Topic: [ANN][Pool][Profit-Switch][Optional Auto-Exchange per Coin][Vardiff] ~ Hashcows - page 99. (Read 347332 times)

Yes, according to timestamps it surelly have been done by some automated script (no Neuromancer "cybercowboy" can do it this fast on his own). And as I said before, its up to HC crew to show what EXACTLY happened.

Maybe I'm just not thinking correctly, but I don't see why people would "hold" a balance in a pool that charges fees as a percentage longer than a day anyway. In the case of hashcows and converting directly to BTC, it's 2.5% fee. So regardless of whether "hold out" your auto-pay to cash out @ 100 BTC, or 0.01 BTC the percentage of fees to payout is the same. I don't see any benefit to holding any BTC in the pool account.

On pools that charge a flat fee per payout, I might could understand as fewer payouts would mean less fees taken from your mining efforts...

I´ve boldlined answers to Yours post for better readibility and I am also very sorry for my bad English, "pač pocházím ze země, kde se vaším jazykem nemluví", so:

1) Its still under research, lets give HC crew some time (its Christmas, OMG)

2) That its truth and I bet that if You post those ideas to HC crew few days ago, they´ll implement this features in no time, as they prooved many times before. "Po bitvě je každý generál" (every one is general after the battle) is prowerb in my coutry.. And furthermore - 2 full hours doesn´t matter anything during Christmass, OMFG)

3) I didn´t noticed any HC downtimes recently. And BTW. anyone with at least 1x 7950 can afford pay for "little" DDOS by whole day minning.

4) HC site runs (almost) flawless for month and half for me and these guys ALWAYS responded ASAP and tried to solve even things like "oh, I did not recieved my payment which I accidentally sended to wrong account, help me koz am fukin laaamaaa"

5) As someone before me said, there is no guarantee that You´ll get some insurance from pool where You mine. Even that we all don´t have time to manually switch most profitable coin (that is main reason for most of us to chose HC), Its up to us to ensure some security.

With the transaction timestamps of the rogue BTC address, it seems likely that the hackers were modifying the DB directly using a script, changing payout addresses and initiating payouts in succession.  They didn't even need to enter PINs.  This risk was practically eliminated by middlecoin by paying out to the username BTC addresses only, and transmitting the amounts daily when the threshold was reached.  Something for aTriz and nearmiss to think about.

Ugh!  I had 0.0388 BTC stolen.   

"The service is running a pool for YOU to mine at and auto exchange your coins to BTC. Find ONE POOL that offers to pay you any outstanding balances if something goes wrong there. I bet you will not find ONE.

The fees are comparable to any pool, get over yourself."

The excessive amount of downtime at Hashcows certainly wasn't comparable to most pools.

How many of the other pools have ever allowed all/virtually all of it's users' balances to be all withdrawn to one single rogue address of a hacker? Certainly not comparable to most pools.

If you feel like the comparable fees charged by Hashcows has also equaled the quality of service provided by most other pools, I guess you have had lots of rotten luck in the past with where you have chosen to spend your hashpower at. I am to blame in part for this, though. I knew from past experiences with the site that they are down a large percentage of the time. I chalked that up to them still being fairly new. However, I was also looking for the least hands-on way to mine and convert to BTC and figured HC had moved past the growing pains, so I came back last week hoping things had changed. This was clearly a mistake on my part, as the downtime was still very high and at the end of the week all of my coins not paid into Hashcow's fees was then stolen from me due to their lack of security.

No, I have not seen any other pool guaranteeing the safety of users' balances. If any of them ever lose all of my coins from their own lack of security (completely independent of my own personal computer being hacked) and at the same time allow this exact thing to happen to most/all of  it's userbase, I will call them out on it too. I will also call out anyone telling people not to complain and that the site owners are doing a great job.

Get over myself? I think my response was pretty fair to whoever said that no one should be complaining and that the HC team is doing a great job. They clearly are not.

I hope so...I am relatively new, and after this have been considering switching to their closest competitor. I just got my r9 290x, then this joke.

Maybe their computers were infected at home? Maybe their own passwords were too simple? Maybe people used the same password across a dozen "coin" sites and the guys with malicious intent finally collected enough verification of such fact to unleash themselves.

The enemy of security is expediency, and vise-versa.

No, no and just NO!. I am milking this cow for more than month and half and I readed all 95 pages of this topic during that time and I can put my hand in the fire for both nearmiss and aTriz. Theese guys were always open to new ideas and they had implement most of good ones quickly, bit messy sometimes, but they did their best. On the other hand, as honest as they are, they also didn´t count with possibility that there is always some scum bag waiting for Your mistake.

LOL sure, that is why they were active in chat as soon as they got on. Yeah. Unless they got other people who have access.... not likely.

The service is running a pool for YOU to mine at and auto exchange your coins to BTC. Find ONE POOL that offers to pay you any outstanding balances if something goes wrong there. I bet you will not find ONE.

The fees are comparable to any pool, get over yourself.

 

Anyone consider the breach was an internal gig? To make it a very merry xmas for the hosts?

 

Yep this has happen to other pools and this one will not be the last one.
Only fools would keep more than one days worth of mining of ANY coin in a pool, let alone BTC.
I also dont understand wanting autopayout with it only going on for a day.  I take extra precautions when dealing with BTC, as in not only taking out as soon as the balance says I can, fees be damned, but I dont do auto pay because I need to verify EACH TIME that the addy is indeed correct for there is not going back if there is a typo or the wrong addy in the box.

People who are bitching about the time frame it took to stop and attack, ask a lot of cryptsy traders how long they have been waiting or have waited for coins to show up or have just vanished. In this kind of world stuff happens, can happen at any pool at any time. You hard earned BTC is best kept not in a pool but a wallet on your thumb drive that only connected when your transferring BTC in or out of your wallet, along with a BU of that too.

I will be a lot more supportive if I receive my coins back in a timely manner (if I receive them at all). Sure, any website can be hacked. It is hard to pay for proper security, and even that often isn't enough. However, not only did Hashcows allow a hacker to access all the users' account passwords and PINS, they didn't even have a failsafe in place for if/when the site was compromised.

The theft was ongoing for two full HOURS before withdraws were halted. Are you saying that the site should not have considered adding a flagging system when the withdraw rate from it's users shot up 1,000% all at once that could have at least stopped SOME of the thefts? This would have reduced the losses and made it more likely that the smaller amount of lost coins could be refunded. You can blame people for not withdrawing every day if you want, but it seems like (to me at least) that when you have tons of people who typically withdraw only every few days/weeks and/or they have their auto payout threshold set to a "high" figure, that Hashcows should have halted withdraws MUCH faster than two hours later. All those occational withdrawing users all didn't decide to lower their thresholds and pull their funds at the same time and all to the SAME ADDRESS.

Major security breach that users had no part in their information being changed and coins stolen. Site had no early warning alarms in place to catch blatantly obvious theft occurring. Many users paid a premium to the Hashcows owners for them to autotrade the coins they mined, on top of the regular mining fees paid to the site. These funds were apparently never used to increase DDOS protection to levels seen at other comparable sized pools, as Hashcows always had a lot of downtime, pretty much on a daily basis.

Where is the part where these guys did a great job? They didn't run a charity. They provided services for a price. I would say the price paid certainly did not match the quality of service.

At the very least these guys should reimburse all mining and autotrading fees accumulated for every affected user. Doesn't really seem fair for them to keep the profits they made from miners/autotraders when they allowed all of what was actually left to the miners to get stolen.In reality, they should refund all lost coins, but I will be very surprised if this happens.

Not sure if my BTC was taken or not... But when I tried logging in via my cellphone to check my balance so far today, mainly to make sure my miner is still up & running since I'm away from home, I couldn't log in. I have the https://hashco.ws/stats.php page bookmarked so I didn't even see the message about accounts being compromised, but since I couldn't log in I automatically assumed something like that had happened. So I remoted into my miner, and it was still hashing away! Quickly switched it to another pool! Then pulled out the laptop just in case to see if there was some issue with using my phone to log in. That's when I saw the warning message... Luckily, I have my auto-payout set low enough that I'm paid out daily.

But it definitely sucks that it has been mining all day, probably 18+ hours since last payout before I switched it, possibly just going into someone else wallet and costing me electricity/time. Hopefully they'll get this all sorted out soon, I've enjoyed (short of downtime and high reject rates) using hashcows



* Note that you may wanna put the warning message on the stats page as well to make sure people are aware if they don't go to the main page first...

Why doesn't the pool just add a credit of the amount lost to the fee's and allow the pool to pay the community back over time?

the absolute coolest thing the pool could do is reimburse people.  Even if that means the end of this incarnation of the pool.  Mtred paid everyone back when the pool went broke.  I could see the pool not being responsible if someone had their password set as password and pin set as 1234, but this looks to be something quite different.

With that said, i support Atriz and Nearmiss and I know that they'll do everything they can to rectify the situation

Hope it all works out for you. It all looked very promising.

Alas, I moved to middlecoin a few days ago, seemed more stable for my kind of limited mining.

Given the crap thats just happened, I hope you can salvage some of your Christmas!

For what it's worth, I don't expect HCows to reimburse me for any of my losses.  No pool is insured against any kind of losses...this isn't the bank, there's no FDIC and we all know this -- whether we choose to accept it or not is another story.  This isn't Coinbase or something where I've got an upfront understanding of the safety/security of my coins...no pool mananger out there would be crazy enough insure against losses.  If a pool owner decides to reimburse some/all of their members' losses that's a different story.

That being said, I think that the team at HCows will have to work extra hard to regain trust of the pool members in order to keep things going forward.

I consider this nothing more than 1 more lesson learned in the new world of crypto.  As individuals we can choose to bitch and moan but it won't change a thing.  Going forward I would like to ask us all to try and remain somewhat professional about this and see what the HCows team does next...the ball is in their court.

Glad you are being so mature about all this, we can tell who are the adults in the room!

In other news, we continue to have login's/payouts DISABLED, we will update here and in IRC within a few hours after me and nearmiss have a sit down and discuss things.

~Hashcows Team~

P.S. Merry Christmas everyone, sorry to start it off with this bad day!

Would you left bag of money lying on the table? Its the same - You´re either stupid or don´t need them at all. Reimburse up to 3 days of mining sounds more than fair to me, even 2 should be OK. Its everyone´s responsibility to take care of their hardly mined coins.