1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Poloniex "Security"

Discussion in 'BlackHat Lounge' started by vinku, Jul 14, 2017.

Tags:
  1. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    781
    Likes Received:
    1,377
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland, Czech, India
    [​IMG]
    - i have double verification on Gmail, system is Linux, have also double verification everywhere but on on poloniex
    -i am using different password everywhere I have account

    So how? IP from success login are from Japan and Russia. I am getting these emails everyday, I've contacted poloniex - no reply. I've used link to close account but still getting these emails.


    Good that my poloniex account was empty.
    I have only problems with poloniex, so no keylogger possibility. I am logging to paypal and other cash services without any issues.
     
  2. tb303

    tb303 Power Member

    Joined:
    Dec 18, 2011
    Messages:
    734
    Likes Received:
    388
    Thats worrying indeed. You have 2FA on your account and still getting this?
     
  3. Rojuhh

    Rojuhh Junior Member

    Joined:
    Jun 20, 2017
    Messages:
    138
    Likes Received:
    29
    Gender:
    Male
    thats a shit ton of logins.. and if they're from different IPs from different times you could be on a database of some sort.. you sure you don't have the same password on another site?

    -Check your browser extensions for anything you don't know
    -Ask yourself "what did I download recently?"
    also, if you are going to send bitcoin to anyone, double check the addres as there are some spooky malicious scripts that change the addres.
     
    Last edited: Jul 14, 2017
  4. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    781
    Likes Received:
    1,377
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland, Czech, India
    Man, my browser is clear, linux system, 0 extensions if it would be my PC fault, then whats about paypal, skrill, other bitcoin services or bank accounts? Everything is safe and not touched. Ofcourse I've changed password everywhere and reinstalled system. I think it's poloniex fault, many of people, even here have similar problems. Maybe they have leak and not informed clients.

    yes ;)
     
  5. Rojuhh

    Rojuhh Junior Member

    Joined:
    Jun 20, 2017
    Messages:
    138
    Likes Received:
    29
    Gender:
    Male
    Even though they only touched poloniex, I would strongly advise you to atleast scan your pc. Better to be safe than sorry ¯\_(ツ)_/¯
     
  6. Dagreyon

    Dagreyon Jr. VIP Jr. VIP

    Joined:
    Dec 1, 2011
    Messages:
    1,848
    Likes Received:
    1,415
    Home Page:
    Its definitely your PC or your email was possibly compromised. I have 10k in my poloniex so if its an issue on their side, why would people be logging into your account with $0 and not mine? Its you, not them, I assure you that.
     
  7. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    781
    Likes Received:
    1,377
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland, Czech, India
    gmail? impossible, 2 step verification
    pc... hard to say, linux shouldn't have viruses but for now it's reinstalled
     
  8. Dagreyon

    Dagreyon Jr. VIP Jr. VIP

    Joined:
    Dec 1, 2011
    Messages:
    1,848
    Likes Received:
    1,415
    Home Page:
    Ok, well if you're 100% sure its not your email that is compromised, then its for sure your computer.
     
  9. Rojuhh

    Rojuhh Junior Member

    Joined:
    Jun 20, 2017
    Messages:
    138
    Likes Received:
    29
    Gender:
    Male
    this ^^
     
  10. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    781
    Likes Received:
    1,377
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland, Czech, India
    you cannot be 100% sure ;)
    maybe there are leaks it their database, you have 10k so you are lucky, nobody will mass attack before test leaks
     
  11. Dagreyon

    Dagreyon Jr. VIP Jr. VIP

    Joined:
    Dec 1, 2011
    Messages:
    1,848
    Likes Received:
    1,415
    Home Page:
    Fine, be in denial. You want an answer to why its happening, its because your computer. If you don't want to accept that, then we can't help you. Its 100% you.
     
  12. Rojuhh

    Rojuhh Junior Member

    Joined:
    Jun 20, 2017
    Messages:
    138
    Likes Received:
    29
    Gender:
    Male
    again, this ^^
     
  13. Cryptojunky

    Cryptojunky BANNED BANNED

    Joined:
    Jul 4, 2017
    Messages:
    66
    Likes Received:
    12
    Gender:
    Male
    Its a known leak on poloniex.
    They have tons of these hacks reports and still they do nothing
     
    • Thanks Thanks x 1
  14. Cryptojunky

    Cryptojunky BANNED BANNED

    Joined:
    Jul 4, 2017
    Messages:
    66
    Likes Received:
    12
    Gender:
    Male
    It seems there is a big lawsuite coming to poloniex
    bitcointalk*org/index.php?topic=2018953.msg20140438;topicseen#msg20140438
     
  15. Whitman

    Whitman Newbie

    Joined:
    Jul 14, 2017
    Messages:
    7
    Likes Received:
    43
    Occupation:
    Craftsman
    The crypto-world is so insecure and dangerous. That's the main reason I will never invest in crypto currency, security.
     
  16. argy owl

    argy owl BANNED BANNED

    Joined:
    Jul 24, 2013
    Messages:
    168
    Likes Received:
    22
    Gender:
    Male
    Real hacker team probably found a vulnerability and is exploiting it. Sorry to hear. How much did you have on there?
     
  17. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    781
    Likes Received:
    1,377
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland, Czech, India
    for sure I've checked PC with kaspersky and few other antiviruses from windows dual boat - clean
    linux checked also, clean
     
  18. EagerToEarn

    EagerToEarn Regular Member

    Joined:
    Jun 4, 2017
    Messages:
    323
    Likes Received:
    70
    Gender:
    Male
    Are you unaware that alot I mean alot of polonix Acc is compromised. It may not be yours bro, but you may be next. So be careful.
    Nobody is safe on poloniex

    Poloniex is fucking dead now.
     
  19. whitebaty

    whitebaty Junior Member

    Joined:
    Jun 15, 2016
    Messages:
    146
    Likes Received:
    73
    Gender:
    Male
    This happened to me too

    I got an email telling me that my account was accessed from a Russian ip
     
  20. tb303

    tb303 Power Member

    Joined:
    Dec 18, 2011
    Messages:
    734
    Likes Received:
    388
    This thread is starting to smell a bit of FUD spreading. Like @Dagreyon Ive got a reasonable amount still on poloniex. I have moved nearly all my btc offline but thats due to the aug 1st uncertainty and ive done the same with all the other exchanges.

    The repeated logins in the OP looks like a bot. Why would someone with access repeatedly log into an account with a 0 balance. They wouldnt. They would rape as many accounts in as short a time as possible before the hole is patched.

    @vinku, with respect, Im sorry but It seems unlikely that you had 2FA enabled. This would imply that google authenticator is somehow hacked but that means the attacker would need your key from your device or poloniex. If some outside attacker gained access to all the polo keys they would be offline and dead in hours. So people are also crying that its an inside job which is also frankly unbelievable. I mean take a rough guess at what they are earning from maker/taker fees - why would they shoot their golden goose to steal from a few accounts? It much more likely that your either got phished or your email/password combo is compromised elsewhere. Which is another point. Did you check those login emails were actually from poloniex?

    To get a better idea of whats going on can the people who say they've been hacked answer these questions...

    Do you have 2FA (google authenticator) enabled on the account?
    Do you have email confirmation for withdrawals enabled?
    Have you enabled any API access to your account? (if so what permissions did you give it)
    Do you use any 3rd party services via API? (eg coinigy)