rofus (OP)
Member
Offline
Activity: 84
Merit: 10
|
|
December 24, 2013, 07:45:21 PM |
|
Do not mine there, and check your balances and settings, you'll find your btc address changed to another one.
They hacked almost all accounts bypassing PIN and password and stole BTC.
YOU'RE WARNED
|
|
|
|
rofus (OP)
Member
Offline
Activity: 84
Merit: 10
|
|
December 24, 2013, 07:48:43 PM |
|
If you change back the address it does not change, they website is FULLY COMPROMISED.
|
|
|
|
kalus
Sr. Member
Offline
Activity: 420
Merit: 263
let's make a deal.
|
|
December 24, 2013, 07:52:00 PM |
|
can't change btc, can't change doge address either. it reverts back to the other address.
which is fine, becuase withdrawals are disabled.
oh hashcows.
|
DC2ngEGbd1ZUKyj8aSzrP1W5TXs5WmPuiR wow need noms
|
|
|
kikeda
Sr. Member
Offline
Activity: 364
Merit: 250
Super Smash Bros. Ultimate Available Now!
|
|
December 24, 2013, 07:52:59 PM |
|
yeah it doesnt change back frig!
|
|
|
|
Nullu
|
|
December 24, 2013, 07:54:11 PM |
|
Oh dear. I did mine there for a few hours once when I was trying out multipools. Thankfully I didn't stay long.
|
BTC - 14kYyhhWZwSJFHAjNTtyhRVSu157nE92gF
|
|
|
Bigeyeone
Member
Offline
Activity: 112
Merit: 10
|
|
December 24, 2013, 07:56:08 PM |
|
My money was not stolen, but I will change my password anyway even though it is already extremely long.
If this happened to a whole buch of people the hackers probably got a mysql dump and are brute forcing or using wordlist combos to crack as many passwords as they can.
|
PMC: 19dNRVPcjsESqo8isdauc1gQ6PbUrAZor9
|
|
|
kalus
Sr. Member
Offline
Activity: 420
Merit: 263
let's make a deal.
|
|
December 24, 2013, 07:57:08 PM |
|
My money was not stolen, but I will change my password anyway even though it is already extremely long. yeah i don't get it; i changed from 'password1' to 'password2' how did they get in?
|
DC2ngEGbd1ZUKyj8aSzrP1W5TXs5WmPuiR wow need noms
|
|
|
Bigeyeone
Member
Offline
Activity: 112
Merit: 10
|
|
December 24, 2013, 08:00:57 PM |
|
well I just tried to put in a 30 character long password and it said max 20 , and my old pass was 20 lol
So well, not so well protected
|
PMC: 19dNRVPcjsESqo8isdauc1gQ6PbUrAZor9
|
|
|
kalus
Sr. Member
Offline
Activity: 420
Merit: 263
let's make a deal.
|
|
December 24, 2013, 08:07:56 PM |
|
well I just tried to put in a 30 character long password and it said max 20 , and my old pass was 20 lol
So well, not so well protected
lol "error password too long" the individual words make up a sentence, but i don't understand what it could mean.
|
DC2ngEGbd1ZUKyj8aSzrP1W5TXs5WmPuiR wow need noms
|
|
|
Oldminer
Legendary
Offline
Activity: 1022
Merit: 1001
|
|
December 24, 2013, 08:18:17 PM |
|
This is why I never store large amounts of coin or $$ on websites without at least 2-factor authentication.
|
|
|
|
Bigeyeone
Member
Offline
Activity: 112
Merit: 10
|
|
December 24, 2013, 08:21:46 PM |
|
This is why I never store large amounts of coin or $$ on websites without at least 2-factor authentication.
I dont store large amounts of coin anywhere online, I already get nervous when my coins are at an exchange just to exchange them ASAP and make a withdrawl, but maybe I am a bit paranoid.
|
PMC: 19dNRVPcjsESqo8isdauc1gQ6PbUrAZor9
|
|
|
kalnas
Member
Offline
Activity: 98
Merit: 10
|
|
December 24, 2013, 08:22:17 PM |
|
My money was not stolen, but I will change my password anyway even though it is already extremely long.
If this happened to a whole buch of people the hackers probably got a mysql dump and are brute forcing or using wordlist combos to crack as many passwords as they can.
so do they got passwords and logged into accounts, or somehow got access to db and changed addresses directly there ?
|
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
December 24, 2013, 08:22:24 PM |
|
Dunno why you guys are complaining about a 20 character limit. A nearby B&M regional financial institution (I don't dare say which) will only allow a password between 4 and 8 characters in length. Wish I were joking. This is why I never store large amounts of coin or $$ on websites without at least 2-factor authentication.
I don't think they really hold funds (in the traditional sense) outside unpaid funds from mining since the last payout cycle.
|
|
|
|
kalus
Sr. Member
Offline
Activity: 420
Merit: 263
let's make a deal.
|
|
December 24, 2013, 08:23:57 PM |
|
Dunno why you guys are complaining about a 20 character limit. A nearby B&M regional financial institution (I don't dare say which) will only allow a password between 4 and 8 characters in length. Wish I were joking. that's the point. there should be no character limit. and like oldminer said, 2-factor authentication helps. it felt like the hashcows admin were fighting just to keep the site up and running, and left a backdoor open so someone could steal $20,000. Hashcows should be making money: money enough to hire help with securing their money, and user money. there is already a problem with trust and scams when it comes to sites like this. it took them so long to build up a brand, trust and goodwill, and all that effort was wasted. otoh, mtgox seems to be surviving, although they lost their primacy in the exhange game a long time ago.
|
DC2ngEGbd1ZUKyj8aSzrP1W5TXs5WmPuiR wow need noms
|
|
|
KickAzzDude
|
|
December 24, 2013, 08:26:01 PM |
|
My wallet address was not changed, does this mean I was not affected?
|
|
|
|
procrypto
Full Member
Offline
Activity: 224
Merit: 100
Shitcoin Maximalist
|
|
December 24, 2013, 08:26:29 PM |
|
Cross posting from Reddit.. I was in the IRC channel #hashcows on freenode as this played out. Note that I don't speak for Hashcows, just a user/chatter reporting what I know. Seems like what happened is that someone used an attack (possibly SQL injection) to change a bunch of user payout addresses to https://blockchain.info/address/13R87ropkDKzDEuVeQoX64kkcLvPWVdTKHAs users subsequently hit their pre-set auto withdraw threshold, or logged in and blindly did a manual withdrawal for themselves, the coins were siphoned off to the thief's account. This leads me to assume that no account details (usernames, passwords, PIN, entire database) were compromised.. it was a smart but simple attack, something of a smash and grab raid. They didn't need to deal with usernames, passwords and PINs (none of which would be stored in plain text anyway), this was much easier for them. The first thing to do is check your balance. If it's not been affected you are ok now, as the payout system was disabled by admin as soon as this came to light, and will be until investigation is complete. If you try to manually withdraw the website will report that the withdrawal has been initiated - but it hasn't. For a period of time you may have been unable to change your payout address, as this was also locked by admin, however it's now been enabled again.
|
|
|
|
sarmenhb
Newbie
Offline
Activity: 5
Merit: 0
|
|
December 25, 2013, 03:27:53 AM |
|
i talked with them on irc and it looks like it was an sql injection attack. its not 100% yet.
For those of you who dont know what that means, it means that no matter how strong your password or pin was they had actual access to the database to retrieve/update the data bypassing the website.
|
|
|
|
merred
|
|
December 25, 2013, 04:30:06 AM |
|
thank you 4chan
|
|
|
|
kalus
Sr. Member
Offline
Activity: 420
Merit: 263
let's make a deal.
|
|
December 25, 2013, 04:35:21 AM |
|
you're welcome anon
|
DC2ngEGbd1ZUKyj8aSzrP1W5TXs5WmPuiR wow need noms
|
|
|
STT
Legendary
Offline
Activity: 3990
Merit: 1428
Leading Crypto Sports Betting & Casino Platform
|
|
December 25, 2013, 04:49:34 AM |
|
So they managed to steal 26k so far?
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|