Bitcoin Forum
November 18, 2024, 02:07:17 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: Bitcoin-Central.net "We have been compromised"  (Read 9322 times)
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 522



View Profile
April 24, 2013, 11:25:57 PM
 #21

From their recent tweets, one might conclude that their host is at fault Tongue

https://twitter.com/bitcoin_central/status/327131323342942209
https://twitter.com/bitcoin_central/status/327133723936051200

Proper communication on this one so far, though. Informative downtime message Smiley
But yeah, it's a pity they're the ones with a breach again

So it was OVH they say. Slush is turning into a sort of early warning system, he got hit first in that Bitcoinica hack too.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
redwraith
Full Member
***
Offline Offline

Activity: 188
Merit: 102



View Profile
April 25, 2013, 12:11:31 AM
 #22

How come we never hear about Ameritrade getting hacked or one of the big online stockbrokers?  Maybe these fledgling bitcoin "exchanges" need to consult with how those guys do it, because this is getting ridiculous.
repentance
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
April 25, 2013, 12:39:29 AM
 #23

How come we never hear about Ameritrade getting hacked or one of the big online stockbrokers?  Maybe these fledgling bitcoin "exchanges" need to consult with how those guys do it, because this is getting ridiculous.

Because the amount that big players in the conventional world spend on security is mind-blowing.  Even then, they still suffer from successful fraud attempts and intrusions but they have the capacity to absorb those losses (and are often insured against them).

What happens in Bitcoinland is that services quickly find themselves handling large amounts of funds before they have the money available to spend on the security which should have been baked in from day 1.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
arklan
Legendary
*
Offline Offline

Activity: 1778
Merit: 1008



View Profile
April 25, 2013, 05:37:05 AM
 #24

ozcoin hacked last week, slush earlier this week, now bitcoin central... sheesh.

i don't post much, but this space for rent.
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
April 25, 2013, 05:46:42 AM
 #25

Holy shit, tards still use anything made by paymium?
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500


Hero VIP ultra official trusted super staff puppet


View Profile
April 25, 2013, 06:28:12 AM
 #26

My feeling is that the louder and richer bitcoin gets the worse and more frequent things like this will happen. Bank robbery is profitable but limited in frequency due to the risks. What is there to risk in hacking a bitcoin site?

klee
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
April 25, 2013, 07:03:50 AM
 #27

BTC-e compromised too...

when & what about BTC-e?   they seem the only reliable player
https://bitcointalk.org/index.php?topic=173354.0
klee
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
April 25, 2013, 07:07:07 AM
 #28

This is starting to get really annoying - second time they are compromised, BTC24 f@cked up, Bitfloor terminated, MtGox DDoSed, bitcoin.de with issues, BTC-e compromised too...

BIPS and WalletBit are still doing just fine Cool WalletBit is the only service of its type still running since June 2011 and BIPS is its successor (free Bitcoin processing).
I will search WalletBit - so is it a kind of exchange or more of an online wallet?
BIPS interests me professionally I hope soon I will be PMing you (I was looking it yesterday)...
klee
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
April 25, 2013, 01:21:31 PM
 #29

The site has an update:


Apr. 25 2013 14:00 CEST UPDATE

Dear all, we'd like to give everyone an update as to what exactly is happening, has happened, and will happen in relation to the recent events at Bitcoin-Central.net.

Here are a few questions that require an immediate answer.

Have funds been lost?

A few hundred Bitcoins have been stolen from our hot wallet.

Will users lose funds?

No. We will cover 100% of the theft.

How did it happen?

Someone managed to reset the password from our hosting provider web interface, this enabled the attacker to lock us out of the interface and request a reboot of the machine in 'rescue' mode. Using this, the attacker copied our hot wallet and sent away what was present.

This very hosting provider (OVH) had been compromised a couple of days ago, in the exact same way, leading to loss of funds on mining.bitcoin.cz.

What is the plan?

We have taken the decision to suspend the service for the time being. Coming up with a different security approach will take some time. We owe our users to be on the safe side.

As a consequence we will refund everyone who so wishes up to the last cent and satoshi and take the needed time, without rush, to come up with a platform, an infrastructure and procedures to meet the new challenges that are faced by the Bitcoin exchange ecosystem at large.

Doing the right thing is not always easy. It's ok, riding the Bitcoin is not for the faint of heart, we'll take the time to prepare and we'll be back.

How exactly will this happen?

We will reopen the platform tomorrow, but won't be accepting any new Bitcoin or Euro deposits. Users will be expected to clear their accounts in order for us to settle all balances.

People who have very small EUR balances that aren't practical to wire will be offered a settlement in Bitcoin at generally available market rate at the time of the settlement.

Users will be able to place wire transfer orders, they will be processed as usual. The Bitcoin transfers will be processed directly from our cold-storage and will be sent as daily batches.

Can we refund everyone?

Yes, because Bitcoin-Central has, is, and will always will be full-reserve. We can refund everyone at the same time.

Unclaimed balances will be held until they are claimed, if they are still not claimed when the platform reopens they will be made available to the relevant imported user accounts. All Bitcoin balances left with us will be held in cold storage.

When will I be able to get my BTC/EUR back?

As soon as we re-open you will be able to request your account settlement which will be processed as fast as possible.

We aim at reopening the web interface on April 26th at 14:00 CEST. In case of delays we will post additional updates.

We thank all our users for their trust and business.
We thank everyone that supported us when everything was starting to get hard.

We'll be back, also skateboards.


https://bitcoin-central.net/
Lethos
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


Keep it Simple. Every Bit Matters.


View Profile WWW
April 25, 2013, 01:34:09 PM
 #30

If Bitcoin Centeral keep getting compromised, something is dangerously wrong.

Either their code has a gaping hole in their security, easy to exploit, or their host provider is the security hole. Or both.

If they are going to blame it on their host, why do I get the feeling they are staying? The host wouldn't cover that sort of lose, not for the sort of prices they have listed on the website. I'd like to point out, they do most VPS and Dedicated servers, not Colo. So their host could be the one stealing it for all they know as they have all the necessary access to do so.

optimator
Sr. Member
****
Offline Offline

Activity: 351
Merit: 250



View Profile WWW
April 25, 2013, 01:39:13 PM
 #31

I'm curious if the hot wallet was encrypted, and if so, was the passphrase stored machine encrypted?

This seems like the best practice for a hot wallet on a machine.

Boussac
Legendary
*
Offline Offline

Activity: 1221
Merit: 1025


e-ducat.fr


View Profile WWW
April 25, 2013, 02:45:15 PM
 #32

oh for fucks sake!

just about the only place I have some fiat left ;|


At least your fiat should be safe-ish, I had some btc over there :/
DISCLOSURE: I am a co-founder of Paymium

I can assure you that your funds (both fiat and BTC) are safe and that you will get a full refund if you so wish.
You may alos leave them wih us until we resume operations, this time without a hot wallet..

We have weathered nasty attacks but we did so while preserving our customers funds (in cold storage).

Herodes
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
April 25, 2013, 02:53:13 PM
Last edit: April 25, 2013, 06:37:39 PM by Herodes
 #33

At least they came clean quickly this time... communication +1. Although you have to ask serious questions about their security protocols...

Just relax, they've hired independent security auditors prior to this incident. Nothing to see here, move on!
Herodes
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
April 25, 2013, 02:58:31 PM
 #34

From their recent tweets, one might conclude that their host is at fault Tongue

https://twitter.com/bitcoin_central/status/327131323342942209
https://twitter.com/bitcoin_central/status/327133723936051200

Proper communication on this one so far, though. Informative downtime message Smiley
But yeah, it's a pity they're the ones with a breach again

The fact that they don't run their own dedicated servers, but rely on a vulerable third party speaks mountains about their level of security, or lack thereof. What they fail to understand is that when running such a delicate service as they do, they need to be in control of everything themselves and be paranoid about security. Obiously they've failed on all accounts. The question is, how many hacks can they take before they throw in the towel and quits alltogether.
anexsia
Newbie
*
Offline Offline

Activity: 52
Merit: 0


View Profile
April 25, 2013, 04:13:27 PM
 #35

It seems like every day there's another exchange or major service getting hacked or terminated in the bitcoin world  Huh.
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500


Hero VIP ultra official trusted super staff puppet


View Profile
April 25, 2013, 04:27:23 PM
 #36

It seems like every day there's another exchange or major service getting hacked or terminated in the bitcoin world  Huh.

My feeling is that the louder and richer bitcoin gets the worse and more frequent things like this will happen. Bank robbery is profitable but limited in frequency due to the risks. What is there to risk in hacking a bitcoin site?

molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
April 25, 2013, 04:45:53 PM
 #37

If Bitcoin Centeral keep getting compromised, something is dangerously wrong.

Either their code has a gaping hole in their security, easy to exploit, or their host provider is the security hole. Or both.

Did you even read what happened. It was a problem with the hoster.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
oblongmeteor
Full Member
***
Offline Offline

Activity: 134
Merit: 100


View Profile
April 25, 2013, 05:53:08 PM
 #38

If Bitcoin Centeral keep getting compromised, something is dangerously wrong.

Either their code has a gaping hole in their security, easy to exploit, or their host provider is the security hole. Or both.

Did you even read what happened. It was a problem with the hoster.

Regardless of whether it was a problem with their hosting company or not, they were running a financial service handling millions of euros (http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy). It is not exactly as though there hasn't been precedence for hosting company related abuse (http://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/) and frankly an oversight of this nature points to systemic failings in their software and business model.
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 522



View Profile
April 25, 2013, 06:27:22 PM
 #39

How come we never hear about Ameritrade getting hacked or one of the big online stockbrokers?  Maybe these fledgling bitcoin "exchanges" need to consult with how those guys do it, because this is getting ridiculous.

To quote MP,

Quote
CBOE down all day ? MPEx users not affected. In yo face, #fiat.

I would guess the reason you don't hear anything about fiat's appalling record is that irl you know you have no business in finance, so then you don't follow the relevant feeds. In BTC this is somehow not equally obvious, so then you do follow the feeds.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Amitabh S
Legendary
*
Offline Offline

Activity: 1001
Merit: 1005


View Profile
April 26, 2013, 09:27:44 AM
 #40

bump. Just to keep track of the posts here.

Coinsecure referral ID: https://coinsecure.in/signup/refamit (use this link to signup)
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!