Competitor HACKED!

Competitor HACKED!


First let me explain what has happened according to a statement form the supposed developer and site owner. According to statements, was hacked when a Hacker successfully called the Domain provider 1&1 and infiltrated the account. It sounds like the account did not have any 2 factor authentication to sign in. Either way, the account owner was apparently Socially Hacked well enough that the Hacker could impersonate the owner. Let me explain how ignorant this is. The account owner would have to have used truthful security data which can be found on social media and public records, to secure the account. It is a fact that answering your security questions with any bit of truth is the dumbest thing on Earth. The fact that this guy was hacked by impersonation is insane. He had no business securing your wallets nor your coins. and THAT is the problem with not understanding your own coins, wallets and how to store your coins yourself.

When the hacker called the Domain provider, he gained access to the account and changed the ip address that the domain name points to. He changed it to a fake version of which fooled members into logging in and sending their credentials unencrypted to the thief. The thief then logged into the real and transferred all funds out of the account before the real account owner figured it out.

First mistake was already discussed with not properly securing the backend structure of the website. The hacker did not even have to do any real hard work to decrypt or anything. Next problem is the fact that these wallets were connected to the internet with no human oversight. A remote attacker was able to log in and take over your account and do what they want with your wallets. Why? Why were your wallets connected to a network?

Let me tell you why this is NOT POSSIBLE with First I would recommend that you never answer any security question with anything other than a 32 char password instead of a real answer. The security questions for additional authentication are fine except when a hacker can get the answers from Facebook. Next, I as the Technical Officer do not have a Social account nor a profile. Any information that I have made available on the internet is strictly for identifying me as the policy manager for your coins and not a social party. In fact I did not even have a social profile until I designed this website. It is solely for my member to know me better.

Next, your wallets are not connected to the network nor any computer at all. So a thief can not log in and transfer your funds anywhere without my personal intervention. Even if a thief did the exact same thing as this guy and created a fully operational fake website for you to log into, first you have REQUIRED 2 factor Authentication. At the absolute minimum, you will receive an Authcode in your email. Soon we will have other authentication to include GPG certificates. And that is for log in only. Login notifications have been activated. Any successful login to your account will result in a simple alert to your email and your mobile device.

Password Rest is a hard and long process. Any attempt to change your account password first requires the 2FA code. Next the thief will be required to wait out a timer. This timer is required and can not be circumvented. During the reset process, the account owner receives an email notifying them that the reset process has started. That email contains a link that the account owner can use to LOCK this account and prevent any further actions, in the event that they did not start the reset process.

Every wallet requires first your log in with your account number, password and 2fa AND then each individual wallet has its own transfer password phrase. This is a sentence that you must use to further lock this wallet down to authorise any transfers out.

Finally, once you are authenticated and create a withdrawal request, that request is communicated to me, by email and two other encrypted methods and this is the server communicating with me, not the website. I receive a message from the server with the transfer details which I can then manually transfer once I am satisfied you are you.

A nice icing on the cake is that our servers are hosted by Amazon. Hacking servers will additionally acquire the attention of Amazon Systems.

In all truth nothing is invisible, but you sure as hell can’t make me transfer your money out by impersonating a social account on a website. If you ever have any questions or recommendations about the security of your wallets, features that you would like to see or processes, feel free to ask, but is committed to providing you the best common sense security possible. It Is my responsibility to provide you with the best security possible.

I know that all of my consideration sounds like a lot, but really? There are so many tricks out there to hack your account. Wouldn’t you rather we consider all of them as opposed to making it more convenient for an attacker? Do you not hold me responsible to provide you security for storage of your coins, your family’s coins and your friends?

blackwallet # hack # dns # 1&1 #
Share Post: