Bitcoin Forum

This isn't anything new, but we also haven't heard much about it. With everything that's already happened can we afford to put our already fragile price of Bitcoin up for more risk? Even this thread has put out information about the heartbleed fix. We are aware of several different exchanges but how many have confirmed the openssl fix? Ask your exchange to confirm the fix. It's your money on the line. BTCPD will do our part and post a list of exchanges who have taken the proper measures. If you have information please let us know.

Thank you

Most servers were quickly fixed once news spread. Individuals can check themselves. Here are some exchanges I tested which are fine from the heartbleed attack:

https://sslanalyzer.comodoca.com/?url=coinbase.com
https://sslanalyzer.comodoca.com/?url=bitcoin.de
https://sslanalyzer.comodoca.com/?url=bitsource.org
https://sslanalyzer.comodoca.com/?url=bittylicious.com
https://sslanalyzer.comodoca.com/?url=btc.sx
https://sslanalyzer.comodoca.com/?url=bitnz.com
https://sslanalyzer.comodoca.com/?url=bitstamp.net
https://sslanalyzer.comodoca.com/?url=btcmarkets.net
https://sslanalyzer.comodoca.com/?url=btc-e.com
https://sslanalyzer.comodoca.com/?url=campbx.com
https://sslanalyzer.comodoca.com/?url=bitcoin.it
https://sslanalyzer.comodoca.com/?url=hitbtc.com
https://sslanalyzer.comodoca.com/?url=kapiton.se
https://sslanalyzer.comodoca.com/?url=localbitcoins.com
https://sslanalyzer.comodoca.com/?url=moneypaktrader.com
https://sslanalyzer.comodoca.com/?url=therocktrading.com
https://sslanalyzer.comodoca.com/?url=vircurex.com
https://sslanalyzer.comodoca.com/?url=cavirtex.com
https://sslanalyzer.comodoca.com/?url=virwox.com
https://sslanalyzer.comodoca.com/?url=weexchange.co
https://sslanalyzer.comodoca.com/?url=bitbargain.co.uk
https://sslanalyzer.comodoca.com/?url=btcchina.com


This being said, I see a lot of exchanges with other security concerns that need to be fixed.

Please do not leave your Bitcoins in a hot wallet or exchange until security is taken more seriously. Make the trade and get out.

excellent information! if you wouldn't mind providing more information about the other security issues?

Some have weak encryption, aren't up to date with all the patches, don't use 2FA, are vulnerable to DDOS attacks, are vulnerable to SSL CRIME attack, ect....

The bigger threat is still the owners running off with the money though. I would only trust either a well regulated exchange in a country that prosecutes thieves like the US or an exchange that is insured or are using other means of protecting their clients like muti-sig authentications. Even than so I would still suggest securing your assets yourself and only using exchanges as a place to perform the trade. 

well said

Most exchanges should have responded the first day.
Good to see it confirmed that the SSL bug is fixed on all of those.
I wonder if many hackers knew about the hole, or only "the Gov" was using it?

Since most exchangers are using Cloudflare, and since Cloudflare was given early notice of heartbleed and patched before it went public they weren't affected. OpenVPN was still affected until a day or so ago because it uses a bundled SSL library that was vuln to heartbleed as well, so for about a week somebody went crazy bypassing multi-auth by jacking sessions and stealing private keys. http://arstechnica.com/security/2014/04/heartbleed-exploited-to-hack-network-with-multifactor-authentication/