I just loose a lot of STR, instead of making a simple post i decide to channel the fury writing this post.
EDITED: the exchange it’s BX.IN.TH and not justcoin, im apologize, but not becouse they have a terrible security response time in this situation, that must change.
Chapter 0: The resume
An stellar account that wasn’t been used (bad passowrd, my GF) was hacked a minute later of recieving 100k STR and the amount sended to the wallet of BX.IN.TH.
Chapter 1: The history
I just lost 100k.
It’s hard, in the first minute you notice you smash your head thinking how you loose 100k.
I was trading since friday, buying and selling with a lot of people in this forum and in facebook groups like:
I was one of the first users in this forum (you can see my user id its 351).
So this history its real….
I was trading since friday 1st. Helping some friend to make some money, helping the growing stellars economy inviting some frinds.
That day i asked to my girldfriend to create an account for her, and to invite more people to join becouse “this has future” i say.
Today, i was having amess checking my account balance in stellar becouse i was trading with money of tow more friends, so i decide to separate my stellars to other account to only have the happy tree friends trading str.
I was the only one using my account, my friends just give me some money and i trade.
When i decide to separate the balance ask ti my gf the account username, she doesn’t do any other thing other of sharing some str from the initial give away and send her the 100k.
I continue trading, and then i see the browser tab and saw that the last 100k recieved now the amount was in 54.
This is the history of teh stellar ccount of my gf
As you can see, the time between she recieve the str and sended to that wallet was ONE MINUTE.
When i saw that, i looked up the hash and see that is from BX.IN.TH gKxWHv76WFSaEohhtuX3u2iWrfYGxZJXx9.
Chapter 2: The responsability
The cause of the incident was a weak password, my gf uses as example:
When i figure out this i made a triple face falm myself…
I know that i wil not have any chance of the stellar staff to get the amount back, but they (stellar.org) can implement 2FA.
Chapter 3: The Hope
BX.IN.TH exchange!! i thinked in that moment… they can freeze an account if detect ilegal activity
Write an email hours later (first i made a mistake becouse i believe that the wallet was from justcoin…)
Status: waiting response
Chapter 4: The lesson
Strong password, i know and you can bet my GF knows too
How to change your password in stellar.org?
Don’t look in your dashboard, first logout, then go to the login page and after the login button you will se the “Lost username or lost password” links, folow the lost password , type your email verification key, and change your password.
Chapter 5: Happy ending?
Im watingin an answer from BX…
I will be updating this post with the timming of support response in all the sides, at this moment nobody says nothing.
Edit 1: if the incident involve justcoin (wich not becouse i made a mistake and the exchange is BX) they respond the security email almost 12hs later asking to contacto firstname.lastname@example.org (i first wrote to email@example.com), so, for now, go to firstname.lastname@example.org instead email@example.com
Any feedback it’s welcome.
If this post it’s deleted you can find me in my blog: http://nanomo.wordpress.com
Facebok, twiter and stellar account: nanomo