BitCoinRush.io Hacked?

[Narcissistic]

Hey guys,

So aswell as being the Director of Marketing for a cryptocurrency exchange, I double as a pen-tester/infosec researcher, and recently came across a database being sold on the deepweb purporting to be from BitCoinRush.io.

I obtained a copy and checked some of the logins against their website and to my surprise they worked. Albeit most of them were banned for suspicious activity, probably due to people logging in and attempting to rob the balances from IP's originating in different countries than where the user signed up from.

I contacted the admins via email ( https://imgur.com/a/S9nTh3h ) to no avail. And apparently from what I can tell, they most likely know but haven't informed their users, which is a real piece of crap move considering how many people these days re-use passwords across many websites and is the number 1 attack happening against people these days.

If you use this service please change your passwords immediately.


https://imgur.com/a/sAgn6Vh

[1715646559]

1715646559

[1715646559]

1715646559

[1715646559]

1715646559

[Haunebu]

I don't think this is the right place for your thread op. I suggest shifting it to gambling discussion board asap. Also, you contact them through their main thread(Link below) on Bitcointalk to notify them regarding this situation.

https://bitcointalk.org/index.php?topic=228243.0

[SyGambler]

I'm not sure if this is really the case or not but I wouldn't be surprised , not sure why Tim didn't say a word here or on telegram regarding that
somebody on the telegram group just sent a message now regarding your thread so I guess we will be getting answers soon , if you want you can join Monsterbyte telegram group and find the admin there
https://t.me/MonsterByteTelegram

[Narcissistic]

I'm not sure if this is really the case or not but I wouldn't be surprised , not sure why Tim didn't say a word here or on telegram regarding that
somebody on the telegram group just sent a message now regarding your thread so I guess we will be getting answers soon , if you want you can join Monsterbyte telegram group and find the admin there
https://t.me/MonsterByteTelegram

Thanks will do that shortly.


**Edit - just spoke to Tim, he said someone would be in touch with me shortly.

[Narcissistic]

Can't say I am surprised with how they handled the news, essentially (I can only assume) Tim's response is implying I am hiding behind a fake account or something, (yet I gave him my work email to contact me on) and tried to downplay the seriousness of the fact their database and over 12,000 (of a purported 20,000) members details are leaked online. Tim also stated on Telegram to me that they used to use md5 hashing, and later changed to bcrypt after they "realised" a breach had happened in the past (yet they never informed their users of any such breach), yet 97% of the hashes in the leaked database are hashed with bcrypt, with the remaining 4% being md5. Many red flags here.

Users should always be informed of any breach. I'm going to submit this to haveibeenpwned.

[TimeTeller]

Can't say I am surprised with how they handled the news, essentially (I can only assume) Tim's response is implying I am hiding behind a fake account or something, (yet I gave him my work email to contact me on) and tried to downplay the seriousness of the fact their database and over 12,000 (of a purported 20,000) members details are leaked online. Tim also stated on Telegram to me that they used to use md5 hashing, and later changed to bcrypt after they "realised" a breach had happened in the past (yet they never informed their users of any such breach), yet 97% of the hashes in the leaked database are hashed with bcrypt, with the remaining 4% being md5. Many red flags here.

Users should always be informed of any breach. I'm going to submit this to haveibeenpwned.

Yes, that is the right thing to do here.
I think most websites will not divulge to its users if they have been breached for the fear that the players will leave them.
However, if they are really concern with their clients, they should have informed them of that situation to avoid possible great loss from their clients side.