2041
Customer support / Re: Account stolen
« on: May 06, 2013, 04:41 pm »I've made a couple of orders several days ago and after the site crashed I couldn't get access to my first account, using my passphrase.
After that I created another account and got in touch with the sellers. One of them said that someone wrote him a message from my first account about canceling the order. So he did.
I wrote to the site support team and today they've sent me another passphrase.
I checked the sent messages and found out that another seller received the same message about canceling the order.
After all I've lost something about 1.5BTC, that were withdrawn from my account.
I know about fishing sites and always used the correct address.
I suppose that my password was stolen during these ddos-attack.
Also they stole my pin-number, so they could withdraw all funds from my account.
Hi wizzy,
The Silk Road database was not compromised during the DDOS attack (a DDOS is simply a group of computers bombarding a website with traffic - i.e. attempting to access the site at one time) so there is no way the attacker gained access to your password or PIN.
Even in a hypothetical situation where the database does manage to be compromised, user information is all hashed ("encrypted", in a way) so the person trying to access your account would have to brute-force your password. If you are using a relatively strong password this would take between a few thousand and millions of years.
The chances of them brute-forcing your password AND your PIN are nigh on impossible.
The ONLY possible ways for someone to have gained access to your password and PIN are by you entering them on a phishing site or accessing Silk Road via onion.to on the clearweb and the onion.to operators recorded your keystrokes. The second possibility is unlikely, though completely possible.
Remember that if you enter your details on a phishing site they will usually automatically forward you to the real Silk Road site and log in with your password so you won't realise. They will then empty your account of your Bitcoin either automatically or when the phisher realises that somebody has fallen victim to their site.
Silk Road will NEVER ask you for your PIN when you are logging it, it is used strictly for making purchases and withdrawals. Whenever you are asked to enter your PIN, check that you are on the correct site:
silkroadvb5piz3r.onion
Never trust any links you find online, neither on the Hidden Wiki nor anywhere on the clearnet. Memorise the real address or bookmark it in your Tor browser and ALWAYS make sure you're visiting the correct site.
Thread locked as resolved.
Libertas