elective-stereophonic
elective-stereophonic
Think I may have been hacked singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.11.15 | Latest Experimental Nxt Client: Nxt 1.12.0e

Pages: [1] 2 3 4  All

Author Topic: Think I may have been hacked  (Read 7617 times)

jeremiah

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 15
    • View Profile
Think I may have been hacked
« on: June 01, 2014, 10:18:22 pm »

I purchased NXT through Cryptsy, then transferred them to my Nxt Wallet. I just opened my wallet today to find all of the NXT gone in a transaction that I didn't initiate. How could this have happened?

The only transaction I made was "sending an arbitrary message" to initiate my account.
Logged

bluemeanie1

  • Hero Member
  • *****
  • Karma: +54/-140
  • Offline Offline
  • Posts: 616
  • ALTCHAIN.ORG
    • View Profile
    • ALTCHAIN.ORG
Re: Think I may have been hacked
« Reply #1 on: June 01, 2014, 10:20:41 pm »

whats the account #?

Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

jeremiah

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 15
    • View Profile
Re: Think I may have been hacked
« Reply #2 on: June 01, 2014, 10:27:47 pm »

Mine: NXT-572J-DMAD-9WGD-GN97F
Logged

bluemeanie1

  • Hero Member
  • *****
  • Karma: +54/-140
  • Offline Offline
  • Posts: 616
  • ALTCHAIN.ORG
    • View Profile
    • ALTCHAIN.ORG
Re: Think I may have been hacked
« Reply #3 on: June 01, 2014, 10:30:57 pm »

there was indeed a NXT transfer out of your account which after going through a temporary account, ended up in 4468910037567849266.

-bm
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

VanBreuk

  • Hero Member
  • *****
  • Karma: +362/-19
  • Offline Offline
  • Posts: 2772
    • View Profile
Re: Think I may have been hacked
« Reply #4 on: June 01, 2014, 10:32:56 pm »

Can we know how long was the password for your account? How many characters? Numbers, letters...?
Logged
GPG Fingerprint: B020 D1C1 F289 3B2C 3577  9EAD 455D D175 5913 C7F1

bluemeanie1

  • Hero Member
  • *****
  • Karma: +54/-140
  • Offline Offline
  • Posts: 616
  • ALTCHAIN.ORG
    • View Profile
    • ALTCHAIN.ORG
Re: Think I may have been hacked
« Reply #5 on: June 01, 2014, 10:34:19 pm »

they must have got your passphrase somehow.

if you notice all the transactions in that account have similar patterns.

-bm
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

jeremiah

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 15
    • View Profile
Re: Think I may have been hacked
« Reply #6 on: June 01, 2014, 10:35:09 pm »

49 characters, no numbers. This fucking sucks.
Logged

bizz

  • Sr. Member
  • ****
  • Karma: +22/-4
  • Offline Offline
  • Posts: 285
    • View Profile
Re: Think I may have been hacked
« Reply #7 on: June 01, 2014, 10:40:54 pm »

49 characters, no numbers. This fucking sucks.

Are they random or a phrase? What client did you use?
Logged

kodtycoon

  • Hero Member
  • *****
  • Karma: +43/-18
  • Offline Offline
  • Posts: 916
    • View Profile
Re: Think I may have been hacked
« Reply #8 on: June 01, 2014, 10:41:30 pm »

49 characters, no numbers. This fucking sucks.
was it a common phrase? or a often said sentence or something?
Logged

bluemeanie1

  • Hero Member
  • *****
  • Karma: +54/-140
  • Offline Offline
  • Posts: 616
  • ALTCHAIN.ORG
    • View Profile
    • ALTCHAIN.ORG
Re: Think I may have been hacked
« Reply #9 on: June 01, 2014, 10:42:27 pm »

I would say it's a good possibility it is a hacker, if you look at the transfer patterns in the account 4468910037567849266, they are all very similar.  Transfers into a temporary account, and then right out.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

VanBreuk

  • Hero Member
  • *****
  • Karma: +362/-19
  • Offline Offline
  • Posts: 2772
    • View Profile
Re: Think I may have been hacked
« Reply #10 on: June 01, 2014, 10:42:38 pm »

There's a total of 17 transactions (yours is the biggest) for a coincidental total of 17K NXT following the same patterns, yes. All of them outgoing transactions to a middle account, that immediately forwards to 4468910037567849266 / NXT-KJTL-23X8-BR6B-5483W

All last ingoing transactions made in a very short one minute timestamp. Bot?

Which client are you using? Any other software you installed recently?
Logged
GPG Fingerprint: B020 D1C1 F289 3B2C 3577  9EAD 455D D175 5913 C7F1

nexern

  • Sr. Member
  • ****
  • Karma: +83/-11
  • Offline Offline
  • Posts: 496
    • View Profile
Re: Think I may have been hacked
« Reply #11 on: June 01, 2014, 10:42:47 pm »

strange. the ending account has many transfers the same minute today:

http://nxtexplorer.com/nxt/nxt.cgi?action=3000&acc=4468910037567849266
Logged

nexern

  • Sr. Member
  • ****
  • Karma: +83/-11
  • Offline Offline
  • Posts: 496
    • View Profile
Re: Think I may have been hacked
« Reply #12 on: June 01, 2014, 10:46:24 pm »

There's a total of 17 transactions (yours is the biggest) for a coincidental total of 17K NXT following the same patterns, yes. All of them outgoing transactions to a middle account, that immediately forwards to 4468910037567849266 / NXT-KJTL-23X8-BR6B-5483W

All last ingoing transactions made in a very short one minute timestamp. Bot?

Which client are you using? Any other software you installed recently?

yes, this looks really like a bot and all transactions are cleaning the sender account.
Logged

jeremiah

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 15
    • View Profile
Re: Think I may have been hacked
« Reply #13 on: June 01, 2014, 10:50:34 pm »

My password was a comprehensible sentence and I guess that was the flaw.

I'm using Mac OS X 10.9.3. I was using Nxt Wallet version 1.1 (I think). Just upgraded to 1.2.

After $200, my wildly short experiment with NXT comes to end. Back to Bitcoin.

Thanks for the help.
Logged

kodtycoon

  • Hero Member
  • *****
  • Karma: +43/-18
  • Offline Offline
  • Posts: 916
    • View Profile
Re: Think I may have been hacked
« Reply #14 on: June 01, 2014, 10:53:05 pm »

My password was a comprehensible sentence and I guess that was the flaw.

I'm using Mac OS X 10.9.3. I was using Nxt Wallet version 1.1 (I think). Just upgraded to 1.2.

After $200, my wildly short experiment with NXT comes to end. Back to Bitcoin.

Thanks for the help.
post a new nxt account and use a much stronger passphrase.. il send you some nxt to get you back on your feet. its clearly a hack so id be happy to help you out. :) wont be able send for an hour or 2 though.

use keepass to create and save your passphrase.. also much safer that notepad or word doc or what ever..
Logged

VanBreuk

  • Hero Member
  • *****
  • Karma: +362/-19
  • Offline Offline
  • Posts: 2772
    • View Profile
Re: Think I may have been hacked
« Reply #15 on: June 01, 2014, 10:56:49 pm »

Interesting finding here... the first transfer to the 4468910037567849266, the alleged bot destination account, comes initially from 3791936988034107349. This is the "null" account.

https://bitcointalk.org/index.php?topic=345619.msg6084719#msg6084719

That is, blank password. 1591 NXT were fished from that account in April 4th. Stayed there until today, then were transferred to 4468910037567849266 in the first transaction of a 17 transaction group.

It really looks like a bot fishing. jeremiah's was the last transaction of the list.

I'm guessing now it would be safe for you to share with us that 49 character password.

Edit - Yes, if it was a sentence that made sense, it could be guessed. Bots do that. Sorry about what happened, jeremiah. Please make sure you pick a secure passphrase next time.
Logged
GPG Fingerprint: B020 D1C1 F289 3B2C 3577  9EAD 455D D175 5913 C7F1

bizz

  • Sr. Member
  • ****
  • Karma: +22/-4
  • Offline Offline
  • Posts: 285
    • View Profile
Re: Think I may have been hacked
« Reply #16 on: June 01, 2014, 11:01:10 pm »

That sucks. Why people don't use default generated 12 words from nxt client (wesley's)? it's simple & safe
Logged

jeremiah

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 15
    • View Profile
Re: Think I may have been hacked
« Reply #17 on: June 01, 2014, 11:25:41 pm »

post a new nxt account and use a much stronger passphrase.. il send you some nxt to get you back on your feet. its clearly a hack so id be happy to help you out. :) wont be able send for an hour or 2 though.

use keepass to create and save your passphrase.. also much safer that notepad or word doc or what ever..

Ha! Really? NXT-3Z5P-GNEN-W3HY-HACH7
Logged

jeremiah

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 15
    • View Profile
Re: Think I may have been hacked
« Reply #18 on: June 01, 2014, 11:31:36 pm »

That sucks. Why people don't use default generated 12 words from nxt client (wesley's)? it's simple & safe

Sentences are easier to remember. 10 words vs 12 words when it was similar length didn't seem that different, though now I know better.
Logged

bluemeanie1

  • Hero Member
  • *****
  • Karma: +54/-140
  • Offline Offline
  • Posts: 616
  • ALTCHAIN.ORG
    • View Profile
    • ALTCHAIN.ORG
Re: Think I may have been hacked
« Reply #19 on: June 01, 2014, 11:35:12 pm »

That sucks. Why people don't use default generated 12 words from nxt client (wesley's)? it's simple & safe

Sentences are easier to remember. 10 words vs 12 words when it was similar length didn't seem that different, though now I know better.

can you post your passphrase just to give us an real example of a hackable passphrase?

-bm
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬
Pages: [1] 2 3 4  All
 

elective-stereophonic
elective-stereophonic
assembly
assembly