Bitcoin Forum
April 18, 2014, 12:13:44 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 [5] 6 7 8  All
  Print  
Author Topic: BIPS, Payment Service Provider (PSP) for Merchants  (Read 39126 times)
assortmentofsorts
Member
**
Offline Offline

Activity: 91



View Profile

Ignore
November 19, 2013, 11:49:13 PM
 #81

Statement from BIPS, November 19th 2013.
 
On November 15th BIPS was the target of a massive DDoS attack, which is now believed to have been the initial preparation for a subsequent attack on November 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers.
Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.
 
At this point all wallet functions have been disabled in order to conduct a full investigation and audit. BIPS will be contacting compromised wallet owners individually.

BIPS will also be contacting merchants who have not enabled automatic conversion of bitcoin.
 
Merchant processing functionality and buy/sell has been re-enabled.

 
BIPS help desk system is currently not accessible and will not be re-enabled until an alternative hosting solution has been arranged for this. In the mean time, support is reachable via email to support(at)bips(dot)me. Previously submitted tickets need to be resubmitted via email. Please be patient and allow 24-72 hours to receive a reply.


Hey Kris. I had 3.3+ BTC sitting in the wallet. Should I send you an email at support(at)bips(dot)me? How should those of us who had some BTC in the wallet proceed?


If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
1397780024
Hero Member
*
Offline Offline

Posts: 1397780024

View Profile Personal Message (Offline)

Ignore
1397780024
Reply with quote  #2

1397780024
Report to moderator
1397780024
Hero Member
*
Offline Offline

Posts: 1397780024

View Profile Personal Message (Offline)

Ignore
1397780024
Reply with quote  #2

1397780024
Report to moderator
1397780024
Hero Member
*
Offline Offline

Posts: 1397780024

View Profile Personal Message (Offline)

Ignore
1397780024
Reply with quote  #2

1397780024
Report to moderator
GAWMiners.com - Buy 4 ASIC Miners get ONE FREE!
Limited 24hr Offer Code: BUY4GET1
Mining Made Easy
For Everyone

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397780024
Hero Member
*
Offline Offline

Posts: 1397780024

View Profile Personal Message (Offline)

Ignore
1397780024
Reply with quote  #2

1397780024
Report to moderator
assortmentofsorts
Member
**
Offline Offline

Activity: 91



View Profile

Ignore
November 21, 2013, 02:02:41 AM
 #82

Kris any updates??? Its unusually quiet on BIPS end.... getting me worried!

If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
Ikinoki
Full Member
***
Offline Offline

Activity: 122


View Profile

Ignore
November 21, 2013, 02:42:42 AM
 #83

So, just logged into my account and seen that all transactions are gone as well as invoices and some btc...
What is going on?

Donations to 1LHTGFYHfMDgfgmDcYugW6RsKKfKBRfLVg
assortmentofsorts
Member
**
Offline Offline

Activity: 91



View Profile

Ignore
November 21, 2013, 03:34:08 AM
 #84

So, just logged into my account and seen that all transactions are gone as well as invoices and some btc...
What is going on?

No idea. Sent a mail yester to the support address. No reply yet Sad

If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
TookDk
Full Member
***
Offline Offline

Activity: 168


View Profile

Ignore
November 21, 2013, 08:16:51 AM
 #85

I would really like some information too - its ridiculous.   Angry

Kris
Donator
Hero Member
*
Offline Offline

Activity: 651



View Profile

Ignore
November 21, 2013, 03:13:56 PM
 #86

We are working 24/7 to re-establish all core functionalities, including our support helpdesk, which will be available very soon to enable global communication.
So far updates are and have been available on https://bips.me/press
https://bitcointalk.org/index.php?topic=252308.msg3645043#msg3645043
cubicdissection
Member
**
Offline Offline

Activity: 90


View Profile

Ignore
November 21, 2013, 05:05:19 PM
 #87

Kris, it's nice to hear you are working 24/7.  That said, it's been days since we have been able to access our balances, all during a period of great volatility. 

The information that some wallets were compromised is alarming.  Combined with the vague communications, I think you can see why we're worried.

Perhaps you could take a couple moments to comment on how many wallets were compromised (a handful? most of them?) and how your company plans to make whole those who lost what they entrusted you with.
allincoin
Jr. Member
*
Offline Offline

Activity: 42


View Profile

Ignore
November 22, 2013, 12:49:44 AM
 #88

agreed very vague...  Now that I can post outside of the "Newbie Area"   I'll link in the thread I started over there...  

https://bitcointalk.org/index.php?topic=341682.0


Are BIPS Wallet Holders going to be TradeFortress'd?
Kris
Donator
Hero Member
*
Offline Offline

Activity: 651



View Profile

Ignore
November 22, 2013, 11:50:08 AM
 #89

System status as of 22 November 12:45pm - Help Desk Restored. https://helpdesk.bips.me/
Kris
Donator
Hero Member
*
Offline Offline

Activity: 651



View Profile

Ignore
November 22, 2013, 02:41:22 PM
 #90

It is imperative to understand that everything was wiped out from our servers and getting functionality back is priority #1.
The wallet part of BIPS was a free service to make payments easier for users.
Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in.
Hence we offered a paper wallet as a cold storage alternative for those who wanted a safe storage solution.
We will be contacting all affected users as already proclaimed.
We will need their consent to hand over information to the authorities for further investigation, which hopefully can assist in catching the thief.
Those who were not affected and have a bitcoin balance will also be contacted.
Most balances left are minuscule, but if you had more than a few satoshi’s in your wallet you are affected, and will be contacted.

Another priority is doing forensics data recovery to be able to investigate and assist authorities in finding the attacker.
Technical information will not be disclosed for security reasons.

Stolen coins have been isolated and server logs have been retrieved from data recovery:
https://blockchain.info/address/1LuG91tcSQxKj32BsCoRkX7yQLfj9LtkCs

Please be advised that attacks are not isolated to us and if you are storing larger amounts of coins with any third party you may want to find alternative storage solutions as soon as possible, preferably cold storage if you do not need immediate access to those coins:
www.coindesk.com/hacker-attack-polands-bitcoin-exchange/
www.coindesk.com/czech-bitcoin-exchange-bitcash-cz-hacked-4000-user-wallets-emptied/
bernard75
Sr. Member
****
Offline Offline

Activity: 392



View Profile

Ignore
November 22, 2013, 03:26:45 PM
 #91

It is imperative to understand that everything was wiped out from our servers and getting functionality back is priority #1.
The wallet part of BIPS was a free service to make payments easier for users.
Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in.
Hence we offered a paper wallet as a cold storage alternative for those who wanted a safe storage solution.
We will be contacting all affected users as already proclaimed.
We will need their consent to hand over information to the authorities for further investigation, which hopefully can assist in catching the thief.
Those who were not affected and have a bitcoin balance will also be contacted.
Most balances left are minuscule, but if you had more than a few satoshi’s in your wallet you are affected, and will be contacted.

Another priority is doing forensics data recovery to be able to investigate and assist authorities in finding the attacker.
Technical information will not be disclosed for security reasons.

Stolen coins have been isolated and server logs have been retrieved from data recovery:
https://blockchain.info/address/1LuG91tcSQxKj32BsCoRkX7yQLfj9LtkCs

Please be advised that attacks are not isolated to us and if you are storing larger amounts of coins with any third party you may want to find alternative storage solutions as soon as possible, preferably cold storage if you do not need immediate access to those coins:
www.coindesk.com/hacker-attack-polands-bitcoin-exchange/
www.coindesk.com/czech-bitcoin-exchange-bitcash-cz-hacked-4000-user-wallets-emptied/

Those werent exactly well established players in the bitcoin industry...

Anonymous reloadable VISAs with own bank account: https://bitcointalk.org/index.php?topic=216629
cubicdissection
Member
**
Offline Offline

Activity: 90


View Profile

Ignore
November 22, 2013, 04:30:47 PM
 #92

It is imperative to understand that everything was wiped out from our servers and getting functionality back is priority #1.

Maybe to YOU.  MY #1 priority is you getting my BTC back! 


The wallet part of BIPS was a free service to make payments easier for users.
Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in.

You never said that before you lost my BTC.  As someone who pursues and gets merchants to sign up for your service, you surely realize that many if not most of them are not well versed in Bitcoin.  At NO point did you EVER say hey you shouldn't keep your BTC with us.  In fact, your website said:
Your data is secure at BIPS
BIPS was built by passionate bitcoiners and talented developers. BIPS is hosted in our private server facilities. Passwords are stored with a double salted SHA-512 hashing algorithm. Our entire website is protected with AES RIJNDAEL 256 encryption and we have encryption of data traffic with 2048-bit, highest assurance Extended Validation SSL certificate, with 99.9% Browser Recognition.
Bitcoin Security
BIPS protects your payment information with industry-leading security and fraud protection.
On top of this, our server/database is regularly stored on tape backups. For added security you can also enable Secure Card and Google Authenticator at any time for up to 3 levels of authentication.


So yeah, I felt pretty goddamn secure leaving my BTC balance there.


Those who were not affected and have a bitcoin balance will also be contacted.
Most balances left are minuscule, but if you had more than a few satoshi’s in your wallet you are affected, and will be contacted.

So basically ALL balances are gone?  Why don't you speak in plain english and quit giving us the runaround?  Because it makes me think you're a liar and have something to hide.


Technical information will not be disclosed for security reasons.

Wrong.  You need to convince me and others you didn't simply transfer out the funds yourself.  Given the silence, poor communication, delays etc you are not looking very trustworthy.   If you think people are going to simply take your word for it and walk away from thousands of BTC you're dead wrong.
Ikinoki
Full Member
***
Offline Offline

Activity: 122


View Profile

Ignore
November 22, 2013, 07:22:28 PM
 #93

I don't like this, you don't communicate.
This is not going to work, any processor we used tries to screw people over.

HOW on earth could everything be wiped out from servers with a secure system? What did you do to allow root access?
Seriously it's not that hard to make a secure system, get a grip on online security manuals, implement MAC or jails.
Holy crap, I'm seriously angry right now.

Donations to 1LHTGFYHfMDgfgmDcYugW6RsKKfKBRfLVg
TheRandomGuy
Full Member
***
Offline Offline

Activity: 159


View Profile

Ignore
November 22, 2013, 07:39:46 PM
 #94

Welp. I'm gonna start using software wallets again.

Nice using ya guys.  Grin

BTC: 1wbGAAabrsu8pjVXWUQvjUUhe18e721K2
FAUCET ROTATOR SCRIPT
dantes
Newbie
*
Offline Offline

Activity: 9


View Profile

Ignore
November 22, 2013, 07:57:41 PM
 #95

This is terrible.  And all the comments here are on target.  Communication from BIPS is terrible. 

First priority is getting the BTC back. 

BIPS has no future unless the BTC come back so there is no point working 24/7 to re-establish anything else.
allincoin
Jr. Member
*
Offline Offline

Activity: 42


View Profile

Ignore
November 22, 2013, 09:17:30 PM
 #96

Agreed with all the comments just made...
ghengis34
Newbie
*
Offline Offline

Activity: 3


View Profile

Ignore
November 23, 2013, 05:41:23 PM
 #97

I think I lost more than anyone else -- 90 BTC.

Anyone else who lost a significant amount, please sign up here:

https://docs.google.com/forms/d/1v8AL3scMErzSLPRSOhGuGXn9pzHjWNTrSE2YWEQIpxs/viewform

If there are enough of us, it will be a negotiating block, to try to settle this on fair terms for everyone.

On one side, bitcoin is the wild west, and I really doubt this was intentional on the part of bips.me -- just probably overconfidence to run a wallet service without proper security.

But on the other side, I don't think anyone will be happy if bips.me continues on as a viable business without some kind of compensation for (former) wallet holders.

It's really important that - unless you have very good evidence - that nobody make wild accusations about fraud or internal theft or anything like that. If you do that, you will open yourself up to a lawsuit from bips.me for libel. (At least that's how it would work in the USA.) And it's just not fair or ethical to accuse anyone of something for which you have no evidence.

I do however think it's reasonable, fair, and legal for the affected individuals to get together and try to negotiate as a group for some kind of compensation.

Also -- I did finally hear back from the help desk, who asked for my phone number. But nothing concrete. My guess is that basically everything was stolen they are scrambling to see if they can come up with some kind of compensation package. But that's just a guess and I could be proven wrong.






Dadio202
Newbie
*
Offline Offline

Activity: 6


View Profile

Ignore
November 23, 2013, 06:52:57 PM
 #98

Hi ghengis. I have signed up to your form. Your comments are spot on. Glad to hear you at least heard back from them, hope i do as well. I lost 4.8 btc and also sent them £500 to purchase more. They didn't use the £s so I presume they still have them, hope their bank wasn't compromised as well.
Sztef89
Jr. Member
*
Offline Offline

Activity: 58


Bitcoin maniac ;)


View Profile

Ignore
November 23, 2013, 06:58:49 PM
 #99

I lost about 0.9 BTC

Beer: 16NGGxmChWfC6LWzd3txZBf6jrBeVoMZpF
btcven
Hero Member
*****
Offline Offline

Activity: 546


Bitcoin Venezuela


View Profile WWW

Ignore
November 23, 2013, 08:31:30 PM
 #100

Who the hell puts 90 BTC in a web wallet? I had ~0.13 BTC there and I'm waiting to get it back as I think BIPS is a little bit trustworthy. But I can also learn to finally switch out from web wallets, get an Android and install Electrum on it instead of using web wallet even for cents.

Admin: rdymac (PGP) | contacto@bitcoinvenezuela.com | @cafebitcoin | Electrum, lightweight bitcoin client
If I've been helpful tip me a coffee! Cheesy1rdymachKZpA9pTYHYHMYZjfjnoBW6B3k
Pages: 1 2 3 4 [5] 6 7 8  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!