Silk Road forums

Support => Technical support => Topic started by: dimitry on August 12, 2013, 07:45 am

Title: SELLER ACCOUNT HACKED - SPAM LISTINGS CREATED AND BITCOINS MISSING
Post by: dimitry on August 12, 2013, 07:45 am
Hi

It appears my seller account has been hacked, some spam listings left, and a small amount of coins have been removed. Relevant Information as follows:

1. 2 Days ago a customer contacted me as he could not find his purchase to Finalize it. When i checked at my end, someone had Finalized the transaction, and left feedback that invited me to Join Atlantis, "Silk Roads Largest Competitor". Advised the customer, and assumed it was him trying to get me or my customers to atlantis.

2. 3 days later, my account is hacked. Around six Listings have been added at $0.01 each. Each listings points to something i don't sell, but can be found on the Atlantis page.

3. Also on the same day my account was hacked, 0.91 Bitcoins was removed from my account and there is no transaction number, or Bitcoin Adress in the transaction details. In effect i have no idea where the coins went. They were for the last sale that was Finalized but not removed from my account.

HAve changed passwords, but how do i go about getting my coins back, and what is SR doing to rectify the security flaw.

Thanks.

Dimitry from Straya
Title: Re: SELLER ACCOUNT HACKED - SPAM LISTINGS CREATED AND BITCOINS MISSING
Post by: Wadozo on August 12, 2013, 08:55 am
Hi

It appears my seller account has been hacked, some spam listings left, and a small amount of coins have been removed. Relevant Information as follows:

1. 2 Days ago a customer contacted me as he could not find his purchase to Finalize it. When i checked at my end, someone had Finalized the transaction, and left feedback that invited me to Join Atlantis, "Silk Roads Largest Competitor". Advised the customer, and assumed it was him trying to get me or my customers to atlantis.

2. 3 days later, my account is hacked. Around six Listings have been added at $0.01 each. Each listings points to something i don't sell, but can be found on the Atlantis page.

3. Also on the same day my account was hacked, 0.91 Bitcoins was removed from my account and there is no transaction number, or Bitcoin Adress in the transaction details. In effect i have no idea where the coins went. They were for the last sale that was Finalized but not removed from my account.

HAve changed passwords, but how do i go about getting my coins back, and what is SR doing to rectify the security flaw.

Thanks.

Dimitry from Straya


Quote
Have changed passwords, but how do i go about getting my coins back, and what is SR doing to rectify the security flaw. 

Have you also changed your PIN? Your coins are gone forever. You'll never see them again so I wouldn't waste my time thinking about them.

To be honest, unless other vendors come forward with the same issues, it's more likely a security issue on your end. What O/S are you using for your setup? Have you clicked on any links recently? You could possibly have a keystroke logger running from somewhere on your system. Have you downloaded anything recently while using Tor?
Title: Re: SELLER ACCOUNT HACKED - SPAM LISTINGS CREATED AND BITCOINS MISSING
Post by: dimitry on August 12, 2013, 09:48 am
Quote
Have changed passwords, but how do i go about getting my coins back, and what is SR doing to rectify the security flaw. 

Have you also changed your PIN? Your coins are gone forever. You'll never see them again so I wouldn't waste my time thinking about them.

To be honest, unless other vendors come forward with the same issues, it's more likely a security issue on your end. What O/S are you using for your setup? Have you clicked on any links recently? You could possibly have a keystroke logger running from somewhere on your system. Have you downloaded anything recently while using Tor?
[/quote]

Cheers for the response. I guess i can accept that the coins are gone, but am not sure that a key logger on my system makes sense as a keylogger on my system could not have left feedback on my vendor page, since the buyer was not using my system.

I run two systems, one is android based in a tablet and the other is the tor browser bundle on a windows 7 computer. I use Trendmicro internet security, a full paid for version, and whilst i have had some PC issues latetly the PC has passed all virus tests.

To be on the safe side however, i will look into the possibility that a key logger or some other infection is on my system and work out how to get rid of it. On the plus side, i was planning to format my PC anyway.

Dimitry from Straya
Title: Re: SELLER ACCOUNT HACKED - SPAM LISTINGS CREATED AND BITCOINS MISSING
Post by: Libertas on August 12, 2013, 09:57 am
The feedback on your page was left from an account that was compromised as a result of the user entering their Silk Road login credentials at the Atlantis phishing URL that was included in the feedback. Your account was not 'hacked' and Silk Road's security is entirely up to scratch. If I make a very educated guess as to what has happened it would be that you entered your login details into that very same Atlantis phishing URL, thereby giving your login details to a phisher.

Libertas
Title: Re: SELLER ACCOUNT HACKED - SPAM LISTINGS CREATED AND BITCOINS MISSING
Post by: dimitry on August 12, 2013, 09:16 pm
The feedback on your page was left from an account that was compromised as a result of the user entering their Silk Road login credentials at the Atlantis phishing URL that was included in the feedback. Your account was not 'hacked' and Silk Road's security is entirely up to scratch. If I make a very educated guess as to what has happened it would be that you entered your login details into that very same Atlantis phishing URL, thereby giving your login details to a phisher.

Libertas

Cheers Dude. It is actually a relief to know that it was my screw up, and not the Silk Roads. Luckily for me, i only had less than one coin in my account. I will have to be a lot more careful in future, and pass that on to my partners.

Dimitry from Straya