Ninjastic
Search content
Sort by
Showing 9 of 9 results by Saulich_Fedorovich
Post
Topic
Board Exchanges
Re: C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees
by
Saulich_Fedorovich
on 10/11/2018, 19:41:20 UTC
Quote from: milewilda on November 10, 2018, 05:52:58 PM
These are indeed serious bypass that you had mentioned but it doesnt really matter at all yet this exchange do already fallen to scam anyone.Im reading once in a while
Outside this, there are also weak practices like using MD5 based session cookies and don't change it across requests.
Quote from: milewilda on November 10, 2018, 05:52:58 PM

into this thread.I havent seen any response of OP on whats happening and also reading up continuous complaints about account disabled and lost funds.
What's happenning? Do you remember how they were hacked in February 2014? Please notice how the last 9 september and the Februrary 2014 are similar (both repeated the same withdrawal several time).
Well it might not be the same guys as in 2014, but I think the hackers just found a variant of the same vulnerability in order to bypass the February 2014 protection which was put after the first attack.

Without C-cex explaining how it exactly happenned. We'll won't know.
Quote from: milewilda on November 10, 2018, 05:52:58 PM
Remembering C-cex glory days but they do end up like this after on that 3 months vacation alibi.
What glory days? Trust me, you can be sure even by 2014 security standards, that you wouldn't see GET requests on Facebook or Paypal.
You can be sure those weakness exists since the beggining and aren't the result of a code update.
Post
Topic
Board Exchanges
Re: C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees
by
Saulich_Fedorovich
on 10/11/2018, 12:32:11 UTC
Sorry c-cex, but you don't seems to care about bug reports tickets.

Normally, even when you go on coinexchange.io, it's hard to find something vulnerable.
But with c-cex, it's hard to find something protected on client side. For starting, everything is vulnerable to CSRF even with 2FA enabled:

Wanna change the user's chatname of someonelse? It's possible to do it by making cliking a link which trigger a POST to http://c-cex.com/?id=profile&rett=chat_b.
Wanna write a chat message with an account you don't own?  It's possible to do it by making cliking a link which simply works through a GET request.
You hacked the e-mail account linked to a c-cex account? Just make the target user click a link and you'll receive the confirmation link. You also don't need to login to confirm the withdrawal (an other vulnerability combined).

In that case, the only thing protected against CSRF I found is posting limit orders. And even then it's still performed through GET requests.
I also found making someone losing all funds through clicking https://c-cex.com/?id=funds&dump=btc requires an origin matching c-cex.com. Though that’s still possible to hide and trigger the target through a redirect.

There is also their internal captcha systemhttps://c-cex.com/cp.html?s=385353503 which is easy to solve fully automatically through things like IBM Watson or Google Cloud vision with high sucess rates.

There are many ways to bypass users completely and steal funds directly from servers like with the recent attack (though I failed to see the vulnerabilty recently used by the attacker).

The exchange is definitely less secure than Mt.Gox. There are even known bugs used in the past elsewhere that aren't fixed on the exchange (1 task when you are in charge of security is to read the news about recent discovered attacking methods). Maybe they also run outdated third party libraries else too, but that's something to invastigate.
The only thing postive over Mt.Gox is funds are correctly managed manually outside the lack of fund audits: they can't "find" a forgotten wallet like it happened with Mt.Gox since no wallet are susceptible to be forgotten.

In some way, the bugs users are noticing with unexecuted withdrawals or disappearing deposits as well as disabled account is only the top of the iceberg.
Post
Topic
Board Exchanges
Re: C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees
by
Saulich_Fedorovich
on 13/09/2018, 14:49:08 UTC
Quote from: afeno on September 13, 2018, 08:48:12 AM
Quote from: zthomasz on September 12, 2018, 04:13:44 PM
Smart move. I had coins locked up in c-cex for their 3 month winter vacation 2017/18. The BBP coin and community are now my top choice.

I trust the BBP developers. They are really good people and some of them fully dedicated to BBP coin.
I know they will not abandon the coin no matter what and they will fix any technical issue with the wallet. Not like BTCZ!
BTCZ fixed all issues with a hard fork. The problem was C-cex refused to upgrade whereas everyone did.

They likely performed the hard hard fork and sold user's funds.
Post
Topic
Board Exchanges
Re: C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees
by
Saulich_Fedorovich
on 09/09/2018, 16:21:38 UTC
Quote from: milewilda on September 09, 2018, 04:11:25 PM
I cant tell a thing but we can always presume. Sorry for those who lost up DOGE and LTC. Luckily they havent able bypass BTC withdrawals.
Though they can.

Informations on the alleged IPs: they aren't tor nodes and one of them is used by a cellular network so it's unlikely behind a proxy. They are all from the same country. So it give an idea about where the attack does come from.

Code:
$ whois 196.221.127.186
% This is the AfriNIC Whois server.

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '196.221.49.0 - 196.221.255.255'

% No abuse contact registered for 196.221.49.0 - 196.221.255.255

inetnum:        196.221.49.0 - 196.221.255.255
netname:        ADSL-Customers
descr:          RT-ADSL-project
country:        eg
admin-c:        RT864-AFRINIC
tech-c:         RT864-AFRINIC
status:         Assigned PA
mnt-by:         RAYA-MNT
source:         AFRINIC # Filtered
parent:         196.221.0.0 - 196.221.255.255

role:           Raya Telecom
address:        RAYA Telecom
address:        23 Nahda St.,off Saad-el-aali st.,Maadi
address:        11431, Cairo, Egypt
phone:          tel:+20-2-7680900
fax-no:         tel:+20-2-7680901
admin-c:        MG4315-AFRINIC
tech-c:         SB1-AFRINIC
nic-hdl:        RT864-AFRINIC
remarks:        For any abuse complaint contact abuse@rayatelecom.net
mnt-by:         RAYA-MNT
source:         AFRINIC # Filtered



$ whois 156.161.167.35

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/whois_reporting/index.html
#
# Copyright 1997-2018, American Registry for Internet Numbers, Ltd.
#


NetRange:       156.161.0.0 - 156.161.255.255
CIDR:           156.161.0.0/16
NetName:        AFRINIC-ERX-156-161-0-0
NetHandle:      NET-156-161-0-0-1
Parent:         NET156 (NET-156-0-0-0-0)
NetType:        Transferred to AfriNIC
OriginAS:
Organization:   African Network Information Center (AFRINIC)
RegDate:        2010-11-03
Updated:        2010-11-17
Comment:        This IP address range is under AFRINIC responsibility.
Comment:        Please see http://www.afrinic.net/ for further details,
Comment:        or check the WHOIS server located at whois.afrinic.net.
Ref:            https://rdap.arin.net/registry/ip/156.161.0.0

ResourceLink:  http://afrinic.net/en/services/whois-query
ResourceLink:  whois.afrinic.net


OrgName:        African Network Information Center
OrgId:          AFRINIC
Address:        Level 11ABC
Address:        Raffles Tower
Address:        Lot 19, Cybercity
City:           Ebene
StateProv:
PostalCode:
Country:        MU
RegDate:        2004-05-17
Updated:        2015-05-04
Comment:        AfriNIC - http://www.afrinic.net
Comment:        The African & Indian Ocean Internet Registry
Ref:            https://rdap.arin.net/registry/entity/AFRINIC

ReferralServer:  whois://whois.afrinic.net
ResourceLink:  http://afrinic.net/en/services/whois-query

OrgAbuseHandle: GENER11-ARIN
OrgAbuseName:   Generic POC
OrgAbusePhone:  +230 4666616
OrgAbuseEmail:  abusepoc@afrinic.net
OrgAbuseRef:    https://rdap.arin.net/registry/entity/GENER11-ARIN

OrgTechHandle: GENER11-ARIN
OrgTechName:   Generic POC
OrgTechPhone:  +230 4666616
OrgTechEmail:  abusepoc@afrinic.net
OrgTechRef:    https://rdap.arin.net/registry/entity/GENER11-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/whois_reporting/index.html
#
# Copyright 1997-2018, American Registry for Internet Numbers, Ltd.
#



Found a referral to whois.afrinic.net.

% This is the AfriNIC Whois server.

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '156.161.128.0 - 156.161.191.255'

% No abuse contact registered for 156.161.128.0 - 156.161.191.255

inetnum:        156.161.128.0 - 156.161.191.255
netname:        EM-3
descr:          Etisalat-Misr 2G/3G subscribers
country:        EG
org:            ORG-EM1-AFRINIC
admin-c:        SMM2-AFRINIC
tech-c:         SMM2-AFRINIC
status:         ASSIGNED PA
remarks:        For any abuse, please direct your queries to IP.Abuse@etisalat.com
mnt-by:         Sherif-Magdy-MNT
mnt-lower:      Sherif-Magdy-MNT
source:         AFRINIC # Filtered
parent:         156.160.0.0 - 156.191.255.255

organisation:   ORG-EM1-AFRINIC
org-name:       ETISALAT MISR
org-type:       LIR
country:        EG
address:        Etisalat Misr
address:        S4, Down Town, 90th Street,
address:        5th Compound,
address:        New Cairo, Egypt.
address:        Cairo 11835
phone:          tel:+20-2-35381889
phone:          tel:+20-2-35381889
phone:          tel:+20-2-35381889
phone:          tel:+20-2-35381889
fax-no:         tel:+20-2-35381072
admin-c:        AFE1-AFRINIC
tech-c:         AFE1-AFRINIC
mnt-ref:        AFRINIC-HM-MNT
mnt-ref:        etisalat-mnt
mnt-by:         AFRINIC-HM-MNT
source:         AFRINIC # Filtered

person:         Sherif Magdy Mohamed
address:        Etisalat Misr
address:        S4, Down Town, 90th Street,
address:        5th Compound,
address:        New Cairo, Egypt.
address:        Cairo 11835
address:        Egypt
phone:          tel:+20-2-35381000
fax-no:         tel:+20-2-35381072
nic-hdl:        SMM2-AFRINIC
mnt-by:         GENERATED-BDVY6DBBH98KLPSUIXSD5SUX8WDCVXTF-MNT
source:         AFRINIC # Filtered



$ whois 156.218.142.74

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/whois_reporting/index.html
#
# Copyright 1997-2018, American Registry for Internet Numbers, Ltd.
#


NetRange:       156.218.0.0 - 156.218.255.255
CIDR:           156.218.0.0/16
NetName:        AFRINIC-ERX-156-218-0-0
NetHandle:      NET-156-218-0-0-1
Parent:         NET156 (NET-156-0-0-0-0)
NetType:        Transferred to AfriNIC
OriginAS:
Organization:   African Network Information Center (AFRINIC)
RegDate:        2010-11-03
Updated:        2010-11-17
Comment:        This IP address range is under AFRINIC responsibility.
Comment:        Please see http://www.afrinic.net/ for further details,
Comment:        or check the WHOIS server located at whois.afrinic.net.
Ref:            https://rdap.arin.net/registry/ip/156.218.0.0

ResourceLink:  http://afrinic.net/en/services/whois-query
ResourceLink:  whois.afrinic.net


OrgName:        African Network Information Center
OrgId:          AFRINIC
Address:        Level 11ABC
Address:        Raffles Tower
Address:        Lot 19, Cybercity
City:           Ebene
StateProv:
PostalCode:
Country:        MU
RegDate:        2004-05-17
Updated:        2015-05-04
Comment:        AfriNIC - http://www.afrinic.net
Comment:        The African & Indian Ocean Internet Registry
Ref:            https://rdap.arin.net/registry/entity/AFRINIC

ReferralServer:  whois://whois.afrinic.net
ResourceLink:  http://afrinic.net/en/services/whois-query

OrgAbuseHandle: GENER11-ARIN
OrgAbuseName:   Generic POC
OrgAbusePhone:  +230 4666616
OrgAbuseEmail:  abusepoc@afrinic.net
OrgAbuseRef:    https://rdap.arin.net/registry/entity/GENER11-ARIN

OrgTechHandle: GENER11-ARIN
OrgTechName:   Generic POC
OrgTechPhone:  +230 4666616
OrgTechEmail:  abusepoc@afrinic.net
OrgTechRef:    https://rdap.arin.net/registry/entity/GENER11-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/whois_reporting/index.html
#
# Copyright 1997-2018, American Registry for Internet Numbers, Ltd.
#



Found a referral to whois.afrinic.net.

% This is the AfriNIC Whois server.

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '156.218.0.0 - 156.218.255.255'

% No abuse contact registered for 156.218.0.0 - 156.218.255.255

inetnum:        156.218.0.0 - 156.218.255.255
netname:        All-39
descr:          TE Data
country:        EG
admin-c:        TDCR1-AFRINIC
tech-c:         TDCR2-AFRINIC
status:         ASSIGNED PA
remarks:        ====================================================
remarks:        For Internet Abuse & Spam reports : admins@tedata.net
remarks:        ====================================================
mnt-by:         TE-Data-MNT
source:         AFRINIC # Filtered
parent:         156.192.0.0 - 156.223.255.255

role:           TE Data Contact Role
address:        94 Tahrir Street, Dokki, 12311, Giza, Egypt
phone:          tel:+20-2-33320700
fax-no:         tel:+20-2-33320800
admin-c:        TDCR2-AFRINIC
tech-c:         MH7-AFRINIC
nic-hdl:        TDCR1-AFRINIC
abuse-mailbox:  abuse@tedata.net
mnt-by:         TE-Data-MNT
source:         AFRINIC # Filtered

role:           TE Data Contact Role-2
address:        94 Tahrir Street, Dokki, 12311, Giza, Egypt
phone:          tel:+20-2-33320700
fax-no:         tel:+20-2-33320800
admin-c:        TDCR2-AFRINIC
tech-c:         MH7-AFRINIC
nic-hdl:        TDCR2-AFRINIC
abuse-mailbox:  abuse@tedata.net
mnt-by:         TE-Data-MNT
source:         AFRINIC # Filtered

% Information related to '156.218.128.0/18AS8452'

route:          156.218.128.0/18
descr:          Telecom-Egypt-Data
origin:         AS8452
mnt-lower:      GEGA-MNT
mnt-by:         AFRINIC-HM-MNT
source:         AFRINIC # Filtered

$
Post
Topic
Board Exchanges
Re: C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees
by
Saulich_Fedorovich
on 09/09/2018, 16:07:30 UTC
Quote from: LTU_btc on September 09, 2018, 10:59:53 AM
After long time I tried to login to my C-CEX account, but got "user not found message". Seems that they deleted my account, as I see more people have same problem like me. At least I didn't had money on my C-CEX account. I also tried to open new account, but guess what happened - confirmation message didn't arrived to my email. Now when I read this thread I feel that it would be better to avoid this exchange...

Their usual tactics in stoling user money: closing accounts without even an automated notice. Also with BitcoinZ, they would make a lot of money if they upgrade (or maybe they did already). Something helpfull for recovering the amounts stolen.
Post
Topic
Board Exchanges
Re: C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees
by
Saulich_Fedorovich
on 09/09/2018, 15:59:58 UTC
Quote from: gEMx on September 09, 2018, 02:16:28 AM
poor ccex. always a target for hackers. very unfortunate. hopefully trade will pick up so these balances can be paid. need more info on hack. only hot wallets empty? was any doge +  ltc stored cold?
Not really. Every action from transfering funds to trashing balances is vulnerable to CSRF, even with 2FA enabled. This was something pending to happen, there are also many more unfixed server side issues waiting for getting user's funds robbed.

Even their scripts for transferrring funds from cold wallets are vulnerable (they are only triggered manually but the process is automatic). it's really impressing nobody logged-in remotely yet (though this part is unlikely thanks to cloudflare) or got access to private keys (also unlikely).

Outside vulnerabilities, there are risky but still secure practices like using MD5 for session cookies without regenerating or being able to confirm withdrawals links sent to emails from a different ɪᴘ. Or using a single hot wallet for some coins.

But getting those errors fixed will only lead to to get more money robbed by them, so I won't speak about those issues. The more this exchange get hacked, the less the peoples are likely to get robbed by the bigger robber: c-cex.com staff.
I also won't reaveal more publicly or it would be first-in best-dressed on everything listed!

But their level of security practices isn't comparable to anything I saw on other exchanges though.
Post
Topic
Board Marketplace (Altcoins)
Arbitrage! I'm selling huge amounts of Everus and MCAP on etherdelta at discount
by
Saulich_Fedorovich
on 25/08/2018, 21:14:51 UTC
Well. The problem of decentralized exchanges like etherdelta and forkdelta (the offer is on both exchanges) is lack of liquidity.
A second problem with centralized exchanges is daily withdrawal limits. With such large amounts for current market prices, this a stopper.

But for those interested for performing a triangular cross exchange arbitrage with smaller amounts, just check my orders above 100 Ethereum equivalent: https://etherdelta.com/#0x3137619705b5fc22a3048989f983905e456b59ab-ETH https://etherdelta.com/#MCAP-ETH and https://etherdelta.com/#BQ-ETH

Here are the exchanges with more volume https://coinmarketcap.com/currencies/mcap/#markets https://coinmarketcap.com/currencies/everus/#markets https://coinmarketcap.com/currencies/bitqy/#markets.
Post
Topic
Board Exchanges
Re: C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees
by
Saulich_Fedorovich
on 24/08/2018, 23:25:13 UTC
Are there anyone with Alphabit on that exchange ? I am willing to buy at 11000 doge per Alphabit c-cex codes (I want c-cex codes not alphabit directly).

Because obviously, depositing on the coins which will be delisted does not work.
Post
Topic
Board Exchanges
Re: C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees
by
Saulich_Fedorovich
on 21/08/2018, 17:41:44 UTC
Looks like c-cex isn't as secure as they claim to be https://tinyurl%2Ecom/y85sm694.