Cryptopia account hacked
Being a new user in cryptos, I heard the advise not to leave cryptos in exchange but the withdrawl fees are high and with the hope of short term trade I was using cryptopia. There was a blocked attempt on my gmail sign in and I changed password of my gmail account. Unfortunately yesterday I discover that my account is hacked in cryptopia and cryptos turned into BTC and withdrawn, When I informed support they messaged that they would look into it.
Lessons:
Donot leave cryptos in exchange especially if they dont have 2FA (like cryptopia)
Secure email account with 2FA or authenticators.
Use cryptonite toolbar to avoid malicious sites.
No amount of withdrawl fees is too high as otherwise you are putting all your funds to risk.
Hi milind1976,
Thanks for waiting for us to get back to you about this.
I'm sincerely sorry to see this has happened to you. I've completed my investigation into this and can see that your account was actually accessed by another person - IP address 93.201.61.183. This IP address appears to originate from Germany. We are absolutely certain there have been no user credentials leaked from Cryptopia, and if yours are known to someone else, they must have been obtained from activity or information of your own.
Your account was accessed by this IP address at 2/13/2018 12:14 AM(UTC), trades were completed at 2/13/2018 12:31 AM(UTC), and then a minute after that, everything was withdrawn to the address 17YEZm46uDuLeJGdnjC3Bh8jgTinAKdZWU in two seperate transactions. Unfortunately, this is not a Cryptopia held address so we cannot freeze it to try and recover these funds. As these withdrawal's have made it to the block chain, there isn't anything we're able to do to reverse it, due to the nature of the blockchain itself. You can see these transactions here:
blockchain (URL blocked by cryptocompare)
Another thing I noticed is that your Withdraw confirmation email has been disabled. If you'd like to enable this, you can do so from your Security page at https://www, URL blocked CRPT/Security. Just tick the checkbox there and you should see a little green box appear saying the change was successfully saved.
At this stage I recommend changing your email password immediately, if you have not already done so, and changing the password for any other account you use this same password for. For extra security, we recommend that users have an email on their Cryptopia account that is used ONLY for Cryptopia. This limits the exposure, and lessens the risk of it being compromised. If you would like us to change your email address for you, please open a new support ticket requesting this at your earliest convenience.
Another important thing to note, is that there are always phishing scams going on which disguise themselves as Cryptopia. We get these taken down as soon as we find them, however I would advise being very vigilant in that regard all the same. I would strongly recommend visiting CRPT forum/Thread/5153, we try and keep this as up to date as possible. This goes into detail about the various scams that we've identified who are pretending to be Cryptopia and provides some examples you can have a look at to determine whether or not your details may have been compromised via one of these sites.
Please use caution to avoid using any unauthorised websites, apps, or search results which impersonate Cryptopia. Your login credentials should NEVER be used anywhere except on our securely signed site with a certificate from Cryptopia LTD
I can definitely appreciate that this is not the nicest way to learn about account security, and again, I'm sincerely sorry for your loss.
Kind regards,
Cryptopia Support
The security in this exchange is very inadequate and blaming the user for loss is the standard approach. When the hacker went in my account he unclicked email notification of course. The exchanges make millions of dollars but when funds are lost they talk nothing of re-imbursement or compensation as you can see the email below where its clear that my account was hacked. And of course they assume that it was because of my negligence. This site doesnt have 2FA only a PIN which I assume a brute attack from hacker wasnt difficult to crack. STAY AWAY FROM CRYPTOPIA
Congratulations @milindk! You received a personal award!
Click here to view your Board
Congratulations @milindk! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!