stolen--you didn't use 2FA, someone used your account to create unauthorized transactions andYour thread title is inaccurate. Your money was not 'stolen'. You didn't use 2FA whichto prevent unauthorized access. Someone gained unauthorized access to your account and made unauthorized trades.If btc-e actually cooperated and provided any information of other customers in this situation (without a police/court order) it would set an alarming precedent and I am sure they would lose many customers over it.

WHAT POLICE AND WHAT COURT DO YOU MEAN? WHAT COUNTRY A POLICE AND A COURT SHOULD BELONG TO?

NIGERIA? MAY BE COLUMBIA? RUSSIA?

IF THERE ARE NO CRYPTO EXCHANGES or CRYPTO BANKS responsible for the safety of the money the future of the project of BITCOIN is soon death! WHAT POLICE AND WHAT COURT DO YOU MEAN?WHAT COUNTRY A POLICE AND A COURT SHOULD BELONG TO?NIGERIA? MAY BE COLUMBIA? RUSSIA?IF THERE ARE NO CRYPTO EXCHANGES or CRYPTO BANKS responsible for the safety of the money the future of the project of BITCOIN is soon death!

ik_do



Offline



Activity: 522

Merit: 500







Hero MemberActivity: 522Merit: 500 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 01:30:34 PM #36 Quote from: Godzilla99 on February 14, 2015, 01:23:18 PM Quote from: ik_do on February 14, 2015, 01:07:01 PM Quote from: Godzilla99 on February 14, 2015, 12:53:32 PM -Not having 2FA enabled = asking for money to be stolen - 2FA is safier probably (But there are cases when it is also hacked) if they don't demand it How can I know what other security measures were done. I can't know about them I do my business they do there. Safety of my money it is there business. All bitcoins is a question of trust! I chose to trust btc-e because I had to make such a choice otherwise I wouldn't earn my 40 K

-Keeping 40k worth of money on a website that could disappear at any moment = asking for money to be stolen - Where to keep 40 - Where to keep 40 k in bitcoins considering that exchange rate of the bitcoin can make 20 % a day?

-Acting as if macs can't get viruses = asking for money to be stolen - It can but I've checked it has not!

-Using a service which doesn't send you an email to authorize every single transaction and then trusting said service with 40k USD = asking for money to be stolen

-"So everything was ready for the stealing." = you made it ready for stealing by not following basic security procedures (activating 2FA etc) - 2FA can be hacked as well as https if they mean that the password was stolen through that door, especially if an employee envolved.



My questions (please answer all of these so we can see what factors may have attributed to this situation):

-Were you using wifi? - Rarely most of the time I use private modem

-Were you using a wireless keyboard? - never

-What browser do you use? - tor over vpn

-Does anyone else use your computer? - no

-Do you share your wifi access with anyone else? - no

-How long is your password (roughly), is it a dictionary word? or is it a complicated set of numbers/letters. - of cause my passowrd is made by 1password

-Do you share the same password on ANY other service ANYWHERE - never



-Not having 2FA enabled because "it might be hacked" = inexcusable . You made the decision not to use an easy to use security feature, not your exchange. Safety of cryptocurrency is 100% your business and if you rely on anyone else for it you're probably going to get stung.

-That is the risk you take if you want to make that kind of money--you should be using better account security if you have that much at stake.

-Viruses/malware/trojans can & do go undetected; someone who really wants to (especially when 40k is at stake) can easily write custom malware that is undetectable for a long time. This applies to all operating systems.

-Yes it may well be possible to hack 2FA, but you didn't have it enabled in the first place so making that sort of accusation is completely baseless. You can only make that claim when you have 2FA enabled in the first place. You didn't.



-If you've ever used your accounts over wifi it is possible someone has eavesdropped on your account details (although somewhat unlikely depending upon your exact situation)

-Tor nodes can monitor/sniff/save your traffic. I would think it is a better idea to use a reputable VPS provider than tor for financial transactions.

-Did you have 2FA enabled with your 1password account? If not then this is another possibility of where your password was copied from.



As much as I feel bad for you, the reality is your money was not stolen--you didn't use 2FA, someone used your account to create unauthorized transactions and you are now demanding the exchange reveal confidential transaction data of its other customers (who probably had 2FA enabled) without a court/police order?



Your thread title is inaccurate. Your money was not 'stolen'. You didn't use 2FA which helps to prevent unauthorized access. Someone gained unauthorized access to your account and made unauthorized trades.



If btc-e actually cooperated and provided any information of other customers in this situation (without a police/court order) it would set an alarming precedent and I am sure they would lose many customers over it.

-Not having 2FA enabled because "it might be hacked" =. You made the decision not to use an easy to use security feature, not your exchange.-That is the risk you take if you want to make that kind of money--you should be using better account security if you have that much at stake.-Viruses/malware/trojans can & do go undetected; someone who really wants to (especially when 40k is at stake) can easily write custom malware that is undetectable for a long time. This applies to all operating systems.-Yes it may well be possible to hack 2FA, but you didn't have it enabled in the first place so making that sort of accusation is completely baseless. You can only make that claim when you have 2FA enabled in the first place.-If you've ever used your accounts over wifi it is possible someone has eavesdropped on your account details (although somewhat unlikely depending upon your exact situation)-Tor nodes can monitor/sniff/save your traffic. I would think it is a better idea to use a reputable VPS provider than tor for financial transactions.-Did you have 2FA enabled with your 1password account? If not then this is another possibility of where your password was copied from.As much as I feel bad for you, the reality is your money was not stolen--you didn't use 2FA, someone used your account to create unauthorized transactions andYour thread title is inaccurate. Your money was not 'stolen'. You didn't use 2FA whichto prevent unauthorized access. Someone gained unauthorized access to your account and made unauthorized trades.If btc-e actually cooperated and provided any information of other customers in this situation (without a police/court order) it would set an alarming precedent and I am sure they would lose many customers over it.

WHAT POLICE AND WHAT COURT DO YOU MEAN? WHAT COUNTRY A POLICE AND A COURT SHOULD BELONG TO?

NIGERIA? MAY BE COLUMBIA? RUSSIA?

IF THERE ARE NO CRYPTO EXCHANGES or CRYPTO BANKS responsible for the safety of the money the future of the project of BITCOIN is soon death!

WHAT POLICE AND WHAT COURT DO YOU MEAN?WHAT COUNTRY A POLICE AND A COURT SHOULD BELONG TO?NIGERIA? MAY BE COLUMBIA? RUSSIA?IF THERE ARE NO CRYPTO EXCHANGES or CRYPTO BANKS responsible for the safety of the money the future of the project of BITCOIN is soon death!

The country you reside in I would presume. You have to report the unauthorized access, the police then have to investigate the unauthorized access. How this happens depends upon what country you are based in; you should be aware that bitcoin and all cryptocurrencies don't really have many laws that cover their usage, so you are basically operating in a legal grey area (which is why activating things like 2FA is important).



There is no way any company is going to willy-nilly hand over other customers information without this process taking place. If they do they are completely incompetent.



I know it is frustrating to be told by a company that you are at fault--take it from someone who isn't associated with any exchange or bitcoin company: you didn't take your account security seriously enough and this is what can happen.



And yes, 2FA could be hacked, or your phone could be hacked. Does it mean you shouldn't take the precaution of using it? No.



My theory is you were probably targeted by someone who has access to your computer/accounts or watched you enter in your password. You may have been targeted specifically because you didn't use 2FA. Who knows. The country you reside in I would presume. You have to report the unauthorized access, the police then have to investigate the unauthorized access. How this happens depends upon what country you are based in; you should be aware that bitcoin and all cryptocurrencies don't really have many laws that cover their usage, so you are basically operating in a legal grey area (which is why activating things like 2FA is important).There is no way any company is going to willy-nilly hand over other customers information without this process taking place. If they do they are completely incompetent.I know it is frustrating to be told by a company that you are at fault--take it from someone who isn't associated with any exchange or bitcoin company: you didn't take your account security seriously enough and this is what can happen.And yes, 2FA could be hacked, or your phone could be hacked. Does it mean you shouldn't take the precaution of using it? No.My theory is you were probably targeted by someone who has access to your computer/accounts or watched you enter in your password. You may have been targeted specifically because you didn't use 2FA. Who knows.

lucasjkr



Offline



Activity: 644

Merit: 500







Hero MemberActivity: 644Merit: 500 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 01:30:56 PM #37 Quote from: ik_do on February 14, 2015, 12:17:04 PM Using wifi isn't the greatest idea when money is at stake.



It's no better or worse than a wired connection.



You connection to whichever website you're visiting is due to HTTPS/SSL, not because you have a wire plugged into your computer. That's what public key cryptography is about, being able to exchange information along channels that other people can watch. If someone can break your security by watching your wifi connection, then public key cryptography is flawed. But, to the best of our knowledge, that's not the case yet.



Besides which, lets say you're connected to a site that's not secure. Supposing you live anywhere but a city with thousands of people around, do you think the greater risk to your security is going to be the kid who happens to be within snooping range of your wifi, or the dedicated hackers that are picking up the traffic flows to the insecure website you and hundreds or thousands of other people are visiting?



I've used wifi almost exclusively for 10 or maybe even 15 years now. I've traded stocks, bought mutual funds, filed taxes, bought and sold bitcoin litecoin prime coin, done all my online banking, though it, etc... From my house, from the coffeeshop, from the airport. Not a single penny has gone missing. What I do do is make sure that i'm connected to each site securely (look for the padlock... when in serious doubt, and this might be more of a stretch for some people, I've even SSH'ed to a free shell account just to double-check a keys fingerprint (usually at airports, honestly).



What the greater issue is, is how do you connect to things like your email? If you're connecting via port 110 (POP) or 143 (IMAP), your credentials, your emails themselves, everything, are being transmitted across the internet, through who knows how many routers that may or may not be up to date, all in clear text. And being that email access is how services authenticate us, that's the BIGGEST risk, right there, I think.



Sorry... I just think that the whole "don't use wifi, its not secure" thing is way overplayed... It's no better or worse than a wired connection.You connection to whichever website you're visiting is due to HTTPS/SSL, not because you have a wire plugged into your computer. That's what public key cryptography is about, being able to exchange information along channels that other people can watch. If someone can break your security by watching your wifi connection, then public key cryptography is flawed. But, to the best of our knowledge, that's not the case yet.Besides which, lets say you're connected to a site that's not secure. Supposing you live anywhere but a city with thousands of people around, do you think the greater risk to your security is going to be the kid who happens to be within snooping range of your wifi, or the dedicated hackers that are picking up the traffic flows to the insecure website you and hundreds or thousands of other people are visiting?I've used wifi almost exclusively for 10 or maybe even 15 years now. I've traded stocks, bought mutual funds, filed taxes, bought and sold bitcoin litecoin prime coin, done all my online banking, though it, etc... From my house, from the coffeeshop, from the airport. Not a single penny has gone missing. What I do do is make sure that i'm connected to each site securely (look for the padlock... when in serious doubt, and this might be more of a stretch for some people, I've even SSH'ed to a free shell account just to double-check a keys fingerprint (usually at airports, honestly).What the greater issue is, is how do you connect to things like your email? If you're connecting via port 110 (POP) or 143 (IMAP), your credentials, your emails themselves, everything, are being transmitted across the internet, through who knows how many routers that may or may not be up to date, all in clear text. And being that email access is how services authenticate us, that's the BIGGEST risk, right there, I think.Sorry... I just think that the whole "don't use wifi, its not secure" thing is way overplayed...

Godzilla99



Offline



Activity: 28

Merit: 0







NewbieActivity: 28Merit: 0 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 01:36:16 PM #38 Quote from: ik_do on February 14, 2015, 01:09:38 PM Quote from: Godzilla99 on February 14, 2015, 01:01:27 PM Quote from: elasticband on February 14, 2015, 12:44:27 PM btc-e must be able to see where the majority of those funds went. things like this piss me off, they continually refuse to work with customers in situations like this........



Correct! That is the point! I think that they saw that I have a great amount an my account and took it and made me to be blame of not installing 2FA!

But if they know that not using it is not safe they should insist on using it!

Correct! That is the point! I think that they saw that I have a great amount an my account and took it and made me to be blame of not installing 2FA!But if they know that not using it is not safe they should insist on using it!

You are to blame though, and if you think anyone else is or that anyone else's privacy should be compromised because you didn't take security seriously you are seriously deluded.



Why even bother with 1password if you don't even activate 2FA on an account that holds more than forty thousand USD?

You are to blame though, and if you think anyone else is or that anyone else's privacy should be compromised because you didn't take security seriously you are seriously deluded.

Today is 2FA tomorrow is 4FA and so on. When I bring my money to bank they say to me what is modern and latest security! If my security measure was out of date they should warn me. Everybody should do what they are professionals in! I don't understand weather it is safe 2fA or not. But they are crypto exchange and they are professionals in it. If it is necessary to install it they should have warned me that my security is under threat Today is 2FA tomorrow is 4FA and so on. When I bring my money to bank they say to me what is modern and latest security! If my security measure was out of date they should warn me. Everybody should do what they are professionals in! I don't understand weather it is safe 2fA or not. But they are crypto exchange and they are professionals in it. If it is necessary to install it they should have warned me that my security is under threat

ik_do



Offline



Activity: 522

Merit: 500







Hero MemberActivity: 522Merit: 500 Re: WARNING! 40 000 USD was stolen fom BTC-e.com account! February 14, 2015, 01:37:55 PM #39 Quote from: lucasjkr on February 14, 2015, 01:30:56 PM Quote from: ik_do on February 14, 2015, 12:17:04 PM Using wifi isn't the greatest idea when money is at stake.



It's no better or worse than a wired connection.



You connection to whichever website you're visiting is due to HTTPS/SSL, not because you have a wire plugged into your computer. That's what public key cryptography is about, being able to exchange information along channels that other people can watch. If someone can break your security by watching your wifi connection, then public key cryptography is flawed. But, to the best of our knowledge, that's not the case yet.



Besides which, lets say you're connected to a site that's not secure. Supposing you live anywhere but a city with thousands of people around, do you think the greater risk to your security is going to be the kid who happens to be within snooping range of your wifi, or the dedicated hackers that are picking up the traffic flows to the insecure website you and hundreds or thousands of other people are visiting?



I've used wifi almost exclusively for 10 or maybe even 15 years now. I've traded stocks, bought mutual funds, filed taxes, bought and sold bitcoin litecoin prime coin, done all my online banking, though it, etc... From my house, from the coffeeshop, from the airport. Not a single penny has gone missing. What I do do is make sure that i'm connected to each site securely (look for the padlock... when in serious doubt, and this might be more of a stretch for some people, I've even SSH'ed to a free shell account just to double-check a keys fingerprint (usually at airports, honestly).



What the greater issue is, is how do you connect to things like your email? If you're connecting via port 110 (POP) or 143 (IMAP), your credentials, your emails themselves, everything, are being transmitted across the internet, through who knows how many routers that may or may not be up to date, all in clear text. And being that email access is how services authenticate us, that's the BIGGEST risk, right there, I think.



Sorry... I just think that the whole "don't use wifi, its not secure" thing is way overplayed...

It's no better or worse than a wired connection.You connection to whichever website you're visiting is due to HTTPS/SSL, not because you have a wire plugged into your computer. That's what public key cryptography is about, being able to exchange information along channels that other people can watch. If someone can break your security by watching your wifi connection, then public key cryptography is flawed. But, to the best of our knowledge, that's not the case yet.Besides which, lets say you're connected to a site that's not secure. Supposing you live anywhere but a city with thousands of people around, do you think the greater risk to your security is going to be the kid who happens to be within snooping range of your wifi, or the dedicated hackers that are picking up the traffic flows to the insecure website you and hundreds or thousands of other people are visiting?I've used wifi almost exclusively for 10 or maybe even 15 years now. I've traded stocks, bought mutual funds, filed taxes, bought and sold bitcoin litecoin prime coin, done all my online banking, though it, etc... From my house, from the coffeeshop, from the airport. Not a single penny has gone missing. What I do do is make sure that i'm connected to each site securely (look for the padlock... when in serious doubt, and this might be more of a stretch for some people, I've even SSH'ed to a free shell account just to double-check a keys fingerprint (usually at airports, honestly).What the greater issue is, is how do you connect to things like your email? If you're connecting via port 110 (POP) or 143 (IMAP), your credentials, your emails themselves, everything, are being transmitted across the internet, through who knows how many routers that may or may not be up to date, all in clear text. And being that email access is how services authenticate us, that's the BIGGEST risk, right there, I think.Sorry... I just think that the whole "don't use wifi, its not secure" thing is way overplayed...

Because just by gaining access to your wifi network (which AFAIK is possible if you snoop enough) is the easiest way someone could compromise your computer. If someone has access to your computer then they don't even need to bother sniffing the traffic between you and a website.



http://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng-0148366/



Also--what wifi security did this user use (if any at all given they didn't bother with 2FA)?



And yes, wifi is probably an unlikely factor in this event but it is still a factor nonetheless.



Want to access your exchange account with $100 USD on it? wifi doesn't sound too bad.

Want to access your exchange account with $40,000 USD on it? I sure as hell wouldn't use wifi. Because just by gaining access to your wifi network (which AFAIK is possible if you snoop enough) is the easiest way someone could compromise your computer. If someone has access to your computer then they don't even need to bother sniffing the traffic between you and a website.Also--what wifi security did this user use (if any at all given they didn't bother with 2FA)?And yes, wifi is probably an unlikely factor in this event but it is still a factor nonetheless.Want to access your exchange account with $100 USD on it? wifi doesn't sound too bad.Want to access your exchange account with $40,000 USD on it? I sure as hell wouldn't use wifi.