Cross-posting from Agora subreddit:
I'm posting this because a handful of people have started noticing passwords being changed, unauthorized withdrawals from accounts, etc. Nearly all such people have had two things in common:
They used the same Login/Password credentials on Evolution
They have no PGP authentication on their Agora account
It is clear by now that someone is going through the Evolution user database, trying Login/PWs on Agora, noting the "hits", then stealing any coins on the account, or waiting for those users to deposit coins so they can be stolen. If your Agora account has the same credentials as your former Evolution account (or any other DNM for that matter), change your password and enable 2-factor authentication. Both can be done under the "Profile" tab on the market.
Even if your Evolution PW was different, everyone should enable 2-FA regardless. There is simply no reason to leave it un-used; it renders your account practically immune to these kinds of attacks. Obviously this means familiarizing yourself with PGP, generating your own personal public/private keypair, uploading the public key to your account (in the "public info" setting under the profile tab), and so forth. I recommend GPG4USB and the tutorial here.
If you fall into the above 2 categories, make the changes now before you get hit. And please don't post "Agora stole my $30", they had nothing to do with it.
This is hardly surprising. Remember these guys are carders. Before Evolution, they literally made their money from selling people's financial data and stealing money from people's accounts. This is what they do best. I wouldn't be surprised if the database is being sold in chunks on a carder forum somewhere.
The only thing that surprises me about this is how greedy they are. If it were me I'd be taking a well earned break, sitting on a beach somewhere in South America, cashing my BTC out slowly to buy 8 balls of coke, blow jobs and jiu jitsu lessons. But I guess they enjoy doing this sort of shit.
If this doesn't make people change their habits, then I don't know what will. Only ever use multisig on marketplaces with known fraud links, always use PGP, and never, ever ever reuse passwords.