Bitcoin Forum

I went on their site and got this. Check it for yourself:

:(
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side.

Database access was also obtained, however passwords are securely stored and are hashed on the client. Bitcoin backend code were transferred to 10;15Hd@mastersearching.com:mercedes49@69.85.88.31 (most likely another compromised server).

What about my coins there? If you stored more than 1 BTC, send an email to support@inputs.io with a Bitcoin address (preferably, an offline, open source light/SPV wallet like Multibit or Electrum). Use the same email you're using on Inputs. Please don't store Bitcoins on an internet connected device, regardless of it is your own or a service's.

I know this doesn't mean much, but I'm sorry, and saying that I'm very sad that this happened is an understatement.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJSeuZ9AAoJEB7FawRj3T8Th5QH/iapt2DUuyy1j7t51y1N1LOk
+Gu5fdIAV8molXnv+InMQvxtfxWfc7zKiROSP6Zv1cXdvMrCyzKP+SnTEFshIa+0
j2FYOgLeMNmsPSw8yeR1O8vJieYlK+7imEZL4nRKA+O+mjqCT1nTCtBUAVcYQ8Uu
O6BoNLkgT8z/1ZTfw+OK4t2kw9KcC317JOv3yVugfA3xCn4HbKPRP2yFIKR49C7L
w7C2h3L1jHqLerQNjbowcyKH83BFJ2IB0cFZFFCLBI+8NQcUIcIFymxrxUV73Rqa
xlMPX2rPFcIj6yz0ABl1t2rwY2DGOvc33MYCzX82CumLx/qAXCd2uF/jG6fzQ5M=
=Ip/9
-----END PGP SIGNATURE-----


Access inputs.io if you want to verify your balance, look up your transactions, etc. Don't add coins.

This is like the millionth topic on the same thing.

OH EM GEE YOU SCAMMED ME 1337 BITCOINS

MUST LEAVE U NEG FEEDBACK!

One does simply not scam for leet number of bitcoins.

Now people are accusing TF of running away with the coins and a full DOX was done here:
https://bitcointalk.org/index.php?topic=327178.0
Accurate or not, many people are now doubting TradeFortress.

Yes, which you can ask for partial payment now before the hot wallet goes dry......

Many, not so smart people, indeed.

yes, good job OP. you can write (at least)

I think TradeFrotress is really kind enough to give whatever is left. I guess if its another person he would just said the hacker took everything and GONE....

And I see i again - not a direct hack (SQLi, 0day vuln) but bypass using e-mail to reset password. I think we should start building more secure schemes that does not involve ability to reset password once forgotten (or unknown by attacker) and that does not require e-mail when registering account.

It needs to be done. It seems that this is a common problem and the recent news reflects that.

Oh man, email bypass again...... it sucks....

Have fun recovering your email next time?

Tradefortress claimed that his email chain was hacked. Therefore gaining access to the site and API.

Yep, check link in my signature for instructions on getting a refund.

I'm really really tired reading the same news olds all over again. :-\
Though I don't know why I'm writing this and making this thread bumped :D

Hate hackers really, he just make someone's life miserable....

I never needed to recover any password in last 6 years. Tormail also did not have password recovery feature and it was great. People must learn to use computers properly and stop and think for a sec instead socializing on facefuck/twatter like dogs in heat.

Also this shows why it is more secure to have real server in your own premises instead of using colocation or VPS that have remote access and yo have no direct control over the hardware. It is really important for security that most people overlook. Why banks don't use Hostgator but use their own secured hardware? Why Bitcoin should be different in this matter?

Can you read the title? If you are tired of the same olds then why did you open this thread?