[1423GH] ABCPool PPS - Proxy Pool For High & Steady Mining Rewards

[bitlane]

It is the address with which I registered and it is the actual address from the control panel. I did not change anything. They sent the payment to the wrong address.

Looks like someone got access to your account and changed your wallet address. Do you have a weak password ? or does this have to do with teh fact that ABC does not have https setup and someone just packaet sniffed all they needed..... ?

Look in your control panel and see what the address is now, as your default. Did they change it back to your old one ?

[1714202332]

1714202332

[1714202332]

1714202332

[1714202332]

1714202332

[1714202332]

1714202332

[ciuciu]

It is not an easy password. The address is not changed in the control panel. Beside the adress they should have guess also the PIN.
I believe it is a bug in the automated payment module.

[bitlane]

It is not an easy password. The address is not changed in the control panel.

Well, looks like the pool OP owes you 25 BTC

[bitlane]

Those are decent payouts. What is your GH/s mining rate ?

[ciuciu]

We will see after they check their logs. Do not use the automatic payment feature until this is checked out.

It is not an easy password. The address is not changed in the control panel.

Well, looks like the pool OP owes you 25 BTC

[ciuciu]

Around 12GH/s.

Those are decent payouts. What is your GH/s mining rate ?

[MintCondition]

Hello there,

There is a problem with the automatic payment.
I had an automatic payment of 25 bitcoins which went to a different address which is not mine.
Here is a pic:
The top address is not mine and the actual address in the account is still 1ATRa5im91QsuNDYL81BpvhENuJWE78Ets.
Please advise!

Hi Ciuciu,

That's a pretty serious amount; We've immediately halted all payments while we investigate this matter to avoid additional losses. It could very well be that someone has gained unauthorized access to our systems.

I'm investigating the matter now, and will keep you posted as I learn more.

[Eveofwar]

Hello there,

There is a problem with the automatic payment.
I had an automatic payment of 25 bitcoins which went to a different address which is not mine.
Here is a pic:
The top address is not mine and the actual address in the account is still 1ATRa5im91QsuNDYL81BpvhENuJWE78Ets.
Please advise!

Hi Ciuciu,

That's a pretty serious amount; We've immediately halted all payments while we investigate this matter to avoid additional losses. It could very well be that someone has gained unauthorized access to our systems.

I'm investigating the matter now, and will keep you posted as I learn more.

Sounds like he got compromised...simple google search of "ciuciu bitcoin" reveals some user/password lists that the name is listed on:

http://www.google.com/search?btnG=1&pws=0&q=ciuciu+bitcoin

ciuciu:albastru   <---- I hope this wasn't your ABCPool.co password.

[ciuciu]

Hi,
I checked with the block exporer, but I do not understand the output.
http://blockexplorer.com/tx/17048250d465f25243fc7a09b24379989302b19f9176acd5fc63ac51a48ea561#o1
I will try a manual payment  to see if it is working.
Thanks.

[ciuciu]

That was leaked by MtGox. I use a different user and password.

Hello there,

There is a problem with the automatic payment.
I had an automatic payment of 25 bitcoins which went to a different address which is not mine.
Here is a pic:
The top address is not mine and the actual address in the account is still 1ATRa5im91QsuNDYL81BpvhENuJWE78Ets.
Please advise!

Hi Ciuciu,

That's a pretty serious amount; We've immediately halted all payments while we investigate this matter to avoid additional losses. It could very well be that someone has gained unauthorized access to our systems.

I'm investigating the matter now, and will keep you posted as I learn more.

Sounds like he got compromised...simple google search of "ciuciu bitcoin" reveals some user/password lists that the name is listed on:

http://www.google.com/search?btnG=1&pws=0&q=ciuciu+bitcoin

ciuciu:albastru   <---- I hope this wasn't your ABCPool.co password.

[chunglam]

That address is exactly same as the address stole my 2 BTC . I believe either your account and my account hacked by the same person or ABC system compromised by hacker.

[Eveofwar]

Well, that's somewhat promising then...but there have been other password leaks around the Bitcoin community.  Hope the best for you !

Note to MintCondition: I attempted to login to the account about 5 minutes ago using the credentials provided (which failed), don't kill me

[ciuciu]

When this happened?

That address is exactly same as the address stole my 2 BTC . I believe either your account and my account hacked by the same person or ABC system compromised by hacker.

[Eveofwar]

When this happened?

That address is exactly same as the address stole my 2 BTC . I believe either your account and my account hacked by the same person or ABC system compromised by hacker.

http://blockexplorer.com/address/13Sv8joH75nUPufd4fEqjAhum9kdnUexgm

You can see your transaction in there, and the one previous...presumably his.

[MintCondition]

Hi,
I checked with the block exporer, but I do not understand the output.
http://blockexplorer.com/tx/17048250d465f25243fc7a09b24379989302b19f9176acd5fc63ac51a48ea561#o1
I will try a manual payment  to see if it is working.
Thanks.

'not yet redeemed' means that the receiver of your BTC has not yet spent it.
FYI: All payments, both manual and automatic, have been disabled while we're investigating how this happened.
MC

[ciuciu]

Got it.
Let me know if you need more info.

Hi,
I checked with the block exporer, but I do not understand the output.
http://blockexplorer.com/tx/17048250d465f25243fc7a09b24379989302b19f9176acd5fc63ac51a48ea561#o1
I will try a manual payment  to see if it is working.
Thanks.

'not yet redeemed' means that the receiver of your BTC has not yet spent it.
FYI: All payments, both manual and automatic, have been disabled while we're investigating how this happened.
MC

[chunglam]

When this happened?

That address is exactly same as the address stole my 2 BTC . I believe either your account and my account hacked by the same person or ABC system compromised by hacker.

Yesterday morning.

[plastic.elastic]

damn this is not cool.
 

[MintCondition]

I had an automatic payment of 25 bitcoins which went to a different address which is not mine.
..
Please advise!

.. We've immediately halted all payments while we investigate this matter to avoid additional losses. It could very well be that someone has gained unauthorized access to our systems.

I'm investigating the matter now, and will keep you posted as I learn more.

An update on the investigation: The traces left in our logs indicate that the transaction has almost certainly been initiated through the web interface (possibly scripted to guess the PIN numbers). A SQL-Injection is highly unlikely because it would have left a different pattern of traces. In addition, a code re-review did not reveal any open SQL-injection vectors.

The attacker probably did not have access to all accounts, otherwise he could have just as easily taken a lot more while he remained undetected.

In the mean time, we advise everybody to make sure they are not reusing their passwords for other pools or services at ABCPool; please choose a new & difficult password if that's the case. It's easy to guess usernames based on the MtGox list and the forum accounts, and the Bitcoin community isn't that big.

We'll leave the payout disabled for at least another day until we can introduce additional measures to protect our miners from any unwanted withdrawals. For example, enabling you to permanently lock the payout address will surely help.

Now it's time for me to get some sleep!

[plastic.elastic]

I had an automatic payment of 25 bitcoins which went to a different address which is not mine.
..
Please advise!

.. We've immediately halted all payments while we investigate this matter to avoid additional losses. It could very well be that someone has gained unauthorized access to our systems.

I'm investigating the matter now, and will keep you posted as I learn more.

An update on the investigation: The traces left in our logs indicate that the transaction has almost certainly been initiated through the web interface (possibly scripted to guess the PIN numbers). A SQL-Injection is highly unlikely because it would have left a different pattern of traces. In addition, a code re-review did not reveal any open SQL-injection vectors.

The attacker probably did not have access to all accounts, otherwise he could have just as easily taken a lot more while he remained undetected.

In the mean time, we advise everybody to make sure they are not reusing their passwords for other pools or services at ABCPool; please choose a new & difficult password if that's the case. It's easy to guess usernames based on the MtGox list and the forum accounts, and the Bitcoin community isn't that big.

We'll leave the payout disabled for at least another day until we can introduce additional measures to protect our miners from any unwanted withdrawals. For example, enabling you to permanently lock the payout address will surely help.

Now it's time for me to get some sleep!

Why dont you use browser activation? When a user log into ABC pool from a non-activated browser, an email will be sent to the user's email address to activate that browser. This will help tremendously assuming ppl do use have great password for their email addresses. Only one browser can be activated at any time. So when a user log in from another browser, they will have to re do the process.

Its tedious  but its very effective against remote access hacking.

If the user's computer is hacked then its already game over.