scam_exposer
Sr. Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 252
Merit: 250
Keeping People Honest - Don't Get Scammed
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:15:21 PM |
|
OPAL trading was halted several days ago on Poloniex; was that related to this attack?
This wasn't an attack. It was users installing a backdoor on their computer allowing their wallet files to be taken. This has nothing to do with Opal the coin but restoring coins to users that did not protect their computers. Rolling back the blockchain for user incompetence is idiotic. I fully support the rollback. If anyone can make this work, is the Opal dev's and community.
People, please scan your computers fully before the rollback takes place.
We have to design a procedure where someone's wallet.dat was stolen and it was not protected with a passphrase. If we roll back, doesn't the hacker still have the privkeys to the addresses stored in the wallet.dat?
Let's do this patiently and methodically.
Yes
|
99.999999999999999999999999999999999999999999999999% of all ICO's are SCAMS
|
|
|
arniebaby
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:17:03 PM |
|
OPAL PRESS RELEASE BLOCK CHAIN ROLLBACK Since its inception, OPAL has made significant strides to becoming a valuable asset to the cryptocoin community. An ambitious development team backed by a strong community has proven to be and will continue to be a cornerstone in the continued success of OPAL. With that being said, the OPAL team has found that a user made a malicious post within the OPAL ANN thread which included links to a manipulated version of the wallet. This wallet installs a backdoor which steals wallet.dat files from not only the OPAL wallet, but other cryptocoin wallets as well. Additionally, the user posted links to wallet downloads in other Bitcointalk threads. These downloads are also assumed to be malevolent. The hacker has stolen approximately 17% of the total OPAL coin supply, which is enough to attack the block chain. In light of this, a critical decision has been made by the community to roll back the blockchain, thereby eliminating the possibility of such an attack and to prevent further damage. The OPAL team thanks the community for acting promptly and supporting the continuing growth of OPAL. Please remember to only download wallets from the website www.opal-coin.com or download and complie the source yourself, which is available at https://github.com/OpalCoin/OpalCoin. If there are any questions or concerns, please contact the OPAL team at support@opal-coin.com or on the IRC channel freenode #opalcoin. The OPAL Team OK. Decision made. Timescales??
|
NARNIE-YYITR3-V6BVJ7-GGR5EO-GRIZZ2-WEMD4A-AAUD NEM NEM NEM NEM NEM NEM NEM NEM NEM NEM
|
|
|
m30188
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:17:50 PM |
|
This wasn't an attack. It was users installing a backdoor on their computer allowing their wallet files to be taken.
I use the term "attacker" rather than "hacker". In my mind, the actions of an attacker is an attack. And if the motive behind the attack was to harm OPAL, it was magnificently successful.
|
|
|
|
PhilipMorris
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:19:27 PM |
|
This wasn't an attack. It was users installing a backdoor on their computer allowing their wallet files to be taken.
I use the term "attacker" rather than "hacker". In my mind, the actions of an attacker is an attack. There was no attack on Opal. Scam_exposer is right, just user funds that have been taken. Sad enough though.
|
|
|
|
m30188
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:22:49 PM |
|
Alright, so what's the next move? Are we waiting on an OPAL client update for the rollback?
|
|
|
|
raimch89
Legendary
Offline
Activity: 1169
Merit: 1000
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:24:37 PM |
|
why cryptsy not freezed?
|
|
|
|
scam_exposer
Sr. Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 252
Merit: 250
Keeping People Honest - Don't Get Scammed
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:28:48 PM |
|
This wasn't an attack. It was users installing a backdoor on their computer allowing their wallet files to be taken.
I use the term "attacker" rather than "hacker". In my mind, the actions of an attacker is an attack. And if the motive behind the attack was to harm OPAL, it was magnificently successful. The motive was to steal your coins and convert them to btc and then fiat. There have been numerous attempts recently to hijack users computers with infected wallets. Those were typically done with a new coin launch but it appears that they have switched tactics since people have become wise to the Windows wallet only ninja launches that idiots would jump on and run the infected wallet. Opal was likely just chosen at random. This should be a warning to all that you never run a wallet posted by anyone but the official representatives for that coin. This is likely to be repeated with other coins because there is never a shortage of idiots out there and these scumbags know that. Make sure that you don't just update wallets because it's posted in a thread. Make sure that the person posting it is legitimate.
|
99.999999999999999999999999999999999999999999999999% of all ICO's are SCAMS
|
|
|
PhilipMorris
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:38:41 PM |
|
This wasn't an attack. It was users installing a backdoor on their computer allowing their wallet files to be taken.
I use the term "attacker" rather than "hacker". In my mind, the actions of an attacker is an attack. And if the motive behind the attack was to harm OPAL, it was magnificently successful. The motive was to steal your coins and convert them to btc and then fiat. There have been numerous attempts recently to hijack users computers with infected wallets. Those were typically done with a new coin launch but it appears that they have switched tactics since people have become wise to the Windows wallet only ninja launches that idiots would jump on and run the infected wallet. Opal was likely just chosen at random. This should be a warning to all that you never run a wallet posted by anyone but the official representatives for that coin. This is likely to be repeated with other coins because there is never a shortage of idiots out there and these scumbags know that. Make sure that you don't just update wallets because it's posted in a thread. Make sure that the person posting it is legitimate. True, however the most important thing is: Don't keep your wallet encryption passwords anywhere near your PC. Even if a hacker was able to steal your wallet.dat file, he cannot grab the coins if he doesnt have the password. Ive heard about a program called keyscrambler, what it does is basically hide everything that you type. Keyloggers won't work for the hacker. Which is pretty important, incase you want to unlock your wallet for staking for example.
|
|
|
|
NoobKidOnTheBlock
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:43:06 PM |
|
OPAL PRESS RELEASE BLOCK CHAIN ROLLBACK Since its inception, OPAL has made significant strides to becoming a valuable asset to the cryptocoin community. An ambitious development team backed by a strong community has proven to be and will continue to be a cornerstone in the continued success of OPAL. With that being said, the OPAL team has found that a user made a malicious post within the OPAL ANN thread which included links to a manipulated version of the wallet. This wallet installs a backdoor which steals wallet.dat files from not only the OPAL wallet, but other cryptocoin wallets as well. Additionally, the user posted links to wallet downloads in other Bitcointalk threads. These downloads are also assumed to be malevolent. The hacker has stolen approximately 17% of the total OPAL coin supply, which is enough to attack the block chain. In light of this, a critical decision has been made by the community to roll back the blockchain, thereby eliminating the possibility of such an attack and to prevent further damage. The OPAL team thanks the community for acting promptly and supporting the continuing growth of OPAL. Please remember to only download wallets from the website www.opal-coin.com or download and complie the source yourself, which is available at https://github.com/OpalCoin/OpalCoin. If there are any questions or concerns, please contact the OPAL team at support@opal-coin.com or on the IRC channel freenode #opalcoin. The OPAL Team OK. Decision made. Timescales?? Okay I've downloaded the wallet from the website and it still says zero connections plus all my OPAL right now are on Bittrex but bittrex has OPAL disabled? Does this mean I'm gonna lose my coins? Or will I still have them?
|
▇ ▇▇▇ ▇▇▇▇▇ ▇▇▇▇ ▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇ | | ... | ............NoobKidOnThe.BLOCK.....
|
|
|
|
|
PhilipMorris
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:45:23 PM |
|
OPAL PRESS RELEASE BLOCK CHAIN ROLLBACK Since its inception, OPAL has made significant strides to becoming a valuable asset to the cryptocoin community. An ambitious development team backed by a strong community has proven to be and will continue to be a cornerstone in the continued success of OPAL. With that being said, the OPAL team has found that a user made a malicious post within the OPAL ANN thread which included links to a manipulated version of the wallet. This wallet installs a backdoor which steals wallet.dat files from not only the OPAL wallet, but other cryptocoin wallets as well. Additionally, the user posted links to wallet downloads in other Bitcointalk threads. These downloads are also assumed to be malevolent. The hacker has stolen approximately 17% of the total OPAL coin supply, which is enough to attack the block chain. In light of this, a critical decision has been made by the community to roll back the blockchain, thereby eliminating the possibility of such an attack and to prevent further damage. The OPAL team thanks the community for acting promptly and supporting the continuing growth of OPAL. Please remember to only download wallets from the website www.opal-coin.com or download and complie the source yourself, which is available at https://github.com/OpalCoin/OpalCoin. If there are any questions or concerns, please contact the OPAL team at support@opal-coin.com or on the IRC channel freenode #opalcoin. The OPAL Team OK. Decision made. Timescales?? Okay I've downloaded the wallet from the website and it still says zero connections plus all my OPAL right now are on Bittrex but bittrex has OPAL disabled? Does this mean I'm gonna lose my coins? Or will I still have them? Read up, all your questions have been answered.
|
|
|
|
DeckardKain
Newbie
Offline
Activity: 34
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 06:56:25 PM |
|
OPAL PRESS RELEASE BLOCK CHAIN ROLLBACK Since its inception, OPAL has made significant strides to becoming a valuable asset to the cryptocoin community. An ambitious development team backed by a strong community has proven to be and will continue to be a cornerstone in the continued success of OPAL. With that being said, the OPAL team has found that a user made a malicious post within the OPAL ANN thread which included links to a manipulated version of the wallet. This wallet installs a backdoor which steals wallet.dat files from not only the OPAL wallet, but other cryptocoin wallets as well. Additionally, the user posted links to wallet downloads in other Bitcointalk threads. These downloads are also assumed to be malevolent. The hacker has stolen approximately 17% of the total OPAL coin supply, which is enough to attack the block chain. In light of this, a critical decision has been made by the community to roll back the blockchain, thereby eliminating the possibility of such an attack and to prevent further damage. The OPAL team thanks the community for acting promptly and supporting the continuing growth of OPAL. Please remember to only download wallets from the website www.opal-coin.com or download and complie the source yourself, which is available at https://github.com/OpalCoin/OpalCoin. If there are any questions or concerns, please contact the OPAL team at support@opal-coin.com or on the IRC channel freenode #opalcoin. The OPAL Team OK. Decision made. Timescales?? Okay I've downloaded the wallet from the website and it still says zero connections plus all my OPAL right now are on Bittrex but bittrex has OPAL disabled? Does this mean I'm gonna lose my coins? Or will I still have them? You wont lose any opal. And if you still lose contact opal team. They never let their people fall.
|
|
|
|
NoobKidOnTheBlock
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 07:11:02 PM |
|
OPAL PRESS RELEASE BLOCK CHAIN ROLLBACK Since its inception, OPAL has made significant strides to becoming a valuable asset to the cryptocoin community. An ambitious development team backed by a strong community has proven to be and will continue to be a cornerstone in the continued success of OPAL. With that being said, the OPAL team has found that a user made a malicious post within the OPAL ANN thread which included links to a manipulated version of the wallet. This wallet installs a backdoor which steals wallet.dat files from not only the OPAL wallet, but other cryptocoin wallets as well. Additionally, the user posted links to wallet downloads in other Bitcointalk threads. These downloads are also assumed to be malevolent. The hacker has stolen approximately 17% of the total OPAL coin supply, which is enough to attack the block chain. In light of this, a critical decision has been made by the community to roll back the blockchain, thereby eliminating the possibility of such an attack and to prevent further damage. The OPAL team thanks the community for acting promptly and supporting the continuing growth of OPAL. Please remember to only download wallets from the website www.opal-coin.com or download and complie the source yourself, which is available at https://github.com/OpalCoin/OpalCoin. If there are any questions or concerns, please contact the OPAL team at support@opal-coin.com or on the IRC channel freenode #opalcoin. The OPAL Team OK. Decision made. Timescales?? Okay I've downloaded the wallet from the website and it still says zero connections plus all my OPAL right now are on Bittrex but bittrex has OPAL disabled? Does this mean I'm gonna lose my coins? Or will I still have them? You wont lose any opal. And if you still lose contact opal team. They never let their people fall. Okay thanks because I downloaded the wallet with exchange that the OPALTEAM posted here and it's not syncing and says that there is 0 connections and then on Bittrex it says OPAL is disabled? So if I wait a bit everything will be fixed and up and running again?
|
▇ ▇▇▇ ▇▇▇▇▇ ▇▇▇▇ ▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇ | | ... | ............NoobKidOnThe.BLOCK.....
|
|
|
|
|
m30188
Newbie
Offline
Activity: 40
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 07:15:18 PM |
|
If I'm correct, everyone needs to run a new client that's confirming blocks on a new fork. Is that right?
|
|
|
|
bitdraw
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 07:21:49 PM |
|
If I'm correct, everyone needs to run a new client that's confirming blocks on a new fork. Is that right?
they update the client, make checkpoints everyone uses the new client and its done pretty much... i think the harder part is managing all the refunds..
|
|
|
|
etoque
Legendary
Offline
Activity: 1988
Merit: 1000
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 07:36:58 PM |
|
GOOD so the faster you do the rollback,the faster we can continu the opal spread mission ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) Lets growth this coin ! Btw: Other saying it will be kill opal because centralisation. I want to say. Nop. Need to relax a bit and step back. There's nothing happen,look how many people have vote,no more than 150 lol. NXT was something other,VRC too,because it happen when everybody look at it,when they have a kind of massive addoption(still,far more than opal have now) We have still only one way to go when you have a Super good dev team like this and we are close to #100 on CMC ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) there's no bug,no fork,no scam , only malicious link has been posted and some basic error happen. Not so dramatic(except for the 17% user) This coin still doing well guys ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
|
|
|
|
toldy
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 07:40:02 PM |
|
Here's a scenario that I'm wondering how we're going to address:
1. Bob has an OPAL wallet with 100,000 opal, that is not protected with a passphrase
2. He downloads a malware wallet, which copies his wallet.dat and forwards it to the hacker
3. The hacker empties this wallet and transfers his opal away and dumps the private key for "future use".
4. A roll back occurs
5. Bob now has 100,000 opal back in his wallet again
6. A few seconds later, the hacker empties this wallet again, because he has the private key from step #2
How are we going to circumvent this from occurring.
|
|
|
|
etoque
Legendary
Offline
Activity: 1988
Merit: 1000
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 07:41:26 PM |
|
Everyone was infected need to do a nice clean up before oppening new wallet
|
|
|
|
StonerStanley
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 07:49:41 PM |
|
Malwares bytes already delete startup key / method, and malware files (otherwise h "This Backdoor or another affiliated agent may reload itself after a remove" If you remove the malware it can't reload. If a malware reload is because you do not kill the persistence (here the persistence was "csrss.exe", in the same folder as "windhcp.exe", and detected by malwares byte also) This malware is not really smart ![Wink](https://bitcointalk.org/Smileys/default/wink.gif) don't worry. (combofix is helpful when some of your system files are corrupted, by malwares) Ok, thanks StonerStanley, So during the corruption, the backdoor/the attacker can't install other malware/exploit ? if yes my only advice (for corrupted wallets) will be "CHANGE ALL YOUR PASSWORDS". As i know i didn't see anything able to make a update for load a new version of this malware. No one file except the malware (wallet executable, not .dat) itself is corrupted/infected. So if you use malwares bytes is ok (i advise you combofix when no one other antivirus is able to repair your problem)
|
|
|
|
toldy
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 07:51:46 PM |
|
Here's a scenario that I'm wondering how we're going to address:
1. Bob has an OPAL wallet with 100,000 opal, that is not protected with a passphrase
2. He downloads a malware wallet, which copies his wallet.dat and forwards it to the hacker
3. The hacker empties this wallet and transfers his opal away and dumps the private key for "future use".
4. A roll back occurs
5. Bob now has 100,000 opal back in his wallet again
6. A few seconds later, the hacker empties this wallet again, because he has the private key from step #2
How are we going to circumvent this from occurring.
I'll give you a possible solution to the scenario: 1. Opal team releases a new wallet, on a new chain, opal v2 with a 2.5 million premine. 2. The Opal v2 wallet has to be encrypted with a passphrase otherwise the wallet doesn't generate any addresses 3. Bob downloads this Opal v2 wallet, creates a passphrase, and generates a new address 4. Bob now gets in touch with the OpalTeam to verify he has keys to the original v1 wallet, and OpalTeam transfers the stolen coins from v1 (from the v2 premine) to his Opal v2 passphrase protected wallet. Something like that.. Using bitcointalk forum names to prove identity could help this.. I don't know.
|
|
|
|
scam_exposer
Sr. Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 252
Merit: 250
Keeping People Honest - Don't Get Scammed
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 16, 2014, 07:52:17 PM |
|
Here's a scenario that I'm wondering how we're going to address:
1. Bob has an OPAL wallet with 100,000 opal, that is not protected with a passphrase
2. He downloads a malware wallet, which copies his wallet.dat and forwards it to the hacker
3. The hacker empties this wallet and transfers his opal away and dumps the private key for "future use".
4. A roll back occurs
5. Bob now has 100,000 opal back in his wallet again
6. A few seconds later, the hacker empties this wallet again, because he has the private key from step #2
How are we going to circumvent this from occurring.
You can't. Everyone was infected need to do a nice clean up before oppening new wallet
That does nothing to address the "private keys" issue. Doing a rollback because of user error is ridiculous and I can't believe people are even contemplating it.
|
99.999999999999999999999999999999999999999999999999% of all ICO's are SCAMS
|
|
|
|