[ANN][Pool][Profit-Switch][Optional Auto-Exchange per Coin][Vardiff] ~ Hashcows

[BTCscraper]

With the transaction timestamps of the rogue BTC address, it seems likely that the hackers were modifying the DB directly using a script, changing payout addresses and initiating payouts in succession.  They didn't even need to enter PINs.  This risk was practically eliminated by middlecoin by paying out to the username BTC addresses only, and transmitting the amounts daily when the threshold was reached.  Something for aTriz and nearmiss to think about.

[g0re79]

Ops should reimburse users, but only partially - if someone is too stupid to leave 0.5+ BTC on pool ran by two (doesn´t matter how honest) guys, where no one can expect robust security platform, deserves nothing more than loose it. During 6 months of mining I lost coins in various scams (Unocs, Orbit Coin, PhenixEx..) and I learned one thing - You are on enemy territory and if You loose, it was by your mistake so blame no one but You.

aTriz and nearmiss did great job here, so stop complain and try to be supportive.

1 I will be a lot more supportive if I receive my coins back in a timely manner (if I receive them at all). Sure, any website can be hacked. It is hard to pay for proper security, and even that often isn't enough. However, not only did Hashcows allow a hacker to access all the users' account passwords and PINS, they didn't even have a failsafe in place for if/when the site was compromised.

2 The theft was ongoing for two full HOURS before withdraws were halted. Are you saying that the site should not have considered adding a flagging system when the withdraw rate from it's users shot up 1,000% all at once that could have at least stopped SOME of the thefts? This would have reduced the losses and made it more likely that the smaller amount of lost coins could be refunded. You can blame people for not withdrawing every day if you want, but it seems like (to me at least) that when you have tons of people who typically withdraw only every few days/weeks and/or they have their auto payout threshold set to a "high" figure, that Hashcows should have halted withdraws MUCH faster than two hours later. All those occational withdrawing users all didn't decide to lower their thresholds and pull their funds at the same time and all to the SAME ADDRESS.

3 Major security breach that users had no part in their information being changed and coins stolen. Site had no early warning alarms in place to catch blatantly obvious theft occurring. Many users paid a premium to the Hashcows owners for them to autotrade the coins they mined, on top of the regular mining fees paid to the site. These funds were apparently never used to increase DDOS protection to levels seen at other comparable sized pools, as Hashcows always had a lot of downtime, pretty much on a daily basis.

4 Where is the part where these guys did a great job? They didn't run a charity. They provided services for a price. I would say the price paid certainly did not match the quality of service.

5 At the very least these guys should reimburse all mining and autotrading fees accumulated for every affected user. Doesn't really seem fair for them to keep the profits they made from miners/autotraders when they allowed all of what was actually left to the miners to get stolen.In reality, they should refund all lost coins, but I will be very surprised if this happens.

The service is running a pool for YOU to mine at and auto exchange your coins to BTC. Find ONE POOL that offers to pay you any outstanding balances if something goes wrong there. I bet you will not find ONE.

The fees are comparable to any pool, get over yourself.

I´ve boldlined answers to Yours post for better readibility and I am also very sorry for my bad English, "pač pocházím ze země, kde se vaším jazykem nemluví", so:

1) Its still under research, lets give HC crew some time (its Christmas, OMG)

2) That its truth and I bet that if You post those ideas to HC crew few days ago, they´ll implement this features in no time, as they prooved many times before. "Po bitvě je každý generál" (every one is general after the battle) is prowerb in my coutry.. And furthermore - 2 full hours doesn´t matter anything during Christmass, OMFG)

3) I didn´t noticed any HC downtimes recently. And BTW. anyone with at least 1x 7950 can afford pay for "little" DDOS by whole day minning.

4) HC site runs (almost) flawless for month and half for me and these guys ALWAYS responded ASAP and tried to solve even things like "oh, I did not recieved my payment which I accidentally sended to wrong account, help me koz am fukin laaamaaa"

5) As someone before me said, there is no guarantee that You´ll get some insurance from pool where You mine. Even that we all don´t have time to manually switch most profitable coin (that is main reason for most of us to chose HC), Its up to us to ensure some security.

[MIN3R]

Maybe I'm just not thinking correctly, but I don't see why people would "hold" a balance in a pool that charges fees as a percentage longer than a day anyway. In the case of hashcows and converting directly to BTC, it's 2.5% fee. So regardless of whether "hold out" your auto-pay to cash out @ 100 BTC, or 0.01 BTC the percentage of fees to payout is the same. I don't see any benefit to holding any BTC in the pool account.

On pools that charge a flat fee per payout, I might could understand as fewer payouts would mean less fees taken from your mining efforts...

[g0re79]

With the transaction timestamps of the rogue BTC address, it seems likely that the hackers were modifying the DB directly using a script, changing payout addresses and initiating payouts in succession.  They didn't even need to enter PINs.  This risk was practically eliminated by middlecoin by paying out to the username BTC addresses only, and transmitting the amounts daily when the threshold was reached.  Something for aTriz and nearmiss to think about.

Yes, according to timestamps it surelly have been done by some automated script (no Neuromancer "cybercowboy" can do it this fast on his own). And as I said before, its up to HC crew to show what EXACTLY happened.

[g0re79]

Maybe I'm just not thinking correctly, but I don't see why people would "hold" a balance in a pool that charges fees as a percentage longer than a day anyway. In the case of hashcows and converting directly to BTC, it's 2.5% fee. So regardless of whether "hold out" your auto-pay to cash out @ 100 BTC, or 0.01 BTC the percentage of fees to payout is the same. I don't see any benefit to holding any BTC in the pool account.

On pools that charge a flat fee per payout, I might could understand as fewer payouts would mean less fees taken from your mining efforts...

Its called "laziness". It is in the dictionary and it is something, for what can everyone take "free" lesson 

[socket]

Again, as someone who's been through similar situations on other pools, I would recommend chilling the fuck out.  I've seen both scenarios play out.  I've seen pool operators refund loses, and I've also seen pool operators basically say fuck off (notroll.in anybody?).

Let's try to remember a couple of things here:

1. You're in the wild west of technology.  If you want insurance sell me your 7950's and take the money to a FDIC insured bank.
2. hashco.ws provides you a service for almost free.  I assure you their fees aren't making them rich.
3. Chill the fuck out.  They haven't even said a word yet and demands are already being made by you fucks.

I've got about 0.1 BTC that didn't get cleaned out.  If it had been I wouldn't be approaching this any differently.  Why?  I've already lost more in similar incidents.  So, whatever happens.. good, bad, ugly.. the pool operators are humans, and trying their best to make it right until proven otherwise.

[GBattaglia]

I haven't been mining at Hashco.ws as of late, but I am very sorry to hear this happened to users.
You have to keep in mind as bad as this is for the users who lost money, aTriz and Nearmiss (Hashcows)
have been affected just as badly.  Losing trust in a userbase is often more damaging than losing money,
and trust is harder to gain back.

Please show them some patience and understanding. 

[billionaire]

Maybe I'm just not thinking correctly, but I don't see why people would "hold" a balance in a pool that charges fees as a percentage longer than a day anyway. In the case of hashcows and converting directly to BTC, it's 2.5% fee. So regardless of whether "hold out" your auto-pay to cash out @ 100 BTC, or 0.01 BTC the percentage of fees to payout is the same. I don't see any benefit to holding any BTC in the pool account.

On pools that charge a flat fee per payout, I might could understand as fewer payouts would mean less fees taken from your mining efforts...

Its called "laziness". It is in the dictionary and it is something, for what can everyone take "free" lesson 

I don't understand. On one hand you reply to my suggestion that the theft could have been lessened by an AUTOMATED system having been in place that could flag abnormal withdraw activity quickly (such as every single user sending all of their coins to one single address) with "OMG its Christmas".

In fact, this was your response to pretty much everything. You assume that such a system would have to be manned at all hours of the day, and the holidays would keep them from implementing it. I said they should have had a similar system already in place BEFORE nearly every single user coin was stolen....Which would mean that they should have had it in place well before "OMG it's Christmas."

But then your most recent reply to people not cashing out timely enough for your liking is due to "laziness". Maybe they didn't withdraw in the last few days because of "OMG it's Christmas".

[induktor]

Maybe I'm just not thinking correctly, but I don't see why people would "hold" a balance in a pool that charges fees as a percentage longer than a day anyway. In the case of hashcows and converting directly to BTC, it's 2.5% fee. So regardless of whether "hold out" your auto-pay to cash out @ 100 BTC, or 0.01 BTC the percentage of fees to payout is the same. I don't see any benefit to holding any BTC in the pool account.

On pools that charge a flat fee per payout, I might could understand as fewer payouts would mean less fees taken from your mining efforts...

I guess that the main reason is to prevent BTC dust, i mean, small payments that generates a lot of space and when you need to send them , the cost in fees are so f$&ing high that makes no sense.
I set a daily payout of .05 which is enough for my hashrate (10 x 7950) to receive daily payment (except today hehe)

but yes, keep like I read 3 pages behind, 0.5 BTC here, is crazy!, I will not left more than .1 btc in ANY pool, no matter the security, you know SHIT HAPPENS, I have been hacked before!, and I am pretty damn good at my job (IT) , but the guy that hacked me, was a king!, I learn so much buy investigating what he have done!, a genius!, what i mean is, HC crew can learn a lot from this, of course, shitty time! xmas ZOMG! indeed!, but hey, there is no safe!, no warranties, we must be always vigilant.

I bet HC crew will figure it out and fix it in no time, in the meantime I switched to middlecoin, but I will be coming back as soon as they remove the withdraw restriction.
EDIT: to the mods, something easy you could do, when someone change the payout address, compare it with the entire userbase, if you see more than three users with the same payout address, there is something going on, and freeze that address payout until you can clear it out, that should be easy to stop this kind of theft i think.

[g0re79]

Maybe I'm just not thinking correctly, but I don't see why people would "hold" a balance in a pool that charges fees as a percentage longer than a day anyway. In the case of hashcows and converting directly to BTC, it's 2.5% fee. So regardless of whether "hold out" your auto-pay to cash out @ 100 BTC, or 0.01 BTC the percentage of fees to payout is the same. I don't see any benefit to holding any BTC in the pool account.

On pools that charge a flat fee per payout, I might could understand as fewer payouts would mean less fees taken from your mining efforts...

Its called "laziness". It is in the dictionary and it is something, for what can everyone take "free" lesson 

I don't understand. On one hand you reply to my suggestion that the theft could have been lessened by an AUTOMATED system having been in place that could flag abnormal withdraw activity quickly (such as every single user sending all of their coins to one single address) with "OMG its Christmas".

In fact, this was your response to pretty much everything. You assume that such a system would have to be manned at all hours of the day, and the holidays would keep them from implementing it. I said they should have had a similar system already in place BEFORE nearly every single user coin was stolen....Which would mean that they should have had it in place well before "OMG it's Christmas."

But then your most recent reply to people not cashing out timely enough for your liking is due to "laziness". Maybe they didn't withdraw in the last few days because of "OMG it's Christmas".

Maybe that security hole has been known long time ago by attackers, and because they are abject shitfucks which don´t have any better things to do on christmas, they attacked now. Whatever.. Read my posts again if U misunderstood anything - I just want to say that aTriz and nearmiss are the good ones and its up to everyone to ensure safety of theirs coins. HAWK! And merry CHristass to everyone. Its 3:30 AM here so I am going to sleep

[nearmiss]

Thanks to all those replying, positive and negative.  We appreciate everyone who's mined at hashcows in the past, and any who continue to mine or are willing to give us another shot in the future.  Unfortunately I don't have much of an update for you.  I imagine like most, my Christmas eve is filled with family obligations, as is tomorrow.   I had enough time to disable all payouts, and throw the web into a read-only state to prevent any further damage, however it will likely be Thursday when I have the time to properly diagnose root cause and provide a technical update on the current situation.

Mining remains up, mainly as a courtesy to those who may not be actively monitoring their rigs over the holidays/and or have a failover set.  Coins are being earned, traded, and stats updating, as usual, but payouts of any kind remain disabled.  Until proper investigation is complete.

[kalus]

thanks nearmiss.  you deserve a break.  happy christmas.

[ranlo]

Thanks to all those replying, positive and negative.  We appreciate everyone who's mined at hashcows in the past, and any who continue to mine or are willing to give us another shot in the future.  Unfortunately I don't have much of an update for you.  I imagine like most, my Christmas eve is filled with family obligations, as is tomorrow.   I had enough time to disable all payouts, and throw the web into a read-only state to prevent any further damage, however it will likely be Thursday when I have the time to properly diagnose root cause and provide a technical update on the current situation.

Mining remains up, mainly as a courtesy to those who may not be actively monitoring their rigs over the holidays/and or have a failover set.  Coins are being earned, traded, and stats updating, as usual, but payouts of any kind remain disabled.  Until proper investigation is complete.

My question at this point is whether or not you are planning to reimburse members for lost funds, being that they were lost due to something we had no control over server-side. If you end up doing this, you will get a huge +1 from me and will have regained my trust.

[DannyDisco]

Is there any recourse for those who had coins stolen? Or should we assume we will never see them again? Sucks... I lost 0.09 BTC and my payout was set to 0.1

[Tasweb]

I can't login to check if I lost any coin as my login is being rejected and I read earlier that logins had been disabled so how do all these people saying "I lost xBTC" know the amount?

[socket]

Thanks to all those replying, positive and negative.  We appreciate everyone who's mined at hashcows in the past, and any who continue to mine or are willing to give us another shot in the future.  Unfortunately I don't have much of an update for you.  I imagine like most, my Christmas eve is filled with family obligations, as is tomorrow.   I had enough time to disable all payouts, and throw the web into a read-only state to prevent any further damage, however it will likely be Thursday when I have the time to properly diagnose root cause and provide a technical update on the current situation.

Mining remains up, mainly as a courtesy to those who may not be actively monitoring their rigs over the holidays/and or have a failover set.  Coins are being earned, traded, and stats updating, as usual, but payouts of any kind remain disabled.  Until proper investigation is complete.

My question at this point is whether or not you are planning to reimburse members for lost funds, being that they were lost due to something we had no control over server-side. If you end up doing this, you will get a huge +1 from me and will have regained my trust.

My question at this point is how dense are you people?  First priority is securing the pool.  Second priority for the pool owners would be trying to figure out how to appease people crying about their coins.

[The_Gloomfrost]

Maybe I'm just not thinking correctly, but I don't see why people would "hold" a balance in a pool that charges fees as a percentage longer than a day anyway. In the case of hashcows and converting directly to BTC, it's 2.5% fee. So regardless of whether "hold out" your auto-pay to cash out @ 100 BTC, or 0.01 BTC the percentage of fees to payout is the same. I don't see any benefit to holding any BTC in the pool account.

On pools that charge a flat fee per payout, I might could understand as fewer payouts would mean less fees taken from your mining efforts...

Its called "laziness". It is in the dictionary and it is something, for what can everyone take "free" lesson 

I don't understand. On one hand you reply to my suggestion that the theft could have been lessened by an AUTOMATED system having been in place that could flag abnormal withdraw activity quickly (such as every single user sending all of their coins to one single address) with "OMG its Christmas".

In fact, this was your response to pretty much everything. You assume that such a system would have to be manned at all hours of the day, and the holidays would keep them from implementing it. I said they should have had a similar system already in place BEFORE nearly every single user coin was stolen....Which would mean that they should have had it in place well before "OMG it's Christmas."

But then your most recent reply to people not cashing out timely enough for your liking is due to "laziness". Maybe they didn't withdraw in the last few days because of "OMG it's Christmas".

I'm with you on this one (as well as the logic in your previous point).

YES it's Christmas and YES Bitcoin is risky and this is 'the wild west of technology', but I would be willing to bet if a bank or someone holding your money in the wild west got broken/sick/damaged or otherwise somehow loses it, they'll be paying with their arms and legs, or their life. Yeehaw! I obviously do not wish anything like that on the HC admins, but the idea of 0% pool fees for everyone who lost coins, until the amount of 'fees' per person adds up to what they lost is a good idea for appeasing miners...


Also, anyone who doesn't feel ENTITLED to some type reimbursement - why the hell not? Why do you NOT want to put pressure on the host administrators or impose some sort of 'punishment' (aka reimbursement) for something 100% their fault? Jeez you guys must have not lost very much, or simply don't care.. If I neglect my child and he dies in a hot car on a summer's day, (it was an accident I swear!), and I promise it will never happen again, should I go without any punishment?

[jasdace]

I am not sure if this has been answered or not (if so, please forgive me).  Has the login been disabled too?  I can not log in to check my account.

Thanks

[Sovietaced]

I am not sure if this has been answered or not (if so, please forgive me).  Has the login been disabled too?  I can not log in to check my account.

Thanks

yes

[Humanxlemming]

Not sure if this has been reported or not but a lot of people can't change there auto payment address since it is still showing the hackers address.

Shame it happened really hope you guys/girls are not working to much over xmas.