Cryptocurrency is being stolen with phone numbers - GoFuckYourself.com

Bladewire · 08-24-2017, 09:00 PM

Great info thx

lezinterracial · 08-24-2017, 10:54 PM

I remember hearing a story about this a while back. But this needs to be repeated.

Guy was talking about bitcoin on twitter. Bad guy got his phone number and was able to switch his phone to that number. Did a password recovery and the bad guy got the guy's bitcoin and ether. The guy that got ripped was watching his account get drained and trying to call support. Which was closed.

just a punk · 08-25-2017, 01:19 AM

It was working a year ago or so, actually...

Barry-xlovecam · 08-25-2017, 05:00 AM

Old news but worth repeating -- this still works?

Encrypted SHA3 dual verification (credentials) has been known (with the encryption algorithms of the era) for over 15 years now. password and 'key phrase' is one common way it is done.
https://www.theregister.co.uk/2016/1...s_say_boffins/

rowan · 08-25-2017, 06:27 AM

Quote:

Originally Posted by lezinterracial

I remember hearing a story about this a while back. But this needs to be repeated.

Guy was talking about bitcoin on twitter. Bad guy got his phone number and was able to switch his phone to that number. Did a password recovery and the bad guy got the guy's bitcoin and ether. The guy that got ripped was watching his account get drained and trying to call support. Which was closed.

If I recall correctly the account was also set up to use SMS for two factor authorisation, so by porting the victim's number to a new phone+SIM it was possible to set a new password and log in using 2FA...

Don't use SMS for 2FA!

DraX · 08-26-2017, 04:13 PM

Quote:

Originally Posted by rowan

If I recall correctly the account was also set up to use SMS for two factor authorisation, so by porting the victim's number to a new phone+SIM it was possible to set a new password and log in using 2FA...

Don't use SMS for 2FA!

I use google authenticator on one site and on another I have email and then sms. Doesn't make it stronger with the added 1st step email confirmation if someone ports my phone number. Might look into another solution.

Is google authenticator the best solution to protect a user account ?

08-24-2017, 08:58 PM	#1
GFED Confirmed User Industry Role: Join Date: May 2002 Posts: 8,098	Cryptocurrency is being stolen with phone numbers __________________ https://www.flow.page/savethechildren

08-24-2017, 09:00 PM	#2
Bladewire StraightBro Industry Role: Join Date: Aug 2003 Location: Monarch Beach, CA USA Posts: 56,232	Great info thx __________________ Skype: CallTomNow

08-24-2017, 10:54 PM	#3
lezinterracial Confirmed User Industry Role: Join Date: Jul 2012 Posts: 2,925	I remember hearing a story about this a while back. But this needs to be repeated. Guy was talking about bitcoin on twitter. Bad guy got his phone number and was able to switch his phone to that number. Did a password recovery and the bad guy got the guy's bitcoin and ether. The guy that got ripped was watching his account get drained and trying to call support. Which was closed. __________________ Live Sex Shows Best Adult Content to Promote

08-25-2017, 01:19 AM	#4
just a punk So fuckin' bored Industry Role: Join Date: Jun 2003 Posts: 32,344	It was working a year ago or so, actually... __________________ Obey the Cowgod

08-25-2017, 05:00 AM	#5
Barry-xlovecam It's 42 Industry Role: Join Date: Jun 2010 Location: Global Posts: 18,083	Old news but worth repeating -- this still works? Encrypted SHA3 dual verification (credentials) has been known (with the encryption algorithms of the era) for over 15 years now. password and 'key phrase' is one common way it is done. https://www.theregister.co.uk/2016/1...s_say_boffins/