Topic: 0.4 BTC stolen by hacker - please return them - page 2. (Read 2387 times)
yep at just .4 BTC I'd consider it payment for services.
So now you learnt a lesson! Check for loopholes and fix them.
The hacker did you a favor. You could have lost much more. Consider it a payment for services.
OP, sorry to hear your loss.
Well, at least you now find the bug and fix it.
Well, at least you now find the bug and fix it.
This post made me lol.
First of all, what makes you think this "hacker" reads bitcointalk? And secondly, what makes you think that asking him to return the BTC will do anything?
First of all, what makes you think this "hacker" reads bitcointalk? And secondly, what makes you think that asking him to return the BTC will do anything?
The hacker won't return the coins. Consider it a $300 education. Had the site been popular it might have been a $300,000 loss.
Saying you are really careful and yet failed to do server side validation is an oxymoron.
I would recommend learning some unit testing. My guess is you are developing the "core" program and consdering error checking as an add on. For larger and more complex projects this always fails. Grab a couple books on Test driven Development ( http://en.wikipedia.org/wiki/Test-driven_development ). The $300 loss could be worth thousands if it makes you a better developer.
Saying you are really careful and yet failed to do server side validation is an oxymoron.
I would recommend learning some unit testing. My guess is you are developing the "core" program and consdering error checking as an add on. For larger and more complex projects this always fails. Grab a couple books on Test driven Development ( http://en.wikipedia.org/wiki/Test-driven_development ). The $300 loss could be worth thousands if it makes you a better developer.
At approximately 11:30am - 12:00pm GMT today, a hacker was able to exploit a security hole in my game and withdraw 0.4 BTC, which was the entire hot-wallet contents.
He withdrew to this address: 16pknxjJF8yhL2iBPmXRw4rcoGhFYmGcoy
Transactions:
288734e41ebde40bfb07227006f27ea256e3a51e90b7388b4335d9c84f3f90e6
441c5f163afe515def15e2eed21c9aac8eed9d8ff3d6142c475342cf154d17ee
52d4cec1e6b5c95be2bc10a4afd665c722498eecd6804cf03e12558cd41846a2
5b1f08f26ec1cdbbdfb00ea7191bd27a2356edf18c376ba7270210b2932a6ef5
652c88def365b22ec3c1be34df410557a1e4f9bd68a1df6617c5f30875ad32c6
90f8d413664fa88791e71e385034d97598e409d04927715f802578bbd7ecf3de
be8ec0d0ca2c8891c004d9f5d691bc4c2b69401490623e3b27aab7a15bf1953f
cdd8f318899c96edaa7fb74a23fd84eb565e26b3f2997d6f8e0db53cc4019cb5
d7a4289a513f55c9b1dfb194134b5d49f1b8b001bf86eb821d604166ff99be8a
f1cf5d32866994843097db6f697c9bc5dc72ce4cdebf6d4cdfdcc0230b87eedb
f44a1d769f2aa0bfb990722f0b6856d242c2a46a50cb26690ad208f546327a46
He used the aliases: 1gld,16p,x,y
His attack was to use negative numbers for the BTC fields when creating a new game in blockchain-reaction, although these were checked for client-side, the server failed to do the correct validation.
I feel pretty stupid since that's an obvious attack and I'm usually really careful with this stuff, but it just slipped under the radar. Obviously this is now fixed.
I have covered this loss from my own personal bitcoin wallet, so no users will be affected.
If you are the attacker and you are reading this, please consider returning these stolen coins, I have a suspicion you are a fellow developer / programmer, so please have a heart.
Cheers, Paul.
He withdrew to this address: 16pknxjJF8yhL2iBPmXRw4rcoGhFYmGcoy
Transactions:
288734e41ebde40bfb07227006f27ea256e3a51e90b7388b4335d9c84f3f90e6
441c5f163afe515def15e2eed21c9aac8eed9d8ff3d6142c475342cf154d17ee
52d4cec1e6b5c95be2bc10a4afd665c722498eecd6804cf03e12558cd41846a2
5b1f08f26ec1cdbbdfb00ea7191bd27a2356edf18c376ba7270210b2932a6ef5
652c88def365b22ec3c1be34df410557a1e4f9bd68a1df6617c5f30875ad32c6
90f8d413664fa88791e71e385034d97598e409d04927715f802578bbd7ecf3de
be8ec0d0ca2c8891c004d9f5d691bc4c2b69401490623e3b27aab7a15bf1953f
cdd8f318899c96edaa7fb74a23fd84eb565e26b3f2997d6f8e0db53cc4019cb5
d7a4289a513f55c9b1dfb194134b5d49f1b8b001bf86eb821d604166ff99be8a
f1cf5d32866994843097db6f697c9bc5dc72ce4cdebf6d4cdfdcc0230b87eedb
f44a1d769f2aa0bfb990722f0b6856d242c2a46a50cb26690ad208f546327a46
He used the aliases: 1gld,16p,x,y
His attack was to use negative numbers for the BTC fields when creating a new game in blockchain-reaction, although these were checked for client-side, the server failed to do the correct validation.
I feel pretty stupid since that's an obvious attack and I'm usually really careful with this stuff, but it just slipped under the radar. Obviously this is now fixed.
I have covered this loss from my own personal bitcoin wallet, so no users will be affected.
If you are the attacker and you are reading this, please consider returning these stolen coins, I have a suspicion you are a fellow developer / programmer, so please have a heart.
Cheers, Paul.
Jump to: