Silk Road forums
Discussion => Silk Road discussion => Topic started by: acidicmonkey on August 02, 2013, 05:28 pm
-
7 Hours ago somebody got into my account, finalized 4 orders and stole .21 btc. This is the feedback they left in the Vendors feedback box
Silk Road's Biggest Competitor: [CENSORED: scam link] 7k 37cd lj.onion/
WTF is going on. I opened a support ticket but DAMN.]
Also I changed my password. But its not like anyone knew it before...
-
Damn this is the second time I've read someone getting into someone elses account. Another guy posted a day or two ago but he was on the opposite side. He was the one who tried logging into his own account and then somehow got logged into the account of another member. He was a stand up guy about it though and just logged out and didn't mess around with anything. What a low life piece of chit to do that to you man. I'm sorry to hear that happened and hope that there is a resolution to this serious problem. I will no longer be holding bitcoins in SR because of this. Anything I don't spend goes right back into an external wallet. I used to keep coins laying around in SR but it appears that's asking for trouble now.
-
And how did he steal your coins without a pin? you even need your pin to order.
My bet is you're registered on Atlantis, and used the same details to signup over there...
-
Atlantis address is a phishing link, as it is here:
http://dkn255hz262ypmii.onion/index.php?topic=195118.0;topicseen
-
yesterday i got btc from an outside vendor and recieved payment. 20 mins later the funds were gone and taken in two withdrawals but when i checked blockchain funds were sitting there but my address is now different? all sr support had to say about the matter is your account was compromised but i cant see how i only use sr main url and enter only that way and its the only site on tor i use. and surly if hacked my btc would be gone and not in blockchain? i never use pin? only for orders! funds are sitting in blockchain under different wallet address.can they be retrieved ?
have changed details today but 110% confident my account was secure?
now not sure what to do about placing btc in sr account?
this has drove me mad :o
(acid monkey )sorry to hear you had trouble as well .
-
7 Hours ago somebody got into my account, finalized 4 orders and stole .21 btc. This is the feedback they left in the Vendors feedback box
Silk Road's Biggest Competitor: [CENSORED: scam link] 7k 37cd lj.onion/
WTF is going on. I opened a support ticket but DAMN.]
Also I changed my password. But its not like anyone knew it before...
Usually that means you signed up on the atlantis phishing site with the same credentials you use here.
Which vendor was it that they left that feedback for? Let me know so I can make sure that feedback is deleted.
-
I changed the feedback already, it was for these 4 vendors.
Fractalbliss
420connections
listonishere
namedeclined
-
Okay, thanks. And thank you for changing the feedback there!
-
No problem, thank god it was only .21 BTC
-
No problem, thank god it was only .21 BTC
In order to "steal" your btc..they would have to also know you pin #. No one stole your btc. This is just another lie from another dirtball.
-
Atlantis is run by some shady organization. I think that one day soon Atlantis will be gone and that they will take alot of nubs coin with them. If you sign up for atlantis and use your SR name its very likely that the site admins will steal your money on SR if they figure out you have the same name and pass on SR. Atlantis is clearly run by criminals that are trying to steal alot of money. They are clearly in some shady country because they advertise using legitimate advertising and they are a criminal outfit. They could only get away with that if they were in a country that didnt care.
Atlantis sucks anyway. I would bet $10,000 that Atlantis did the DDOS on SR and that the longer Atlantis goes the higher the risk of attack will be for SR. As Atlantis controllers will probably spend some of thier profit to attack SR again. Atlantis is not SRs biggest competition but it is SRs biggest threat because they are activly trying to fuck up the site in anyway they can.
FUCK ATLANTIS.
-
Good point monkey man how'd they do that? do you have identical pass-phrase and pin#'s? If so...... tighten up
+1 RXK good observation
-
You posted that twice, benzoking.
-
No problem, thank god it was only .21 BTC
In order to "steal" your btc..they would have to also know you pin #. No one stole your btc. This is just another lie from another dirtball.
Question, you think I am lying? and are you calling me a dirtball...?
-
No problem, thank god it was only .21 BTC
In order to "steal" your btc..they would have to also know you pin #. No one stole your btc. This is just another lie from another dirtball.
He could have submitted his pin through a phising site, you never know.
No need to call him dirtball.
-
Man, would it suck if it was one of those vendors? Fingers crossed they all show up now, or that would be majorly sketchy. In all likelihood, you got phished. Check your account history to see where the coin went?
...
-
Any updates on this?
-
hope this crap dies out again soon ! more and more people are getting affected by this ! fucking scumbags :(
but at least your orders are on the way :D
-
Atlantis is run by some shady organization. I think that one day soon Atlantis will be gone and that they will take alot of nubs coin with them. If you sign up for atlantis and use your SR name its very likely that the site admins will steal your money on SR if they figure out you have the same name and pass on SR. Atlantis is clearly run by criminals that are trying to steal alot of money. They are clearly in some shady country because they advertise using legitimate advertising and they are a criminal outfit. They could only get away with that if they were in a country that didnt care.
Atlantis sucks anyway. I would bet $10,000 that Atlantis did the DDOS on SR and that the longer Atlantis goes the higher the risk of attack will be for SR. As Atlantis controllers will probably spend some of thier profit to attack SR again. Atlantis is not SRs biggest competition but it is SRs biggest threat because they are activly trying to fuck up the site in anyway they can.
FUCK ATLANTIS.
This phishing scheme doesn't necessarily have anything to do with Atlantis. Do the fake SR addresses make you hate SR?
-
Its almost certain that you tried to register on a phishing site with the same credentials you use for SR. Change your login info and be more careful which websites you trust with that info. Never re-use passwords, especially for sensitive accounts or accounts which have access to your money.
-
I was reading a thread yesterday where the guys account was hijacked mid thread and his login details posted. The hijacker claimed that he worked it out on SR with a bit of trial and error. As the dude had used the same name here as over on SR and had made the password easy enough to guess.. along with the pin, he just broke into the account here to tell people it's not always phishing, sometimes it's just a lack of awareness of security.
pro tip.. the pin on SR doesn't mean only 4 letters. it should actually say passphrase as that's what you should be using. in the dudes case, he took the pin literally and made it a 4 digit number. If you've done that then you should seriously consider making it into a proper passphrase.
just a thought.
-
A 4 digit pin should be kind of safe if you only get 6 trials... I don't think the hijacker got that lucky and actually guessed a 4 digit number in under 6 trials. Maybe he managed to steal the hashes or got it through social engineering somehow.
-
no, he probably got it second time. It was that stupid. bit like using the word password for a password
-
Oh well it it's that stupid then it's kind of his fault anyways :P Did you have an easily guessable password and pin like "acidic", acidicmonkey?
-
Ii just read on the SR Reddit page about another person getting randomly logged into another SR users account.
Could it be anything to do with this
"So this just happened to me, and it's kind of off putting. I opened my tor browser, loaded smoothly, but when it opened it told me "Sorry, you are not using Tor." This has never happened to me before, and this probably wasn't a good idea, but I go to my bookmarks, and click the SR Psychedelics bookmark. This usually takes me to the login page, but instead, I'm told I'm logged in as another user. Good thing a pin is required, because I'd have free reign over their bitcoin. Any explanation for this?"
http://www.reddit.com/r/SilkRoad/comments/1dy6xf/comprehensive_guide_to_safely_browse_the_silkroad/
-
pro tip.. the pin on SR doesn't mean only 4 letters. it should actually say passphrase as that's what you should be using. in the dudes case, he took the pin literally and made it a 4 digit number. If you've done that then you should seriously consider making it into a proper passphrase.
Seriously, "PIN" is such a bad name for it. I started a feature request thread about this a couple hours ago, actually.
http://dkn255hz262ypmii.onion/index.php?topic=201475.0
-
I got hit too. I was fortunate enough to not lose any btc before I figured it out and changed my password. Make sure you have different passwords for EVERYTHING. NEVER use the same one for more than one account. That's how they get easy access. Atlantis is a shady spot these days I think my password got "stolen" while I was looking around there. I stay away now! Good luck!
-
pro tip.. the pin on SR doesn't mean only 4 letters. it should actually say passphrase as that's what you should be using. in the dudes case, he took the pin literally and made it a 4 digit number. If you've done that then you should seriously consider making it into a proper passphrase.
Seriously, "PIN" is such a bad name for it. I started a feature request thread about this a couple hours ago, actually.
http://dkn255hz262ypmii.onion/index.php?topic=201475.0
Thank you so much for pointing this out, I also thought it meant a pin number like a bank style one. Can't remember what it says when you join up if it needs to be a certain length or numbers, or if I just assumed it had to be a short amount of numbers. It definitely should be changed from PIN to something else. I wouldn't be surprised if many people only had short number only pins like I did. Changed it to something much more secure now :D
+1 for this
-
Also wanted to say thanks for the info about the 'pin'. Had no idea it was possible for it to be something other than 4 numbers. (My assumption hardcoded from years of 4-digit pins)