Jump to content

Another Exchange/Online Wallet breached

Xilobyte

By Xilobyte
in Gateways and Exchanges

 Share

Recommended Posts

Xilobyte

Xilobyte

Posted
Posted (edited)

----------------------------

Again, the importance of NOT keeping your money online cannot be stressed enough. Let's tear up this email notice a bit. It appears the "Wallets" themselves had not been infiltrated however it does appear that it is possible the thieves had enough access to move money in and out of the wallet. This part is unverified, however the warning to change the 2FA and passwords suggest that data which was accessed was serious enough to allow monetary damages.

To be more clear for those whom may not fully understand, basically a bad guy gained access to the database where all of the website's data is located. There, they had access to your Litebit account password. Now the questions is, how is this password stored? It maybe a weak MD5 or maybe superior encryption but encrypted or not, the possessor of the data only needs time. It is possible this breach was only phase one. Next they had access to the 2fa key. This is either a hash of some sort or simply a pin code. It depends on who or what designed the 2fa. Either way, with access to the database, they can change the account email to one which they control and even request a password reset email to gain control of your account.

The point is that using the exchanges is just fine for the most part. Not like you have another choice, but go the extra mile and create your own wallet on your own systems and control your money there. You have no idea who the programmed is on these systems and if they even know what they are doing.

-----------------------------EMAIL:

  


Our team has noticed suspicious activities on the LiteBit servers on the 5th of August 2017. We regret to inform you that someone without authorization had access to LiteBit data. There has been no intrusion on our wallet servers, all coins owned by clients are safe. The intruder also didn’t have access to any of the uploaded verification documents (such as your identity card or your passport).

The cause of this breach is known and has already been solved. It is not clear if the intruder has stolen user data. In the worst case scenario the intruder has had access to your email address, hashed password, IBAN, phone number, address and your portfolio data.

What does this mean for you?
If you have 2-factor authentication enabled it is very important to disable and re-enable the authenticator.  If you do not have 2-factor authentication enabled we recommend you to enable it.

It is also important to change your password. We also recommend you to change your password regularly to guarantee the safety of your account.

 

1e659a83-2b28-4cd9-ba20-07a35746baaa.jpg

Edited by Xilobyte
Link to comment
Share on other sites
  • Replies 17
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Xilobyte
Xilobyte

---------------------------- Again, the importance of NOT keeping your money online cannot be stressed enough. Let's tear up this email notice a bit. It appears the "Wallets" themselves had not b

g00p
g00p

Yes, beware of phishing campaigns always. 

jargoman
jargoman

"In the worst case scenario the intruder has had access to your email address, hashed password, IBAN, phone number, address and your portfolio data." The hackers can crack most of the hashed passwo

Bitpam

Bitpam

Posted
Posted

This is extremely unfortunate for anyone with their coins on this exchange.

I agree that it's important to keep your coins off exchanges but as of now I'm not sure if there are any user friendly / well marketed desktop or mobile XRP wallets. Toast Wallet and Rippex the only ones I can think of. Hopefully this doesn't result in people getting their XRP or their personal information stolen, thanks for informing the community on this Xilobyte.

Link to comment
Share on other sites
jargoman

jargoman

Posted
Posted
29 minutes ago, Xilobyte said:

----------------------------

Again, the importance of NOT keeping your money online cannot be stressed enough. Let's tear up this email notice a bit. It appears the "Wallets" themselves had not been infiltrated however it does appear that it is possible the thieves had enough access to move money in and out of the wallet. This part is unverified, however the warning to change the 2FA and passwords suggest that data which was accessed was serious enough to allow monetary damages.

To be more clear for those whom may not fully understand, basically a bad guy gained access to the database where all of the website's data is located. There, they had access to your Litebit account password. Now the questions is, how is this password stored? It maybe a weak MD5 or maybe superior encryption but encrypted or not, the possessor of the data only needs time. It is possible this breach was only phase one. Next they had access to the 2fa key. This is either a hash of some sort or simply a pin code. It depends on who or what designed the 2fa. Either way, with access to the database, they can change the account email to one which they control and even request a password reset email to gain control of your account.

The point is that using the exchanges is just fine for the most part. Not like you have another choice, but go the extra mile and create your own wallet on your own systems and control your money there. You have no idea who the programmed is on these systems and if they even know what they are doing.

-----------------------------EMAIL:

  



Our team has noticed suspicious activities on the LiteBit servers on the 5th of August 2017. We regret to inform you that someone without authorization had access to LiteBit data. There has been no intrusion on our wallet servers, all coins owned by clients are safe. The intruder also didn’t have access to any of the uploaded verification documents (such as your identity card or your passport).

The cause of this breach is known and has already been solved. It is not clear if the intruder has stolen user data. In the worst case scenario the intruder has had access to your email address, hashed password, IBAN, phone number, address and your portfolio data.

What does this mean for you?
If you have 2-factor authentication enabled it is very important to disable and re-enable the authenticator.  If you do not have 2-factor authentication enabled we recommend you to enable it.

It is also important to change your password. We also recommend you to change your password regularly to guarantee the safety of your account.

 

1e659a83-2b28-4cd9-ba20-07a35746baaa.jpg

THIS COULD BE A PHISHING ATTEMPT TO HARVEST YOUR CREDENTIALS. CHANGE YOUR PASSWORD FROM ANOTHER MACHINE AGAIN, OR AT THE VERY LEAST  A NEW BROWSER. OR CLOSE THE BROWSER AND RESTAST. REBOOT MACHINE. 

Link to comment
Share on other sites
jargoman

jargoman

Posted
Posted

Attackers send fake emails alerting users to change their passwords. They provide a fake link that leads to a server they control. The link could launch javascript code that logs keys and potentially listens in on the 2fauth setup.

The email could be real. The important thing is do not click links inside of email. 
 

Link to comment
Share on other sites
jargoman

jargoman

Posted
Posted

 "In the worst case scenario the intruder has had access to your email address, hashed password, IBAN, phone number, address and your portfolio data."

The hackers can crack most of the hashed passwords using bruteforce even if it contains a few special characters or nuumbers. The rise of cryptocurrencies have vastly increased hashing speeds. 

 

Link to comment
Share on other sites
Xilobyte

Xilobyte

Posted
  • Author
Posted
34 minutes ago, jargoman said:

THIS COULD BE A PHISHING ATTEMPT TO HARVEST YOUR CREDENTIALS. CHANGE YOUR PASSWORD FROM ANOTHER MACHINE AGAIN, OR AT THE VERY LEAST  A NEW BROWSER. OR CLOSE THE BROWSER AND RESTAST. REBOOT MACHINE. 

Ok Rocket Scientist, which part of my post or this email is the phishing attempt? Come on, please point it out to us all. Pete needs some popcorn and I have not eaten any babies for breakfast yet.....

Link to comment
Share on other sites
7strings

7strings

Posted
Posted
43 minutes ago, Xilobyte said:

Ok Rocket Scientist, which part of my post or this email is the phishing attempt? Come on, please point it out to us all. Pete needs some popcorn and I have not eaten any babies for breakfast yet.....

I think he didn't accuse you of phishing only wanted to point out that the email you received could be a phishing attempt if there's a link in it.
Anyway, thanks for creating this topic!
 

Link to comment
Share on other sites
enrique11

enrique11

Posted
Posted

Phishing, hacking of exchanges, keylogging to gain unauthorized access to personal wallets will increase with time....many will be hacked in the future as cryptocurrencies go mainstream.  It's best to be proactive and learn ASAP how to create and use cold wallets for as many cryptocurrencies that you own as possible. It will only get worse as mainstream users who don't understand the risks start to accumulate cryptos.

Link to comment
Share on other sites
jargoman

jargoman

Posted
Posted
1 hour ago, Xilobyte said:

Ok Rocket Scientist, which part of my post or this email is the phishing attempt? Come on, please point it out to us all. Pete needs some popcorn and I have not eaten any babies for breakfast yet.....


That post is an example of an actual phishing attempt. It's not always easy to tell the difference as it is in this case
 

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

My, my... Hey, hey... Ripple will be surprised...

Oh and the Ripple Enterprise strategy with the centralized BitGo and their cutting edge JavaScript scripting code and Browser based security model... they too will be surprised.

Hey, hey... My, my... no one is surprised.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Well maybe I have been too-ooo harsh with the folks that champion centralized security models.

It may be the case, subsequent 'hacks' on these repositories will serve as a learning opportunity, sort of like what I am told about courses that have a "do over" in the case of failing grade.

As a consequence, more of these events will serve to demonstrate the practical value, for enterprises and banks to develop de-centralized services.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

I'm too thick to understand Max and Coinseekers comments in the three posts above....   can anyone explain what is being said in words for dummies?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...