Silk Road forums
Market => Rumor mill => Topic started by: dirkpitt on September 01, 2013, 09:26 pm
-
I was robbed on silk road. I don't think SR was involved?
Some fuck-stick somehow figured out how to do it...
I am very safe online
never been hacked before
Fuck, what a bummer.... >:(
-
So someone stole your bitcoin or what? I thought someone would need not just your login and password but then your pin too to rob you?
-
You are right, they need my pin, which was an 8 digit, random set of upper/lower, num, symbol.
Impossible to hack...I thought ??????
Only 2.12 bitcoin, but thats not the point...
I am both bummed and pissed
-
Hey dude, If you see any other thread or post of user that claims that his funds got stolen please report in this new thread that I've just opened :
http://dkn255hz262ypmii.onion/index.php?topic=209278.0
peace and stay safe,
BPM
-
So you never gave your pin out? and 2.12 is like $285. i would be pissed at the amount!
-
So you never gave your pin out? and 2.12 is like $2.85. i would be pissed at the amount!
Are you joking? what system are you on? last years. Its worth $250 at least. OP you want to fucking expand a bit on how you got stung like, help people out?
-
So you never gave your pin out? and 2.12 is like $2.85. i would be pissed at the amount!
Are you joking? what system are you on? last years. Its worth $250 at least. OP you want to fucking expand a bit on how you got stung like, help people out?
Here's what happened.
I logged on to SR today and my account reads 0.00
It should have 2.12 bitcoin
I checked history and it shows I "Withdrew" the whole thing Aug 28th
nothing in the Note column
I haven't been logged in since Aug 23rd
Off course I am pissed off, but what am I to do. I am trying to look at the bright side,
It could have been way worse
First off let me say, I have a background in this kind of stuff, internet security, etc
I have followed all security protocols doing this....
I know how this bitcoin thing works!
If someone hacks in then you are screwed.
By design, Bitcoin transactions are untraceable. That is the word anyway ::)
No word back from SR site. I contact Customer Support....
I am sure SR will say, Tough Shit :(
They will say I used improper security procedures
Yea, right...I know what I did and how I did it....
No way might account should have been accessed....
NO FUCKING WAY....Not possible
The only thing I downloaded was PGP keys of prospective vendors
You tell me, how did this happen.... >:(
DirkPitt
-
Have you created an account on Atlantis using the same credentials as your SR account by any chance?
-
Have you created an account on Atlantis using the same credentials as your SR account by any chance?
Nope, never been to Atlantis
Clicked the link, never reached site
I wish I had so I would know, what the fuck happened?
Worst part is, I followed procedure like an OCD person
I looks like even SR can't be trusted :(
Thought I had a safer place to shop than the streets.
Guess not, although I never have been straight up robbed on the street!
I have been burned like everyone else, but never robbed.
This sucks
-
This sounds really weird.
It does not show up anuwhere and you're sure you did not forget something?
When reading this topic we thought, yeah that is SR. Quite some really high rep vendors scammed us for thousands of dollars and nothing to do about it. But that's not it.
Contact SR, but you probably already did.
Good luck man. I hope it returns, 2+btc is not just a little bit anymore...
-
check your TorBrowser NoScript settings. Is Allow Global Scripts turned off?
-
So you never gave your pin out? and 2.12 is like $2.85. i would be pissed at the amount!
Are you joking? what system are you on? last years. Its worth $250 at least. OP you want to fucking expand a bit on how you got stung like, help people out?
I meant $285
-
Have you created an account on Atlantis using the same credentials as your SR account by any chance?
Nope, never been to Atlantis
Clicked the link, never reached site
Did you "click a link" in order to get to Silk Road by any chance? Are you sure you signed up at the genuine site?
-
Well SR replied,
"If the funds are gone and they were not withdrawn by you, your account was compromised and your bitcoins were stolen, most likely as a result of entering the login credentials you use for Silk Road on another site, or using an incorrect Silk Road URL. As the Bitcoin protocol is irreversible by design, we are unable to recover your coins.
You should change your password and PIN immediately (you can do this on the 'Settings' page). They should both be changed to something unique and complex that you have never used before, neither on Silk Road nor any other site.
Please ensure that you either memorize or bookmark the real address: [silkroadvb5piz3r.onion] and do not enter your Silk Road login credentials at ANY other URL (including other marketplaces - use a different password and PIN for those.)
You should also regularly check your system for keyloggers, dataloggers and rootkits, and ensure that you always use a unique username and complex password that you do not / have not used anywhere else, especially on another marketplace."
~SR Support
Yep,
Fuckin A, screwed in the ass :(
through no fault of my own, no way I gave that PIN to anyone
At least give me the credit to not be that stupid >:(
DP
-
Again, have you checked your NoScript settings?
-
Again, have you checked your NoScript settings?
May I ask what is the " NoScript" settings? Do you mean JavaScript settings?
-
Again, have you checked your NoScript settings?
May I ask what is the " NoScript" settings? Do you mean JavaScript settings?
NoScript is an add-on included in the TorBrowser Bundle. It is infinitely useful but yes one of the things it does is blocks javascript, among many other things. By default the 'Allow Global Scripts' under 'Appearance' tab in the settings in checked -- it's wise to uncheck this so I don't accidentally Allow Global Scripts when using the browser. Under 'General' tab is where you will find if it's enabled or not. It should be unchecked.
You should also forbid Java and other plugins, which is not set by default.
-
Yep, turn Java off. : )
You should always change your SR BTC address every month.
Did you have your pin written somewhere?
-
welcome welcome aboard the road ... lol used to be brilliant on here.. its not now ...why? :(
-
Again, have you checked your NoScript settings?
May I ask what is the " NoScript" settings? Do you mean JavaScript settings?
NoScript is an add-on included in the TorBrowser Bundle. It is infinitely useful but yes one of the things it does is blocks javascript, among many other things. By default the 'Allow Global Scripts' under 'Appearance' tab in the settings in checked -- it's wise to uncheck this so I don't accidentally Allow Global Scripts when using the browser. Under 'General' tab is where you will find if it's enabled or not. It should be unchecked.
You should also forbid Java and other plugins, which is not set by default.
I've forbidden all the options in the NoScript. From no on - upgrading to ultra security! :)
Thanks,
Peace,
BPM
-
Yep, turn Java off. : )
You should always change your SR BTC address every month.
Did you have your pin written somewhere?
Just one thing Johnny, a buyer should use a new BTC address for each and every transaction. Using one for more than a single transaction can potentially link you to more than one transaction. A new address for each transaction will mitigate the risk of you being associated with multiple purchases ( or deposits to) a single BTC address. This is all based on you being under the eye of the law but it makes sense to always minimize any potential risks. :)
-
How do I turn java off please ?
-
Yep, turn Java off. : )
You should always change your SR BTC address every month.
Did you have your pin written somewhere?
Just one thing Johnny, a buyer should use a new BTC address for each and every transaction. Using one for more than a single transaction can potentially link you to more than one transaction. A new address for each transaction will mitigate the risk of you being associated with multiple purchases ( or deposits to) a single BTC address. This is all based on you being under the eye of the law but it makes sense to always minimize any potential risks. :)
I thought that SR encrypts all the content in the site including the BTC addresses or am I wrong?
-
Yep, turn Java off. : )
You should always change your SR BTC address every month.
Did you have your pin written somewhere?
Just one thing Johnny, a buyer should use a new BTC address for each and every transaction. Using one for more than a single transaction can potentially link you to more than one transaction. A new address for each transaction will mitigate the risk of you being associated with multiple purchases ( or deposits to) a single BTC address. This is all based on you being under the eye of the law but it makes sense to always minimize any potential risks. :)
I thought that SR encrypts all the content in the site including the BTC addresses or am I wrong?
Never leave anything to chance and most importantly, never leave it up to anyone other than yourself to protect your details. Using a new BTC address for each transaction is free and a simple matter of one click ("get new address"). Your previous BTC addresses are still kept in your SR Wallet for a period of time before they are retired and permanently disposed of. Always MINIMIZE your risks.
To turn off Javascript, click on the orange rectangle in the top left "Tor Browser". On the right click "Options" then click "Options" again. Click on "Content" and uncheck "Enable Javascript". It's best to make sure and check "forbid scripts globally" is also enabled.
-
Thank you, have sorted it now much appreciated +1 for your trouble.
-
Guy's Guy's you never guess what I picked my nose today and I thought I wiped the big green bogie on my dresser then I went to the bathroom came back and it was gone now I know my security is tight as I shut my bedroom door but that booger was clean gone I asked the cat did you eat it shelly she meoed and said no I asked the dog jack did you eat it jack and he barked no also so now what do I do I should call this robbed on my bed what do you guy's think BS or just an attention seeking kid, ROBBED ON SR yeah fucking rite the next thing he'll be saying is oh his 6 mates and 2 girlfriends know his log in details n code but nah it wasn't them it was SR wasn't it mate get a fucking life you lying shit now you've got people thinking their not safe on the most safest site in the world so fuck off man and get a life cunt whens your 16th birthday again idiot
-
You should never use an online wallet to store a significant amount of coins for a long period of time. This includes SR but other online wallets like blockchain.info can be just as bad. With an online wallet, your coins are tied to a password small enough for you to remember. Human made passwords are generally a poor method of security (even if you have a long password with caps, numbers, etc. it's not as secure as you think it is.) On top of that, you have the risk that the site hosting your wallet could be compromised and your coins stolen through no fault of your own.
What you want is a local bitcoin application like Bitcoin-Qt or MultiBit. This way your coins aren't tied to an online account but instead are secured with a highly randomized and cryptographically secure private key stored locally on your hard drive. You will then want to make multiple backups of that wallet.dat file (and optionally encrypt them) so you're protected in case of hard drive failure.
Online wallets were never meant to be used for long term storage. They should only be used as a convenient way to access coins you're going to spend in the short term without being tied to the computer you have your bitcoin client installed on. In the case of Silk Road, you shouldn't send more coins to your account than you're planning to spend in the next day or so.
-
@DrugsAreFun the point you make about a site losing your coins is a valid one -- there is no FDIC insurance like with a bank. On the other hand, two-factor authentication makes the password problem a non-issue, if you're storing your coins someplace more public facing. Generally though your points are pretty valid. All I would add is if you've already put your coins on SR, don't just send them to your software wallet directly unless you've set it up with tor and the wallet is fresh, otherwise you're creating an undesirable direct link to yourself from SR.
-
@DrugsAreFun the point you make about a site losing your coins is a valid one -- there is no FDIC insurance like with a bank. On the other hand, two-factor authentication makes the password problem a non-issue, if you're storing your coins someplace more public facing. Generally though your points are pretty valid. All I would add is if you've already put your coins on SR, don't just send them to your software wallet directly unless you've set it up with tor and the wallet is fresh, otherwise you're creating an undesirable direct link to yourself from SR.
DrugsAreFun makes some excellent points. +1. NEVER use an online Wallet, ever. Install Bitcoin - Qt with Armory over the top for added security or if you must, Multibit. Both are Bitcoin Desktop Clients and both work very well indeed. Never leave any coins in your SR Wallet and only transfer across what you need.
phunky, I think you mean make sure your Bitcoin address is a new, fresh one, not the Wallet. The Wallet contains all your Bitcoin addresses. You should only use a Bitcoin address once, that's it. A new address should be used for each and every transaction.
-
Thank you, have sorted it now much appreciated +1 for your trouble.
No worries. +1 to you as well. :)
-
Yep, turn Java off. : )
You should always change your SR BTC address every month.
Did you have your pin written somewhere?
Just one thing Johnny, a buyer should use a new BTC address for each and every transaction. Using one for more than a single transaction can potentially link you to more than one transaction. A new address for each transaction will mitigate the risk of you being associated with multiple purchases ( or deposits to) a single BTC address. This is all based on you being under the eye of the law but it makes sense to always minimize any potential risks. :)
I thought that SR encrypts all the content in the site including the BTC addresses or am I wrong?
Never leave anything to chance and most importantly, never leave it up to anyone other than yourself to protect your details. Using a new BTC address for each transaction is free and a simple matter of one click ("get new address"). Your previous BTC addresses are still kept in your SR Wallet for a period of time before they are retired and permanently disposed of. Always MINIMIZE your risks.
To turn off Javascript, click on the orange rectangle in the top left "Tor Browser". On the right click "Options" then click "Options" again. Click on "Content" and uncheck "Enable Javascript". It's best to make sure and check "forbid scripts globally" is also enabled.
You should never use an online wallet to store a significant amount of coins for a long period of time. This includes SR but other online wallets like blockchain.info can be just as bad. With an online wallet, your coins are tied to a password small enough for you to remember. Human made passwords are generally a poor method of security (even if you have a long password with caps, numbers, etc. it's not as secure as you think it is.) On top of that, you have the risk that the site hosting your wallet could be compromised and your coins stolen through no fault of your own.
What you want is a local bitcoin application like Bitcoin-Qt or MultiBit. This way your coins aren't tied to an online account but instead are secured with a highly randomized and cryptographically secure private key stored locally on your hard drive. You will then want to make multiple backups of that wallet.dat file (and optionally encrypt them) so you're protected in case of hard drive failure.
Online wallets were never meant to be used for long term storage. They should only be used as a convenient way to access coins you're going to spend in the short term without being tied to the computer you have your bitcoin client installed on. In the case of Silk Road, you shouldn't send more coins to your account than you're planning to spend in the next day or so.
Wadozo and DrugsAreFun are right :)
-
Second time this week i heard about this.. Exact same thing happened...
-
Second time this week i heard about this.. Exact same thing happened...
Wow; really? Does SR use the standard Java library functions to generate the addresses or something...? I seriously doubt it, but it would be amusing (and unfortunate). There's a vulnerability that's been exploited regarding Bitcoins and that's being billed as an Android bug, but it's really a Java standard library bug.