I logged out of my account at approximately 10pm EST and logged on back at 11PM EST. My account had $9291.51 but only $291.51 left, with 9K requested as withdrawal to a bitcoin address i have never seen before. Apparently someone hacked into my account, registered a new bitcoin address and withdrew the money to that account. I have contacted phone support and they are in the midst of cancelling this withdrawal. I have ran security checks on my computer and changed my password to my account. I need to know what else i need to do.

http://forumserver.twoplustwo.com/48...puter-1028333/

I suggest trying the above to secure the computer.

--
Kahn

You should probably ask them to keep bitcoin withdrawals temporarily disabled in the meanwhile as well, just in case.

With the amount of money at stake, it could also be worth reformatting your computer, just in case there's something on there that continues to sleep under the radar.

Does WPN offer 2-factor authentication for withdrawals? If not, we should probably yell at them to do that, especially since they encourage BTC deposits and withdrawals so much. It provides a pretty decent amount of security for how simple it should be to set up.

Are you sure you didn't have $92,920,982,298,98.92 as a balance?

I would be throwing up if I was you. Let us know what happens.

The withdrawal was cancelled and he is set up to only be able to withdraw by telephone for the time being. Should keep the fraud to about zero.

--
Kahn

This has been more or less settled. I was more interested in how to prevent such things from happening again and people like kahn, bigbadbabar and dalsue helped me tremendously, big thanks to them. ACR's support was very professional with this matter when i was on phone support with them, big props to them too.

It almost seems, that with bit coin they should have an extra layer of security added. Maybe something like an extra PIN or if the transaction is over a certain amount (or a certain percentage of your total balance) you will receive a phone call or you need to call them as well.

i did advise them on this matter. it seems like theres a good chance they might introduce that layer of security.

Nice. WPN has always been good on payouts so I'm sure they'll find a way to make it secure and still very fast.

As I said above, this seems to me the simplest way to add a layer of security:

https://en.wikipedia.org/wiki/Two-factor_authentication

The most common way it's done is that you get an app for your phone like google authenticator, and you copy an image or type a code into it. Then, the app will use that to generate time-based passwords. Having a separate physical device to generate these codes means your account is safe even if your computer gets hacked.

Stars has been doing that for years with these physical tokens: https://www.pokerstars.com/poker/roo...rsa-token/faq/

Even most fly-by-night no name bitcoin exchanges offer 2-factor security, so it's definitely an option WPN should add, especially if they want to emphasize bitcoin transactions.

I wouldn't use google authentication unless my life depended on it. Lots of people hate Google and don't want to give the worlds largest data miners any more information than they already have...

--
Kahn

Perfectly fair, though I'm sure there are other choices besides google (i'm referring to the local user, WPN could use whatever they wanted or do it themselves. They don't need to use the same service as the user, it's just cryptography.) I've heard of "authy" as well, but haven't looked specifically into it.

You aren't giving the authenticator any information relating to your poker playing, you're just scanning a code into it and giving that particular code a name. So I wouldn't be concerned with using google authenticator unless you refuse to use absolutely ANY google applications.

I'd reiterate that I would personally very strongly like this feature added one way or another. With bitcoin withdrawals, your money can disappear easily if your password is compromised (or dumping through poker play). It's a very basic security feature that I think all serious poker sites should have. Obviously physical tokens are far more involved and expensive to implement than the cell phone method for 2fa.

OP any idea how your account was compromised?

had to be a porn link