WARNING
Kindly note, we are following multiple issues where users report the wrong signing address on our website. All of this users report that their connection is secured by the fake SSL-certificate issued on Jan 26, 2021 and expiring on Apr 26, 2021. The Letters of Guarantee of this users has the same fake signing address and has not been generated by our servers. We are investigating this incident. We consider the DNS-spoofing or "man in the middle" attack of this users.
We recommend you to refrain from mixing until separate notice will be posted.RESOLUTION
First of all, we are confident that:
1)
our servers were not compromised;
2)
the operations of our customers did not fall into third hands.
At the moment we managed to repeat the experience of users who reported the problem with the fake signing address on our clearnet website, and eliminated this attack about 18 hours ago.
What have happened?An attackers managed to access HTTP-traffic on one of the infrastructure nodes of upstream providers. Thus, they deceived the verification system of the global Certification Authority (CA)
lettercrypt.org and issued a fake Domain Validation (DV) certificate, and were able to send HTTPS-traffic to their servers.
What does it mean?This means that users who received letters signed by the wrong address has sent their money to attackers and will unlikely receive them back. Those users who received letters signed by the correct address may not worry - the data exchange was secured directly between them and our servers. Also, this incident did not touch on those who used our onion-mirror.
What do we plan to do?We are very concerned how carefully and gracefully the phishing attack was performed. Unfortunately, this is possible in an open internet and this proves how much existing technologies of open internet are vulnerable. Therefore:
1) We will implement a set of measures to reduce the risks of such incidents with our clearnet website;
2) We will insistently recommend to use the onion website and check the signature, including creating economic incentives for this;
3) We will introduce the status-page on third-party reliable public provider to provide the up-to-date status of the website.
What will happen to victims of this incident?We value our customers and their trust very high and do not want to leave them as victims in this situation. During the coming days, we will continue to collect the information on users affected by this incident - when, we will see a complete picture and the amount of damage we will offer them an option to compensate the lost funds. If you haven't contacted me or support@[banned mixer] yet, get in touch and provide the LOG on your operation.
