League of Legends Superstar Loses Entire Cryptocurrency Balance to Port-Out Scam

Discussion in '[H]ard|OCP Front Page News' started by cageymaru, Sep 19, 2018.

  1. cageymaru

    cageymaru [H]ard|News

    Messages:
    18,893
    Joined:
    Apr 10, 2003
    League of Legends pro Yiliang "Doublelift" Peng recently recounted on a Twitch live-stream how he lost his entire Coinbase account balance to a port-out scam. He says that a few weeks prior to the theft, his T-Mobile phone's service was terminated and the device was listed as lost or stolen. He thought that T-Mobile had a network glitch and forgot about it. The hacker took over his email and emptied his Coinbase account. To hide that activity, the hacker had all emails from Coinbase flagged as spam, forwarded to the hacker's email and then automatically deleted from Doublelift's email account.

    Mr. Peng's bank contacted him when his bank account was seriously overdrawn and that is how he discovered the hack. When Doublelift tried to secure his email account, the hacker used his phone's authenticator app to take access back. He hopes to get the money stolen from his bank account reimbursed as it was considered fraudulent transactions by the bank. The $200,000 in cryptocurrency held in the Coinbase account will not be reimbursed.

    NA LCS 2018 MVP returns to youtube to recounts an insane story that occured a few weeks back to match the insane Kai'Sa gameplay that also happened on stream never before seen.
     
  2. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,506
    Joined:
    Nov 1, 2012
    Heh, seriously compromised bank security if all you need is e-mail and a phone app to access the bank. My bank won't give any information about the account without a personal visit to the office - and yes, they do check your id.
     
    Rahh and runudownquick like this.
  3. ChoGGi

    ChoGGi [H]ard|Gawd

    Messages:
    1,227
    Joined:
    May 7, 2005
    Just more "news" that cellphones aren't secure, and you should never use them as 2FA anything :)

    Also Coinbase supports TOTP, so if you do use coinbase grab a hardware key like Yubikey, and use that to store the key.
     
    Crackinjahcs and EODetroit like this.
  4. viscountalpha

    viscountalpha 2[H]4U

    Messages:
    2,366
    Joined:
    Oct 16, 2011
    2fa is garbage but it's also t-mobiles fault for not being suspicious. You get what you pay for.
     
  5. collegeboy69us

    collegeboy69us [H]ardness Supreme

    Messages:
    5,233
    Joined:
    Jul 27, 2003
    been in the crypto game a long time -- and as much as it sucks for him I have zero sympathy for anyone who leaves money on coinbase or exchange. Unless it's in your private wallet that you have the secret key for, it's not secure.

    For that level of money I'd have a dedicated airgapped PC that held the encrypted wallet and only online for the 5 seconds it takes to send the transaction.
     
    Ocellaris and ChoGGi like this.
  6. Nukester

    Nukester [H]ard|Gawd

    Messages:
    1,367
    Joined:
    Mar 21, 2016
    Good... Unregulated shit needs to go..
     
    Krenum, mikeo, FlawleZ and 2 others like this.
  7. viscountalpha

    viscountalpha 2[H]4U

    Messages:
    2,366
    Joined:
    Oct 16, 2011
    The real issue is our phone lines aren't as secure as they should be. How many more port outs and swatting events need to take place before we fix this?
     
    dvsman likes this.
  8. Dead Parrot

    Dead Parrot [H]ard|Gawd

    Messages:
    1,992
    Joined:
    Mar 4, 2013
    Just don't toss the hopelessly outdated PC/laptop into the trash a few years later.

    And 2fa that requires a Personalized Tracking Device to function isn't really secure considering that most PTDs exist on networks operated by companies who's secondary business model is monitoring all data flowing through the device and selling the results to 3rd parties.
     
  9. dgingeri

    dgingeri 2[H]4U

    Messages:
    2,785
    Joined:
    Dec 5, 2004
    Considering how poor smartphone security is, it's his fault for putting so much into his smartphone.
     
  10. Mega6

    Mega6 Gawd

    Messages:
    1,012
    Joined:
    Aug 13, 2017
    Someone worked REALLY hard for that Coin. Now if they would only apply a fraction of that talent and effort for something good, As stated Phone security sux. Keep your Finances away from phone apps. Verify DIRECTLY if issues occur,
     
    The Mad Atheist likes this.
  11. Master_shake_

    Master_shake_ Little Bitch

    Messages:
    7,575
    Joined:
    Apr 9, 2012
    hopefully it's insur.... oh wait, it probably wasn't.

    also who doesn't look in their spam folder?

    i always check mine for important stuff that falls through the cracks.
     
    dvsman and uberjon like this.
  12. EODetroit

    EODetroit [H]ard|Gawd

    Messages:
    1,376
    Joined:
    Oct 20, 2004
    I refuse to use mine to verify YouTube, Facebook, LinkedIn, etc, too, because I just knew it was making my accounts less secure, not more.
     
  13. Twisted Kidney

    Twisted Kidney 2[H]4U

    Messages:
    3,159
    Joined:
    Mar 18, 2013
    By criminals, for criminals. Suckers too, suckers are good best.

    Much like a PC, smart phone security is every bit as good as the user makes it. That's probably the problem. Compounded by the fact that these things are really just nasty, little data miners that insert themselves right in the middle of your life. You just can't replace vigilance, that's the other problem... The average smart phone user is just an average person that doesn't understand any of this shit. Companies and criminals have been preying on these waters like the feast will never end.

    I'm going to call it now: These companies aren't keeping their houses in order and are counting on "getting away with it" going forward. Their total lack of regard for privacy and security is going to get the long arm shoved right up their asses and the whining will be abso-fucking-lutely biblical.
     
  14. The Mad Atheist

    The Mad Atheist Limp Gawd

    Messages:
    498
    Joined:
    Mar 9, 2018
    $200K in pixie dust, is there anything useful you can buy with that stuff?
     
  15. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,600
    Joined:
    Nov 15, 2016


    hmmm.. really hard to care much when he couldnt even be bothered to really look into his own phone account being canceled because they thought it was lost or stolen
     
  16. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,486
    Joined:
    Aug 16, 2004
    So when the scammers called saying there was a problem with his cell phone account I take it he gave them his real info instead of making stuff up?

    I get those calls at least twice a month. Always make up random last 4 digits of social and pin number.

    Hopefully it at least wastes a little bit of their time.
     
    LakeErieWater likes this.
  17. Mut1ny

    Mut1ny [H]ard|Gawd

    Messages:
    1,853
    Joined:
    Apr 4, 2013
    Yeah, $200k worth of stuff or exchange for $200k in "real" money. What are you even talking about?
     
    dvsman and ZeqOBpf6 like this.
  18. Quad

    Quad n00bie

    Messages:
    17
    Joined:
    Jan 31, 2005
    If you can't fold it and stick it in your pocket it's not money.
     
    Jim Kim and The Mad Atheist like this.
  19. Azphira

    Azphira [H]ard|Gawd

    Messages:
    1,773
    Joined:
    Aug 18, 2003
    But people want you to embrace digital money, so they can turn that off too when you say something they don't like.
     
  20. PenGunn

    PenGunn Limp Gawd

    Messages:
    156
    Joined:
    May 30, 2013
    Only idiots leave their BTC on a vendor's site. You need your own wallet!
     
    Mega6 likes this.
  21. toast0

    toast0 Gawd

    Messages:
    837
    Joined:
    Jan 26, 2010
    If you don't learn anything else from this guy losing all his shit; when your phone wigs out, get on the phone with your carrier PDQ, cause you're getting fucked.
     
    cageymaru likes this.
  22. Icon_Charlie

    Icon_Charlie [H]Lite

    Messages:
    70
    Joined:
    Aug 3, 2018
    A fool and his money are soon parted. I can write pages upon paged about the ponzi scheme known as Bitcoin on who runs it.. how it is being ran and why people are so fucking stupid to gamble in this ponzi scheme, even as hundreds of millions of dollars are stolen... just this year.

    And yet people sill are using it.

    Greed is Good - Gorden Gekko
     
  23. nilepez

    nilepez [H]ardForum Junkie

    Messages:
    11,076
    Joined:
    Jan 21, 2005
    Your bank doesn't have online banking? My banks do and I wouldn't be shocked if they were susceptible to this. After all, if I have your email account, there's a decent chance I'll know what your bank is. If I know your bank and email address, I can do a password reset. If I have your phone, I can get buy 2 factor authentication texts as well as emails.
     
  24. Mega6

    Mega6 Gawd

    Messages:
    1,012
    Joined:
    Aug 13, 2017
    Huh... Haven't been to a bank in years. Why bother.
     
  25. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,506
    Joined:
    Nov 1, 2012
    Read more carefully - you can't reset your online password just by sending an e-mail for obvious security reasons and the system has a two factor authentication. You have to physically be at the office to authenticate in order to do that. Each time I login to the bank I need two passwords, one for my account and a scond one for the 2FA.
     
    Last edited: Sep 19, 2018
  26. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,506
    Joined:
    Nov 1, 2012
    Except the authentication data is encrypted so nobody watching that traffic gets nothing in reality. Each time it authenticates it sends a unique identifier so even if you crack one message it does you no good. The only scenario I can think of is someone managing to get control of your phone and make a main in the middle attack. This is why nobody in my family has Android phones and I don't allow my family members to jailbreak their iPhones.
     
  27. Krenum

    Krenum [H]ardForum Junkie

    Messages:
    13,870
    Joined:
    Apr 29, 2005
  28. funkydmunky

    funkydmunky [H]ard|Gawd

    Messages:
    1,997
    Joined:
    Aug 28, 2008
    Ever attempted to buy a car or house with cash? Try to withdrawal your savings in cash?
     
  29. Mega6

    Mega6 Gawd

    Messages:
    1,012
    Joined:
    Aug 13, 2017
    wire transfers are magic too, its just over the SWIFT network.
     
  30. nilepez

    nilepez [H]ardForum Junkie

    Messages:
    11,076
    Joined:
    Jan 21, 2005
    OK, I don't know if you're saying your bank doesn't allow you to reset your password on line or not, but every bank I've got (3 different ones) allows it. 2FA is not relevant, because the scammer had ported his phone number out so that any text codes would go to the scammer.
     
  31. RogueKitsune

    RogueKitsune [H]Lite

    Messages:
    86
    Joined:
    Apr 5, 2011
    The real take away from this, which should have been obvious from the start, is that using SMS for 2FA is a dumb idea. Not only is this vulnerable to port-outs its also susceptible to fake towers (i.e. StingRay like devices). Applications that run on your mobile device (Google Authenticaticator and the like) are way more secure than SMS and just as convenient to use. Still those are no where near as secure as some other 2FA options out there, but part of the equation is convenience vs security.
     
    B00nie likes this.
  32. oldmanbal

    oldmanbal [H]ard|Gawd

    Messages:
    1,686
    Joined:
    Aug 27, 2010
  33. Basheron

    Basheron [H]Lite

    Messages:
    114
    Joined:
    Oct 31, 2004
    All hail our new god, the government.

    Not your keys, not your Bitcoin.
     
  34. Krenum

    Krenum [H]ardForum Junkie

    Messages:
    13,870
    Joined:
    Apr 29, 2005
    That's what they want you to believe. Stop listening.
     
    Nukester likes this.
  35. Joust

    Joust Gawd

    Messages:
    971
    Joined:
    Nov 30, 2017
    You kids and your silly fiat money. Gold, silver, or gtfo.
     
    ZodaEX and Krenum like this.
  36. B00nie

    B00nie [H]ardness Supreme

    Messages:
    7,506
    Joined:
    Nov 1, 2012
    Eh, of course no clear text codes are used, the 2FA has its own app with a pin code and challenge/response is encrypted. Again obviously. Man your banks security sucks bad.
     
  37. Xrave

    Xrave [H]ardness Supreme

    Messages:
    7,107
    Joined:
    Jun 29, 2004
    So if your banking institution only has text 2FA, is that not better than nothing?

    On another note Tmobile lets you set up a port out password to prevent this issue.
     
  38. Master_shake_

    Master_shake_ Little Bitch

    Messages:
    7,575
    Joined:
    Apr 9, 2012
    obvious weakling.

    can't fold a gold bar.

    do you even lift bro?

    :ROFLMAO:
     
  39. Rahh

    Rahh [H]ard|Gawd

    Messages:
    1,416
    Joined:
    Jan 14, 2005
    A fool and his crypto are soon parted.
     
  40. Joust

    Joust Gawd

    Messages:
    971
    Joined:
    Nov 30, 2017
    Indeed, sir. A Lannister always completes his reps.