Bitcoin stolen from my nitrogen.eu account

Here is there reply. As you can see, they refuse to even look in to who may have removed the funds. If you don't have 2-factor authentication set up at Nitrogen your entire balance will not be returned if stolen.

Thanks for contacting Nitrogen Sports
We sympathize with what happened here, but unfortunately. it's little we can do to recover the funds:
Given that you constantly log in from different locations, we're unable to confirm who actually made the withdraw. Also, we would advise you to set up Two Factor Authentication for your account, as this would have prevented the situation from happening.
Once again, we regret this unfortunate incident.
If you have any questions, please don't hesitate to let us know.

Now they are starting to lie. They informed me that my bitcoin was withdrawn from a previously used location. That's not possible since the only location I had accessible to me at the time was my cell phone and that was in Airplane Mode.

They compounded their mistake by stating it is up to me to safeguard my login credentials. No one on God's green earth even knows my login name, let alone my password. So the stretch of the story they are making is that someone withdrew bitcoin from my Nitrogen account with my user name and password at a location I used previously (which I wasn't at).

It's bad enough that they lied about the location of the withdrawal but it's makes it all that more unlikely when they add that someone had to know my username and password. This is not cached on any device. When you log in to nitrogensports.eu you are forced to log in using your username and password each time so not only is it not possible someone logged in to a previous location but they wouldn't have my credentials cached in the browser.

I filled out a support ticket here at SBR. I'll post more when I hear more.

Here is the story they have made up-
We have checked your account records: this account has withdrawn funds from a number of locations: In this instance, this transaction was requested from a previously used location.
We regret we can't refund the BitCoin, as Nitrogen can not assume liability in this case: as stated on the terms agreed when joining, users are responsible for ensuring the secrecy of their login credentials.

I think they are saying location of ip address when w/d was made is a location where you (or someone else) has accessed your account in the past. Doesn't look like they are commenting on your location at the time the w/d was made. Most account hacks are done by people who victim never provided with log in credentials. Did you ever access account from unsecured network? Probably picked up that way. This would make sense if you logged in over unsecured network and some near that location was also on network and picked off your log in. Then they accessed your account from same geographical location.

I'm no expert here so someone correct me if I am wrong.

I think you're right terpkeg when you say they are claiming the withdrawal was made at a location I accessed in the past. However, the person accessing my account would have to know my username and password and that isn't retained in the browster cache. No one other than me and Nitrogen knows my username and password. Therefore someone at Nitrogen would have to have withdrawn my account and it would have had to be done at a location I never used. These people are trained by Nitrogen to lie like this in hopes that the victim will stop investigating why someone at Nitrogen stole their funds.

I'll post the results of the investigation done by SBR here in this thread. Nitrogen should be forced to prove where the withdrawal was done including the geographic location and should show the IP address to the third party. Failure to do so will leave anyone who has an account there without 2-factor authentication open to theft by Nitrogen employees.

How much is that withdrawal?

And, could you post the transaction id of that bitcoin withdrawal?

I have never played at a bitcoin book before. My question is this: why would Nitrogen require you to 2-step verify before placing every bet? I understand requiring it on every login, and definitely for every withdrawal. But requiring it for every bet just makes it a pain in the neck. Why not be practical and let the player set these options, i.e. allow a player to bypass 2-step verification for placing bets, but require it for each login and cashier transaction?

Do you use some sort of proxy to access Nitrogen QuantumLeap?

Agree it sounds weird to be asked for auth for every bet. Could be a clue about the account breach too maybe.

sorry to hear about this, QL..

Hopefully SBR can resolve this for you!

I would rather not post the transaction id of the withdrawal at this time while SBR is investigating. Is there something about that information that would help, other than show to which bitcoin address the withdrawal went to?

I have, at times in the past, used a proxy on my computer and then accessed Nitrogen.

Thanks Jake. I'll post here what they come up with.

Where are those bitcoins now? Still at the address that was used for hacking?

Last I checked, yes.

I filed a complaint with SBR and they sent me an email with a bunch of questions. I replied back to them.

After I get this resolved (IF it gets resolved) I'll post the results in this thread.

I have 2 factor at nitrogen and only use it to log in or make withdrawls..they don't require each bet

Same here.

this guy is lying...they dont require 2fa for every bet..just login....they also WARN u when you login at the top to enable 2fa

Come on rock. I'm not lying. I thought it was that way when I had it enabled at first but I turned it off. Maybe it was just the logins and withdrawals.

What is important is that they are blaming me for misusing my password before investigating. I've been using passwords for over 30 years and have never had a problem with someone accessing accounts using my password.

What strikes me as weird is, why would someone bother to hack your account or unlawfully access it and only take part of the balance? Surely they would take the entire balance if they had malicious intentions?

disagree... taking small amounts from several accounts goes unnoticed far easier than fully depleting an account..very common in media stories over the years

They took the entire amount.

Nitrogen needs the player to email them to provide consent for SBR to receive the relevant details and activity logs related to the case. We've emailed QuantumLeap with this request.

Your computer could be compromised, simple keylogger would suffice. Clean your computer and keep anti virus up to date and get a firewall if you dont have one.

No could be, the machine is dirty. About 99% chance compared to the 1% that nitrogen stole anything. Wipe it clean and reinstall new antivirus ASAP

This free service is very good http://www.malwareremoval.com/

Thanks for the advice guys. No keylogger found. No malware found. No viruses found.

I also checked the logs on my computer and there was no activity during the time of the withdrawal and my cell phone was on airplane mode at the time so it was done from another computer.

I sent the consent to Nitrogen for them to give SBR the pertinent info. I'll continue to update the thread as I find out more info.

Thanks.

Also, for malware removal:

Malwarebytes


Spybot Search Destroy

Nitrogen's audit revealed that there were no failed log-in attempts prior to the withdrawal. Nitrogen's staff are unable to view user passwords. Passwords are encrypted and totally scrambled. They are willing to revisit this case if the withdrawn funds end up being redeposited into Nitrogen from the wallet used to make the withdrawal. There are no red flags on their side. Two-factor authentication, which Nitrogen offers, is strongly advised to prevent these scenarios.

Agreed. If Nitrogen were running software that allowed their staff to view passwords they would open themselves up to liability.

Here's my take on the situation-

From Nitrogen's investigation:
-There were no failed login attempts before the transfer was made so someone would have to know both my username and password.
-Nitrogen provided the logs of my account to SBR with my permission and it was shown that the IP address of the user logging in matched the IP address of previous logins to my account where bets were made.

From my investigation:
-When I made the bets from the IP address that matched the IP address of the bitcoin transfer, I was connected to Nitrogen via a VPN.
-The IP address matched the geographical location I was connected to via VPN.
-The VPN software uses 256-bit encryption so no detection of username/password would be possible through that route.
-I used only 1 device to connect to Nitrogen using VPN, my main computer at home.

Therefore, the easiest explanation would be to surmise that someone used my computer remotely when I was not logged into it and had a keylogger installed to detect my username and password.

However, here are the steps I performed to disprove that:
-I ran a deep rootkit scan to detect any keyloggers using Spybot Search & Destroy and none was found.
-I ran Malwarebytes to detect any malware that may have granted access to my computer and none was found.
-I checked my Windows logs for any activity during the time of the transfer and there was no activity.

Here's the kicker, I had changed the geographic location I connected to using my VPN. If someone were to remotely control my computer they would not only know they had to run VPN to get the IP address to match but they would have to know which geographical location I connected to at the time. Simply starting the VPN software would give them a different geographic location. Not only that, even if I connect to one geographic location I get different IP addresses when I log in.

I've been working with computers for over 20 years and this still baffles me.

Thanks for all your help with this matter. As far as I'm concerned you did a thorough job and as I mentioned to you through email I consider this matter closed unless the bitcoin is transferred back to Nitrogen.

If the stolen bitcoins are still there, I think you made that withdrawal and don't remember it.

You know, even that thought crossed my mind. The time that it occurred happened when I was at an appointment so I couldn't have made the withdrawal at that time. I specifically had my cell phone on "airplane mode" which is where it cannot receive or send data since I was at my appointment.

The stolen bitcoins have been moved to 2 different locations since then.