Simplecoin.us Back ONLINE!

[simplecoin]

UPDATE:
Site online, BTC/NMC pools are active. GG & TBX pools will return once I can match all the txids from the previous wallets.

While there was no evidence of foul play. I was still uncomfortable flipping the server back online. So, I started from scratch making it more secure along the way.
There was no loss of funds and all balances remain.

All accounts were locked just in case there was a data breach, use the password recovery to unlock your account. If you have any troubles doing so, please msg me here or in #simplecoin on freenode.

Thanks,
Mike (simplecoin)


(Previous Message)
_______________________________________________________________________________ _________________________

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.

What this means to you:
It is possible your user data is compromised. While PINs & Passwords were encrypted, please change any passwords that you used here.


I am working hard to minimize the damage from this likely intrusion, I will post updates as more information is known.

[1715171825]

1715171825

[1715171825]

1715171825

[1715171825]

1715171825

[RyNinDaCleM]

thank you!

hoping for the best!

[REF]

well that sounds like a definite hack not Probable. Its good to hear that user wallets are safe. I hope the situation doesn't change and everything is recovered without problems.

[simplecoin]

well that sounds like a definite hack not Probable. Its good to hear that user wallets are safe. I hope the situation doesn't change and everything is recovered without problems.

Short of someone at the datacenter changing things (they were fixing ipv6 issues), it most likely is an intrusion.

[hmblm1245]

thank you!

hoping for the best!

Agreed, good luck. Let me know if you need any help parsing through logs, checking IPs... of course i know a lot of that is sedative data anyways, but the offer still stands.

Edit: sensitive (crazy auto correct)

[simplecoin]

thank you!

hoping for the best!

Agreed, good luck. Let me know if you need any help parsing through logs, checking IPs... of course i know a lot of that is sedative data anyways, but the offer still stands.

Thanks. Right now I'm focusing on the coins. Maybe I'll get lucky and the IP will be in the user logs. I'm hoping shutting the machine down kept them from covering their tracks.

[Coinbuck @ BTCLot]

Good to know that, a friend of mine was asking me all the afternoon what happened to simplecoin.

Please keep us informed.

Regards,

[Mobius]

When will you be paying all outstanding balances? or was that compromised also?

[Eveofwar]

When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.

What this means to you:
It is possible your user data is compromised. While PINs & Passwords were encrypted, please change any passwords that you used here.


I am working hard to minimize the damage from this likely intrusion, I will post updates as more information is known.

[simplecoin]

When will you be paying all outstanding balances? or was that compromised also?

I will be paying out balances as soon as I can confirm their validity.

[Mobius]

When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.

What is your specific time frame for completion of this task, since "There are no apparent losses so far."

[Eveofwar]

When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.

What is your specific time frame for completion of this task, since "There are no apparent losses so far."

When will you be paying all outstanding balances? or was that compromised also?

I will be paying out balances as soon as I can confirm their validity.

[simplecoin]

When will you be paying all outstanding balances? or was that compromised also?

I regret to inform everyone there was a likely breach at simplecoin.us.

What is known so far:
The main pool server home directory was wiped clean, including wallet backups. The pool username also had the password changed.
The live pool wallets were thankfully not in the home directory and were recovered.

What has been done:
The balances of the wallets are being transferred. There are no apparent losses so far.
The servers have been physically shut down to prevent any other data loss.

What is your specific time frame for completion of this task, since "There are no apparent losses so far."

Right now the priority is to transfer funds as the blocks are confirmed. There is not a specific time frame, as the level of damage has not yet even been fully assessed.

[simplecoin]

Ok, upon reboot. Everything is still intact. User tables, user data, even the missing files.

I'd like to hope this is a false alarm and just a mounted drive issue. However, I'm still going to thoroughly audit everything before turning the site back on.

[hmblm1245]

Ok, upon reboot. Everything is still intact. User tables, user data, even the missing files.

I'd like to hope this is a false alarm and just a mounted drive issue. However, I'm still going to thoroughly audit everything before turning the site back on.

Sounds like a professional response. Thanks.

[simplecoin]

While everything checks out, even the logs (no successful connections to ssh or webmin but my own either)... I'm still not sold that there was no foul play.

So, I'm wiping the servers and restoring everything freshly.

That may add another day of downtime, but I want to be sure this issue is resolved once and for all.

[Iyeman]

While everything checks out, even the logs (no successful connections to ssh or webmin but my own either)... I'm still not sold that there was no foul play.

So, I'm wiping the servers and restoring everything freshly.

That may add another day of downtime, but I want to be sure this issue is resolved once and for all.

Wiping the server and starting over is only going to solve the problem if you fix however someone got access to it...since you can't fiind a way that someone accessed it then the problem can't be fixed (if there is a problem) so wiping and reloading seems like a waste of time lol

[simplecoin]

While everything checks out, even the logs (no successful connections to ssh or webmin but my own either)... I'm still not sold that there was no foul play.

So, I'm wiping the servers and restoring everything freshly.

That may add another day of downtime, but I want to be sure this issue is resolved once and for all.

Wiping the server and starting over is only going to solve the problem if you fix however someone got access to it...since you can't fiind a way that someone accessed it then the problem can't be fixed (if there is a problem) so wiping and reloading seems like a waste of time lol

Wiping WILL remove any possible threats (I could have just turned the pool back on, but I'd rather be safe). I will be taking additional precautions as well.
SSH will be locked to my local certificate and IP.
Webmin will be locked to my local IP.
The only publicly open ports will be nginx and possibly pushpool (although I've heard of no one who needed to bypass the proxy). All others will be firewalled off entirely.

[martychubbs]

We appreciate the hard work!  What your planned time-frame to go live again?

[simplecoin]

We appreciate the hard work!  What your planned time-frame to go live again?

If all works out, I should be ready tonight (CST), if not hopefully tomorrow. The rebuild has gone very smoothly so far.