Mintpal hacked (VeriCoin)

[TR8888]

Absolute madness, Mintpal was hacked to due their incompetence.. They should replace the funds themselves, Yes even if this means Mintpal go bust and VRC crashes. This is the ONLY option!! Rollback? Who the fuck do they think they are? Paypal?

"VeriCoin, The Crypto Mintpal finished off

Corrected.

[1714529383]

1714529383

[1714529383]

1714529383

[1714529383]

1714529383

[Equate]

So many incidents in the past but exchanges are not gonna learn anything.

[venlo]

summary:

-suspicions raised this could be part of a larger social experiment
-coin named after human implantable RFID-chip (http://en.wikipedia.org/wiki/VeriChip)
-exchange in the City of London fucks up causing:
-transactions are reversed

where is my tinfoil-hat?

[drkman]

Anyway, gentlemen... Not everybody would be able to perform such an attack, and other coins could have been targeted (sayings that BTC and LTC also got affected are around), so if such a skilled perpetrators chose VRC there are only two choices, either they felt their investments in other coins was threatened by VRC or to cause severe panic and buy on dumps.

It is quite clear what both of those situations mean, every one should get their own conclusion.

Eth.

You mean we should buy the mess out of Vericoin because even the cheaters and thieves know it is going much higher than here.

[XbladeX]

...
I would bet this was somehow an inside job either with VRC dev's and someone inside Mintpal hence why the decision to rollback was such an easy out.
...

i agree with that something is wrong around whole situation...

Who would benefit from this though?  

If there was BIG deal around and we didn't saw it... some one with BIG BTC wallet could force rollback IMO.
This is only one of many theories there is MANY BC clones XC Cloack Cry and more more - mostly POW coins are benefits (BTC,LTC are winners here ) of whole shit storm
because they have shown that idiots who keep coins 1/3 of all on one exchange they blame exchange for manipulation but not themselves...


And now best: solution to attacks possible with 20%-35% attacks are known:
NOVA coin use (balanced weighting scheme.) PPC ( centralized check-pointing ) BC ( POS 2.0 join both + coing age modification )
while VRC will solve it by rollback is that true way to do it ?

Here source of info:
___________________________________________________________
Issues/controversies Stake generation issues ( http://coinwiki.info/en/Novacoin )

The main proof-of-stake design problem is that unlike proof-of-work hashing rate, stake weight could be used multiple times without any overhead. It allows potential attacker to repeat his attempts to generate consecutive stakes until he will get lucky enough. And there is high probability to success without holding large stake, 20–25% of total weight (not coins) will be more than enough. Attacker can retry his attempts to generate consecutive stakes 1,000, 50,000, or 1 million times without any problem, using the same outputs.[12][13]

This could be worked around using centralized check-pointing. Novacoin creators resolved this issue using balanced weighting scheme.[14]

[rix5]

mintpal said hackers were able to "inject a withdrawal request directly into our database". I call bullshit. Only vrc were stolen.

https://twitter.com/casacup/status/488609939892740096

[adhitthana]

Absolute madness, Mintpal was hacked to due their incompetence.. They should replace the funds themselves, Yes even if this means Mintpal go bust and VRC crashes. This is the ONLY option!! Rollback? Who the fuck do they think they are? Paypal?

Why is that the only option?
Is there some law that says that people are not allowed to do what Mintpal did?
Who wrote that law and where did they write it?

[rix5]

just get it: it is all one fucking lie!
Mintpal was not hacked! Gox was not hacked. Coinex was not hacked. It is all one fucking lie.

probably to invite regulation, get you used to the idea of rollbacks, steal your funds over and over again and god knows what

[Specialrigs]

mintpal said hackers were able to "inject a withdrawal request directly into our database". I call bullshit. Only vrc were stolen.

https://twitter.com/casacup/status/488609939892740096

A mysql query injection? That's a site security hole, and could potentially affect any coin. That makes little sense. If they were able to inject a query into the database, why not steal other coins?

[adhitthana]

mintpal said hackers were able to "inject a withdrawal request directly into our database". I call bullshit. Only vrc were stolen.

https://twitter.com/casacup/status/488609939892740096

A mysql query injection? That's a site security hole, and could potentially affect any coin. That makes little sense. If they were able to inject a query into the database, why not steal other coins?

According to Mintpal and linked to earlier.

Why was only VRC taken?
We're not exactly sure why VRC was the only coin taken, however we can confirm that BTC and LTC were targeted, but those withdraw attempts were unsuccessful owing to far more stringent COLD storage methods on those wallets.

Which sounds strange because Mintpal admitted that the problem was they had far too many VRC in the hot wallet.

What about COLD storage?
This is perhaps the most important question we have been asked. We did have COLD storage setup for VRC, however in this instance, due to an error for which only we can be accountable, we had transferred far fewer coins than was required, resulting in a large proportion of coins being left in the HOT wallet.

An error??

[stealth923]

mintpal said hackers were able to "inject a withdrawal request directly into our database". I call bullshit. Only vrc were stolen.

https://twitter.com/casacup/status/488609939892740096

A mysql query injection? That's a site security hole, and could potentially affect any coin. That makes little sense. If they were able to inject a query into the database, why not steal other coins?

According to Mintpal and linked to earlier.

Why was only VRC taken?
We're not exactly sure why VRC was the only coin taken, however we can confirm that BTC and LTC were targeted, but those withdraw attempts were unsuccessful owing to far more stringent COLD storage methods on those wallets.

Which sounds strange because Mintpal admitted that the problem was they had far too many VRC in the hot wallet.

What about COLD storage?
This is perhaps the most important question we have been asked. We did have COLD storage setup for VRC, however in this instance, due to an error for which only we can be accountable, we had transferred far fewer coins than was required, resulting in a large proportion of coins being left in the HOT wallet.

An error??

If the SQL injection attack worked on Veri it would have worked on the Litecoin, bitcoin Hotwallets

Mintpal are clearly working with Veri to cover this up....its really shady...once its pinpointed - you can say goodbye to Mintpal

[cech4204a]

Damn, nothing is safe today...i don't know if those are fake attacks or real ones, since some exchanges could fake hacks and get money from users.

[Wulfcastle]

mintpal said hackers were able to "inject a withdrawal request directly into our database". I call bullshit. Only vrc were stolen.

https://twitter.com/casacup/status/488609939892740096

This, why would the hackers just take VRC, when they could've taken BTC or looted the whole exchange. Also MintPal in their statement says "there no reason to believe there's anything wrong with our security", well that right there is a major security hole, the hacker could inject another withdrawal request again on any coin they like as MintPal have done nothing really to secure their site.

[flipme]

mintpal said hackers were able to "inject a withdrawal request directly into our database". I call bullshit. Only vrc were stolen.

https://twitter.com/casacup/status/488609939892740096

A mysql query injection? That's a site security hole, and could potentially affect any coin. That makes little sense. If they were able to inject a query into the database, why not steal other coins?

According to Mintpal and linked to earlier.

Why was only VRC taken?
We're not exactly sure why VRC was the only coin taken, however we can confirm that BTC and LTC were targeted, but those withdraw attempts were unsuccessful owing to far more stringent COLD storage methods on those wallets.

Which sounds strange because Mintpal admitted that the problem was they had far too many VRC in the hot wallet.

What about COLD storage?
This is perhaps the most important question we have been asked. We did have COLD storage setup for VRC, however in this instance, due to an error for which only we can be accountable, we had transferred far fewer coins than was required, resulting in a large proportion of coins being left in the HOT wallet.

An error??

If the SQL injection attack worked on Veri it would have worked on the Litecoin, bitcoin Hotwallets

Mintpal are clearly working with Veri to cover this up....its really shady...once its pinpointed - you can say goodbye to Mintpal

Not necessarily, if those databases contain another level of transaction auditing before execution.
I doubt they use MySQL. It would be interesting to know which middleware its made with.
Nobody in its right mind would use PHP for a financial transaction system anyway, but thats probably whats used for most of the exchanges.

The lack of adoption of standards for such systems is a major culprit for all of these bo-peep exchanges.
Most of it is home-knit crap, based on completely unaudited frameworks.
Thats also the reason why integration into existing financial clearing networks is almost impossible for them.

[Petr1fied]

People stating that nobody will lose money over this are naive. If the fork goes through then yes people will get their VRC refunded to them but ask yourself this question:

What will happen once the BTC/VRC market is reopened on the various exchanges?

The answer is simple, the majority of people are going to dump all of their VRC for BTC and those who are too slow are going to be left bagholding severely devalued VRC. They will be the real losers if the hard fork goes through.

I personally have no stake in VRC (and never will now). The precedent being set by the VRC devs makes the coin worthless from my point of view. It's not the responsibility of coin devs to protect the interests of coin exchanges.

Every single transaction can be traced back to it's very origin in a blockchain. A better option would have been for Mintpal to step up and compensate their customers out of their own BTC for their now imaginary VRC and if the VRC devs wanted to roll out a hard fork, the extent of which should extend to some kind of global warning if the coins that have been received originate from the malicious transactions. This would make the stolen coins worthless and easy for an exchange to confiscate should they be transferred to one.

[newuser01]

So a hardfork because Mintpal's security was bad?

VRC = decentralized

[feina24h]

So a hardfork because Mintpal's security was bad?

VRC = decentralized

Bad idea to hardfork but who will pay the users who lost there money > Mintpal 

[gloryninja]

We should have a bounty on the heads of the hackers. find them and name them. When cryptorush got hacked i was like f*** this... when bittrex got hacked , i was losing it. This cannot go on for longer!

[niothor]

1) We lost a considerable amount of VeriCoin in the attack, however we have been working with the VRC developers and all major exchanges to hard fork the coin at a position before the attack. This will allow us to retrieve the stolen coins and facilitate all withdrawals. We are also working with various exchanges to accommodate any losses they may encouter as a result of the required fork.

This is a problem right here. Just because it's stolen does not mean they should be able to arbitrarily reverse the hack. If they're successful at hard forking, this will set precedence that any time there is a theft reported, devs can just hard fork again. This will eventually be abused, and corruption happens.

Indeed , we right now have a centralized coin with vericoin.
They have shown they can reverse any transaction on their own. There is no difference between vericoin and fiat money right now.

[Nullu]

As others have said a rollback completely undermines decentralised cryptocurrency, and the coin shouldn't be made to pay for Mintpal's negligence.

They should instead be talking about compensating the people who's coins were stolen, not looking for a way to dodge their responsibilities as an exchange. Their security failed, they are responsible.

What happens to all the people who bought VeriCoins after the attack on the blockchain?