RESOLUTION
First of all, we are confident that:
1)
our servers were not compromised;
2)
the operations of our customers did not fall into third hands.
At the moment we managed to repeat the experience of users who reported the problem with the fake signing address on our clearnet website, and eliminated this attack about 18 hours ago.
What have happened?An attackers managed to access HTTP-traffic on one of the infrastructure nodes of upstream providers. Thus, they deceived the verification system of the global Certification Authority (CA)
lettercrypt.org and issued a fake Domain Validation (DV) certificate, and were able to send HTTPS-traffic to their servers.
What does it mean?This means that users who received letters signed by the wrong address has sent their money to attackers and will unlikely receive them back. Those users who received letters signed by the correct address may not worry - the data exchange was secured directly between them and our servers. Also, this incident did not touch on those who used our onion-mirror.
What do we plan to do?We are very concerned how carefully and gracefully the phishing attack was performed. Unfortunately, this is possible in an open internet and this proves how much existing technologies of open internet are vulnerable. Therefore:
1) We will implement a set of measures to reduce the risks of such incidents with our clearnet website;
2) We will insistently recommend to use the onion website and check the signature, including creating economic incentives for this;
3) We will introduce the status-page on third-party reliable public provider to provide the up-to-date status of the website.
What will happen to victims of this incident?We value our customers and their trust very high and do not want to leave them as victims in this situation. During the coming days, we will continue to collect the information on users affected by this incident - when, we will see a complete picture and the amount of damage we will offer them an option to compensate the lost funds. If you haven't contacted me or support@[banned mixer] yet, get in touch and provide the LOG on your operation.
OFFICIAL UPDATE
Kindly note, we have finished collecting and processing the information on users affected by this incident and we are sure there are no new incidents on this attack. During coming days we will contact affected users to agree the refund details and we are aimed to provide the compensation
till the end of this month.
Thank you all for your patience during resolving this issue.