My Slushpool Account Hacked - External hack, or inside job?

[tfeagle]

Not sure where to post this.  Tried to search for "Slushpool" but the built-in search is temporarily disabled.  

I had a slushpool mining account.  Originally opened it several years ago at "mining.bitcoin.cz" and carried it over into "www.slushpool.com".  

I have never withdrawn BtC from this account.  I have never logged in from an unsecure computer.  

I went to bed late on 3-July-2017...about 11:00 PM on US PST.  This is UTC-8 time zone.  Next morning on 4-July-2017 I could not login to my account.  I contacted slushpool, using their ticket system.  The slushpool customer support tells me that my account was hacked, and that all my coins are stolen.  

They told me the coins are stolen.  They gave me a wallet address for the coins, and an IP address for the login.  The IP address goes to a VPN server in Budapest, Hungary.  

They will not tell me the time of the hack/transfer.  They will not tell me the exact amount of the transfer.  They told me that my BitCoin was stolen.  They will not tell me if my Zcoin was stolen.  They will not tell me the email address of the hacker (entered into my account, to prevent the "reset password" link from working).  

Slushpool should have a record of the thief login (including time and date stamp) the email address change (including time and date stamp) and the password change (including time and date stamp).  They will not tell me any of this info.  Last message I got from them was over 8 hours ago.  They are not talking to me now.  

Also, slushpool will not return my account to me.  I have asked them to reset my password, and send a new password to me.  They will not do so.  So the thief gets to take all of my money and keep my account also?  

Is anyone else having problems with slushpool?  Is it just me, or have many small account been hacked?  Also...how was the hack done?  Slushpool is telling me nothing at all.  Does anyone have info?  

[1714191052]

1714191052

[1714191052]

1714191052

[1714191052]

1714191052

[tfeagle]

Not sure where to post this.  Tried to search for "Slushpool" but the built-in search is temporarily disabled.  

I had a slushpool mining account.  Originally opened it several years ago at "mining.bitcoin.cz" and carried it over into "www.slushpool.com".  

I have never withdrawn BtC from this account.  I have never logged in from an unsecure computer.  

I went to bed late on 3-July-2017...about 11:00 PM on US PST.  This is UTC-8 time zone.  Next morning on 4-July-2017 I could not login to my account.  I contacted slushpool, using their ticket system.  The slushpool customer support tells me that my account was hacked, and that all my coins are stolen.  

They told me the coins are stolen.  They gave me a wallet address for the coins, and an IP address for the login.  The IP address goes to a VPN server in Budapest, Hungary.  

They will not tell me the time of the hack/transfer.  They will not tell me the exact amount of the transfer.  They told me that my BitCoin was stolen.  They will not tell me if my Zcoin was stolen.  They will not tell me the email address of the hacker (entered into my account, to prevent the "reset password" link from working).  

Slushpool should have a record of the thief login (including time and date stamp) the email address change (including time and date stamp) and the password change (including time and date stamp).  They will not tell me any of this info.  Last message I got from them was over 8 hours ago.  They are not talking to me now.  

Also, slushpool will not return my account to me.  I have asked them to reset my password, and send a new password to me.  They will not do so.  So the thief gets to take all of my money and keep my account also?  

Is anyone else having problems with slushpool?  Is it just me, or have many small account been hacked?  Also...how was the hack done?  Slushpool is telling me nothing at all.  Does anyone have info?  

Correction to my last message.  Slushpool support did tell me the time that my bitcoin was taken.  It is in an email message. 

"It looks like your account has been hacked and the BTC reward balance has been sent to address: CVNNiD12NgMp8eLTQ7TJLJwST2TkswjUP at 2017-07-04 12:04:07 UTC.  I can provide your with the last IP address which was used for accessing your account: 188.227.224.110 for investigation purposes."

My support person at slushpool is "Martin".  This is all I know so far.  This email arrived over 12 hours ago, but I didn't notice the time and date stamp of the theft.  I am still getting no reply to messages. 

[magneto]

This is their thread: https://bitcointalk.org/index.php?topic=1976.999999999. Feel free to complain about your misfortunes there although i'm pretty sure that the thread isn't moderated by any of the support staff/slush himself, so good luck getting a response there.

Slush's own bitcointalk account was compromised, however. Sort of ironic.

Personally i wouldn't think that it was an insider job at all - slushpool is one of the oldest and most trustworthy mining pool that are still around. How much bitcoin approximately was in your account? I'm sure that they wouldn't be moved by anything less than 100 BTC, because back in the days that was only 2 blocks worth of block rewards and they had a big % of all hashpower.

IP addresses aren't really useful at all. Just take this as a warning, make sure that you use a secure password and enable 2fa next time.

[tfeagle]

This is their thread: https://bitcointalk.org/index.php?topic=1976.999999999. Feel free to complain about your misfortunes there although i'm pretty sure that the thread isn't moderated by any of the support staff/slush himself, so good luck getting a response there.

Slush's own bitcointalk account was compromised, however. Sort of ironic.

Personally i wouldn't think that it was an insider job at all - slushpool is one of the oldest and most trustworthy mining pool that are still around. How much bitcoin approximately was in your account? I'm sure that they wouldn't be moved by anything less than 100 BTC, because back in the days that was only 2 blocks worth of block rewards and they had a big % of all hashpower.

IP addresses aren't really useful at all. Just take this as a warning, make sure that you use a secure password and enable 2fa next time.

It was only about 1.75 to 1.8 bitcoin.  Well below the interest threshold of a slushpool manager.  Few thousand dollars, USD.  But the big deal for me is that they won't give my account back, and they won't share info on the hack.  I use a unique password for slushpool.  Eleven characters.  Unlikely that it was found elsewhere on the internet.  I've scanned my desktop hard drive, and no malware was found.  (No obvious keystroke logger.  Although some malware can elude existing scanners.)  I am asking slushpool for time and date stamps of password changes, login from Budapest, and email (recovery address) changes.  I'm pretty certain that these events are all logged.  There is no reason for them to withhold this info.  There is no reason to keep me locked out of my account.  There is no reason to completely ignore me after sending a short email message that says approximately, "You were hacked.  Too bad.  Create a new account." 

[Earthness2000]

Not sure where to post this.  Tried to search for "Slushpool" but the built-in search is temporarily disabled.  

I had a slushpool mining account.  Originally opened it several years ago at "mining.bitcoin.cz" and carried it over into "www.slushpool.com".  

I have never withdrawn BtC from this account.  I have never logged in from an unsecure computer.  

I went to bed late on 3-July-2017...about 11:00 PM on US PST.  This is UTC-8 time zone.  Next morning on 4-July-2017 I could not login to my account.  I contacted slushpool, using their ticket system.  The slushpool customer support tells me that my account was hacked, and that all my coins are stolen.  

They told me the coins are stolen.  They gave me a wallet address for the coins, and an IP address for the login.  The IP address goes to a VPN server in Budapest, Hungary.  

They will not tell me the time of the hack/transfer.  They will not tell me the exact amount of the transfer.  They told me that my BitCoin was stolen.  They will not tell me if my Zcoin was stolen.  They will not tell me the email address of the hacker (entered into my account, to prevent the "reset password" link from working).  

Slushpool should have a record of the thief login (including time and date stamp) the email address change (including time and date stamp) and the password change (including time and date stamp).  They will not tell me any of this info.  Last message I got from them was over 8 hours ago.  They are not talking to me now.  

Also, slushpool will not return my account to me.  I have asked them to reset my password, and send a new password to me.  They will not do so.  So the thief gets to take all of my money and keep my account also?  

Is anyone else having problems with slushpool?  Is it just me, or have many small account been hacked?  Also...how was the hack done?  Slushpool is telling me nothing at all.  Does anyone have info?  

even they give you ip address of the home address you cant do nothing about it , its cryptocurrency its just math and coins on air , you need to protect your wallet thats all you can do

[Avirunes]

Even they give you ip address of the home address you cant do nothing about it , its cryptocurrency its just math and coins on air , you need to protect your wallet thats all you can do

True. Protecting wallet is the only option to escape out of your wallet getting hacked. Better to hold btc in personal wallet or cold wallet rather than on a web wallet or on a service wallet.

[tfeagle]

I finally heard back from slushpool.  New service agent.  It seems that the customer service goal is to respond to all issues/questions within 24-hours.  This is good for the first report of a hack.  But is cumbersome when trying to hold a conversation or ask questions.  Every time I ask a question or send a file, I must wait roughly 20 hours for a reply. 

The new agent gave me additional info.  Some of it...particularly email addresses...is very important.  I have asked for more info, including specific details on time and date stamps.

Waiting now for the reply.   

[olushakes]

I finally heard back from slushpool.  New service agent.  It seems that the customer service goal is to respond to all issues/questions within 24-hours.  This is good for the first report of a hack.  But is cumbersome when trying to hold a conversation or ask questions.  Every time I ask a question or send a file, I must wait roughly 20 hours for a reply. 

The new agent gave me additional info.  Some of it...particularly email addresses...is very important.  I have asked for more info, including specific details on time and date stamps.

Waiting now for the reply.   

The issue here is really not about getting the details of the hacker but the issue of lost funds which will most likely not recovered and even with the way its been handled is another issue of concern. Even if its not an insider job, there should still be some level of commitment and even taking of responsibility on their part to ensure the trust of keeping funds with them is not betrayed which is exactly what has happened concerning this issue.

[tfeagle]

OK.  Update.  (Yah, it has been a long time.) 

Slushpool helped me with data and timestamps.  I was able to follow the bogus login to a relay system in Budapest.  The relay system was accessed from a VPN service.  I have been in contact with the owner of the VPN service.  He will not release personal info on the account holder who created the VPN account.  Although the owner has not said so, I believe that the VPN hardware is physically located in the UK. 

In short...if the VPN business owner were willing, I could obtain personal info on the owner of a VPN account (one of several) that was involved in the hack that stole my bitcoin.  (Missing bitcoin is currently worth about $7200.00 USD as I type this message.) 

So...Slushpool is/was innocent.  It was not an inside theft.  For various reasons...too many details to write here...the bitcoin theft appears to have been enabled by one or more of the Yahoo password and personal info leaks.  (Among other things, one of my Yahoo email accounts had been programmed to block messages from several Slushpool email addresses...) 

Can anyone recommend a police or cybercrime agency in the UK, that would have the legal right to demand user info from the VPN service? 

Thanks!  tfEagle 

[cdousley]

OK.  Update.  (Yah, it has been a long time.) 

Slushpool helped me with data and timestamps.  I was able to follow the bogus login to a relay system in Budapest.  The relay system was accessed from a VPN service.  I have been in contact with the owner of the VPN service.  He will not release personal info on the account holder who created the VPN account.  Although the owner has not said so, I believe that the VPN hardware is physically located in the UK. 

In short...if the VPN business owner were willing, I could obtain personal info on the owner of a VPN account (one of several) that was involved in the hack that stole my bitcoin.  (Missing bitcoin is currently worth about $7200.00 USD as I type this message.) 

So...Slushpool is/was innocent.  It was not an inside theft.  For various reasons...too many details to write here...the bitcoin theft appears to have been enabled by one or more of the Yahoo password and personal info leaks.  (Among other things, one of my Yahoo email accounts had been programmed to block messages from several Slushpool email addresses...) 

Can anyone recommend a police or cybercrime agency in the UK, that would have the legal right to demand user info from the VPN service? 

Thanks!  tfEagle 

As they have disclosed to you it was a hack, than this is there obligation as they were in charge of your bitcoins security, you can sue them for not giving you appropriate administration and get your assets from them. These sorts of cases are extraordinary to occur as sites are more watchful if there should arise an occurrence of you cash. For this situation individuals at slush pool are demonstrating a low level of duty and appear to be unmindful about the way that a record on their site was truly hacked. So by introducing their conduct to the court you can without much of a stretch recover our coins from them.