It is imperative to understand that everything was wiped out from our servers and getting functionality back is priority #1. The wallet part of BIPS was a free service to make payments easier for users. Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in. Hence we offered a paper wallet as a cold storage alternative for those who wanted a safe storage solution. We will be contacting all affected users as already proclaimed. We will need their consent to hand over information to the authorities for further investigation, which hopefully can assist in catching the thief. Those who were not affected and have a bitcoin balance will also be contacted. Most balances left are minuscule, but if you had more than a few satoshi’s in your wallet you are affected, and will be contacted. Another priority is doing forensics data recovery to be able to investigate and assist authorities in finding the attacker. Technical information will not be disclosed for security reasons. Stolen coins have been isolated and server logs have been retrieved from data recovery: https://blockchain.info/address/1LuG91tcSQxKj32BsCoRkX7yQLfj9LtkCsPlease be advised that attacks are not isolated to us and if you are storing larger amounts of coins with any third party you may want to find alternative storage solutions as soon as possible, preferably cold storage if you do not need immediate access to those coins: www.coindesk.com/hacker-attack-polands-bitcoin-exchange/www.coindesk.com/czech-bitcoin-exchange-bitcash-cz-hacked-4000-user-wallets-emptied/ |
|
|
|
|
Statement from BIPS, November 19th 2013.
On November 15th BIPS was the target of a massive DDoS attack, which is now believed to have been the initial preparation for a subsequent attack on November 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers. Once executed; overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers.
Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.
At this point all wallet functions have been disabled in order to conduct a full investigation and audit. BIPS will be contacting compromised wallet owners individually.
BIPS will also be contacting merchants who have not enabled automatic conversion of bitcoin.
Merchant processing functionality and buy/sell has been re-enabled.
BIPS help desk system is currently not accessible and will not be re-enabled until an alternative hosting solution has been arranged for this. In the mean time, support is reachable via email to support(at)bips(dot)me. Previously submitted tickets need to be resubmitted via email. Please be patient and allow 24-72 hours to receive a reply.
|
|
|
|
Apparently the first assumption is that the DDoS attack initiated major hardware failure, and wiped out the file system on all the servers. http://www.reddit.com/r/Bitcoin/comments/1qo6cj/bips_being_ddosed/Status: We are propagating new servers and restoring backup onto those now. Current estimate for online status is within the hour. We are waiting on the blockchain to download for our bitcoind's Our Contingency Planning and Disaster Recovery Plan: Our future contingency planning will include backing up the blockchain for better risk management like in this case, where it has catastrophic consequences that we are not able to deploy backup within minutes, but have to wait 5 - 9 hours for the blockchain to download. (we are at "blocks" : 269439) Personally I am sorry for any inconvenience, this might cause. |
|
|
|
|
It's when you are not quick enough to write in the two-factor code for example, their CSRF token will expire.
I admit I think it a bit harsh to set it to timeout this quick, but hey whatever works.
|
|
|
|
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_URL => 'https://bips.me/api/v1/invoice',
CURLOPT_USERPWD => 'apikey',
CURLOPT_POSTFIELDS => 'price=100¤cy=USD&item=TEST&custom=' . json_encode(array('order_id' => '1')),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPAUTH => CURLAUTH_BASIC));
$url = curl_exec($ch);
curl_close($ch);
header('Location: ' . $url . '/iframe'); |
|
|
|
|
It will fit in 640x260 with room to spare, but I think you are not showing the iframe version, the iframe version will only show when you append /iframe to the end of the Invoice URL received back from the Invoice API.
You will have to enable the timer in your BIPS merchant account. Simply select the check box called "Convert bitcoins and transfer to my bank account", this will enable the timer, so customers are required to pay within 15 minutes for BIPS to guarantee the rate for a merchant.
|
|
|
|
|
Hi, have you clicked Save Changes after writing in your Secret?
|
|
|
|
Hi, you will have to grep the output from curl_exec in a JSON decoded object like below: $output = json_decode(curl_exec($ch)); This will give you a stdClass object. {
"status": "success",
"txid": "the transaction id"
}Access this object in PHP: print $output->status;
print $output->txid;
|
|
|
|
|
Thanks, we worked hard on it.
|
|
|
|
|
Please contact the WalletBit team by email.
|
|
|
|
|
Please contact the WalletBit team by email.
|
|
|
|
|
Show Posts
