Bitcoin Forum
April 21, 2014, 07:06:12 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3  All
  Print  
Author Topic: VIRCUREX  (Read 46495 times)
Kumala
Hero Member
*****
Offline Offline

Activity: 515


View Profile WWW

Ignore
January 11, 2013, 12:19:25 PM
 #1

We sadly need to announce that our wallet has been compromised thus DO NOT send any further funds to any of the coin wallets, BTC, DVC, LTC, etc. We will setup a new wallet and reset all the addresses. This will most likely take the whole weekend.


Currency Exchange: https://vircurex.com
BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com

Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
1398063972
Hero Member
*
Offline Offline

Posts: 1398063972

View Profile Personal Message (Offline)

Ignore
1398063972
Reply with quote  #2

1398063972
Report to moderator

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398063972
Hero Member
*
Offline Offline

Posts: 1398063972

View Profile Personal Message (Offline)

Ignore
1398063972
Reply with quote  #2

1398063972
Report to moderator
1398063972
Hero Member
*
Offline Offline

Posts: 1398063972

View Profile Personal Message (Offline)

Ignore
1398063972
Reply with quote  #2

1398063972
Report to moderator
1398063972
Hero Member
*
Offline Offline

Posts: 1398063972

View Profile Personal Message (Offline)

Ignore
1398063972
Reply with quote  #2

1398063972
Report to moderator
1398063972
Hero Member
*
Offline Offline

Posts: 1398063972

View Profile Personal Message (Offline)

Ignore
1398063972
Reply with quote  #2

1398063972
Report to moderator
stan.distortion
Hero Member
*****
Offline Offline

Activity: 602



View Profile

Ignore
January 11, 2013, 12:31:16 PM
 #2

Ouch, good luck with it. Bitcoin central's down too, looks like someone's being a pain in the ass.

­aminorex: "there are no good arguments for regulation, merely bad arguments in a good suit."
John (John K.)
Global Troll-buster and
Hero Member
*****
Offline Offline

Activity: 798



View Profile

Ignore
January 11, 2013, 01:06:40 PM
 #3

Posted an announcement regarding this at Important Announcements subforum.

My BTC Tip Jar: 1NB1KFnFqnP3WSDZQrWV3pfmph5fWRyadz , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Endgame
Sr. Member
****
Offline Offline

Activity: 402



View Profile

Ignore
January 11, 2013, 01:25:49 PM
 #4

Sorry to hear that. How bad is the loss? Will users be out of pocket, or can vircurex cover it?
Kumala
Hero Member
*****
Offline Offline

Activity: 515


View Profile WWW

Ignore
January 11, 2013, 01:58:50 PM
 #5

Further update:  The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore.



Currency Exchange: https://vircurex.com
BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com

Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
ripper234
Hero Member
*****
Offline Offline

Activity: 1092


Ron Gross


View Profile WWW

Ignore
January 11, 2013, 03:06:08 PM
 #6

Further update:  The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore.

Sorry for your lose.

Amm ... the RoR volnurability was posted to multiple large forums, including Slashdot.

Did the attacker see the announcement before you were able to realize it affects you and shut off your systems? How come you missed it for so long that you didn't shut your stuff off / upgrade in time?

Please do not pm me, use ron@mastercoin.org instead
Mastercoin Executive Director
Co-founder of the Israeli Bitcoin Association
thebaron
Sr. Member
****
Offline Offline

Activity: 406


wat


View Profile

Ignore
January 11, 2013, 03:10:11 PM
 #7

Exploit released yesterday, eh? How convenient...

I run http://mail-to-jail.com. I am "thebaron-btc" on Bitcoin-OTC.
Kumala
Hero Member
*****
Offline Offline

Activity: 515


View Profile WWW

Ignore
January 11, 2013, 03:14:21 PM
 #8

Before the wild speculations beginn, the service will be recovered and we pay the losses out of our own pockets.

Currency Exchange: https://vircurex.com
BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com

Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
davout
Staff
Hero Member
*****
Offline Offline

Activity: 1148


1davout


View Profile WWW

Ignore
January 11, 2013, 03:36:07 PM
 #9

Ouch, good luck with it. Bitcoin central's down too, looks like someone's being a pain in the ass.
That's just scheduled maintenance Smiley
We deployed the fixes within five minutes after receiving the notification from the Rails security mailing list.

davout
Staff
Hero Member
*****
Offline Offline

Activity: 1148


1davout


View Profile WWW

Ignore
January 11, 2013, 03:36:52 PM
 #10

Exploit released yesterday, eh? How convenient...
It's the truth.

makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile

Ignore
January 11, 2013, 03:40:53 PM
 #11

Exploit released yesterday, eh? How convenient...
Bit slow of the attacker. I was actually half-expecting someone to start hacking Bitcoin sites before any exploit was even publicly released.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
Kumala
Hero Member
*****
Offline Offline

Activity: 515


View Profile WWW

Ignore
January 11, 2013, 05:05:41 PM
 #12

Service restored: deposits, trading and withdrawals are working again

For the time being, some restrictions apply until we have sorted out the account details and validated data integrity.

TradingDepositsWithdrawals
BTCActiveActiveOn hold
NMCActiveActiveOn hold
LTCActiveActiveOn hold
DVCActiveActiveActive
SCActiveActiveOn hold
IXCActiveActiveActive
PPCActiveActiveActive
USDActiveActiveActive
EURActiveActiveActive

Currency Exchange: https://vircurex.com
BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com

Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
Atruk
Hero Member
*****
Offline Offline

Activity: 504



View Profile

Ignore
January 11, 2013, 05:21:42 PM
 #13

Service restored: deposits, trading and withdrawals are working again

For the time being, some restrictions apply until we have sorted out the account details and validated data integrity.

TradingDepositsWithdrawals
BTCActiveActiveOn hold
NMCActiveActiveOn hold
LTCActiveActiveOn hold
DVCActiveActiveActive
SCActiveActiveOn hold
IXCActiveActiveActive
PPCActiveActiveActive
USDActiveActiveActive
EURActiveActiveActive


It's good to see you are recovering so quickly, especially with the severe downtime or outright collapse most exchanges seem to go through.

davout
Staff
Hero Member
*****
Offline Offline

Activity: 1148


1davout


View Profile WWW

Ignore
January 11, 2013, 05:24:34 PM
 #14

Service restored: deposits, trading and withdrawals are working again

Did you switch servers ?

Kumala
Hero Member
*****
Offline Offline

Activity: 515


View Profile WWW

Ignore
January 11, 2013, 05:58:42 PM
 #15

It's been a couple of stressful hours here.

No we did not switch servers, we:
 - applied the Ruby Rails patch
 - backed up all log files for further analysis
 - log files show the XML code injection, we validated all triggered commands to ensure nothing other than withdrawing funds (e.g. backdoor) was done.
 
2AM here, will need to catch some sleep,  mistakes are easily made when being too tired.

Currency Exchange: https://vircurex.com
BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com

Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
mc_lovin
Hero Member
*****
Offline Offline

Activity: 938


www.bitcointrading.com


View Profile WWW

Ignore
January 11, 2013, 06:38:45 PM
 #16

Total value lost in the heist?

Sorry for your loss indeed.  Sucks that the vulnerability was in rails and not in your app. 

kiba
Hero Member
*****
Offline Offline

Activity: 980


View Profile

Ignore
January 11, 2013, 07:28:24 PM
 #17

DId you hold ALL your money in cold wallets?

finkleshnorts
Sr. Member
****
Offline Offline

Activity: 336



View Profile

Ignore
January 11, 2013, 08:32:53 PM
 #18

I'm not sure if I feel worse for bitcoin, vicurex, the people with funds there, or ruby on rails.

TorGuard VPN: Don't get caught using Bittorrent! Spend your bitcoins on a topnotch VPN/Proxy service! I'm renewing my subscription again later this year.
eramus
Newbie
*
Offline Offline

Activity: 27


View Profile

Ignore
January 11, 2013, 09:53:22 PM
 #19

It's been a couple of stressful hours here.

No we did not switch servers, we:
 - applied the Ruby Rails patch
 - backed up all log files for further analysis
 - log files show the XML code injection, we validated all triggered commands to ensure nothing other than withdrawing funds (e.g. backdoor) was done.
 
2AM here, will need to catch some sleep,  mistakes are easily made when being too tired.
This seems like a terrible plan of action. Your server could still be compromised, but site actions have been restored? Why is your wallet easily accessible by your web server?
420
Hero Member
*****
Offline Offline

Activity: 616



View Profile

Ignore
January 11, 2013, 09:56:03 PM
 #20

looks like btc withdrawl is allowed now...shall I test it?

nope. the page has button greyed out

Donations: 13qvP8vSEKPxLHXNPeHtCE4TGgZFaZU6am - LTC: LUN2zTCEVScDJxccZQujB9Aph8EFjn5M6q
CoinLenders cost me $5,000 - Know where your BTC are!
Pages: [1] 2 3  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!