Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Discussion
Re: Cryptsy account got hacked
by
ButchHashidy
on 03/02/2014, 17:41:46 UTC
Something incredibly similar happened to me, only involving alot more BTC, and I've YET to get a response from cryptsy.  It happened not too long after their last major update.  All we want is an answer.  Give us IP addresses involved with the transactions so we can figure out if it was MITM attack or as Automatic pointed out, session hijacking.  If I remember correctly, none of our systems were connected to cryptsy, so session hijacking seems unlikely.  Could it be a site bug? Perhaps, but cryptsy isn't answering any of our questions.  Our ticket's been open for MONTHS now with no update.  We're pretty irked.  This has happened not once but TWICE.  Since then I've increased password size and complexity and regenerated API keys and disabled api feature completely. 

Unlike your misfortune, no BTC was actually withdrawn from our account.  2 Billion CENT was sold for LTC, then our ZET was sold for BTC.  The LTC balance was sold for BTC, all ending with a very large and expensive NMC purchase.  Then finally NMC was sold for BTC for a VERY TINY fraction of the worth of the rest of the coins.  The end result is our entire balances of alt coins and btc were essentially wiped out.  No withdrawals were made at all.  So it made me wonder if this was a server side bug.  As stated before I'm fairly certain no computers were connected to cryptsy and all sessions timed out. 

I've updated the ticket on my end at least 4 times and NO response from cryptsy.  The only way we were ever even given any type of support is when we caught BitJohn on IRC.  He basically gave us the run around and said he'd look into it.  TWO months ago.  We WANT to be reimbursed, and we'd be satisfied if they'd dig through some logs and give us some HINT of an answer so we can either format the secure computers we transact with OR be completely reimbursed.  Maybe if enough people come forward in this thread with similar problems, cryptsy will start to pay attention.

As a side note, me and my friends that trade take more precautions then the average user securing our trading PCs.  We use deep freeze to lock down the drive from changes and lastpass to manage our very long and complex passwords, noscript and adblocker in the browser to minimize malware infections and the PCs used to trade are ONLY used for that and nothing else.  We trade on MANY sites on these computers (including BTER, bitstamp, btc-e, gox, dgex), yet cryptsy was the only one affected.