Silk Road forums
Discussion => Off topic => Topic started by: BPM on September 01, 2013, 10:24 pm
-
If you do please report about it in this thread :
http://dkn255hz262ypmii.onion/index.php?topic=209278.0
I suspect that a very smart hacker steals BTC from SR accounts on a regular basis
Stay safe,
BPM
-
everybody quickc check ur account at http://silkroadvb5piz3urgonnagetpwnedcauseurtoostupidtocheckthislink.onion/
-
Yep
Funds stolen Aug 28th
2.14 bitcoins taken
Fuckin great >:(
-
Nope. Seems like you just got phished.
-
How does one get phished on SR? Or how can someone protect themselves from this?
If it's something you downloaded, then you really need to be weary of what you're doing on the internet. If it's because javascript is enabled, then fucking disable that shit!
-
"How does one get phished on SR? Or how can someone protect themselves from this?"
I don't know if this still happens, but people used to find this sight through the hidden wiki, which anyone can edit. So, they would be brought to a phishing sight that looked exactly like the normal one except the login screen would ask for your pin number to sign in. A lot of people got hacked that way.
Also, make sure that your password is something complex and random. Something like Sdd6%as@dGy. Hackers use special programs that can determine a persons password: basically if your passphrase is a simple word that can be found in the dictionary, you are at a greater risk of getting hacked.
Yes it is a pain in the ass to remember and keep track of but if you use different passwords for the various online services you use it decreases your chances of getting hacked.
-
Also, make sure that your password is something complex and random. Something like Sdd6%as@dGy. Hackers use special programs that can determine a persons password: basically if your passphrase is a simple word that can be found in the dictionary, you are at a greater risk of getting hacked.
To piggy-back off this, people should actually generate their password via computer generated random a-z & 0-9.
Are you speaking of brute-force password cracking?
-
Also, make sure that your password is something complex and random. Something like Sdd6%as@dGy. Hackers use special programs that can determine a persons password: basically if your passphrase is a simple word that can be found in the dictionary, you are at a greater risk of getting hacked.
To piggy-back off this, people should actually generate their password via computer generated random a-z & 0-9.
Are you speaking of brute-force password cracking?
Yes this is good advice. As for part two of your post, I cannot remember for the life of me what it is called but that may be it. I just remember reading some articles about it a while back and it has been stuck in my head ever since.
-
No one has been hacked, anyone whose account that has been compromised was phished.
If there was some "super smart hacker" getting into peoples accounts there would be some vendors out there screaming about the 200 btc stolen from their accounts.
The most common way this is happening at the moment is by people accessing Atlantis via a phishing link then opening an account using the same credentials as their SR account, you would not believe how many people have done this.
There are other methods the phishers use, another recent scam propagated itself via a link that was pm'd to people claiming the sender had video footage of the recipient posting an order of drugs, anyone who clicked on the link ended up with a key logger on their computer and were soon relieved of their btc soon afterwards.
Nearly everyone who gets phished is always adamant that they couldn't possibly have been compromised, they are always wrong.
It sucks to get scammed, some common sense rules to stay safe include never ever click on a link posted on the forums; never download anything you are not 100% sure is safe; never use the same credentials for your SR account as any other (always use a complex and unique pass phrase and pin) and most importantly only ever access SR via the correct URL http://silkroadvb5piz3r.onion/
Follow those rules and you won't get scammed.
-
No one has been hacked, anyone whose account that has been compromised was phished.
If there was some "super smart hacker" getting into peoples accounts there would be some vendors out there screaming about the 200 btc stolen from their accounts.
The most common way this is happening at the moment is by people accessing Atlantis via a phishing link then opening an account using the same credentials as their SR account, you would not believe how many people have done this.
There are other methods the phishers use, another recent scam propagated itself via a link that was pm'd to people claiming the sender had video footage of the recipient posting an order of drugs, anyone who clicked on the link ended up with a key logger on their computer and were soon relieved of their btc soon afterwards.
Nearly everyone who gets phished is always adamant that they couldn't possibly have been compromised, they are always wrong.
It sucks to get scammed, some common sense rules to stay safe include never ever click on a link posted on the forums; never download anything you are not 100% sure is safe; never use the same credentials for your SR account as any other (always use a complex and unique pass phrase and pin) and most importantly only ever access SR via the correct URL http://silkroadvb5piz3r.onion/
Follow those rules and you won't get scammed.
I've learned my lesson.
Let's hope that it's just me being stupid...
Thanks for the help,
Peace,
BPM
-
Dirkpitt, see you plum spreading F.U.D you got sloppy not hacked, why do people do this with Atlantis, have they got no imagination at all? I mean for petes sake just change at least your user name,
If you are too lazy to change your name and pin from here, you deserve to be screwed.
Now bend over and pass the KY an get ready for some serious ass fucking!
-
No one has been hacked, anyone whose account that has been compromised was phished.
If there was some "super smart hacker" getting into peoples accounts there would be some vendors out there screaming about the 200 btc stolen from their accounts.
The most common way this is happening at the moment is by people accessing Atlantis via a phishing link then opening an account using the same credentials as their SR account, you would not believe how many people have done this.
There are other methods the phishers use, another recent scam propagated itself via a link that was pm'd to people claiming the sender had video footage of the recipient posting an order of drugs, anyone who clicked on the link ended up with a key logger on their computer and were soon relieved of their btc soon afterwards.
Nearly everyone who gets phished is always adamant that they couldn't possibly have been compromised, they are always wrong.
It sucks to get scammed, some common sense rules to stay safe include never ever click on a link posted on the forums; never download anything you are not 100% sure is safe; never use the same credentials for your SR account as any other (always use a complex and unique pass phrase and pin) and most importantly only ever access SR via the correct URL http://silkroadvb5piz3r.onion/
Follow those rules and you won't get scammed.
Could I ask, even if the link is put up by a respected member ? I honestly have clicked on a lot of links from here on the forum. Mostly just pics and vendor accounts, but now I wont click on nothing, so scary that virus what checks you passwords.
-
No one has been hacked, anyone whose account that has been compromised was phished.
If there was some "super smart hacker" getting into peoples accounts there would be some vendors out there screaming about the 200 btc stolen from their accounts.
The most common way this is happening at the moment is by people accessing Atlantis via a phishing link then opening an account using the same credentials as their SR account, you would not believe how many people have done this.
There are other methods the phishers use, another recent scam propagated itself via a link that was pm'd to people claiming the sender had video footage of the recipient posting an order of drugs, anyone who clicked on the link ended up with a key logger on their computer and were soon relieved of their btc soon afterwards.
Nearly everyone who gets phished is always adamant that they couldn't possibly have been compromised, they are always wrong.
It sucks to get scammed, some common sense rules to stay safe include never ever click on a link posted on the forums; never download anything you are not 100% sure is safe; never use the same credentials for your SR account as any other (always use a complex and unique pass phrase and pin) and most importantly only ever access SR via the correct URL http://silkroadvb5piz3r.onion/
Follow those rules and you won't get scammed.
Could I ask, even if the link is put up by a respected member ? I honestly have clicked on a lot of links from here on the forum. Mostly just pics and vendor accounts, but now I wont click on nothing, so scary that virus what checks you passwords.
Even respected members get hacked, please remember the recent java exploit that was injected into peoples browsers took place by simply visiting a URL for a site hosted by Freedom Hosting. The best thing you can do is use some form of isolation to prevent exploits getting onto your computer, whonix, tails etc.
-
Like SSBD said everyone should be using some form of isolation, even if it's just a VPN configured into your router to provide IP address protection at a hardware level.
On top of that I would never access TOR without an additional form of isolation such as Whonix and never access links from this forum outside of your Tor browser. The dreaded FBI CIPAV tool is believed to work by using various exploits hosted in webpages to trick your computer into sending your MAC address and hardware identifiers through an un-torified direct HTTP connection to an NSA controlled server. Using Whonix should completely protect you against this form of attack.
As an extra level of security using anonymously obtained mobile internet will also protect you if all of your other security measures fail.
-
Dirkpitt, see you plum spreading F.U.D you got sloppy not hacked, why do people do this with Atlantis, have they got no imagination at all? I mean for petes sake just change at least your user name,
If you are too lazy to change your name and pin from here, you deserve to be screwed.
Now bend over and pass the KY an get ready for some serious ass fucking!
Hi John the Baptist
Fuck you
I never did anything with Atlantis or anything else for that matter
I never entered my pin anywhere
-
Dirkpitt, see you plum spreading F.U.D you got sloppy not hacked, why do people do this with Atlantis, have they got no imagination at all? I mean for petes sake just change at least your user name,
If you are too lazy to change your name and pin from here, you deserve to be screwed.
Now bend over and pass the KY an get ready for some serious ass fucking!
Hi John the Baptist
Fuck you
I never did anything with Atlantis or anything else for that matter
I never entered my pin anywhere
OK I believe you thousands wouldn't.You're like a petulant child with cake all over his face,claiming not to have touched the cake.
Don't lie because you're ashamed you got fucked over, stop chatting bare shit, and tell the fucking truth, you fucking got phished dickhead.
DPR will fuck you off trying to scaremonger, everyone don't worry this prick is lying his ass off.
-
Why the fuck would anyone leave coins in their SR account anyway?
I get the coins and I buy my stuff as fast as possible. No way would I leave any decent amount in there.
-
Why the fuck would anyone leave coins in their SR account anyway?
I get the coins and I buy my stuff as fast as possible. No way would I leave any decent amount in there.
I was waiting a vendor to restock again...
from now on, no BTC in SR only in private wallet, then I'll use 'em when I need 'em..
and JohnTheBaptist, stop cursing! get out of this thread!
If you get phished we will also make you feel bad about it!
-
They don't need your pin to withdraw funds. Just your username and password and they can transfer funds to another user or bit-coin address. Yes, fuck you too John the Baptist. Even if someone did use the same info to create an Atlantis account it does not mean they deserve to be stolen from by a thieving cunt. You are a little cunt yourself for suggesting that. You should really think about what you are saying before the words fly out of your sperm receptacle. I got phished for my account and did not use the same info on my Atlantis site sign up. Yet i got in the next day and saw they stole 2 dollars. Just goes to show you how ignorant the thieves were too. They could have waited 2 days and got me for 500 dollars. Luckily I learned my lesson on only 2 dollars. I changed all my information the next day to reclaim my account. Fuck Atlantis too. Even their real site can blow me. I'm happy here.
-
They don't need your pin to withdraw funds. Just your username and password and they can transfer funds to another user or bit-coin address. Yes, fuck you too John the Baptist. Even if someone did use the same info to create an Atlantis account it does not mean they deserve to be stolen from by a thieving cunt. You are a little cunt yourself for suggesting that. You should really think about what you are saying before the words fly out of your sperm receptacle. I got phished for my account and did not use the same info on my Atlantis site sign up. Yet i got in the next day and saw they stole 2 dollars. Just goes to show you how ignorant the thieves were too. They could have waited 2 days and got me for 500 dollars. Luckily I learned my lesson on only 2 dollars. I changed all my information the next day to reclaim my account. Fuck Atlantis too. Even their real site can blow me. I'm happy here.
Wrong, the pin needs to be entered for all transactions including sending to other SR usernames.
-
They don't need your pin to withdraw funds. Just your username and password and they can transfer funds to another user or bit-coin address. Yes, fuck you too John the Baptist. Even if someone did use the same info to create an Atlantis account it does not mean they deserve to be stolen from by a thieving cunt. You are a little cunt yourself for suggesting that. You should really think about what you are saying before the words fly out of your sperm receptacle. I got phished for my account and did not use the same info on my Atlantis site sign up. Yet i got in the next day and saw they stole 2 dollars. Just goes to show you how ignorant the thieves were too. They could have waited 2 days and got me for 500 dollars. Luckily I learned my lesson on only 2 dollars. I changed all my information the next day to reclaim my account. Fuck Atlantis too. Even their real site can blow me. I'm happy here.
Wrong, the pin needs to be entered for all transactions including sending to other SR usernames.
Exactly, precisely....that's what the nobhead ,OP can't get through his thick skull. You got phished because of your own stupidity not because of SR's security. So stop spreading F.U.D OP you naive muppert.
-
They don't need your pin to withdraw funds. Just your username and password and they can transfer funds to another user or bit-coin address. Yes, fuck you too John the Baptist. Even if someone did use the same info to create an Atlantis account it does not mean they deserve to be stolen from by a thieving cunt. You are a little cunt yourself for suggesting that. You should really think about what you are saying before the words fly out of your sperm receptacle. I got phished for my account and did not use the same info on my Atlantis site sign up. Yet i got in the next day and saw they stole 2 dollars. Just goes to show you how ignorant the thieves were too. They could have waited 2 days and got me for 500 dollars. Luckily I learned my lesson on only 2 dollars. I changed all my information the next day to reclaim my account. Fuck Atlantis too. Even their real site can blow me. I'm happy here.
THEY NEED YOUR PIN TO MOVE FUNDS SO STOP LYING YOU FUCKING WORM........even SSBD has told you so stop with your bullshit now. You got phished because you have no imagination you clown.