Ty for update.micro please confirm and if you cud tip me too...
Ty
We're working on getting the site back live. In the end we got lucky the attacker chose to put up a basic phishing site instead of launching a more sophisticated attack.
Players only lost 0.05 BTC as a result of this. If you made a deposit to the phishing site you must sign the address you sent from to claim a refund from us.
Here's what the attacker was able to do through his phishing site:
-Send Usernames/Passwords for users who logged in during the brief period of time it was up.
-Display an obviously erroneous deposit address offering a 10% deposit bonus.
What attacker wasn't able to do
-Grab user tokens/sessions (local storage isn't shared between http & https versions)
-Access our DB, accounts, balances
We're taking our time to complete investigation and put things back up in a secure way. Currently we are unable to transfer the domain out of our registrar due to issues with them but given the way the account was targeted it shouldn't be possible for the hacker to regain access anymore (more on this later).
We're working on getting the site back live. In the end we got lucky the attacker chose to put up a basic phishing site instead of launching a more sophisticated attack.
Players only lost 0.05 BTC as a result of this. If you made a deposit to the phishing site you must sign the address you sent from to claim a refund from us.
Here's what the attacker was able to do through his phishing site:
-Send Usernames/Passwords for users who logged in during the brief period of time it was up.
-Display an obviously erroneous deposit address offering a 10% deposit bonus.
What attacker wasn't able to do
-Grab user tokens/sessions (local storage isn't shared between http & https versions)
-Access our DB, accounts, balances
We're taking our time to complete investigation and put things back up in a secure way. Currently we are unable to transfer the domain out of our registrar due to issues with them but given the way the account was targeted it shouldn't be possible for the hacker to regain access anymore (more on this later).
Gosh does the begging ever stop.. leave admin to fix more important issues at hand,,, get a grip.