Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Exchanges
Re: [OFFICIAL]Bitfinex.com first Bitcoin P2P lending platform for leverage trading
by
wilfried
on 22/07/2015, 05:05:20 UTC
is it possible that someone got the mail with which you have registered at bitfinex. then he/she created an account and so knew the password. then he/she changed the mail adress in the account so you can log in and trade, so he/she then would log in and steal your btc, but you changed the password. so it was just kind of phishing.


Quote from: RealMalatesta on July 21, 2015, 09:32:23 PM
Quote from: Bagpipe on July 21, 2015, 09:03:02 PM
Quote from: RealMalatesta on July 21, 2015, 05:53:02 PM
One guy found BTC with a value of about 300'000  USD on his Bitfinex-account which he never opened
...How was he able to log in into an account which he never opened, please elaborate?

Just the same way as I did it: I received an e-mail from Bitfinex on my trashmail.com-mail that I've opened an account. I tried to log in and asked for a password reset. Then I got a link, klicked on it and received a new password on my mail address.

So just for documenting it: This was the first e-mail I received:

Quote
Hello,
Welcome to Bitfinex!

You're now ready to leverage trade, exchange bitcoins and earn interests on your deposit!

You can start by familiarizing yourself with all the Bitfinex features and how to use them here

Then you can start using Bitfinex by depositing some money into your account from the deposit page

We hope that you'll enjoy our platform. We'd be glad to hear your suggestions to improve it and your feedback. Don't hesitate to contact us at contact@bitfinex.com

Important recommendations regarding security:

While we took great care of the security of our platform, it is up to you to protect the integrity of your Bitfinex user account. Below are some recommendations to protect your Bitfinex account and the funds you own in it:

    Use Mozilla Firefox
    Install NoScript addon for Firefox
    Activate two-factor authentication (2FA) on Bitfinex
    Do not connect to Bitfinex on a public computer

Thank you for choosing us and enjoy Bitfinex!

Then I asked for a password reset:

Quote
Hello,
Reset your password

Someone asked to have your password reset on Bitfinex. If you did not do that, please ignore this email.

To reset your password, please click here: https://www.bitfinex.com/pages/reset_pwd/?id=BAhbCGkDNb8BSSIiJDJhJDEwJDVkM2V5V1FkU2dYb05NTTFyODhORC4GOgZFVEl1OglUaW1lDcvaHICrRoHHBzoLb2Zmc2V0aQIgHDoJem9uZUkiCUNFU1QGOwBU--34a90c20f6c48b0f079a59e7a220520cca145e35

This link will be valid until July 22, 2015 - 01:49:56 PM CEST

Regards,
The Bitfinex Team
https://www.bitfinex.com/

So then I got a new password:

Quote
Hello,
Your password has been reset

Your password has been reset on Bitfinex. Your new password is:

45EU4Nh8UV

Please change it as soon as you are connected to Bitfinex.

Regards,
The Bitfinex Team
https://www.bitfinex.com/

With the new password, of course, I was able to log in, the person who originally created the account was locked out. Meanwhile, after several persons have complained, my and several other accounts have been deleted.

If you look at the information which was released by cloudminr or their hackers (which I believe are the same), some persons can be fully identified, others not, with a simple doxing. If you look in the cloudminr-discussion, you'll see that at least one guy never opened "his" account, checked it anyway and found hundreds of Bitcoins there.

So it is obvious that these accounts were not locked or anything, but ready to be used...