Twenty minutes after the launch. Hackers to steal 68500000 in five minutes.
More than one being attacked by hackers
why?
I really feel awful about that. One or more hackers knew about the distribution, lied in wait like a highway robber behind a boulder, and brute-forced the NFD brainwallet with a known-password table, a rainbow table and who knows what else. The NFD was stolen from accounts that he was able to crack with his malicious script.
We tried what we could to encourage people to use secure passphrases, but in the end not everyone did. Thankfully, MaWo held off on some sends because he judged some hashes to match up to weak passwords. Had he not done so, the thief or thieves would have stolen more.
I wish he had held back on the ones who got robbed, but the point behind hashes is to unrecognizably disguise the string being hashed - so he did miss a few vulnerable passphrases. And he and I did warn several times about creating secure passphrases. To be quite frank, he did go above and beyond the call of duty by finding that known-password table and hashing all the passwords therein, and comparing the known-password hashes to the hashes on the distribution list. That's the only way to find vulnerable passphrases once they're hashed, because an SHA-256 hash is impossible to reverse.
When it comes down to it, the robber was successful because he had better vulnerable-password tables than MaWo - and the accounts he robbed had vulnerable passwords!
The only way to assure a robbery-free launch would have been for MaWo and I to pick everyone's passphrase for them, each made up of 36 or more random characters, and send out each holder's passphrase via encrypted Email. But that was unthinkable for us, because it would have gone against the whole philosophy of P2P cryptocurrency. More practically, it would have introduced a "single point of failure" that would have gotten
everyone robbed if something had gone wrong! That's why we didn't even think of doing that.