I GOT HACKED!! - on Poloniex

in #steemit7 years ago

Yes it is true, what we all fear has just happened to me because negligence and stupidity.
I will write about what happened, what steps I had to take to recover and advices how to prevent all these in the future.

This is what I found this morning

Screen Shot 2017-07-09 at 23.30.16.png

Now this is something you never want to see, when you know you have some good valuable coins in there.
I obviously panicked and started to investigate why.
It turned out that both my yahoo mail (I know, Yahoo! bad) and Poloniex account were both hacked, but password was not changed though, which is good, otherwise I would have been completely screwed.

Hacker with ethics right? .... WRONG!!
He sold all my STEEM, LTC and other coins into BTC and made withdraw to his address.
Luckily, something went wrong (not fully understand what) and the transaction went wrong:

Screen Shot 2017-07-09 at 23.39.34.png

So I followed the trace and went to Poloniex support where he opened a ticket to unblock the transaction. Normally it should have gone through, as he had access to the mail as well. As Poloniex support is slow (YAAY!) nobody answered therefore the transaction is still pending.

Screen Shot 2017-07-09 at 23.46.19.png

I cancelled the ticket and opened new one to ask blocking all transactions. At the time of writing this the operation is still blocked in awaiting approval.

Curiously, even if this is a"play" account on Poloniex, this dude could have hurt me so bad by changing passwords, going through mail and trying other services and sites that have the mail as reference. He could have made BIG BIG damage, but he did not. He was after the money, therefore too busy to do other crap around there.

So how did this happen?
Very simple, in a moment of stupidity I opened an unknown binary file, from unknown sources and ignoring Windows alerts that it was a malware. The irony is that my daily job is to enforce IT security with my customers and I always take extra care with all these, then this happened to me. Lesson learned the hard way.

Where did I go wrong?

  1. Opening binary files from unknown sources (by the way, this was in a description of a youtube video)
  2. Ignoring antimalware advice to not open the file
  3. Using and rotating the same passwords since ages
  4. Not having 2FA (MFA) on none of the accounts (not mail, not Poloniex) - BAD

How did I mitigate?

  1. Immediately changing the passwords of Poloniex, Support Poloniex and mail
  2. Enabling MFA on both of these
  3. Cleaned the windows machine with spybot, defender and malwarebytes
  4. Cleared all cookies, temp, registry clean, unknown process stop, uninstall useless programs
  5. Changed the passwords on all accounts and never using those passwords again
  6. Enabled MFA/2FA where possible
  7. Cross linking all mail and google accounts and having different passwords on them to be able to recover them in case of
  8. Changed passwords of the wallets or re-create them, if empty
  9. Opened a beer and complained to my girlfriend

Again, lesson learned the hard way.
SECURE YOUR ACCOUNTS NOW! and don't get compromised

Please let me know in the comments if you think I did the right/wrong steps here

I really hope this will not happen to you!
Peace!

Sort:  

I also got hacked yesterday.

sorry for that mate, sux

Sorry bro

Thanks for sharing! It's never too much of advising about security!

exactly! hopefully some will benefit from my mistakes

I'm new to this but wonder if 2FA is really the be all and end all for account security...

The fact that you physically have the device generating the OTP is as secure as it can get!

I followed your advice on mitigating hacks. I followed advice No 9 😀

That very interesting how this attempt failed and a lesson for you!

Still not 100% sure the "pending" transaction will not go through. Any other ways I can cancel it, except for waiting support to reply?

Same thing happened to me, but without the virus. Someone brute forced my Poloniex account and logged in from a strange IP. Fortunately I didn't lose any $$ so lesson learned 2FA is a must. Did you recover your coins?

Lesson learned for sure. The coins are still in awaiting approval mode. Poloniex support has not yet answered. I closed the hacker ticket anyway, so at least they don't process it. Any way you can freeze the account alltogether?

UPDATE: 65 days now and Poloniex still hasn't answered my support ticket.

Damn dude, that was lucky!!

yes, I was very lucky and I am glad for this slap in the face

2FA is basic. Got to acrivate it in all accounts. Also. Using different passwords and secure ones would be smart.

that's horrible all the passwords have to be complex thanks a lot for sharing and keep on posting ;)

yeah, I survived! :) thanks

You can use mnemonic tricks to remember. Like phrases. ;)

yes, that part is easy. Actually Doing so and rotating is harder :) Thanks!

have you tried this services that organize all your passwords in one place? I've never tried but heard about it...

yeah, I use keePassX, but there are others like "LastPass" which have also autocomplete functions. I personally like to type in my passwords

isn't it unsafe? like, if somebody gets your keePassX password they may have access to all your passwords?

this is why I don't keep it locally, I upload to aws s3, where I have MFA :D I know it all circles back to one master password, but you cannot have more than this, would be overkill

I see... well, thanks for the heads up

I only open bat files at work, gives me somethign to do if it goes sideways lol

good stuff, but don't get yourself kicked out! :)

Lol at worst i'll get a slap on the wrist, it would have to some how get into our serves for me to get fired.

Then it is a good workplace :)