Wall Observer BTC/USD - Bitcoin price movement tracking & discussion

[machasm]

Finally managed to pick up a little bit of this dip.
Now just need things to start moving on up.

[philipma1957]

I am not quite sure how they ported the phone.

I suspect they used tracfone had the cell number  hoped by getting the email

that the email linked to tracfone and to coinbase was the same

so if they hack just the email

they could try to port the cell to their carrier.

then get into coinbase change password and use 2fa to allow withdraws and alter the email

...
Best to buy a burner phone set up google to microsoft auth.

the coinbase account does not know that phone number so no one can port it over to another network.

Sorry that it happened, but I cannot figure it out from your description.
coinbase did have some SMS troubles last May or so, maybe it is somehow related.

The ported phone would jeopardize both methods (text or Authenticator), wouldn't it?
what's the "email linked to tracfone"? why there is such a thing?

Phone a the ported phone was a tracfone.

I do have an email/phone account so they could have ported the phone from trac phone to Verizon mobile by entering my cell number

They could have hacked the email using recovery to the phone.

This gave them the phone and the email.

they use that to go after the coinbase

they change the password.

they find that no changes in the account or withdrawals can be done without

a code that is only available on a phone that no one knows the number.  It is not 2fa. and gives a six digit number every 60 seconds .

They could have been say with draw .25 btc and putting in random six digit  numbers as I was driving home

 ( I think they get locked out after 3 wrong numbers). so I could have lost .25 btc if they got lucky.

I think my error was the email recovery was linked to the cell

which let them get into the email.  That email is 22 years old I changed the password.

I am playing with fake hacking of the now drained (by me) coinbase account to see if they just needed the have the phone number ported to be able to change the coinbase password.

I also had the account set to need the auth app for any withdrawal (thank goodness)


found this on coinbase

signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
password reset completed   web   198.54.133.76   United States   about 20 hours ago
password reset requested   web   198.54.133.76   United States   about 20 hours ago
signin failure   api   187.11.158.232   Brazil   3 days ago
signin failure   api   187.11.158.232   Brazil   3 days ago

all of the above is bad shit

this looks like first shot they took

signin failure   api   2605:xxxx:xxxx:xxxx:xxxx:xxx:xxxx:c91f   United States   7 days ago


each signout session was likely 3 trys at moving the btc. random codes are 1,000,000 numbers so they had say 18 of 1,000,000 of grabbing the btc

[suchmoon]

It's a very informed and competent piece, written by a history professor.
All historians notoriously have a deep understanding of cryptography, game theory and networks.
The article even quotes well known bitcoin experts, such as prof. Stolfi.
/s

I could upload a copy somewhere without a paywall, and will do so if requested by someone I like
My advice though: Spare your time - it's utter BS.

https://archive.md/IhQl9

Good for a laugh. It could easily be an article about anything, if you completely ignore what the thing is and just say that it has no value. Pepperoni pizza is worse than a ponzi - you eat it and it's gone and you can't get the money back.

[Richy_T]

I figured as much.
I remember catching the 2nd movie on my birthday at the cinema about 20 years ago.

1 was the first DVD I bought ever and is still one of my favorite movies. I had it shipped across the atlantic. For 2, my wife was out of town when it dropped so I went to a midnight showing. What a disappointment. They lost me at the never-ending rave scene. I did end up watching 3 but I think it was a computer monitor experience.

I don't have zero interest in 4 but I'm not feeling any inclination to watch it.

[Richy_T]

I thought Wachowski had already chosen no banana.

Or was that the joke?

[d_eddie]

It's a very informed and competent piece, written by a history professor.
All historians notoriously have a deep understanding of cryptography, game theory and networks.
The article even quotes well known bitcoin experts, such as prof. Stolfi.
/s

I could upload a copy somewhere without a paywall, and will do so if requested by someone I like
My advice though: Spare your time - it's utter BS.

https://archive.md/IhQl9

Good for a laugh. It could easily be an article about anything, if you completely ignore what the thing is and just say that it has no value. Pepperoni pizza is worse than a ponzi - you eat it and it's gone and you can't get the money back.

[cAPSLOCK]

I am not quite sure how they ported the phone.

I suspect they used tracfone had the cell number  hoped by getting the email

that the email linked to tracfone and to coinbase was the same

so if they hack just the email

they could try to port the cell to their carrier.

then get into coinbase change password and use 2fa to allow withdraws and alter the email

...
Best to buy a burner phone set up google to microsoft auth.

the coinbase account does not know that phone number so no one can port it over to another network.

Sorry that it happened, but I cannot figure it out from your description.
coinbase did have some SMS troubles last May or so, maybe it is somehow related.

The ported phone would jeopardize both methods (text or Authenticator), wouldn't it?
what's the "email linked to tracfone"? why there is such a thing?

Phone a the ported phone was a tracfone.

I do have an email/phone account so they could have ported the phone from trac phone to Verizon mobile by entering my cell number

They could have hacked the email using recovery to the phone.

This gave them the phone and the email.

they use that to go after the coinbase

they change the password.

they find that no changes in the account or withdrawals can be done without

a code that is only available on a phone that no one knows the number.  It is not 2fa. and gives a six digit number every 60 seconds .

They could have been say with draw .25 btc and putting in random six digit  numbers as I was driving home

 ( I think they get locked out after 3 wrong numbers). so I could have lost .25 btc if they got lucky.

I think my error was the email recovery was linked to the cell

which let them get into the email.  That email is 22 years old I changed the password.

I am playing with fake hacking of the now drained (by me) coinbase account to see if they just needed the have the phone number ported to be able to change the coinbase password.

I also had the account set to need the auth app for any withdrawal (thank goodness)

Tough situation. Have seen this happen MANY times.  

Secure Bitcoin storage is possibly the HARDEST problem to solve well.  It is very easy to make mistakes.  I have personally spent a lot of time setting up my storage/recovery strategy.  It is a balancing act between making it too easy for thieves, and making it too hard to reliably execute.

This is probably the biggest hurdle for Bitcoin adoption.  And the reason, I have said often, that the masses will never "be their own banks".  Something as simple as using a secure and reliable source of entropy for key generation is critical.

Glad you avoided being robbed.

[suchmoon]

a code that is only available on a phone that no one knows the number.  It is not 2fa. and gives a six digit number every 60 seconds .

Sounds like TOTP, which is not linked to your phone number, it's just an app that generates the code, doesn't send anything over the network, the server generates the same code to verify against. If the server is not compromised, this is reasonably safe, much safer than SMS code anyway.

[Torque]

I am not quite sure how they ported the phone.

I suspect they used tracfone had the cell number  hoped by getting the email

that the email linked to tracfone and to coinbase was the same

so if they hack just the email

they could try to port the cell to their carrier.

then get into coinbase change password and use 2fa to allow withdraws and alter the email

...
Best to buy a burner phone set up google to microsoft auth.

the coinbase account does not know that phone number so no one can port it over to another network.

Sorry that it happened, but I cannot figure it out from your description.
coinbase did have some SMS troubles last May or so, maybe it is somehow related.

The ported phone would jeopardize both methods (text or Authenticator), wouldn't it?
what's the "email linked to tracfone"? why there is such a thing?

Phone a the ported phone was a tracfone.

I do have an email/phone account so they could have ported the phone from trac phone to Verizon mobile by entering my cell number

They could have hacked the email using recovery to the phone.

This gave them the phone and the email.

they use that to go after the coinbase

they change the password.

they find that no changes in the account or withdrawals can be done without

a code that is only available on a phone that no one knows the number.  It is not 2fa. and gives a six digit number every 60 seconds .

They could have been say with draw .25 btc and putting in random six digit  numbers as I was driving home

 ( I think they get locked out after 3 wrong numbers). so I could have lost .25 btc if they got lucky.

I think my error was the email recovery was linked to the cell

which let them get into the email.  That email is 22 years old I changed the password.

I am playing with fake hacking of the now drained (by me) coinbase account to see if they just needed the have the phone number ported to be able to change the coinbase password.

I also had the account set to need the auth app for any withdrawal (thank goodness)


found this on coinbase

signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
password reset completed   web   198.54.133.76   United States   about 20 hours ago
password reset requested   web   198.54.133.76   United States   about 20 hours ago
signin failure   api   187.11.158.232   Brazil   3 days ago
signin failure   api   187.11.158.232   Brazil   3 days ago

all of the above is bad shit

this looks like first shot they took

signin failure   api   2605:xxxx:xxxx:xxxx:xxxx:xxx:xxxx:c91f   United States   7 days ago


each signout session was likely 3 trys at moving the btc. random codes are 1,000,000 numbers so they had say 18 of 1,000,000 of grabbing the btc

I am genuinely sorry to hear about this philipma. I'm also glad and relieved to hear that no coins were stolen.

What am I about to say next, I hope you don't take as rubbing it in or anything. You have to decide what works best for you. But I can honestly say that if you had had your coins on a hardware wallet like a Trezor, none of that would have happened (provided you set it up correctly, have your security protocols right, and don't fall for the phishing scam of going to a fake Trezor website, etc.).

I'm seriously baffled after all the talk and confirmation over the years about how great and solid hardware wallets are, that people still refuse to investigate and use them.

In fact, if someone has a legit link of someone getting their coins stolen from a Trezor that wasn't a phishing scam, please link to it. I'd be curious to read it. So far I have come across zero.

[cAPSLOCK]

a code that is only available on a phone that no one knows the number.  It is not 2fa. and gives a six digit number every 60 seconds .

Sounds like TOTP, which is not linked to your phone number, it's just an app that generates the code, doesn't send anything over the network, the server generates the same code to verify against. If the server is not compromised, this is reasonably safe, much safer than SMS code anyway.

This is a pretty good TOTP solution.  Been around for a long time...  Not owned by a FAANG company.  Works well... multi device.

https://authy.com

[suchmoon]

This is a pretty good TOTP solution.  Been around for a long time...  Not owned by a FAANG company.  Works well... multi device.

https://authy.com

TBH I'm not a big fan of them pushing online backups and multi-device options and even desktop versions. The only backup should be a hard copy, it should be treated like a wallet seed. Losing your 2FA when you lose your (presumably locked/encrypted) phone is a feature, not something that needs to be fixed by making multiple copies of it and increasing the attack surface exponentially.

But then again, people screw up all the time, so not sure what's worse - increased risk due to multiple copies or the risk of people being idiots and not backing it up on paper.

[cAPSLOCK]

I am genuinely sorry to hear about this philipma. I'm also glad and relieved to hear that no coins were stolen.

What am I about to say next, I hope you don't take as rubbing it in or anything. You have to decide what works best for you. But I can honestly say that if you had had your coins on a hardware wallet like a Trezor, none of that would have happened (provided you set it up correctly, have your security protocols right, and don't fall for the phishing scam of going to a fake Trezor website, etc.).

I'm seriously baffled after all the talk over the years about how great and solid hardware wallets are, that people still refuse to investigate and use them.

In fact, if someone has a legit link to someone getting their coins stolen from a Trezor that wasn't a phishing scam, please link to it. I'd be curious to read it.

The importance of hardware wallets (really digital keyring/signing device, but alas, 'wallet' sells better) is hard to overstate. This is INSTANTLY what I tell folks who are new to Bitcoin.  Get yourself a hardware wallet... and the Trezor really is a great suggestion.  If the person holds a significant amount of Bitcoin, I then encourage them to get 2 more devices, and when they become comfortable set up a 2 of 3 wallet.

The most important advantage in them is hard to see at first:  Secure XPRV (seed, XPUB etc) generation.  Hardware wallets are the ONLY foolproof way to make a bitcoin seed.  So far there is no other way that is safe, that also is not prohibitively difficult/risky.

[cAPSLOCK]

This is a pretty good TOTP solution.  Been around for a long time...  Not owned by a FAANG company.  Works well... multi device.

https://authy.com

TBH I'm not a big fan of them pushing online backups and multi-device options and even desktop versions. The only backup should be a hard copy, it should be treated like a wallet seed. Losing your 2FA when you lose your (presumably locked/encrypted) phone is a feature, not something that needs to be fixed by making multiple copies of it and increasing the attack surface exponentially.

But then again, people screw up all the time, so not sure what's worse - increased risk due to multiple copies or the risk of people being idiots and not backing it up on paper.

TOTALLY.  Both the first line, and the second.  It's the age old "Can I store my private key on the cloud if it is encrypted?" argument.  And the correct answer is NO.  But like everything it's all tradeoffs.  What tradeoffs are we willing to make?

One other thing... you can DISABLE the online backup, though the presence of the connection is still there, I guess...

[cAPSLOCK]

It's a very informed and competent piece, written by a history professor.
All historians notoriously have a deep understanding of cryptography, game theory and networks.
The article even quotes well known bitcoin experts, such as prof. Stolfi.
/s

I could upload a copy somewhere without a paywall, and will do so if requested by someone I like
My advice though: Spare your time - it's utter BS.

https://archive.md/IhQl9

Good for a laugh. It could easily be an article about anything, if you completely ignore what the thing is and just say that it has no value. Pepperoni pizza is worse than a ponzi - you eat it and it's gone and you can't get the money back.

Good grief.  They cite Jorge.

[Gachapin]

The problem I have with PlanB is he has a habit of moving the goalposts ...

https://twitter.com/100trillionUSD/status/1407634975051157506

"I will call s2f invalidated if we have not reached 100K by Dec this year ..."

I didn't know he said that. Thanks for sharing @tertius993!  

That changes my view on his stance. For me it means he has invalidated his model already. (I rarely accept new goal posts.)
Having some influence, he should def. be more careful with his statements.

His model is quite forgiving though. If I understand it correctly, the 2022-2023 horizontal 100k line is just the average between the Halvings.
In that case we'd have to wait a bit longer, before we can state that the 100k average was not met, during this cycle.

Now he's saying that as long as the price trudges along the "lower bound" aka $40-50K, it's still valid. But look at his chart, it could literally still do that and go sideways until mid-2024.

Right.. 40k-50k until mid-2024 would def. invalidate S2F, as the average of 100k would not be met.

An EOY parabolic run was expected by the majority, so the market was inclined to go another direction.

Isn't this the trap that the n00bs fall into literally every bull run tho?

Haha that's true.
However some expectations are still met every cycle, even for noobs.  For example that after each halving we get a new ATH within the new cycle.
Would be a real shocker if that changes next cycle.    And it wouldn't even mean that we stopped "going up forever Laura"

It's interesting to watch, how in every cycle there are price prophets popping out by striking a few accurate predictions and then become the go-to-guy for fortune telling.

Out of them PlanB offers some rather realistic and comprehensible models (S2F, S2FX) though. I like that.
But I prefer to differentiate between his persona and his models.

[philipma1957]

I am not quite sure how they ported the phone.

I suspect they used tracfone had the cell number  hoped by getting the email

that the email linked to tracfone and to coinbase was the same

so if they hack just the email

they could try to port the cell to their carrier.

then get into coinbase change password and use 2fa to allow withdraws and alter the email

...
Best to buy a burner phone set up google to microsoft auth.

the coinbase account does not know that phone number so no one can port it over to another network.

Sorry that it happened, but I cannot figure it out from your description.
coinbase did have some SMS troubles last May or so, maybe it is somehow related.

The ported phone would jeopardize both methods (text or Authenticator), wouldn't it?
what's the "email linked to tracfone"? why there is such a thing?

Phone a the ported phone was a tracfone.

I do have an email/phone account so they could have ported the phone from trac phone to Verizon mobile by entering my cell number

They could have hacked the email using recovery to the phone.

This gave them the phone and the email.

they use that to go after the coinbase

they change the password.

they find that no changes in the account or withdrawals can be done without

a code that is only available on a phone that no one knows the number.  It is not 2fa. and gives a six digit number every 60 seconds .

They could have been say with draw .25 btc and putting in random six digit  numbers as I was driving home

 ( I think they get locked out after 3 wrong numbers). so I could have lost .25 btc if they got lucky.

I think my error was the email recovery was linked to the cell

which let them get into the email.  That email is 22 years old I changed the password.

I am playing with fake hacking of the now drained (by me) coinbase account to see if they just needed the have the phone number ported to be able to change the coinbase password.

I also had the account set to need the auth app for any withdrawal (thank goodness)


found this on coinbase

signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
signout session   web   198.54.133.76   United States   about 20 hours ago
password reset completed   web   198.54.133.76   United States   about 20 hours ago
password reset requested   web   198.54.133.76   United States   about 20 hours ago
signin failure   api   187.11.158.232   Brazil   3 days ago
signin failure   api   187.11.158.232   Brazil   3 days ago

all of the above is bad shit

this looks like first shot they took

signin failure   api   2605:xxxx:xxxx:xxxx:xxxx:xxx:xxxx:c91f   United States   7 days ago


each signout session was likely 3 trys at moving the btc. random codes are 1,000,000 numbers so they had say 18 of 1,000,000 of grabbing the btc

I am genuinely sorry to hear about this philipma. I'm also glad and relieved to hear that no coins were stolen.

What am I about to say next, I hope you don't take as rubbing it in or anything. You have to decide what works best for you. But I can honestly say that if you had had your coins on a hardware wallet like a Trezor, none of that would have happened (provided you set it up correctly, have your security protocols right, and don't fall for the phishing scam of going to a fake Trezor website, etc.).

I'm seriously baffled after all the talk and confirmation over the years about how great and solid hardware wallets are, that people still refuse to investigate and use them.

In fact, if someone has a legit link of someone getting their coins stolen from a Trezor that wasn't a phishing scam, please link to it. I'd be curious to read it. So far I have come across zero.

most of my coins are in hardware wallets.

I just happened to have the large sum on coinbase prepping to spend on mine expansion.

Since there are four of us and we are buying a large amount of gear I had four shares of coins prepped to convert to fiat to buy the order.

tracfone confirmed the phone was ported to verizon. it was a locked tracfone which should not have ported over  yet it did.

I did notice three attempted logins to my email over the last few months.

I am glad I required all coin withdrawals to use the auth. app .

and that it was on a different unknown to anyone phone number.

as jjg said other moves are doable on an account secured the way I did but my coinbase does not have coinbase pro.

I fucking hate all 2fa bs as it weakens my security.

I intentionally only use a pc. zero phone access to
pay anything.

I am strictly old school. but these fuckers force shit on you.

synched accounts etc.

If i was setup that way I could have lost a lot.

[Torque]

most of my coins are in hardware wallets.

I just happened to have the large sum on coinbase prepping to spend on mine expansion.

Oh, sorry for the bad assumption. Glad to hear that you use hardware wallets.

Personally if I'm going to liquidate a large amount of btc, it gets moved to an exchange and sold within minutes of hitting it. I just can't trust leaving any amount there for any longer than what is required to do the sale transaction.

Also as others have said, SMS 2FA is terrible and is vulnerable to getting compromised. Digital 2FA auth app on a dedicated, isolated device (turn on/off wi-fi only to sync 2FA) is the only way to go.

[philipma1957]

most of my coins are in hardware wallets.

I just happened to have the large sum on coinbase prepping to spend on mine expansion.

Oh, sorry for the bad assumption. Glad to hear that you use hardware wallets.

Personally if I'm going to liquidate a large amount of btc, it gets moved to an exchange and sold within minutes of hitting it. I just can't trust leaving any amount there for any longer than to do the sale transaction.

yeah that is my norm. but with my bro-in-law getting sick with dementia and running back in forth from NJ to NY to NJ

the coins had not cleared when I left to go to his home. They cleared and the hack started while I was at his home.

I have no phone or pc access to coinbase at his place. (to be more secure)

so it was just leave him at 3:30 pm 45 minutes into the breach and hope they did not get past my last line of defenses.

Got home by 6:15 pm and had

[ChartBuddy]

Explanation

[Gachapin]

The importance of hardware wallets (really digital keyring/signing device, but alas, 'wallet' sells better) is hard to overstate. This is INSTANTLY what I tell folks who are new to Bitcoin.  Get yourself a hardware wallet... and the Trezor really is a great suggestion.  If the person holds a significant amount of Bitcoin, I then encourage them to get 2 more devices, and when they become comfortable set up a 2 of 3 wallet.

The most important advantage in them is hard to see at first:  Secure XPRV (seed, XPUB etc) generation.  Hardware wallets are the ONLY foolproof way to make a bitcoin seed.  So far there is no other way that is safe, that also is not prohibitively difficult/risky.

That's so important.  I give the same advice to any new hodler.

I tell them to skip Ledger though, with their shitty in house security (aka "data leak") and their quasi closed source "secure element" design.

However, HWs really bring people to actually using Bitcoin.
I mean, I have met countless guys who hold five figures in "crypto" on exchanges and haven't even sent one transaction in their life.


Yes.. we could argue about the quality of RNGs in HWs, but you can always choose a passphrase to add some security.