Brothers in Crypto,
I wanted you all to be aware that we have a financial terrorist among us attempting to extort money from myself and likewise further damage the crypto-currency movement, of which we are all passionately involved. This individual’s goal is no doubt targeting all of us in that their actions add further reasons towards preventing our achieving global acceptance.
I am speaking to you as a common member of this movement in the spirit of open and honest communication towards allowing you to understand what has transpired against us.
As many of you may remember, a few months ago our remote servers were under constant attack and resulted in the eMunie website and forum being taken offline on a few occasions. Soon after these attacks the assailants gained access to several online services I control, and most certainly had some form of access to 1 or more machines on my home network and also our remote servers.
Resulting from these coordinated breaches, the assailant made off with over 600 BTC from my own personal BTC wallets and accounts, as well as a sizable amount from of our pre-launch fundraising activities.
Additionally some old backups of the eMunie source code were downloaded and will probably surface on the internet soon after this announcement. This source code is not compatible to any current eMunie code base and is mainly older prototype code, thankfully I had switched backup requirements some time before this attack and thus many of the functions that give eMunie it's edge are still safe.
Extensive time, effort and resources has been expended to understand how these attacks may have been possible, and to track down the offenders whereabouts. Unfortunately at this time, the identity of the thief can not be ascertained with 100% confidence, but I hope in light of recent renewed activity on their part and with help of the community maybe assisting in the search, we can identify the thief and exert some justice.
With regards to the possibility of further attacks, after this event all network infrastructure was changed with revised security methods and a change of service providers where required. These efforts included fortifying my home network and the machines that run within it, including additional internal and external proxy systems between myself and the internet. A second local network that I now use for development and the storage of sensitive information is also in place and connects via an on demand only internet connection when absolutely required.
The methods employed to gain access to remote and local systems are most likely a possibility of 2 which I will detail more in another report, the summary of which, and affected systems is below:
The systems/accounts that were affected were my personal Gmail account (which possibly linked as a backup to my ancient personal Hotmail account) as well as multiple wallets across many reputable online trading services.
Our hosting panel for some remote systems was also breached, as security there is not particularly as great as it should be for a large ISP. I believe this was the primary entry point to gain access to my home systems, with some malicious code planted and a mechanism to transfer upon next login to my home machines. From my home machines it was only a matter of time before access to pretty much everything was possible. At no point did any of the protection on these home machines indicate any virus, trojan or the sort, and considering the complexity of the hack (and how well any evidence of activity was removed) it was certainly an attacker/s of "professional" caliber and likely some custom software made to do that specific job.
No passwords for any of these accounts were kept in any electronic medium so that method was not employed to compromise them. I can only surmise that initially they gained access through the use of "Security Questions" to reset the passwords on less secure accounts, which due to my public profile and online history would not be that difficult to breach.
Based on this revised security implementation the thief is now unable to gain access to any services or accounts, and have noted recent extensive activity since the theft which is clearly such an attempt. As such, he now finds himself having to move towards extortion for further financial rewards by threatening to go public with his prior actions in an attempt to damage our reputation within the crypto-world.
As I stand by my own word and moral character I have personally covered the loss of all eMunie funds so that that the impact to our operations and activities are completely and absolutely unaffected. This was a decision I made personally as I wanted to take the time to ensure there was no loss of momentum for our project development, as well as to allow me time to begin an investigation towards discovering who this person was.
Since the attack and theft, over 300 BTC has been requested in refunds for various reasons to numerous investors, all of which have been returned without incident from my own pocket. I have ensured to keep a steady amount of funds available to be able to purchase BTC as and when required to meet these demands, aside from the occasional delay in purchasing BTC in mass amounts, all refunds have been honored. With that in mind, I would be grateful if perhaps those of you that requested refunds and received them could stand forward and state as such, providing that it does not cause you any ill consequences by doing so.
In light of this news, I am fully aware that many of you will decide to reclaim your investments too, and no ill regard will be taken against you should that be your wish. I am at present in process of repurchasing large amounts of Bitcoin in anticipation, to cover any individuals that might feel they want to be refunded from the project at this time and they can be assured that their initial contributions are still completely valid and secure. I do request, however, that if you wish to leave the project you would have a modest amount of patience for this effort, as acquiring large amounts of Bitcoin, with bank held fiat funding is not a speedy process and can take some time.
Frankly, I am personally disgusted by such a move as I have always strived to maintain a high moral character and reputation with regards to the ideals of the crypto-community. We receive enough mockery from the mainstream press and other communities already for our efforts here and these events only serve to fuel that mockery further. Accordingly, any damage to our collective reputation only serves to weaken our combined efforts to change the face of global financial services.
It is no secret that both myself and the eMunie project have been the target of many attacks over the past year, we have been mocked, laughed at, my personal status and morals have been wrongly brought to question, endless scathing personal insults, and numerous minor disruptions many times, all of which have been overcome and will continue to be so.
I outright refuse to yield to these attempts to halt the vision that is eMunie, and regardless of the outcome from this event, I will not be deterred from completing the goal which I have set. Be it with community support or none at all, eMunie will be a success and I will do whatever it takes to ensure that becomes fact.
TO THE THIEF:Your original attack was smart, well coordinated and perfectly executed, you obviously took your time and tested for cracks, committing your attack when I was at my most occupied with other matters holding my attention. However, you should have stayed happy with your ill gotten gains, as your recent secondary attacks have not been quite so well played and you have let sheer greed get the better of you.
My trail to you had all but gone cold, and I was in the position of simply having to take the hit and allow spilt milk be just that. Alas, for you, your recent efforts and attempted extortion have done nothing more than to put into motion my forced hand. You called my bluff, I never bluff.....
What awaits you is an existence where you dare not raise your head above water, for the fear of someone, somewhere waiting with a golden axe. I am a calculated man with resources, who can be cunning when needs to be, and I will use all resources that I have to track you down, and I will start with those gold axe's.
I am going to put a bounty on your "head", the 40BTC that you attempted to extort from me. In addition to that, this bounty will increase over time, indefinitely, each week by 1 Bitcoin. This will continue until such a time that reliable information is provided that leads to you, results in your capture and full wrath of the law brought against you, or that the bounty amount is so high, rewards pledged for America's most wanted seem insulting.
By that point I imagine internet bounty hunters finding your whereabouts are the least of your worries.
Checkmate!You have 2 options:
1. Return the stolen Bitcoins, in full, within 2 weeks. After this period, the bounty will never be lifted and negotiations of any sort are impossible.
2. Run & hide, well, and forever.
If anyone wishes to aid in the search for this financial terrorist then I will be collecting the newest information I have so far and will be publishing these details once the immediate hysteria has calmed, to aid in their eventual identification. I will also be placing the 40BTC bounty into a reputable escrow provider over the next week or so, the timeline of which purely depends on how much BTC I need to purchase to fulfill investment refunds, as that is of course my #1 priority.
Additionally if anyone has suggestions of ways I may not have been aware to attempt to track down this individual, please let me know also.
Finally, to all that have shown me support and faith, I can only offer my sincerest apologies and humbly ask that you do not allow this event to distort your perception of my character and intent. Responsibility of those funds is solely mine and I will carry that responsibility regardless, my vigilance in protecting them was simply not enough and I will pay the cost of that loss without complaint.
- Dan Hughes
For the record, none of the Founders, or any other individual associated with eMunie knew of this event prior to today!Original Link to Attached PDF containing this text:
https://www.dropbox.com/s/fkhh875u9zokfba/Announcement Of BTC Theft.pdf