Pages:
Author

Topic: BIPS, Payment Service Provider (PSP) for Merchants - page 3. (Read 75422 times)

full member
Activity: 152
Merit: 100
"Stolen"... Thats a bunch of BS!

This is the second time the owner, Kris Henriksen, has pulled of a stunt like this!
legendary
Activity: 2912
Merit: 1060
Lol what idiots use web wallets? You were warned LONG AGO by instawallet.
I only use blockchain and even left them.
At least blockchain never held your private keys unencrypted.
An attack there would only get people who log in over a time period by comprising the javascript to get the unencrypted private keys.
member
Activity: 231
Merit: 10
I have been in touch with Kris and while I cannot share any details, he has convinced me that he is taking this very seriously.  I retract my earlier implications that he stole the coins himself.  I'm convinced now that they were hacked, and that he is working hard to fix things and make them right.

That's all I got, but I thought I would let you guys know.  This is a shit situation for everyone  Embarrassed
full member
Activity: 207
Merit: 100
There's is definitely something fishy here. DDoS attacks don't just 'cause vulnerability' in a system. Either a very important part of the story is being left out or BIPS is making it all up. I don't see how a disconnected or overloaded iSCSI connected SAN can 'cause vulnerability' leaving their system open for hackers?

BIPS please explain.
member
Activity: 231
Merit: 10
On November 15th BIPS was the target of a massive DDoS attack,

All good so far, it happens to everyone.

which is now believed to have been the initial preparation for a subsequent attack on November 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers.

huh, what ? who is the idiot that setup this network ?

Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.

Wait wait wait. There is some huge step missing there, what are you omitting ? How do go you from DDoS, to network failure, to XXX, to access breach ?
Please don't get into the same territory as TF.

Agree.  I do woodworking now but I used to be in IT. I sent this to a buddy of mine who ran pen testing for a large security corporation...I'll let you guys know what he says.
legendary
Activity: 3710
Merit: 1586
Who the hell puts 90 BTC in a web wallet? I had ~0.13 BTC there and I'm waiting to get it back as I think BIPS is a little bit trustworthy. But I can also learn to finally switch out from web wallets, get an Android and install Electrum on it instead of using web wallet even for cents.

Sorry to read this. I've seen you in the Electrum forums and you're always helping people. I hope you get your coins back.
newbie
Activity: 42
Merit: 0
Glad there are others with enough technical knowledge to call them out if indeed thats the case...
full member
Activity: 207
Merit: 100
...attack on November 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers. ... the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.

This it utter bullshit. Overloading a SAN 'caused vulnerability'? No that is nonsense. Please elaborate because this looks like BIPS is just making shit up.
member
Activity: 98
Merit: 10
nearly dead
On November 15th BIPS was the target of a massive DDoS attack,

All good so far, it happens to everyone.

which is now believed to have been the initial preparation for a subsequent attack on November 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers.

huh, what ? who is the idiot that setup this network ?

Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.

Wait wait wait. There is some huge step missing there, what are you omitting ? How do go you from DDoS, to network failure, to XXX, to access breach ?
Please don't get into the same territory as TF.
full member
Activity: 196
Merit: 100
F* Sad
For Bitcoin and everybody involved, I hope this gets resolved properly FWIW
newbie
Activity: 30
Merit: 0
Did a story about it:

Bitcoin Payment Processor BIPS Attacked, Over $1m Stolen
http://www.coindesk.com/bitcoin-payment-processor-bips-attacked-1m-stolen/
member
Activity: 91
Merit: 10
It is imperative to understand that everything was wiped out from our servers and getting functionality back is priority #1.

It is not imperative for us to understand that getting functionality back is your priority #1.

Quote
The wallet part of BIPS was a free service to make payments easier for users.
Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in.

Then why did you provide this feature? The funny thing is in your Press release you are promising to bring out a "better" and more "secure" wallet in the near future. Are you planning to rob more people with this new "better" and "secure" wallet of yours?

Quote
Hence we offered a paper wallet as a cold storage alternative for those who wanted a safe storage solution.
We will be contacting all affected users as already proclaimed.
We will need their consent to hand over information to the authorities for further investigation, which hopefully can assist in catching the thief.
Those who were not affected and have a bitcoin balance will also be contacted.
Most balances left are minuscule, but if you had more than a few satoshi’s in your wallet you are affected, and will be contacted.

Another priority is doing forensics data recovery to be able to investigate and assist authorities in finding the attacker.

Quote
Technical information will not be disclosed for security reasons.

As a customer I have every right to know all the technical information involving this hack. All I have got from you is 1 graph of load spike which says nothing about the hack.

Quote
Stolen coins have been isolated and server logs have been retrieved from data recovery:
https://blockchain.info/address/1LuG91tcSQxKj32BsCoRkX7yQLfj9LtkCs

Please be advised that attacks are not isolated to us and if you are storing larger amounts of coins with any third party you may want to find alternative storage solutions as soon as possible, preferably cold storage if you do not need immediate access to those coins:
www.coindesk.com/hacker-attack-polands-bitcoin-exchange/
www.coindesk.com/czech-bitcoin-exchange-bitcash-cz-hacked-4000-user-wallets-emptied/

You sound more like TradeFortress here. We don't need to be educated about alternative storage solutions. We already know about them. We store coins online for a reason. There are plenty of times where we don't have access to our offline wallets and we need money to immediately initiate a transfer. If you guys start stealing our coins by calling it a "hack" you are just contributing to ruining the bitcoin ecosystem.

I wanted to settle this issue without resorting to a rant but you have left me with no choice. You haven't yet replied to any of my messages or even on the helpdesk.

Also I digged further into BIPS activities and I realized something really surprising. It was sending some of my coins to EasyCoin (a scam site that promises to mix coins but steals users coins instead). Its unfortunate that I did not do my investigations before this and I trusted BIPS with my coins. I mean who in the right mind would send customers coins to a scam site? And why would BIPS need to do that? It already had its own coin mixing system in place.

Here is the address generated by BIPS: https://blockchain.info/address/1PGXTsbbrnXBnTgEdssRCH8Ukc57DvapcP that was used by me to deposit my coins.

The way BIPS works is that it moves the coins you deposit to its address to another collecting address. I made a deposit of 1.5BTC (transaction here: https://blockchain.info/tx/37b7e6df916b32113e9dda776d6127c0566106fcca89a750537ad27ccab11462) on 31st October 2013.

As usual it was immediately moved to another address. This time it was to 1EGm7XaUVK2iAX1TzZy4i8w7BZ9kybF59B (https://blockchain.info/tx/fcd34fecf7898c2420e7a5b36a8ffd34d5583c1a73428f63d6d64eb7639af06a) with the remaining amount returned to 14xMNNgzDtkmrPhkEZohGg3nHkPFw96hDz. Now if you inspect 14xMNNgzDtkmrPhkEZohGg3nHkPFw96hDz you'll see only 1 input and 1 output. The output is to the EasyCoin deposit address (see transaction: https://blockchain.info/tx/396d954b416c18a8034d4677e95628841b7d45324afdedbc0db43c04f16bbddf).

member
Activity: 91
Merit: 10
So has no one got their BTC back from the BIPS wallets? Is it even worth submitting a helpdesk ticket right now?

Nope. Kris isn't even replying to my messages. But he is coming online atleast twice every day. I'm absolutely disappointed with his attitude. So much for professionalism!
newbie
Activity: 42
Merit: 0
doesn't seem like bips plans to do anything except continue business as usual and pretend nothing happened
sr. member
Activity: 292
Merit: 250
So has no one got their BTC back from the BIPS wallets? Is it even worth submitting a helpdesk ticket right now?
hero member
Activity: 715
Merit: 500
Bitcoin Venezuela
Who the hell puts 90 BTC in a web wallet?

Merchants do.  The people who are concerned with running a business and don't have the time to spend hours upon hours pouring over the arcane intricacies of cryptocurrencies.  The people who put their heart, soul and product out there on a very risky newfangled thing called Bitcoin.  The people who you need to move this whole circus forward into the mainstream.  So maybe a little less derision?  Put yourself into their shoes?

Make them use Electrum instead if they move that amount of money. Invest in a better merchant solution using more secure methods as MPK, or help making software better so web wallets are not needed.
hero member
Activity: 756
Merit: 522
It is imperative to understand that everything was wiped out from our servers and getting functionality back is priority #1.
The wallet part of BIPS was a free service to make payments easier for users.
Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in.
Hence we offered a paper wallet as a cold storage alternative for those who wanted a safe storage solution.
We will be contacting all affected users as already proclaimed.
We will need their consent to hand over information to the authorities for further investigation, which hopefully can assist in catching the thief.
Those who were not affected and have a bitcoin balance will also be contacted.
Most balances left are minuscule, but if you had more than a few satoshi’s in your wallet you are affected, and will be contacted.

Another priority is doing forensics data recovery to be able to investigate and assist authorities in finding the attacker.
Technical information will not be disclosed for security reasons.

Stolen coins have been isolated and server logs have been retrieved from data recovery:
https://blockchain.info/address/1LuG91tcSQxKj32BsCoRkX7yQLfj9LtkCs

Please be advised that attacks are not isolated to us and if you are storing larger amounts of coins with any third party you may want to find alternative storage solutions as soon as possible, preferably cold storage if you do not need immediate access to those coins:
www.coindesk.com/hacker-attack-polands-bitcoin-exchange/
www.coindesk.com/czech-bitcoin-exchange-bitcash-cz-hacked-4000-user-wallets-emptied/

Those werent exactly well established players in the bitcoin industry...

Just like this piece of shit.

This is your reminder, fuckwits:

1. Learn the pecking order. All opinions are not equal. Some people are to be respected. Learn who. Some people are irrelevant and easily ignored. Learn who. More importantly than the who, learn why. Is it just because "everyone else seems to think so"? That's no good, forget it. Is it because they were right when everyone else was wrong? That's perfect, especially if it occurs with any sort of consistency.

Quote
The story of Pointless and Witless

One day the woodchipper was invented. Thenceforth :

Pointless : Don’t put your hand in the woodchipper.
 Witless #n : Stop trying to deny people their woodchipper access which is a god given right god dangit!

Witless #n falls into the woodchipper and dies a bloody death.

~ * ~


Pointless : If you put your hand in the woodchipper you’ll die.
 Witless #n+1 : You’re just jealous because your hands aren’t as long as mine. We’ll see who dies first!

Witless #n+1 falls into the woodchipper and dies a screaming death.

~ * ~

Pointless : Jezuz you idiots just leave the woodchipper be.
 Witless #n+2 : Why are you being so unprofessional. Also I know better.
 Pointless : Various idiots have said this before. Here’s some bloody remains.
 Witless #n+2 : This is negative PR. You do your thing and I do my thing and we’ll see who dies first!

Witless #n+2 falls into the woodchipper and dies a painful death.

~ * ~


Pointless : Hello sir. Here at BTC House no noob by woodchipper at all.
 Witless #n+k : I know what I’m doing.
 Pointless : You couldn’t possibly.
 Witless #n+k : Tell you what. You do your thing and I do my thing and we’ll see who dies first!

Witless #n+k falls into the woodchipper and dies a shocking death.

Time to get it through your thick skulls: you don't start a bitcoin business without having first been ok'd by someone. Get with the program.
member
Activity: 231
Merit: 10
Who the hell puts 90 BTC in a web wallet?

Merchants do.  The people who are concerned with running a business and don't have the time to spend hours upon hours pouring over the arcane intricacies of cryptocurrencies.  The people who put their heart, soul and product out there on a very risky newfangled thing called Bitcoin.  The people who you need to move this whole circus forward into the mainstream.  So maybe a little less derision?  Put yourself into their shoes?
hero member
Activity: 715
Merit: 500
Bitcoin Venezuela
Who the hell puts 90 BTC in a web wallet? I had ~0.13 BTC there and I'm waiting to get it back as I think BIPS is a little bit trustworthy. But I can also learn to finally switch out from web wallets, get an Android and install Electrum on it instead of using web wallet even for cents.
member
Activity: 72
Merit: 10
Bitcoin maniac ;)
I lost about 0.9 BTC
Pages:
Jump to: