请选择 进入手机版 | 继续访问电脑版
查看: 126|回复: 0

[交易所黑幕] 放在 bitfinex 平台xrp被盗!!

[复制链接]

102

主题

112

帖子

543

积分

管理员

Rank: 9Rank: 9Rank: 9

积分
543
发表于 2019-4-5 18:51:42 | 显示全部楼层 |阅读模式

       原贴来自:https://www.chainnode.com/post/308847

       本人在2018年初在2.36美元的时候买了2000个瑞波币,后来行情一直跌也没有去卖掉,中间偶尔登陆账户看看,今年初在登陆看发现币已经没有了,登陆账户发现在2018年12月18全部兑换了NCASH币然后提现!!!我就奇怪了,提现需要验证码,我手机和邮箱没有收到任何验证,怎么就给转走了呢?之前也看到过平台被盗过,后又增加了手机和邮箱验证感觉平台安全做的可以,提现也需要验证码和邮箱验证,在2017年牛市的时候我还给很多人推荐这个平台,没想到bitfinex还是不安全!!找他们理论后bitfinex给我回复说是我自己安全做的不到位!他们没有一点责任,出现这个样的情况,全怪我们注册用户么?建议国内人还是不要去这个平台做交易了!!

      请看图:

       201904051640241.jpeg
       201904051641561112.jpeg
       2019040516453313.jpeg
       2019040516471714.jpeg
       5.jpeg

      官方回复:
We have looked into your case and found the following:
A malicious person had knowledge of your password as no recent password reset requests were submitted to Bitfinex (apart from the one performed by yourself). Likely you used the same password for multiple services and was the combination of username + password part of lists used by criminals to compromise accounts. It could also be you have fallen victim to a phishing attack.
You did not have 2FA enabled for logins on the account, so anyone with access to your username and password was able to access the account.

We sent out login emails for all the logins executed by the attacker. Those emails contain links to freeze a Bitfinex account in case a user notices an unauthorised login. If a user does not detect a compromise in time, we cannot protect the account.

Because your credentials were compromised and you did not detect the compromise and freeze the account in time, the attacker was able to extract most of your funds by trading against himself using a market with a wide spread. The account that benefited from these trades has been suspended, however it only holds a small remaining balance. The owner of the account withdrew the funds before you alerted us. We could not stop this. Had most of your funds still been in the other account we would have frozen the funds and required the owner of the account to explain his actions and confiscated the funds if he could not explain how he acquired the funds.

We cannot reverse the trades and return the funds to you as the trades have been executed and the funds have been withdrawn by the attacker. This cannot be undone.

That all said, you should file a police report with your local law enforcement authorities. We can share the account details of the account used to extract your funds with the police investigator that would investigate this case after receiving a formal request from law enforcement to share this information. The order will need to be sent to inforequests@bitfinex.com by the responsible Law Enforcement investigator and will need to contain an order for us to share all relevant account information regarding the Bitfinex account that extracted the funds.

Please ask the investigator to include a reference to Ticket #358367

The first thing you should immediately do (if not already) is changing your email account's password and check for unauthorised logins in your email account's access logs (if they are available). You have already changed your BItfinex password. We advise you to change the password for any other service you may have used the same username / password for.

Please make sure to set your password to a unique strong password, not used for any other service.

We strongly advise you to enable 2FA for logins (for example Google Authenticator) on your Bitfinex account, next to/instead of the SMS 2FA you already have enabled. SMS 2FA doesn't protect you from malicious logins.
Make sure to employ Google 2FA or U2F 2FA on other important accounts as well, for instance your email account, and do not store a copy of the 2FA secret in a possible insecure place (cloud / email account / computer HDD / mobile phone storage etc.). Either don't make a copy of The 2FA secret or print a copy of the QR code and store it in a safe location and the delete the any digital copy after printing.

Please review the security https://support.bitfinex.com/hc/ ... rity-Best-Practices and make sure to properly secure your account.


Your account is currently frozen for trading and withdrawals.
If, after taking the requested security changes, you wish to unfreeze your account, please let us know.
We will then guide you through the process.

Kind regards,  
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则


快速回复 返回顶部 返回列表