- Thread Author
- #2
Had $25 EURO loaded in Aug 2020 and over that time it reached a value of $93 Euro or OVER $100 USD in Bitcoin, nice haul!
Very nice little find while manually running through some March Logs, you won't believe some of the still to this day low security wallets (crypto and fiat both). Finding and abusing such websites has become much of a hobby of mine.
The wallet service in question, let me log onto this account from unknown device (mind you last login was date of purchase) and withdraw all Wallet funds to my wallet almost as quick as I logged in.
No 2 factor Email or SMS was ever asked for and no IP check was ever done (to my knowledge). There is one thing though the account owner that you hacked must have had previously done KYC on the account or you have to be able to do KYC (site is not US and is limited to select few countries from list of around 8, so not impossible to have proper ID and Selfies. Unless you know you find them in the email, which does happen 90% of the time. You jump past these few hoops and whose ever wallet you log into with a balance, its yours fairly easy.
Screenshot below of when I found account and proof of cash out - Finds such as these make the hours of manually checking EVERY URL in logs worth while!
Was just really happy with this find and wanted to share with you guys!
Image appears small in post to view full version follow this link:https://i.imgur.com/UqK42Qt.png
Very nice little find while manually running through some March Logs, you won't believe some of the still to this day low security wallets (crypto and fiat both). Finding and abusing such websites has become much of a hobby of mine.
The wallet service in question, let me log onto this account from unknown device (mind you last login was date of purchase) and withdraw all Wallet funds to my wallet almost as quick as I logged in.
No 2 factor Email or SMS was ever asked for and no IP check was ever done (to my knowledge). There is one thing though the account owner that you hacked must have had previously done KYC on the account or you have to be able to do KYC (site is not US and is limited to select few countries from list of around 8, so not impossible to have proper ID and Selfies. Unless you know you find them in the email, which does happen 90% of the time. You jump past these few hoops and whose ever wallet you log into with a balance, its yours fairly easy.
Screenshot below of when I found account and proof of cash out - Finds such as these make the hours of manually checking EVERY URL in logs worth while!
Was just really happy with this find and wanted to share with you guys!
Image appears small in post to view full version follow this link:https://i.imgur.com/UqK42Qt.png