MUST READ: Coins stolen from exchanges, Passwords released. PLEASE READ!

[Graviton]

I am curious of this development. Sometimes I think brainwallets aren't gonna take Nxt to the future. Althought I tink I get it, but several newbees are very sceptic and vulnerable.

This is a major development kept secret until now. The DGEX solution will offer brain wallets for those who desire it, but more secure solution by default to new (and all) users.

More info is expected to hit the field within approx. 24 hours.

[Le Très ancienne banquier]

- maybe instead of wallet I could use BTC account for savings free funds?

If you use a genuine BTC wallet like the native client or Electrum, this might be a good idea.

On the other hand, when using the NXT wallet on your web browser, you are vulnerable to many kinds of attacks using the web browser platform as the intermediary. These include javascript keyloggers, browser helper objects, plugins, flash, whatever that uses the same browser. You need to be very careful to open your NXT wallet on freshly opened browser session only, and still you can not be sure what kind of logging software is launched at the time of opening. One very risky but easily omitted practise is having many tabs open while you log into your NXT wallet. I have personally lost thousands of EUR ten years ago when having a webmail window open while logging into an e-currency account - one piece of mail had a keylogger injected.

DGEX will be offering a solution for the NXT community against attacks based on the requirement of the web browser client very soon.

The length of the password is not the problem - 16 characters is well sufficient against brute forcing even these days, if you use random character strings not included in any language's dictionaries + small and capital letters + the occasional special character.

Thank you for Your answers. Actually it was the first time over the many decades, when I lost something thru hacking to may accounts. Maybe I have just been very lucky.

Advices like single tab browser window and so on, will be taken to immediate use.

What to You recommend me to do with this hacked wallet? Can I delete it or make it safe somehow?

My password was over 30 letter long, including letters and numbers without any logical order, no language, words or sentences used.

Most interesting for me: until this morning 09:32:03 those coins (2484 NXT) were in the wallet number 2852864182912511105, transferred to the wallet 10762953630614391747. Last wallet has 30 transactions just in few seconds. Obviously by robot, but no help for me. I am shure, that the other amounts are stolen too.

Best regards,
Old Bankier

[Graviton]

What to You recommend me to do with this hacked wallet? Can I delete it or make it safe somehow?

NXT account passwords can not be changed, nor can the accounts be deleted. You need to just abandon it.

My password was over 30 letter long, including letters and numbers without any logical order, no language, words or sentences used.

This goes along the lines of other similar cases where accounts have been hacked despite strong passwords, confirming my claim that password strength is not the issue.

You have been thus stricken by malware or network sniffing, or then there is the possibility for a vulnerability in the NXT network that allows such hack independent of your actions. It is especially intriguing that the funds were transferred away from your account a few seconds after they were transmitted by DGEX to you. I would be interested in third party opinions about the options through which such could be achieved, but don't unfortunately have time to chase for it. You may wish to try consulting people in the know elsewhere on this forum or the Bitcointalk main thread that moves very rapidly and usually responds (either with something sensible or not) to most things posted there.

[Le Très ancienne banquier]

My password was over 30 letter long, including letters and numbers without any logical order, no language, words or sentences used.

This goes along the lines of other similar cases where accounts have been hacked despite strong passwords, confirming my claim that password strength is not the issue.

You have been thus stricken by malware or network sniffing, or then there is the possibility for a vulnerability in the NXT network that allows such hack independent of your actions. It is especially intriguing that the funds were transferred away from your account a few seconds after they were transmitted by DGEX to you. I would be interested in third party opinions about the options through which such could be achieved, but don't unfortunately have time to chase for it. You may wish to try consulting people in the know elsewhere on this forum or the Bitcointalk main thread that moves very rapidly and usually responds (either with something sensible or not) to most things posted there.

At a moment my loss was about little over 100 USD. I have been asking from our people about appr. cost to find out why and what has happened. Very careful estimation will be about 200 manhour of work from people of different IT departments. Everybody can easely calculate the total cost to find out, where are my 100 USD.

Other thing. I have been using my private networks to deal with D-coins and security level is "slightly" different from our corporal network. So there is no practical idea to investigate this question any more.

As a simple guy I'm still interested to find out, who eat my lunch without me.

Best regards,
Old Banker