nearmiss (OP)
|
|
December 24, 2013, 06:54:27 PM |
|
There's been a breach this afternoon with a number of users reporting payout addresses being changed and manual payouts being triggered to the new address. All payouts have been disabled and we are working on determining the scope of the issue. While its unlikely passwords have been compromised (and nothing is stored plain text in the db anyways), its not a bad practice to assume the worst and change passwords anyways.
40.8 total BTC has been lost. We can't really comment much further on account statuses until we gather data on the full picture. Obviously with the time of year, we all have commitments outside, but we are working every spare moment we've got.
I advise people to stop by the irc channel if possible, where live discussions can happen and up to date news provided.
The cows apologize to everyone involved, its a terrible time of year to wake up to such things. There will be 0% fees on anything earned as of now and today's btc earned (keeping in mind payout is disabled for the time being).
nearmiss
|
Profit-Switching Pool w/ Vardiff -> http://hashco.ws Optionally keep the alts we mine or auto-trade for BTC. In addition can be paid out in any of: 365, AC, BC, BTC, C2, CINNI, COMM, FAC, HBN, MINT, PMC, QRK, RDD, WC, XBC
|
|
|
gsrcrxsi
|
|
December 24, 2013, 07:00:10 PM |
|
What the mother fuck?!
0.045+ BTC gone.
I assume that HC won't do anything about refunding people??
Such a sad state. First the horrible payouts and connection issues, and now they allow everyone to be compromised and have their shit stolen. A lot of good that 4 digit pin for payouts did huh?
I was already moved off of HC due to the other issues and now this? Yeah. Safe to say i can never trust this pool again...
|
|
|
|
blind444
Newbie
Offline
Activity: 16
Merit: 0
|
|
December 24, 2013, 07:02:30 PM |
|
This sucks so much... Lost 0.30~.... Was thinking about moving it last night but for whatever reason I didn't...
|
|
|
|
bronxbob
Newbie
Offline
Activity: 9
Merit: 0
|
|
December 24, 2013, 07:04:24 PM |
|
What the mother fuck?!
0.045+ BTC gone.
I assume that HC won't do anything about refunding people??
Such a sad state. First the horrible payouts and connection issues, and now they allow everyone to be compromised and have their shit stolen. A lot of good that 4 digit pin for payouts did huh?
I was already moved off of HC due to the other issues and now this? Yeah. Safe to say i can never trust this pool again...
Well to be honest you really can't trust the majority of pools. Its not like we know the backgrounds of the people running this. I assume that a lot of sites are rife with security issues. Doesn't stop me from mining of course, but I am wary of it all.
|
|
|
|
billionaire
|
|
December 24, 2013, 07:06:57 PM |
|
Woke up to find 0.106427 BTC stolen from my Hashcows account. It went to the same address that stole everyone else's. I even had my withdraw limit set to 0.5 BTC, but it was changed to auto at the same time the person changed the address.
I have never had any of the pools or exchanges I frequent ever have my account hacked. Even the lowly two-bit operations. I use a different password and PIN at each site too.
40 BTC seems like a lot for this site to be able to cover in reimbursements due to its own security flaws (which it clearly was since so many were affected). I certainly hope I get paid back, but not holding my breath either. It must be very tempting to simply close down the site and not pay $25,000+ dollars worth of coin to users because of the site's security problems. That's if Hashcows even has enough funds to pay people to begin with.
Needless to say, I will not mine on the site or any other future pools that might be created by Hashcows team until I am fully reimbursed. If I am, I will gladly come back.
|
|
|
|
gsrcrxsi
|
|
December 24, 2013, 07:08:33 PM |
|
I'm sure the amount that HC has been taking in from fees and their own mining is plenty to cover this 40BTC loss. The RIGHT thing for them to do would be to own up to it and just refund what was taken from each person. As well as fix the security.
That's pretty much the only thing they can do to earn the trust of their miners again.
|
|
|
|
blind444
Newbie
Offline
Activity: 16
Merit: 0
|
|
December 24, 2013, 07:09:10 PM |
|
Needless to say, I will not mine on the site or any other future pools that might be created by Hashcows team until I am fully reimbursed. If I am, I will gladly come back.
I'm gonna follow you and do the same there. This was a good chunk of my mining in the last month..
|
|
|
|
Spiffy_1
|
|
December 24, 2013, 07:12:04 PM |
|
Yeah, not impressed... Log on to see a manual BTC payout with no fee to the address of 13R87ropkDKzDEuVeQoX64kkcLvPWVdTKH. This pool had better do something to fix this issue.. I had a 16 digit random password generated for this site before it was hacked.. I have regenerated another now and my antivirus and spyware detector come up negative on my side. This was a hole in hashco.ws and I expect to be reinbursed.
|
If you like what I've posted, mine for me on whatever algo you like on www.zpool.ca for a minute using my bitcoin address: 1BJJYPRcRPzTEfByCwkeJ8SCBcrnGD1nhL
|
|
|
jerrybusey
Member
Offline
Activity: 98
Merit: 10
|
|
December 24, 2013, 07:18:50 PM Last edit: December 24, 2013, 07:44:45 PM by jerrybusey |
|
WTF, I lost .202 BTC. I just emptied a few days ago but they had to strike right after the doge days.
|
BTC love: 13pBauoSCJBF5Vdb1AuMYg1kDvrKzNSthU
|
|
|
ranlo
Legendary
Offline
Activity: 1988
Merit: 1007
|
|
December 24, 2013, 07:30:26 PM |
|
I lost almost 0.2 BTC as well... =/. Just logged on to find it all wiped from the account. I really hope we get reimbursement for this...
|
|
|
|
eaglejam
Newbie
Offline
Activity: 7
Merit: 0
|
|
December 24, 2013, 07:38:46 PM |
|
I also got hit by 13R87ropkDKzDEuVeQoX64kkcLvPWVdTKH, Lost 0.00120115 BTC that didn't get a chance to withdraw. What is even more scary is they got by the 4-digit PIN that is MANDATORY to set. Clearly there is a big security issue here, Most likely several of the Boxes running Hashcows have been r00ted. Clean back-ups should be restored and the servers wiped and rebuilt. It would be nice to have compensation.
|
|
|
|
bronxbob
Newbie
Offline
Activity: 9
Merit: 0
|
|
December 24, 2013, 07:43:28 PM |
|
I also got hit by 13R87ropkDKzDEuVeQoX64kkcLvPWVdTKH, Lost 0.00120115 BTC that didn't get a chance to withdraw. What is even more scary is they got by the 4-digit PIN that is MANDATORY to set. Clearly there is a big security issue here, Most likely several of the Boxes running Hashcows have been r00ted. Clean back-ups should be restored and the servers wiped and rebuilt. It would be nice to have compensation. Oh yah no doubt they have had a full compromise. It will be interesting to see if they figure out how, and whether they know how to fix it and whether they disclose how it happened. We'll learn a lot about hashco.ws's in the next few days...
|
|
|
|
rofus
Member
Offline
Activity: 84
Merit: 10
|
|
December 24, 2013, 07:43:55 PM |
|
FUCK IT!
Same thing here! I changed it back...what the hell??? THEY HAVE A HUGE SECURITY FLAW.
|
|
|
|
worldlybedouin
|
|
December 24, 2013, 07:47:41 PM |
|
This sucks!
Ok, so I tried to change my BTC address back to my correct one, and it keeps reverting back to the hacked BTC address instead.
I also noticed that my DOGE account address has been changed as well. Its changed to an address I don't recognize, so it could be the attack is more than just the BTC side!!!!
I'll be back when things are fixed....maybe...
|
LTC: LXrAe2E6cBsK52GvUsYraeXkc2s7Ti7R5X BTC: 1FLTMqVjTZ5MTdCF4npNZGFMEUGyBV4zcj
|
|
|
rofus
Member
Offline
Activity: 84
Merit: 10
|
|
December 24, 2013, 07:49:32 PM |
|
These perfect idiots are not able to run their website
|
|
|
|
kalus
Sr. Member
Offline
Activity: 420
Merit: 263
let's make a deal.
|
|
December 24, 2013, 07:50:09 PM |
|
I also noticed that my DOGE account address has been changed as well. Its changed to an address I don't recognize, so it could be the attack is more than just the BTC side!!!!
me too. can't get doge out, can't change my doge address, i have no idea if the site is phishing for pins at this point.
|
DC2ngEGbd1ZUKyj8aSzrP1W5TXs5WmPuiR wow need noms
|
|
|
worldlybedouin
|
|
December 24, 2013, 07:50:28 PM |
|
Also, I've tried to change my DOGE address but it keeps reverting back to this hacked address: DLb8WE29H9R26EpjT2BjUZuzY4BcEUD76X
|
LTC: LXrAe2E6cBsK52GvUsYraeXkc2s7Ti7R5X BTC: 1FLTMqVjTZ5MTdCF4npNZGFMEUGyBV4zcj
|
|
|
gsrcrxsi
|
|
December 24, 2013, 07:54:38 PM |
|
Make sure you are using your 4-digit pin to change the addresses or it won't change.
|
|
|
|
hardergamer
|
|
December 24, 2013, 07:57:03 PM |
|
SO WE HAVE BEEN HACKED!!
|
|
|
|
aTriz
|
|
December 24, 2013, 07:58:57 PM |
|
IMPORTANT NEWS: There's been a breach this afternoon with a number of users reporting payout addresses being changed and manual payouts being triggered to the new address. All payouts have been disabled and we are working on determining the scope of the issue. While its unlikely passwords have been compromised (and nothing is stored plain text in the db anyways), its not a bad practice to assume the worst and change passwords anyways. We apologize to all hashcows miners who have been affected by this theft. We are working as best we can to determine scope and close holes, All payouts of any kind are currently disabled until further notice. Terrible time of year to wake up to such news.
|
|
|
|
|