Bitcoin Forum

web http://www.bitcoinfuturesguide.com/bitcoin-blog/shapeshiftio-hacked-loses-unspecified-portion-of-hot-wallet-funds-taken-offline

http://www.bitcoinfuturesguide.com/uploads/6/4/6/5/64656757/3012938_orig.png

Erik Voorhees' exchange ShapeShift has been hacked and lost an unspecified portion of funds from its hot wallet. They have taken down their website and are rebuilding part of their infrastructure to fix it, they say. They claim that no customer funds have been lost.


http://www.bitcoinfuturesguide.com/uploads/6/4/6/5/64656757/7490905_orig.png

The full extent of the damage is not known and until customers can actually take their bitcoin out and verify they are safe, we won't know the truth.

Cryptsy was able to hide thousands of missing coins from their customers for years, so don't trust anybody out there in this industry.

You can't store BTC on shapeshift... you cannot compare it to gox or cryptsy.

Oh god, here we go again... So who are the funds in the hot wallet from? Exchange fees?

It was most likely exchange fees plus their own personal btc held for when users "shapeshift" an altcoin to btc.
It is not individual users btc, except maybe for those users that transactions were pending at the time.

I seriously hope this is true, although I doubt it... Let's see how this goes.

Mayhaps now Erik will tone down his shilling and concern trolling about tx capacity. 1MB + segregation witnesses will be plenty for 2017, he should worry about securing his own site instead of trying to make development democratic vs current meritorious autarchy.

It's interesting that this is still happening - I would've thought exchanges were getting more and more secure - yet the hackers are one step ahead of them. Perhaps there is room for a bitcoin security consultant firm to do business advising the exchanges how to stay safe.

And then there's the school of thought that these hackers don't even exist.  That the hacksening is an inside job--Gox, Cryptsy, all of those.  Interesting, and I'll definitely be following this.

Surely this means that shapesift is the only one to lose out here, because as has been said they dont hold bitcoin for anyone,  it is probably only their float that has been stolen.  at least i hope so,

Hackers vs sites with any type of access to coins will be an eternal battle. It's never going to end. As soon as one hole is plugged another will be found until something super radical is invented.

It doesn't add up much for ShapeShift, as far as I know they don't store customer funds in there. No sense in trying to steal your own funds.

Don't get too stressed out about this, shapeshift isn't gonna go under due to this because customer funds are not questioned here.
Just let them some time to sort out what exactly happened in the security breach. It's good that they were capable enough to notice something is off.

How many of these centralized services has to go down, before people stop using them to store their wealth? We hardly recovered from Mt Gox, and then Crypsy got

compromised... Now it is ShapeShift. Just keep the majority of your wealth offline in cold storage and you will be fine. Bitcoin is decentralized for a reason and it worked out

pretty good thus far. It is fine to experiment, but only use limited amounts to do this... dump all coins in these services and you opening yourself up for a world of hurt.

cant any of these exchanges learn

stop having hot wallets on the same server that the front-end website is on.
the solution is dead simple
any front end order should not go straight to a hotwallet. instead it should sit on a database, call it what you like a 'pending request list', or whatever.

and a separate system unknown to the world views the database and processes the orders separately.
there does not need to be any IP address stored on the front-end. because it does not push out requests.
there does not need to be any hot wallets stored on the front-end because that server doesnt move coins. its just a display purpose only.

the separate system just looks in and processes the orders it see's.

knowing bitcoin takes 10 minutes+, means the milliseconds of separated communication between 2 systems instead of 1 combined system is meaningless.

no one should be running a hot-wallet on the server. there are no excuses

ROFL @ Franky, IT Security Consultant


Are you available for hire? Do you refund clients when they discover your "advice" sounds too much like a page from "How to Setup and Secure Web Servers.... For Dummies!"

keep dancing around like a fairy. (lowering myself down to your level for one sentance)
its funny that you use insults, but never use technical explanations to prove me wrong. so goodluck with the insults, but maybe time you actually researched some technicals more.

im sorry that i dont use your favourite buzzwords and prefer to speak laymens. but you will find that on a public forum generally its better to reword the bzzwords into simple english. so next time you see that i am not using buzzwords. its not because i simply dont know what im talking about. its because i know what im talking about but then translate it into simple english.

EG, you may love your leaders if they say UTXO.. but i just say "unspents".. sorry if you think thats not acceptable. but you will get over it one day
afterall, they mean the same thing. but atleast when i talk about them, im not trying to boost my ego and instead just trying to provide people what they need to know.

so if you want to prove me wrong in the future. have a coffee, settle your emotions and reply with some rebuttle thats about the technicals rather then the personal.

i welcome the day when you can be technical and provide accurate and informative information for once.

have a nice day

How about you stop misleading people about abstract technical challenges of developing Bitcoin software, and take a look at what really helping a real person with a real problem looks like (https://bitcointalk.org/index.php?topic=1427026.msg14465202#msg14465202). You have that nice day also.



p.s. I don't expect to find Franky helping software users with their issues at all, he would have to sacrifice too much of the valuable time he spends propagandising with his faux-technical bilge

An unfortunate circumstance but like most things online it's not immune to hacking with hackers trying to exploit these sites daily. But as stated by ShapeShift, their platform is designed to protect customer funds in events like these so it would seem that only their company funds may have been taken.

lol ok carlton. you unsuccessfully helped someone update a program. keep up with that


by the way if you want to hijack a topic, atleast try keeping the posts about the topic. instead of your meandering offtopic crap that are full of insults and lack of real information.

and you would have been completely out of your depth in that situation, as ever. You can't even compile a legible sentence

The good thing about the hack towards them was the wake up call they got (even though still no news regarding the loss amount on their side). Although I personally don't like their exchange since it had glitches in the past, I like the way they ensure of no loss of funds for users and only on their side with the downside of few pending transactions though.

this is such a sad news, i hope they can come back from this incident. i liked their service it was quick and easy to use and convert coins together.

yep i think they could actually spin this into a positive.

Since they were not like the traditional exchange, there was no way for hackers to steal user's funds as the funds would only remain on the exchange for the time the exchange (shift) took place, which usually required one confirmation in most cases. But as mentioned it must have affected some when they took down the exchange or when the hot wallets required to complete the shift were emptied by hackers.