Security Alert: Ethereum.org Forums Database Hacked by Bo Shen Hacker

The same hacker that hacked Bo Shen also hacked the Ethereum forum

Looks like some people didn't learn the lesson from the Bo Shen attacks... you snooze you loose...

If you used the eth forum, your private data is now public to the hacker - take steps to protect yourself.. especially your passwords

If you use bitcointalk forum or any forum your data is probably compromised. Never reuse passwords should be fairly obvious these days.

Although this is fair warning. When I was a novice crypto user back in 2012 I had an mt gox account hacked because bitcointalk forum got hacked and 2fa was not promoted as heavily as it is now.

yeah never use the same passwords or even too similar. I never use the same password twice.
but they are even getting around 2FA by social engineering the phone numbers just like in this attack and the bo shen attack - so even 2FA does not help these days - actually it makes things worse because it gives them more info - your phone number

which then allows them to potentially gain access to multiple more accounts

I never use 2FA if I don't have to... smart phones do not make smart people.. Period.

passwords you can easily change, but phone numbers are not as easy to change...

Correction, cell phone providers do not make 2FA more secure. Cell phones still do. I use google auth but yubikey has always been (since bitcoin was started) the best option and has never been hacked.

if they can get redirect your phone number to their phone, your cell phone does not make anything more secure.. it only makes anything its connected to less secure... no?

but yeah maybe stuff like google auth can help, i dont use that
F google

Google auth doesnt send codes over SMS. That is how social engineering gets your codes. Unless you are the government or a well funded hacker you won't be getting my google auth keys from my phones hardware.

1 Like

right
still
F Google, government has all your keys

3 Likes

There is no post about this on ethereum forum

Perhaps I'm showing my naivety, but what's the big deal about hacking a forum? I use a "who cares" tertiary email address and the weakest password the forum allows. Unless you use the same password you use for accounts that do contain sensitive information, what's at risk? How many likes you've received? The badges you've accumulated? Your reply to someone's question? If I'm missing something, please help me understand the ramifications of a forum hack. I guess there must be one, otherwise nobody would hack a forum, except for juvenile mischief.

1 Like

Some of us may not have the same "who cares" approach as you did which is quite disturbing to have to go through all sorting.

I'm not saying my approach is correct. That's why I posted the comment. I was describing what I've been doing on forums and asking if/why that may be a dumb thing for me to do. Sorry if I didn't communicate that very well.

IMHO its not so much the forum was attack, but that ethereum is still under attack in one way or another... the price is back under $8.00

let's wait and see if someone else gets their eth stolen and causes panic

If anyone is so lazy to use the same password or actually use their phone number on the forum, that is clearly their own fault and they are asking to get hacked.

I used to be into the whole ETH thing. I outgrew it pretty quick. I'm not anyone to say if the technology is there or if it is all hype, but what became clear to me is that they betrayed their principles when the DAO happened. That's when I stopped running full nodes and mining and ETH became to me just a way to profit by day trading.

Best decision I've ever made. Great profits, and looking back now I feel very comfortable with my assessment. The community is shattered and the price reflects it.

Unfortunately I'm getting the same feelling with zcash, because of the Blockchain Foundation thing and zooko's comments on Twitter.. I'm still mining though, and still running full nodes.

Bitcoin has never made me feel betrayed in any way, and I see the rift between small/big blockers as a good thing, specially because of how clear it is that bitcoin is almost impossible to change. This is good. Stability is reliability IMO, and that makes it a safe place to keep value stored.

1 Like

what comments specifically?

and yes, in a way, bitcoin being hard to change due to difficulty reaching consesus actually helps bitcoin in a lot of ways.

All i know is I asked him (zooko) to do an AMA video with me and he declined saying he was too busy.. but then I see him off on other things like blockchannel doing exactly that.. so obviously not too busy... instead of helping people that have backed zcash since testnet (AHEM) he goes off and does interviews elsewhere... kind of low if you ask me..

he doesn't seem as honest as I originally thought

which sucks because we are supposed to trust ZCash... hard to trust when they are not direct and honest.

Now he is going to do an AMA on the forums.. well.. buddy.. your one month too late - no one is left on these forums now LOL ROFL WTF... i have no interest in taking part now... FFS its christmas time, we should be spending it with friends and family, not on a zcash forum to talk with devs...

Not too long ago (maybe a week back or something) he was on Twitter talking about "legitimate" use cases for zcash and "normal" users and how anyone on the media should think twice about zcash being Dark Net Market friendly.

This was a very short time after the announcement regarding zcash and the Blockchain Foundation. I personally find it just terrible that developers feel the need to get into politics and be nosy about what a cryptocurrency is for. Why not let the users and the market decide? The mere fact that they are aligning with the BF speaks terrible about this. If zcash is truly untraceable when it comes to z_addresses, then what good is it to even mention the BF? It gives a VERY bad impression, specially since we have to trust them with the initial setup of the zcash genesis block... Just think about it.

Now, regarding zooko's tweets, even if he's the face of zcash.. what makes him the judge of who gets to use zcash and for what purposes? The worst thing was that zcash's z_addresses have had problems from the very beginning, and this guy is talking about "legitimate use cases", when the ONLY real use case for zcash is privacy, and the thing is broken!

Now z_addresses are supposedly fine, but between the politics and first impressions gone wrong, I'm starting to look where to point my hashing power to.

yeah i agree, it makes people question the entire trusted set up... is it really as they say?

and that really was a horrible start for zcash, to have broken the one thing that was supposed to make it what it is... again would have to question how well it all really works, does it actually do what it is supposed to do now?

Im already pointing at ETH and monero and selling for BTC :stuck_out_tongue:
Anyone who is actually holding zcash is just stupid at this point (or earlier)

some users on here were saying hold hold hold when it was around 100$.. and time has continued to prove them wrong...

In my honest opinion we can probably trust monero more for anonymity in the long run... rCT should help with that...

and otherwise... there will never be another bitcoin. bitcoin will always be #1 for crypto... so anyone who thought ZCash would be worth as much as bitcoin one day... just forget it.

It surprised me that in his tweets he sounded surprised about the Bo Shen hack.. that it scared him
"Bo Shen robery really scared me. Bo is one of our beautiful stable of investors [he is a horse? i thought he was a whale? have you seen his face - he is anythying but beautiful buddy! LOL]... and this shows that theives are actually attacking people like us!

wow thanks for the heads up... i didnt realize that people holding 100,000$ online would be targets of hacks and theft! LOL.. is he serious? he needed bo shen to get robeed to realize that ? LOL WTF

and about politics, he is about as far left as you can get:
"My beloved leftist friends, focused on the "fake news" motes in the eyes of rightists, please read:" give me a f-ing break...

"“Trump Is Already Implementing an Autocratic Foreign Policy”—"
does he honestly think clinton and her rapist husband and rip off foundation would have been better LOL WTF! maybe he should visit HAITI!!

oh S#!T SNAP RIGHT, the CLINTONS WOULD HAVE ACTUALLY USED ZCASH TO LAUNDRY MONEY FOR THE CLINTON FOUNDATION AND BRIBES!!!

no wonder he is upset Trump won and the Shilltons lost! LOL ROFL!

and is this retweet a joke?
"This vial of cybers directly ties Putin to 2016 election hacks."
cause its not funny, .. liberals... bad humor

adn this tweet
"The latest fake news that I see ripping through my tweeps like wildfire is the one about someone dumping LMT 6 mins before Trump's tweet."

leftists think trump should stop tweeting.. maybe the leftists should stop tweeting....

"Somebody asked me for a payment processor to facilitate receiving Zcash payments (or in their case, donations). Does anyone know of one?" zooko tweets on dec 9th
... meanwhile on Nov 29th he hearted my comment:

is his memory that bad? WTF seriously WTF? or is that just his leftist way of showing people what I initially showed him? i mean come on buddy, give credit to where credit is due... you initially found out from ME

meanwhile, later in his tweets he tweets out the thread that my coinpayments comment was in (again, which he hearted and knew full well about) as his "favorite thread"

if its your favorite thread buddy... how the F did you forget I mentioned coinpayments???????????????????????????? its just not honest.. not trustworthy..

dont worry zooko, no one really uses zcash for payments... people only ditch it for bitcoin! i received a total of one ZCash payment so far... bitocin #1, ETH #2, and ive received more funds with Monero than ZCash! so monero for the win there! LOL ROFL

I honestly feel like the ZCash devs have NO CREATIVITY of their own... they just get ideas from others.. even ZCash was a blatant bitcoin copy with bitcoin in the actual ZCash code!

they get ideas from others and then take credit for them themselves

bitcoin copy s#!t coin....

Youtube install videos...

AMA....

coinpayments....

I really wonder if they get any ideas on their own! LOL

and still NO WINDOWS WALLET WTF get some priorities buddy

oh snap, sorry I forgot... your funders are your priority... NOT US

"all coins are created equal"

BUT I GUESS WE ARE NOT HUH????

sorry we are not all leftists

he should really leave politics out of his company tweets

I'm sure there are a lot of people who support and mine ZCash today that would drop it in a second if they read his tweets

PS screen shots have been taken of this comment :grinning: :smiling_imp:

1 Like

No worries man. You see the truth now- this coin is bullshit. Imagine how much worse you would feel if you were one of the investors?

We have all be caught out with the hype thinking zcash would give us freedom to use as we like on what we like without been spying on by governments, instead this coin is designed to make investors rich and the rich richer with the real work been done by community left fighting over the scraps

yeah i guess so, well they can always pretend they got hacked and take a tax break I guess.. probably what bo shen did...

seems like it

whats for sure is the devs would still be unemployed without it LOL :smiling_imp:

1 Like

This is I thought when I heard first time about Zcash...

Being a company with investors...
And $2M... is a lot of money in payrolls

I don't know what will happen to Zcash but we can see the preview now!


Yesterday most of the founder's reward was transfered.