Bitcoin Forum
November 21, 2017, 08:24:10 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: inputs.io security issue?  (Read 2111 times)
gaston909
Sr. Member
****
Offline Offline

Activity: 350



View Profile
November 04, 2013, 08:23:57 PM
 #1

Big fan of inputs.io and dont want to cause a scene but heard a few reports of missing coins recently -

http://www.reddit.com/r/Bitcoin/comments/1pw46j/someone_just_transferred_0095_from_my_inputsio/

Any news on this TF?
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511252650
Hero Member
*
Offline Offline

Posts: 1511252650

View Profile Personal Message (Offline)

Ignore
1511252650
Reply with quote  #2

1511252650
Report to moderator
1511252650
Hero Member
*
Offline Offline

Posts: 1511252650

View Profile Personal Message (Offline)

Ignore
1511252650
Reply with quote  #2

1511252650
Report to moderator
The 4ner
aka newbitcoinqtuser
Hero Member
*****
Offline Offline

Activity: 546


R.I.P Silk Road 1.0


View Profile
November 04, 2013, 08:39:59 PM
 #2

Damn that's a serious issue. I'm glad I have a 0 balance in my Inputs.io account.
Hopefully this issue gets resolved soon because I will be needing it in the very near future.  Undecided
InwardContour
Sr. Member
****
Offline Offline

Activity: 280


View Profile
November 04, 2013, 08:51:52 PM
 #3

very worried about this. i just saw this on reddit. please, TF, update us as soon as possible. my balances all appeared to be intact this morning but i won't be able to check until tonight.

coinpr0n
Hero Member
*****
Offline Offline

Activity: 896



View Profile
November 04, 2013, 09:06:30 PM
 #4

inputs is working for me. i think it probably has something to do with using the same password across multiple sites...

InwardContour
Sr. Member
****
Offline Offline

Activity: 280


View Profile
November 04, 2013, 09:11:20 PM
 #5

inputs is working for me. i think it probably has something to do with using the same password across multiple sites...
based on the info that's going around, i don't think so. this may be an internal compromise.

dserrano5
Legendary
*
Offline Offline

Activity: 1848



View Profile
November 04, 2013, 09:12:20 PM
 #6

inputs is working for me. i think it probably has something to do with using the same password across multiple sites...

The JustDice inputs.io wallet has been emptied despite having 2FA and GPG enabled. It's not as simple as same password.

favdesu
Legendary
*
Offline Offline

Activity: 1232



View Profile WWW
November 04, 2013, 09:14:57 PM
 #7

The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon.

Everyone who has lost money will be fully reimbursed.

Raffle: Enter for a chance to win 100 OBITS + 100 OBITS to Charity Click Here to Enter
BarkinTree
Full Member
***
Offline Offline

Activity: 204



View Profile
November 04, 2013, 09:28:56 PM
 #8

oh no! i'm glad he will reimburse, but this makes me very worried for the future of inputs.io..... details please!!!
Injust
Legendary
*
Offline Offline

Activity: 1008



View Profile
November 04, 2013, 09:35:02 PM
 #9

TradeFortress has given an update on this issue at https://bitcointalk.org/index.php?topic=248803.msg3482410#msg3482410.

The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.

Everyone who has lost money will be fully reimbursed.
lucaspm98
Sr. Member
****
Offline Offline

Activity: 280


View Profile
November 04, 2013, 09:38:32 PM
 #10

Yup just had a problem with this yesterday. First someone logged into my inputs account and tried to send my BTC away but they sent me an email that a different IP was trying to send from my account. Then they hacked my email, but luckily I had deleted the email and was online the entire time so I could change all my passwords. Hopefully they can get this resolved for everyone else.
gaston909
Sr. Member
****
Offline Offline

Activity: 350



View Profile
November 04, 2013, 09:40:11 PM
 #11

Stealing is wrong.
TheNewAnon135246
Legendary
*
Offline Offline

Activity: 1470



View Profile WWW
November 04, 2013, 09:42:01 PM
 #12

Yup just had a problem with this yesterday. First someone logged into my inputs account and tried to send my BTC away but they sent me an email that a different IP was trying to send from my account. Then they hacked my email, but luckily I had deleted the email and was online the entire time so I could change all my passwords. Hopefully they can get this resolved for everyone else.

This issue is different. My account got empied but there where no other sessions registered, just my own.

I only use a certain password for inputs.io, so it has nothing to with using the same password either.

BitSend ◢◤Clients | Source
www.bitsend.info
█▄
█████▄
████████▄
███████████▄
██████████████
███████████▀
████████▀
█████▀
█▀












Segwit | Core 0.14 | Masternodes
XEVAN | DK3 | Electrum soon
Bitcore - BTX/BTC -Project












BSD -USDT | Bittrex | C.Gather | S.Exchange
Cryptopia | NovaExchange | Livecoin
Litebit.eu | Faucet | Bitsend Airdrop













████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████

████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████
The 4ner
aka newbitcoinqtuser
Hero Member
*****
Offline Offline

Activity: 546


R.I.P Silk Road 1.0


View Profile
November 04, 2013, 09:42:18 PM
 #13

Reimbursement of money ins't the golden solution. Yes, that's a plus. But what matters most here is what caused the coin theft in the first place.
We need TF to ensure the security of the site so that this doesn't happen ever.
BarkinTree
Full Member
***
Offline Offline

Activity: 204



View Profile
November 04, 2013, 09:51:40 PM
 #14

Reimbursement of money ins't the golden solution. Yes, that's a plus. But what matters most here is what caused the coin theft in the first place.
We need TF to ensure the security of the site so that this doesn't happen ever.
exactly. because i am glad he will cover the losses, but if thousands of coins get stolen in a hack, he may not have the funds to reimburse. i wonder how much is kept in cold/offline wallets in the case of a hack?
waqas
Sr. Member
****
Offline Offline

Activity: 378



View Profile
November 05, 2013, 10:37:07 AM
 #15

its a very serious issue he must look at this now doing good work but suddenly this happen its very strange

TheNewAnon135246
Legendary
*
Offline Offline

Activity: 1470



View Profile WWW
November 05, 2013, 01:57:13 PM
 #16

He knows what caused it and he is busy fixing it.

Quote from: TradeFortress
A full update will be posted soon, don't panic. Only people with the API key enabled was compromised (and will be reimbursed), passwords are securely stored one way in the database.

Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).

There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.

BitSend ◢◤Clients | Source
www.bitsend.info
█▄
█████▄
████████▄
███████████▄
██████████████
███████████▀
████████▀
█████▀
█▀












Segwit | Core 0.14 | Masternodes
XEVAN | DK3 | Electrum soon
Bitcore - BTX/BTC -Project












BSD -USDT | Bittrex | C.Gather | S.Exchange
Cryptopia | NovaExchange | Livecoin
Litebit.eu | Faucet | Bitsend Airdrop













████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████

████
 ████
  ████
   ████
    ████
     ████
      ████
       ████
        ████
       ████
      ████
     ████
    ████
   ████
  ████
 ████
████
ReBoRn
Sr. Member
****
Offline Offline

Activity: 392

Bitcoin will survive


View Profile
November 05, 2013, 02:07:38 PM
 #17

The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon.

Everyone who has lost money will be fully reimbursed.

good news I was very upset lost very little but very important for me  Smiley

js1985
Full Member
***
Offline Offline

Activity: 233


View Profile
November 06, 2013, 12:22:30 PM
 #18

Sending has failed. The hot pocket may be empty. We have being notified of this.

well withdrawing doesn't work
bakada
Full Member
***
Offline Offline

Activity: 141


View Profile
November 06, 2013, 01:19:38 PM
 #19

...
The 4ner
aka newbitcoinqtuser
Hero Member
*****
Offline Offline

Activity: 546


R.I.P Silk Road 1.0


View Profile
November 06, 2013, 02:54:16 PM
 #20

That's not good! -.-
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!