[4+ EH] Slush Pool (slushpool.com); Overt AsicBoost; World First Mining Pool

[nottm28]

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

[wigsgiw]

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.

How were the passwords hashed?

never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.

Slush has been doing this for years, and it is 2013 not 2008. We can all safely assume that passwords were at least SHA hashed and salted.

No word on the matter is because the man is slaving away, on no sleep, to get everything back up and operational after a severe inside-job hack attempt.

Many props to you Slush, your efforts are greatly appreciated!

[theowalpott]

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

No, even if they have your login details changing the payout address needs email confirmation, so unless the attacker(s) have access to your email too they can't change your payout address.

[Jay_Pal]

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.

How were the passwords hashed?

never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.

Slush has been doing this for years, and it is 2013 not 2008. We can all safely assume that passwords were at least SHA hashed and salted.

No word on the matter is because the man is slaving away, on no sleep, to get everything back up and operational after a severe inside-job hack attempt.

Many props to you Slush, your efforts are greatly appreciated!

+1

[digital]

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

Your being paranoid.  Slush has the account passwords protected.  And even if they do manage to gain access to some accounts, Slush will see the unusual activity immediately and put a stop to it.  Like I said earlier, he likely won't enable payouts right away.  He will wait to make sure everything is on track.

He is very security conscious, and always does his due diligence.  That's why he has so many lifers mining for him...

[Valle]

So, can anyone described what's going on and when it is supposed to be fixed?

[Jay_Pal]

So, can anyone described what's going on and when it is supposed to be fixed?

Sure!!!
Here you go: https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445

[OskarLoderr]

What about the user database?  Was it compromised?  I'd hate to see bitcoins sent to the wrong address.

I have a database snapshot taken before bad guys overtook the database. So there's no reason to think payout addresses have been modified. Any change of wallet on pool profile requires email confirmation by account owner so I think we're on safe side here.

Unfortunately the user database can be considered as compromised, so the attacker knows user's emails :-(.

How were the passwords hashed?

never answer that!!!

let me rephrase: were the passwords securely hashed?

And salted?

Not to preach to you, but this is a perfect example why everyone should use unique passwords on every website.

I personally use 20+ character randomly generated passwords thanks to LastPass.  Makes secure password management so easy.

I am assuming the worst that they wore not hashed and salted. No word on the matter suggests that is possibly the case? I'd like to know either way. Embarrassing as it may be.

He already said that passwords were salted and hashed earlier in the thread and that you didn't have to worry about passwords being compromised.

[TiborB]

So, can anyone described what's going on and when it is supposed to be fixed?

Sure!!!
Here you go: https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445

Status quo in a nutshell:

* mining now happens on EC2 instances, DNS records for stratum.bitcoin.cz have been updated
* you might need to restart long running workers & make sure DNS changes propagated to you. Use netstat & nslookup, or just flush the dns cache and restart workers.
https://bitcointalk.org/index.php?topic=1976.msg1926436#msg1926436
* the website is not up at the moment, but mining is possible

Hope this helps,
   T

[nybbler905]

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

PARANOID and with good reason...
it took me a while to re-set my bitcoin address ( was online one that I later read was untrusted PRE-DDos attacks on Slush's and had the ' fun ' of waiting for confirmation emails )
so even if they did get your password, tryed to change your bitcoin wallet id, there is still hope that neither you or the attacker can get access by logging in and setting payout to some really high number ( like over 50.0 BTC )
Worst case senario.... both you and the attacker are locked out of the earned BTC until you ( or the attacker ) can convince Slush to let the coins out of the wallet.

He did get a database snapshot so there should be enough info there to see what goes where apropriatly.
I'm not too worried about possible coin theft as I am still CPU mining and have earned ( not from Slush yet, still too slow for that kind of coin ) 1/9th the BTC for what some call an ' intro GPU miner card ' and will be workin all the free BTC sites as hard as my mining rig to get as much as fast as possible to get that kind of hash power and doubt i'll ever move from Slush's pool ( unless it gets to over 50.5% )

[Kruncha]

I put my miner back online last night after Slush said that stratum.bitcoin.cz was good to go. I didn't even think to check where the DNS was resolving to. After reading some posts this morning I figured I'd better check. What I have is in the image below and I think it's important that Slush be informed. I'm mining through the stratum proxy that Slush provided. If what I'm seeing is correct then I've been providing 700mhash to the hackers for 15 hours.

K.

[jerethdaminer]

they may be hashed and salted but were they peppered failing that can we keell the person who hacked him

[DoomDumas]

The bitcoins I have earned on this pool should have been confimed and payed out by now, because last time I checked (about 2 hours before the break-in) it was about 30 confirmations away from being confirmed with respect to my payout minimum. However, no payouts have occurred as of now. I guess this is also because the pool was hacked? When can we expect the payouts to continue? I mean the BTC prices are quite good at the moment and I'd very like to sell before they fall again. Please fix this soon! Thanks!

I wont sell any satoshi until 1 BTC worth more than 1000$...  in or before 2014 for sure !! 

[nottm28]

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

No, even if they have your login details changing the payout address needs email confirmation, so unless the attacker(s) have access to your email too they can't change your payout address.

Thanks

[DoomDumas]

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

IIRC, changing paiment adress need to be confirmed by email, so if your email password is'nt compromised, no problem at all here !

[AngelusWebDesign]

What about the um... secret URL that we were given by e-mail?

I just checked that URL, and it resolves to 95.x.x.x -- sounds like the OLD server.

Then I checked stratum.mining.cz and it resolves to the right IP address.

I've been mining at the address that starts with V for the good part of a day -- am I still going to get paid?

[Lucko]

It's possible than when the site does come back online, the attackers could quickly log in as some of us, change our bitcoin address to be theirs, lower our payment thresholds and steal our confirmed coins...
Or am I being paranoid...

IIRC, changing paiment adress need to be confirmed by email, so if your email password is'nt compromised, no problem at all here !

Well Slush mail also wasn't compromised and they got a link for reset... But yes it is always some uncertainty. 100% security doesn't exist... We are probably not big enough to worry about that... If you are worried about that decrease automatic payout limit...

[slush]

I'm having some troubles while setting up new database server, so all this is taking longer time than I expected. But I'm still working on it.

[bigb159]

A tracert resolved stratum.bitcoin.cz to a compute.amazonaws.com [50.112.*.*].
Things are working fine for me.

[Valle]

Thanks everyone, that explains. One more question - is there a way to check miner status/bitcoins amount mined etc? Maybe some json api is functional?

So, can anyone described what's going on and when it is supposed to be fixed?

Sure!!!
Here you go: https://bitcointalk.org/index.php?topic=1976.msg1925445#msg1925445

Status quo in a nutshell:

* mining now happens on EC2 instances, DNS records for stratum.bitcoin.cz have been updated
* you might need to restart long running workers & make sure DNS changes propagated to you. Use netstat & nslookup, or just flush the dns cache and restart workers.
https://bitcointalk.org/index.php?topic=1976.msg1926436#msg1926436
* the website is not up at the moment, but mining is possible

Hope this helps,
   T