Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Securities
Re: [dicenow.com] btc/ltc casino - 10,000 rolls per click - play/invest - multi edge
by
boumalo
on 23/04/2014, 13:04:05 UTC
Quote from: superresistant on April 22, 2014, 09:29:27 PM
Quote from: AtomicStrike on April 10, 2014, 01:28:47 PM
Quote from: superresistant on April 10, 2014, 01:15:18 PM
Quote from: AtomicStrike on April 09, 2014, 06:29:03 AM
dicenow
Hello! Today two accounts (my 13773 and my wife 14532) was hacked and all bitcoins was withdrawed to 1NHQEzpernPm4BKh1E3P1Sh4Bn4YA6bXy6
Passwords not changed, 2fa is on. How can this happens? Can you help me to understand what is going on?
Man in the middle attack.
Support tell me, that my accounts was accessed from unfamiliar IP, but how can it be with 2fa on I don't understand.
The only one my mistake, the passwords was same on both accounts. But accounts was on different PC's and with different providers. e-mails was different too.


In the case of a man-in-the-middle attack, the hacker steal your logged-session which is valid for an hour or more.
The only way to protect from this kind of attack is to enable an automatic-logout-on-IP-change but I almost never saw it.
Even if it exist, the hacker can spoof your IP so yeah you can't do much...

It is quite a high level hacking IMO unless you computer is full of trojans.


That is a way for someone to access your account protected by f2a; getting your f2a back up is an other way

If each withdrawal is protected by f2a he won't be able to withdraw even if he got access to your account stealing your logged-session