My bitcoin was stolen from my luno account! Luno is not safe .

HOLY MAnIAC

Well-Known Member
Joined
Apr 17, 2011
Messages
292
If you don't enable 2fa, you shouldn't really be surprised if someone accesses your account.

It's like closing the door but not locking it when leaving the house, will you be surprised when you come home to an empty house?
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
48,005
If you don't enable 2fa, you shouldn't really be surprised if someone accesses your account.

It's like closing the door but not locking it when leaving the house, will you be surprised when you come home to an empty house?
More like just locking the wooden door (which can be opened with a good kick), but leaving the heavy duty security door in front of it unlocked.
 

Swa

Honorary Master
Joined
May 4, 2012
Messages
20,769
If you don't enable 2fa, you shouldn't really be surprised if someone accesses your account.

It's like closing the door but not locking it when leaving the house, will you be surprised when you come home to an empty house?
You shouldn't be surprised if that 2FA didn't work because someone accessed your phone.
 

Lenbad

New Member
Joined
Jul 30, 2019
Messages
8
The Luno server has been hacked and all my information on their server has been leaked out. When logging into my account, I was immediately contacted by a person stating that he was from Luno. The person had provided me with all of my personal information on the Luno Site and had informed me that they were updating the server to a 2019 version. He the sent me a 4 digit code which I needed to log into my account. The next day at 12 he had phoned and sent me a link. This person told me to log into my account 10 min later. When I logged into my account all my money and investment was gone. I immediately contacted Luno who refused to take action or to admit that there system was hacked and that my information was leaked out. Luno will not take any responsibility in this regard and are in denial. Shame on Luno for allowing hardworking people of the public to be robbed. It is clear to me that this person had all my information and that he had access to the Luno site, this could also be a person working for Luno.
 

John Tempus

Expert Member
Joined
Aug 8, 2017
Messages
2,364
The Luno server has been hacked and all my information on their server has been leaked out. When logging into my account, I was immediately contacted by a person stating that he was from Luno. The person had provided me with all of my personal information on the Luno Site and had informed me that they were updating the server to a 2019 version. He the sent me a 4 digit code which I needed to log into my account. The next day at 12 he had phoned and sent me a link. This person told me to log into my account 10 min later. When I logged into my account all my money and investment was gone. I immediately contacted Luno who refused to take action or to admit that there system was hacked and that my information was leaked out. Luno will not take any responsibility in this regard and are in denial. Shame on Luno for allowing hardworking people of the public to be robbed. It is clear to me that this person had all my information and that he had access to the Luno site, this could also be a person working for Luno.
Just no. All the info luno have is also info you have submitted before on various other platforms. Worse case the main info might have been gained directly from our government database hacks/leaks over the last year.

Now the fact you even entertained a person directly contacting you involving 4 digit codes is the most bizarre thing. This is on you, why did you even continue with said person. You should know by now this is how conartists operate.

Sorry for your loss but your stupidity got the better of you.

ps. "The person had provided me with all of my personal information on the Luno Site and had informed me that they were updating the server to a 2019 version. He the sent me a 4 digit code which I needed to log into my account. The next day at 12 he had phoned and sent me a link." , really ?? This did not raise alarm bells. Seriously though, unplug from the internet or educate yourself. That is the most basic approach to building confidence with victims and the fact you fell for it in 2019 is just crazy.

You actually clicked a random link, it was a spoof site that directly used your info provided to login to your luno account. You provided everything to this person via their spoof link in order to scam you.

The only person in denial here is unfortunately you. Massive denial but it seems you are not aware of how these basic scams and spoof sites operate so very uneducated unless you ignore what i said here then I would say for sure you are in denial.
 

CT_Biker

Expert Member
Joined
Sep 10, 2016
Messages
1,505
Luno has one of the most secure platforms created so far.

You're the fool here dude. Unfortunately Luno cannot protect you from being spoofed or man in the middled
 

Lenbad

New Member
Joined
Jul 30, 2019
Messages
8
Just no. All the info luno have is also info you have submitted before on various other platforms. Worse case the main info might have been gained directly from our government database hacks/leaks over the last year.

Now the fact you even entertained a person directly contacting you involving 4 digit codes is the most bizarre thing. This is on you, why did you even continue with said person. You should know by now this is how conartists operate.

Sorry for your loss but your stupidity got the better of you.

ps. "The person had provided me with all of my personal information on the Luno Site and had informed me that they were updating the server to a 2019 version. He the sent me a 4 digit code which I needed to log into my account. The next day at 12 he had phoned and sent me a link." , really ?? This did not raise alarm bells. Seriously though, unplug from the internet or educate yourself. That is the most basic approach to building confidence with victims and the fact you fell for it in 2019 is just crazy.

You actually clicked a random link, it was a spoof site that directly used your info provided to login to your luno account. You provided everything to this person via their spoof link in order to scam you.

The only person in denial here is unfortunately you. Massive denial but it seems you are not aware of how these basic scams and spoof sites operate so very uneducated unless you ignore what i said here then I would say for sure you are in denial.
 

Lenbad

New Member
Joined
Jul 30, 2019
Messages
8
Hi, thankyou for your feedback much appreciated. Yes you are 100% correct, I am not accustomed to the crooked and evil ways of criminals. Not all of us think like criminals and are very galuble.I see this as a learning curve and will not easily trust people again. This criminal might have gotten my information by other means, but it still doesnot explain how he knew that I had logged into my Luno account. He had phoned me everytime I had logged into my account.
 

John Tempus

Expert Member
Joined
Aug 8, 2017
Messages
2,364
but it still doesnot explain how he knew that I had logged into my Luno account. He had phoned me everytime I had logged into my account.
Mind is probably playing tricks on you and you are remembering the situation in the wrong order. If it really happened like that it might be that your pc or mobile used to login as you say could be infected with some rootkit/trojan but I find that highly unlikely.

I think the case here is plain and simple the guy phoning you were just using elimation tactics and by chance suspected you might be more often than not logged into luno and somehow caught you everytime while logged in. If he phoned you 100 times and each time you were logged in doing something it would be more suspicious than a low sample size of just a few calls.

Whatever the case might be there is really just one thing to remember.

You would not randomly entertain someone phoning and claiming they are from your bank and asking you to do something for them relating to your own account.

You would not click a random link that is apparently send out by your bank.

Just follow the same security rules you would treat your online banking with when dealing with crypto and you would be more secure than what you did here.

Where you using any form of 2fa authentication on luno ? I don't remember but doesn't luno offer sms verification as a 2fa method ? It might be that this specific criminal have contacts at a mobile network and that would explain them knowing your details and when you logged in if that is at all the case.

ps. if you don't mind me asking. How much did you lose out of this situation ? Do you have one or all of the numbers this person kept phoning you from ? If so please list them here or PM me, I would love to find out if there is anything unique about them.
 

Lenbad

New Member
Joined
Jul 30, 2019
Messages
8
Mind is probably playing tricks on you and you are remembering the situation in the wrong order. If it really happened like that it might be that your pc or mobile used to login as you say could be infected with some rootkit/trojan but I find that highly unlikely.

I think the case here is plain and simple the guy phoning you were just using elimation tactics and by chance suspected you might be more often than not logged into luno and somehow caught you everytime while logged in. If he phoned you 100 times and each time you were logged in doing something it would be more suspicious than a low sample size of just a few calls.

Whatever the case might be there is really just one thing to remember.

You would not randomly entertain someone phoning and claiming they are from your bank and asking you to do something for them relating to your own account.

You would not click a random link that is apparently send out by your bank.

Just follow the same security rules you would treat your online banking with when dealing with crypto and you would be more secure than what you did here.

Where you using any form of 2fa authentication on luno ? I don't remember but doesn't luno offer sms verification as a 2fa method ? It might be that this specific criminal have contacts at a mobile network and that would explain them knowing your details and when you logged in if that is at all the case.

ps. if you don't mind me asking. How much did you lose out of this situation ? Do you have one or all of the numbers this person kept phoning you from ? If so please list them here or PM me, I would love to find out if there is anything unique about them.
I had approximately R10,000 in my Luno account of which I had invested R6,500 on Bitcoin. On Saturday, 27 July 2019 after logging into my Luno account I had received a phone call from a man called Bruce from Luno. He had stated that he could see that I had just logged into my account and that I needed to update to the new 2019 server. I had asked him how he had gotten my number and was informed that he had obtained it from the Luno server, and he had seen that I had just logged into my account. He then informed me that he would phone me on Monday 29 July 2019 at 12:00 to complete my update on my Luno account to the 2019 SSL Server to avoid immediate suspension. Sunday, 28 July 2019: I had received the following email from Luno (Luno <no-reply@luno.com>) : Hi Leonard, Two-factor authentication has been disabled for your Luno account. Please re-enable your two-factor authentication as soon as possible. You can do so on the following page: https://www.luno.com/settings#/oath.
During the setup process, there is an option to have your code backed up in a file should you lose access to your two-factor authentication app again. Once the backup file is downloaded, it is recommended to encrypt the file on your computer for extra security. Don’t recognise this activity? Lock your account immediately. Learn more about securing your account. Thanks, Team Luno. 2. I then received a sms (+27632160881) from Luno: Dear Luno Customer: Update you Luno account on 2019 SSL Server to avoid immediate suspension of wallet Tap --- http://bit.ly/2Yu7r8U to validate account. 3. I then received another e-mail from Luno: Hi Leonard We are processing your request to enable the option to send cryptocurrency. On 29-07-2019 at 12:00 SAST, you will be able to send cryptocurrency to anyone. For more information please read our Sending article. If you don’t plan to send cryptocurrency often, we recommend disabling this option, when you have completed your transaction, for extra security on your account. Sunday, 28 July 2019 I had received the following sms (+2787085101201279): Luno - Two-factor authentication has been disabled for your contact. Another Sms (+2787085101201354) Luno - pls authorize or deny the action here: https://www.luno.com/authorize?token=5BoP2nsUFHIYu5fLik6mipbWLafNuS95hTr6sMqGhQg. Another Sms from Luno we are processing your request to enable the option to send cryptocurrency. View Details: https://www.luno.com/wallet/settings/security. Monday, 29 July 2019 I had received the following sms (+2787085101205413) from Luno: Luno-The option to send cryptocurrency is now enabled. Bruce from Luno had phoned (0112197740) me at 12:00 and said that he was sending me a sms (+2787085101204241) with the following link https://www.luno.com/authorize?token=1yaPdNUOw3PBgcuVZQWH99INXRby7OnQzPv_XLRejFQ. I the received another sms (+2787085101204007) stating the following from Luno: Luno – 8945 is your confirmation code. Another sms (+2787085101208899) stating the following: Luno – 7382 is your confirmation account. I then logged into my account and had noticed that my Bitcoin investment was gone and all the money in my wallet. I immediately contacted Luno.
 

John Tempus

Expert Member
Joined
Aug 8, 2017
Messages
2,364
The entire scam started here http://bit.ly/2Yu7r8U <--- no one click it. and everything after that the authorize links send to you were from luno because whatever you filled in at that short address requested luno to deactivate your security. You provided them with all your info on that link, and you probably also had to enter some sort of 2fa which they use immediately to relay to the actual luno account where they would login and then got 2fa disabled that way.

In the future dont react to any phonecalls or links send out that you did not specifically ask for first and you will not run into these types of issues.

Go re-enable your 2fa also and do not enable sms as a method of 2fa, make sure you use an authentication tool on mobile phone or pc.

Based on what you provided it was definitely just an elaborate con job and you sadly fell for it.

ps. the idea that the man knew you logged in is just coincidence, he was just guessing and hoping you had luno using general speech. I bet that is something these scammers read from a script in steps and he so happen to catch you right at step 1 of the confidence game, you were convinced at this time and every step that followed he was going to get into your account.

pss. Take a look at the dodgy sms that Bruce wanker send you and compare it with authenticate sms's send afterwards by luno.

Bruce send from a regular mobile number 0632160881 whereas all luno sms's were send through sms gateway number 2787085101204241 with various ranges used for each one they send.

If you want to pursue this further you could lodge a complaint with police for this 0632160881 because all mobile numbers must be rica'd (I know this is a running joke, thieves still get away with it) but at least if you file criminal case you would have grounds to find out who is behind that number Bruce send from. This is your only recourse aside from dropping it and learning from it.
 
Last edited:

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
38,486
Hi, thankyou for your feedback much appreciated. Yes you are 100% correct, I am not accustomed to the crooked and evil ways of criminals. Not all of us think like criminals and are very galuble.I see this as a learning curve and will not easily trust people again. This criminal might have gotten my information by other means, but it still doesnot explain how he knew that I had logged into my Luno account. He had phoned me everytime I had logged into my account.
Do you receive login notices from Luno on your email? Chances are he has access to your email too. Change all your passwords immediately. Worst case scenario he can see everything you do on your PC via spyware installed on it. You might need to reformat and reinstall your OS.
 

John Tempus

Expert Member
Joined
Aug 8, 2017
Messages
2,364
Come on man, I just checked out the bit.ly link that Bruce person emailed you. How could you actually not see redflags ? Any browser pops up that its a spoof site warning that you have to go out of your way to affirm and proceed.

That link resolved to andymichelle.top/Luno_Update/Sign_in_Luno.html

If you ignore all and disregard the browser warnings it takes you to a cloned luno site where it steals your login details. You seriously went out of your way to get scammed. I initially thought you might have innocently fell for this but looking at this site and all the warnings you were going out of your way to get scammed.

If you fall for something like this then its not so much them being very sneaky but you ignoring all warnings.


lunospoof1.png


lunospoof2.png
 

Lenbad

New Member
Joined
Jul 30, 2019
Messages
8
The entire scam started here http://bit.ly/2Yu7r8U <--- no one click it. and everything after that the authorize links send to you were from luno because whatever you filled in at that short address requested luno to deactivate your security. You provided them with all your info on that link, and you probably also had to enter some sort of 2fa which they use immediately to relay to the actual luno account where they would login and then got 2fa disabled that way.

In the future dont react to any phonecalls or links send out that you did not specifically ask for first and you will not run into these types of issues.

Go re-enable your 2fa also and do not enable sms as a method of 2fa, make sure you use an authentication tool on mobile phone or pc.

Based on what you provided it was definitely just an elaborate con job and you sadly fell for it.

ps. the idea that the man knew you logged in is just coincidence, he was just guessing and hoping you had luno using general speech. I bet that is something these scammers read from a script in steps and he so happen to catch you right at step 1 of the confidence game, you were convinced at this time and every step that followed he was going to get into your account.

pss. Take a look at the dodgy sms that Bruce wanker send you and compare it with authenticate sms's send afterwards by luno.

Bruce send from a regular mobile number 0632160881 whereas all luno sms's were send through sms gateway number 2787085101204241 with various ranges used for each one they send.

If you want to pursue this further you could lodge a complaint with police for this 0632160881 because all mobile numbers must be rica'd (I know this is a running joke, thieves still get away with it) but at least if you file criminal case you would have grounds to find out who is behind that number Bruce send from. This is your only recourse aside from dropping it and learning from it.
Thankyou very much for your feedback. Much appreciated...
 

John Tempus

Expert Member
Joined
Aug 8, 2017
Messages
2,364
Thankyou very much for your feedback. Much appreciated...
That mobile number I mentioned is your best chance and if you want to then see what comes of it if you report it to the police. Probably better to just put the nightmare behind you considering it would be such low priority that the police likely wont ever look into it.
 

daneza

Well-Known Member
Joined
Jan 25, 2016
Messages
110
Sorry to hear about your ordeal.
Just remember for future that if there's a threat attached to what someone wants you to do (e.g. "Log in now to update or LOSE your account/access") it's 100% a scam.

No legitimate company would do this as it's very much against user experience best practices. All updates should ideally be done in the background without any end user intervention. and if they really had to make a change or update that required you to do something, they would send multiple emails ahead of time detailing all of their reasons, steps you should take, and apologising for the inconvenience.

These scams commonly circulate as last minute, threatening, panic inducing messages with dodgy links.

All the best for your future dealings.
 

Swa

Honorary Master
Joined
May 4, 2012
Messages
20,769
Sorry but this is a clear case of falling for a phishing attack. I have sympathy but won't go blaming a Luno server hack for that as it's not the case. The hack happened on your side. The code that they asked you for was also the one used when you first log in from a new device. I can't remember if this code is sent through email or phone but think there's the option to send it through phone. As mentioned they may or may not have access to your email so I'd change those passwords right away as well.

Also remember it's luno.com
luno.co.za is different site
 

Lenbad

New Member
Joined
Jul 30, 2019
Messages
8
Sorry to hear about your ordeal.
Just remember for future that if there's a threat attached to what someone wants you to do (e.g. "Log in now to update or LOSE your account/access") it's 100% a scam.

No legitimate company would do this as it's very much against user experience best practices. All updates should ideally be done in the background without any end user intervention. and if they really had to make a change or update that required you to do something, they would send multiple emails ahead of time detailing all of their reasons, steps you should take, and apologising for the inconvenience.

These scams commonly circulate as last minute, threatening, panic inducing messages with dodgy links.

All the best for your future dealings.
Thankyou very much...
 

CT_Biker

Expert Member
Joined
Sep 10, 2016
Messages
1,505
Hi, thankyou for your feedback much appreciated. Yes you are 100% correct, I am not accustomed to the crooked and evil ways of criminals. Not all of us think like criminals and are very galuble.I see this as a learning curve and will not easily trust people again. This criminal might have gotten my information by other means, but it still doesnot explain how he knew that I had logged into my Luno account. He had phoned me everytime I had logged into my account.
Social engineering...
 
Top