|
Kumala (OP)
|
 |
January 11, 2013, 12:19:25 PM
Last edit: March 16, 2013, 10:11:48 AM by Kumala |
|
We sadly need to announce that our wallet has been compromised thus DO NOT send any further funds to any of the coin wallets, BTC, DVC, LTC, etc. We will setup a new wallet and reset all the addresses. This will most likely take the whole weekend.
|
Hacked Account! Don't send any money.
|
|
|
John (John K.)
Global Troll-buster and
Legendary
 Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
January 11, 2013, 01:06:40 PM |
|
Posted an announcement regarding this at Important Announcements subforum.
|
|
|
|
|
|
Endgame
|
|
January 11, 2013, 01:25:49 PM |
|
Sorry to hear that. How bad is the loss? Will users be out of pocket, or can vircurex cover it?
|
|
|
|
|
|
Kumala (OP)
|
|
January 11, 2013, 01:58:50 PM |
|
Further update: The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday ( http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore. |
Hacked Account! Don't send any money.
|
|
|
ripper234
Legendary
Offline
Activity: 1358
Merit: 1003
Ron Gross
|
|
January 11, 2013, 03:06:08 PM |
|
Further update: The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday ( http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore. Sorry for your lose. Amm ... the RoR volnurability was posted to multiple large forums, including Slashdot. Did the attacker see the announcement before you were able to realize it affects you and shut off your systems? How come you missed it for so long that you didn't shut your stuff off / upgrade in time? |
|
|
|
|
thebaron
|
|
January 11, 2013, 03:10:11 PM |
|
Exploit released yesterday, eh? How convenient...
|
|
|
|
|
|
Kumala (OP)
|
|
January 11, 2013, 03:14:21 PM |
|
Before the wild speculations beginn, the service will be recovered and we pay the losses out of our own pockets.
|
Hacked Account! Don't send any money.
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
January 11, 2013, 03:36:07 PM |
|
Ouch, good luck with it. Bitcoin central's down too, looks like someone's being a pain in the ass.
That's just scheduled maintenance  We deployed the fixes within five minutes after receiving the notification from the Rails security mailing list. |
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
January 11, 2013, 03:36:52 PM |
|
Exploit released yesterday, eh? How convenient...
It's the truth. |
|
|
|
|
makomk
|
|
January 11, 2013, 03:40:53 PM |
|
Exploit released yesterday, eh? How convenient...
Bit slow of the attacker. I was actually half-expecting someone to start hacking Bitcoin sites before any exploit was even publicly released. |
Quad XC6SLX150 Board: 860 MHash/s or so. SIGS ABOUT BUTTERFLY LABS ARE PAID ADS |
|
|
|
Kumala (OP)
|
|
January 11, 2013, 05:05:41 PM |
|
Service restored: deposits, trading and withdrawals are working again For the time being, some restrictions apply until we have sorted out the account details and validated data integrity. | Trading | Deposits | Withdrawals | | BTC | Active | Active | On hold | | NMC | Active | Active | On hold | | LTC | Active | Active | On hold | | DVC | Active | Active | Active | | SC | Active | Active | On hold | | IXC | Active | Active | Active | | PPC | Active | Active | Active | | USD | Active | Active | Active | | EUR | Active | Active | Active |
|
Hacked Account! Don't send any money.
|
|
|
|
Atruk
|
|
January 11, 2013, 05:21:42 PM |
|
Service restored: deposits, trading and withdrawals are working again For the time being, some restrictions apply until we have sorted out the account details and validated data integrity. | Trading | Deposits | Withdrawals | | BTC | Active | Active | On hold | | NMC | Active | Active | On hold | | LTC | Active | Active | On hold | | DVC | Active | Active | Active | | SC | Active | Active | On hold | | IXC | Active | Active | Active | | PPC | Active | Active | Active | | USD | Active | Active | Active | | EUR | Active | Active | Active |
It's good to see you are recovering so quickly, especially with the severe downtime or outright collapse most exchanges seem to go through. |
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
January 11, 2013, 05:24:34 PM |
|
Service restored: deposits, trading and withdrawals are working again
Did you switch servers ? |
|
|
|
|
Kumala (OP)
|
|
January 11, 2013, 05:58:42 PM |
|
It's been a couple of stressful hours here.
No we did not switch servers, we:
- applied the Ruby Rails patch
- backed up all log files for further analysis
- log files show the XML code injection, we validated all triggered commands to ensure nothing other than withdrawing funds (e.g. backdoor) was done.
2AM here, will need to catch some sleep, mistakes are easily made when being too tired.
|
Hacked Account! Don't send any money.
|
|
|
mc_lovin
Legendary
Offline
Activity: 1190
Merit: 1000
www.bitcointrading.com
|
|
January 11, 2013, 06:38:45 PM |
|
Total value lost in the heist?
Sorry for your loss indeed. Sucks that the vulnerability was in rails and not in your app.
|
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1020
|
|
January 11, 2013, 07:28:24 PM |
|
DId you hold ALL your money in cold wallets?
|
|
|
|
|
finkleshnorts
|
|
January 11, 2013, 08:32:53 PM |
|
I'm not sure if I feel worse for bitcoin, vicurex, the people with funds there, or ruby on rails.
|
|
|
|
|
eramus
Newbie
Offline
Activity: 27
Merit: 0
|
|
January 11, 2013, 09:53:22 PM |
|
It's been a couple of stressful hours here.
No we did not switch servers, we:
- applied the Ruby Rails patch
- backed up all log files for further analysis
- log files show the XML code injection, we validated all triggered commands to ensure nothing other than withdrawing funds (e.g. backdoor) was done.
2AM here, will need to catch some sleep, mistakes are easily made when being too tired.
This seems like a terrible plan of action. Your server could still be compromised, but site actions have been restored? Why is your wallet easily accessible by your web server? |
|
|
|
|
|
420
|
|
January 11, 2013, 09:56:03 PM |
|
looks like btc withdrawl is allowed now...shall I test it?
nope. the page has button greyed out
|
Donations: 1JVhKjUKSjBd7fPXQJsBs5P3Yphk38AqPr - TIPS
the hacks, the hacks, secure your bits!
|
|
|
|
Kumala (OP)
|
|
January 11, 2013, 10:51:33 PM |
|
BTC, NMC and LTC service back online again.
We hope to fix Soldcoin in the coming hours too.
|
Hacked Account! Don't send any money.
|
|
|
|
