Bitcoin Forum
November 09, 2024, 06:17:32 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Important Security Announcement  (Read 1603 times)
Duetschpire (OP)
Sr. Member
****
Offline Offline

Activity: 368
Merit: 250


bitify.com - Bitcoin Marketplace & Auction site


View Profile WWW
October 07, 2014, 01:27:37 AM
 #1

In the early hours of Sunday 5th October, CryptoThrift was subject to a well-planned and clinically executed security breach. Our hot wallet was compromised and our attackers managed to steal a little over 15 BTC of funds that were held in escrow. The nature of the attack was such that it was not immediately clear that anything had happened, which is why it has taken us until today to take action.

Fortunately the majority of users funds being held in escrow were safe in offline storage, so the impact of this attack was lessened. Please be assured that any users that have payments or refunds due will be contacted over the next few days and your money will be paid. The owners of CryptoThrift are absorbing the cost of this.

Whilst we have not yet completed our investigation, we have identified the attack vector as a vulnerability in a third party plugin. This was used to inject SQL queries into our database and manipulate the amounts on transactions being released from escrow. What we have not made public until now is that we have seen sustained and almost-daily attack attempts on the site for many months. We have been in contact with the Australian Federal Police regarding this, and will be sharing with them all data that we have on this attack as well as all previous attempts.

This attack has prompted us to reflect on our security measures, and we have concluded that we need to make some significant changes to our escrow process, our storage of customers funds, and have a third-party conduct a full security audit. Until this is complete, we feel we have no choice but temporarily suspend our escrow service for our users, as we simply cannot risk holding users funds. Effective immediately, buyers will no longer be able to choose to use escrow when purchasing items. All existing transactions that are in escrow will be honored until they are released or refunded.

CryptoThrift is owned and operated by two guys, both with families and full-time jobs, who run this site in their evenings and weekends to try and create something new for the crypto community. We have made every effort to provide good customer service and have put 100% of all profits back into development, advertising, and marketing. A such, the cost of this theft is being covered by us personally. If our attackers wish to do the right thing and return our funds to us, they can do so by sending it back to 19bBwiFrAaCLxZZoS4grTDoFFVszxzvPMo. If any of our users wish to help, we would gratefully receive donations of support to the same address.

We must sincerely apologize to our loyal users for this breach and our decision to temporarily remove our escrow service. It is heartbreaking for us to see our hard work destroyed by cold-hearted, thoughtless, hackers.

Thanks for all your support, and we hope that you continue to use our site. If you have any comments, please feel free to share them on our blog post

Paul & Ahmad
Team CryptoThrift

BunsenBurner
Hero Member
*****
Offline Offline

Activity: 653
Merit: 500



View Profile
October 07, 2014, 01:57:00 AM
 #2

Thanks for the announcement, and sorry to hear the incident and loss.

The "Important Announcement!" link on site doesn't seem to work right, and it shows a blank page https://cryptothrift.com/important-security-announcement.

Duetschpire (OP)
Sr. Member
****
Offline Offline

Activity: 368
Merit: 250


bitify.com - Bitcoin Marketplace & Auction site


View Profile WWW
October 07, 2014, 02:25:13 AM
 #3

Thanks for the announcement, and sorry to hear the incident and loss.

The "Important Announcement!" link on site doesn't seem to work right, and it shows a blank page https://cryptothrift.com/important-security-announcement.

Thanks for the support. The link seems to be working fine from here. Can you please double check?
Thanks

elitenoob
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500



View Profile
October 07, 2014, 03:18:11 AM
 #4

Thanks for the announcement, and sorry to hear the incident and loss.

The "Important Announcement!" link on site doesn't seem to work right, and it shows a blank page https://cryptothrift.com/important-security-announcement.

Thanks for the support. The link seems to be working fine from here. Can you please double check?
Thanks
Blank for me too, can't see anything.
paulthetafy
Hero Member
*****
Offline Offline

Activity: 820
Merit: 1000


View Profile
October 07, 2014, 03:31:48 AM
 #5

Thanks for the announcement, and sorry to hear the incident and loss.

The "Important Announcement!" link on site doesn't seem to work right, and it shows a blank page https://cryptothrift.com/important-security-announcement.

Thanks for the support. The link seems to be working fine from here. Can you please double check?
Thanks
Blank for me too, can't see anything.

I've just tried it again and it's working fine for me
SueGiant
Member
**
Offline Offline

Activity: 114
Merit: 10


View Profile
October 09, 2014, 02:00:06 PM
 #6

Thanks for the announcement, and sorry to hear the incident and loss.

The "Important Announcement!" link on site doesn't seem to work right, and it shows a blank page https://cryptothrift.com/important-security-announcement.

Thanks for the support. The link seems to be working fine from here. Can you please double check?
Thanks
Blank for me too, can't see anything.

Any update about this?
anikuiu
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
October 12, 2014, 05:23:19 PM
 #7

nice
elitenoob
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500



View Profile
October 13, 2014, 02:37:04 AM
 #8

Blank for me too, can't see anything.

Any update about this?
sorry, just seen it now, but yes now the site loads correctly for me
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!