This is the 3rd time writing about PipeFlare, and this time I see first hand just how much they don't care about users security.
The first post was about how I was hacked and pipeflare literally berated me, and accused me of being the hacker, banned me from their discord server, and blocked access to my account.
The second post was about how after an email, I gave them the proof that I was the original owner of the account.
They shortly allowed me access and later I found that I only had 1,600 1FLR tokens out of the nearly 4,800 before.
Seeing that the app was not running well, I waited sometimes days without being able to use the faucets, and simply dealt with it.
Navigating the site was difficult and after I noticed that I wasn't receiving my Zcash like I did about weekly before, I thought that maybe I just didn't have enough to withdraw.
After waiting for about a month, I noticed that still, I had no transactions to my old wallet address, so I began to think that maybe the hacker changed the address.
That's what got me on the hunt to see what was happening.
After a few days of searching, I decided to see if I could withdraw the 1FLR tokens I had remaining.
When I saw that 3,030 tokens had been withdrawn, I was shocked! Navigating the site for the 2 months after regaining access to the account, I was having trouble finding anything because the app was not working much of the time.
So I thought that changing the addresses was the next logical step, and when I tried to change them, a box telling me that I needed to enter a 6 digit code.
So I waited for the code to go to the email, and nothing. I checked the other phone with the wallet that I recently lost. Nothing.
I tried 3 times more, and then realized that the code was being sent to the hackers email.
So, the next logical step was to contact support.
This was their response...
"Thank you for contacting PipeFlare Support. After a thorough review of site logs, your account appears to be entangled with multiple other accounts. Such activity is forbidden on PipeFlare as it deprives single users of fair payouts. As such, a payment ban has been implemented upon all connected accounts with immediate effect. Due to the well-documented nature of the infractions, I regret to inform you that the payment ban will stand."
A payment ban.
Why a payment ban, and not a complete site ban?
My response...
"What was the point of allowing me to have access to my account?
I NEVER received an email saying there was suspicious activity.
You guys just banned me.
The thief stole over 3000 of MY 1FLR tokens that I worked for on your site for over a year and a half.
This is unjust and unfair.
I am owed 4,726 1FLR tokens that were stolen from me, and that just today finished staking.
We already discussed the activity on the account...I was HACKED!"
Within a few hours they responded.
"Final thoughts are as follows:
Security of your account is your responsibility.
When you spoke with PipeFlare Support on 1/16/2023, you didn’t feel a need to mention a suspicious 1FLR withdrawal from 8/12/2022?
After you spoke with PipeFlare Support on 1/16/2023, you didn’t feel a need to mention a suspicious 1FLR withdrawal from 8/12/2022 on any 1 of the next 180 days?
When you messaged PipeFlare Support on 7/16/2023, exactly 6 months later, you didn’t feel a need to mention any alleged hack or the fact that you deleted a 1FLR address on 7/10/2023? Only on 7/18/2023, after I relay feedback, does this become topical?
After 7/10/2023, you didn’t feel a need to replace any of your deleted wallet addresses (and still haven’t)?
While there are other indicators on your account that are more indicative of fraudulent activity than an account becoming compromised, the above suffices to leave the aforementioned payment ban in place."
Keep in mind, they were accusing me of being the hacker before.
Then, AFTER I provided proof I was the original account holder, they gave me access to the account.
BUT, failed to mention the fact that, sure I can have my account, but I just wasn't going to ever have a payout...
Why give a person suspected of "fraudulent activity" access to their account?
Also their arrogant response, "...feel a need to.." who talks like that to their customers?
Before that, they banned me from discord because I wasn't able to respond to a request as fast as they wanted.
It's interesting that in the time I had access to the site, it was almost impossible to navigate even though I have excellent internet...the app wouldn't respond to anything I was doing.
It would go directly to the faucet page, and to the buy NFTs page. Then it would show me ads after about every other click.
I didn't "mention a suspicious 1 FLR withdrawal" because the app wasn't allowing me to do much, so I had NO idea anything was withdrawn!
Plus, why didn't they send me an email saying a withdraw was taking place. Most sites send emails asking if you made a withdraw request for security reasons.
Not PipeFlare!
Most sites send emails when suspicious activity is going on with an account.
Not PipeFlare!
So as they are obviously NOT concerned with our security, and they obviously had NO intentions to allow me to withdraw EVEN THOUGH they gave me access to the account...
My final thoughts are thus...
"Why would you talk to anyone the way you did?
"Feel a need"?
#1. Security of my account is my responsibility. You are correct. But I can't know when someone is trying to hack into something.
Why didn't your website send me an email about suspicious activity? If that had happened, I would have been able to contact you sooner.
#2. I didn't know there was a withdrawal until I logged in the other day trying to understand the 6 digit code issue. Seeing about withdrawing, and changing the ZEC address.
#3. My other phone with trust wallet broke the other day, and I lost access to that wallet, so I was trying to change the addresses.
#4. I wouldn't even be able to "replace" the wallet addresses even if I wanted to because I don't know the 6 digit code.
#5. I did talk to the discord guy, and he banned me when I took too long to respond.
Because you know, life happens, but people nowadays are simply impatient.
So, I guess my final thoughts are this...
Don't pretend to know what's happening on the other side of the fence.
Try harder being less disrespectful, you and your discord people.
I know the only reason you gave me access to my account was so I would purchase things, (hence more money in your pockets) because you didn't "feel the need" to mention before that I wouldn't be able to get my 1FLR tokens out.
As a matter of fact, you didn't give me any courtesy at all, no email, no nothing.
So, this makes you all dishonest and untrustworthy, and not worth any more of my time.
Go ahead and keep the account. You need it more than I do...
Let me know if I was in the wrong or if they are.
Either way, this is a messed up situation.
Thanks for reading and please be careful with PipeFlare!
