Topic: Bitcoin-Central.net "We have been compromised" - page 4. (Read 9309 times)

They have now re-opened for people to withdraw funds.

Considering the source, this phrase works quiet well "Don't believe everything you read on the internet".
They are blaming the host, so at least some blame can be deflected. Either way it was still their fault.

Who in their right mind would have an exchange holding that much BTC and have it hosted on a rented server.
Colo or self-hosted is how it should be done, that way you know realistically only the owner can access it, not a 3rd party too.

bump. Just to keep track of the posts here.

To quote MP,


I would guess the reason you don't hear anything about fiat's appalling record is that irl you know you have no business in finance, so then you don't follow the relevant feeds. In BTC this is somehow not equally obvious, so then you do follow the feeds.

Regardless of whether it was a problem with their hosting company or not, they were running a financial service handling millions of euros (http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy). It is not exactly as though there hasn't been precedence for hosting company related abuse (http://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/) and frankly an oversight of this nature points to systemic failings in their software and business model.

Did you even read what happened. It was a problem with the hoster.

It seems like every day there's another exchange or major service getting hacked or terminated in the bitcoin world  .

The fact that they don't run their own dedicated servers, but rely on a vulerable third party speaks mountains about their level of security, or lack thereof. What they fail to understand is that when running such a delicate service as they do, they need to be in control of everything themselves and be paranoid about security. Obiously they've failed on all accounts. The question is, how many hacks can they take before they throw in the towel and quits alltogether.

Just relax, they've hired independent security auditors prior to this incident. Nothing to see here, move on!

DISCLOSURE: I am a co-founder of Paymium

I can assure you that your funds (both fiat and BTC) are safe and that you will get a full refund if you so wish.
You may alos leave them wih us until we resume operations, this time without a hot wallet..

We have weathered nasty attacks but we did so while preserving our customers funds (in cold storage).

I'm curious if the hot wallet was encrypted, and if so, was the passphrase stored machine encrypted?

This seems like the best practice for a hot wallet on a machine.

If Bitcoin Centeral keep getting compromised, something is dangerously wrong.

Either their code has a gaping hole in their security, easy to exploit, or their host provider is the security hole. Or both.

If they are going to blame it on their host, why do I get the feeling they are staying? The host wouldn't cover that sort of lose, not for the sort of prices they have listed on the website. I'd like to point out, they do most VPS and Dedicated servers, not Colo. So their host could be the one stealing it for all they know as they have all the necessary access to do so.

The site has an update:


Apr. 25 2013 14:00 CEST UPDATE

Dear all, we'd like to give everyone an update as to what exactly is happening, has happened, and will happen in relation to the recent events at Bitcoin-Central.net.

Here are a few questions that require an immediate answer.

Have funds been lost?

A few hundred Bitcoins have been stolen from our hot wallet.

Will users lose funds?

No. We will cover 100% of the theft.

How did it happen?

Someone managed to reset the password from our hosting provider web interface, this enabled the attacker to lock us out of the interface and request a reboot of the machine in 'rescue' mode. Using this, the attacker copied our hot wallet and sent away what was present.

This very hosting provider (OVH) had been compromised a couple of days ago, in the exact same way, leading to loss of funds on mining.bitcoin.cz.

What is the plan?

We have taken the decision to suspend the service for the time being. Coming up with a different security approach will take some time. We owe our users to be on the safe side.

As a consequence we will refund everyone who so wishes up to the last cent and satoshi and take the needed time, without rush, to come up with a platform, an infrastructure and procedures to meet the new challenges that are faced by the Bitcoin exchange ecosystem at large.

Doing the right thing is not always easy. It's ok, riding the Bitcoin is not for the faint of heart, we'll take the time to prepare and we'll be back.

How exactly will this happen?

We will reopen the platform tomorrow, but won't be accepting any new Bitcoin or Euro deposits. Users will be expected to clear their accounts in order for us to settle all balances.

People who have very small EUR balances that aren't practical to wire will be offered a settlement in Bitcoin at generally available market rate at the time of the settlement.

Users will be able to place wire transfer orders, they will be processed as usual. The Bitcoin transfers will be processed directly from our cold-storage and will be sent as daily batches.

Can we refund everyone?

Yes, because Bitcoin-Central has, is, and will always will be full-reserve. We can refund everyone at the same time.

Unclaimed balances will be held until they are claimed, if they are still not claimed when the platform reopens they will be made available to the relevant imported user accounts. All Bitcoin balances left with us will be held in cold storage.

When will I be able to get my BTC/EUR back?

As soon as we re-open you will be able to request your account settlement which will be processed as fast as possible.

We aim at reopening the web interface on April 26th at 14:00 CEST. In case of delays we will post additional updates.

We thank all our users for their trust and business.
We thank everyone that supported us when everything was starting to get hard.

We'll be back, also skateboards.


https://bitcoin-central.net/

I will search WalletBit - so is it a kind of exchange or more of an online wallet?
BIPS interests me professionally I hope soon I will be PMing you (I was looking it yesterday)...

https://bitcointalksearch.org/topic/official-my-btc-e-account-got-hacked-and-all-funds-stolen-thread-173354

My feeling is that the louder and richer bitcoin gets the worse and more frequent things like this will happen. Bank robbery is profitable but limited in frequency due to the risks. What is there to risk in hacking a bitcoin site?

Holy shit, tards still use anything made by paymium?

ozcoin hacked last week, slush earlier this week, now bitcoin central... sheesh.

Because the amount that big players in the conventional world spend on security is mind-blowing.  Even then, they still suffer from successful fraud attempts and intrusions but they have the capacity to absorb those losses (and are often insured against them).

What happens in Bitcoinland is that services quickly find themselves handling large amounts of funds before they have the money available to spend on the security which should have been baked in from day 1.