GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Cryptocurrency is being stolen with phone numbers (https://gfy.com/showthread.php?t=1277155)

GFED 08-24-2017 08:58 PM
Cryptocurrency is being stolen with phone numbers
 

Bladewire 08-24-2017 09:00 PM
Great info thx :thumbsup

lezinterracial 08-24-2017 10:54 PM
I remember hearing a story about this a while back. But this needs to be repeated.

Guy was talking about bitcoin on twitter. Bad guy got his phone number and was able to switch his phone to that number. Did a password recovery and the bad guy got the guy's bitcoin and ether. The guy that got ripped was watching his account get drained and trying to call support. Which was closed.

just a punk 08-25-2017 01:19 AM
It was working a year ago or so, actually...

Barry-xlovecam 08-25-2017 05:00 AM
Old news but worth repeating -- this still works?

Encrypted SHA3 dual verification (credentials) has been known (with the encryption algorithms of the era) for over 15 years now. password and 'key phrase' is one common way it is done.
https://www.theregister.co.uk/2016/1...s_say_boffins/

rowan 08-25-2017 06:27 AM
Quote:
Originally Posted by lezinterracial (Post 21969533)
I remember hearing a story about this a while back. But this needs to be repeated.

Guy was talking about bitcoin on twitter. Bad guy got his phone number and was able to switch his phone to that number. Did a password recovery and the bad guy got the guy's bitcoin and ether. The guy that got ripped was watching his account get drained and trying to call support. Which was closed.
If I recall correctly the account was also set up to use SMS for two factor authorisation, so by porting the victim's number to a new phone+SIM it was possible to set a new password and log in using 2FA...

Don't use SMS for 2FA!

DraX 08-26-2017 04:13 PM
Quote:
Originally Posted by rowan (Post 21969855)
If I recall correctly the account was also set up to use SMS for two factor authorisation, so by porting the victim's number to a new phone+SIM it was possible to set a new password and log in using 2FA...

Don't use SMS for 2FA!
I use google authenticator on one site and on another I have email and then sms. Doesn't make it stronger with the added 1st step email confirmation if someone ports my phone number. Might look into another solution.

Is google authenticator the best solution to protect a user account ?


All times are GMT -7. The time now is 12:39 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123