Pages:
Author

Topic: Bitcoin-Central.net "We have been compromised" - page 4. (Read 9322 times)

sr. member
Activity: 353
Merit: 250
They have now re-opened for people to withdraw funds.
sr. member
Activity: 476
Merit: 250
Keep it Simple. Every Bit Matters.
If Bitcoin Centeral keep getting compromised, something is dangerously wrong.

Either their code has a gaping hole in their security, easy to exploit, or their host provider is the security hole. Or both.

Did you even read what happened. It was a problem with the hoster.

Considering the source, this phrase works quiet well "Don't believe everything you read on the internet".
They are blaming the host, so at least some blame can be deflected. Either way it was still their fault.

Who in their right mind would have an exchange holding that much BTC and have it hosted on a rented server.
Colo or self-hosted is how it should be done, that way you know realistically only the owner can access it, not a 3rd party too.
legendary
Activity: 1001
Merit: 1005
bump. Just to keep track of the posts here.
hero member
Activity: 756
Merit: 522
How come we never hear about Ameritrade getting hacked or one of the big online stockbrokers?  Maybe these fledgling bitcoin "exchanges" need to consult with how those guys do it, because this is getting ridiculous.

To quote MP,

Quote
CBOE down all day ? MPEx users not affected. In yo face, #fiat.

I would guess the reason you don't hear anything about fiat's appalling record is that irl you know you have no business in finance, so then you don't follow the relevant feeds. In BTC this is somehow not equally obvious, so then you do follow the feeds.
full member
Activity: 134
Merit: 100
If Bitcoin Centeral keep getting compromised, something is dangerously wrong.

Either their code has a gaping hole in their security, easy to exploit, or their host provider is the security hole. Or both.

Did you even read what happened. It was a problem with the hoster.

Regardless of whether it was a problem with their hosting company or not, they were running a financial service handling millions of euros (http://blockchain.info/address/1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy). It is not exactly as though there hasn't been precedence for hosting company related abuse (http://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/) and frankly an oversight of this nature points to systemic failings in their software and business model.
donator
Activity: 2772
Merit: 1019
If Bitcoin Centeral keep getting compromised, something is dangerously wrong.

Either their code has a gaping hole in their security, easy to exploit, or their host provider is the security hole. Or both.

Did you even read what happened. It was a problem with the hoster.
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
It seems like every day there's another exchange or major service getting hacked or terminated in the bitcoin world  Huh.

My feeling is that the louder and richer bitcoin gets the worse and more frequent things like this will happen. Bank robbery is profitable but limited in frequency due to the risks. What is there to risk in hacking a bitcoin site?
newbie
Activity: 52
Merit: 0
It seems like every day there's another exchange or major service getting hacked or terminated in the bitcoin world  Huh.
hero member
Activity: 868
Merit: 1000
From their recent tweets, one might conclude that their host is at fault Tongue

https://twitter.com/bitcoin_central/status/327131323342942209
https://twitter.com/bitcoin_central/status/327133723936051200

Proper communication on this one so far, though. Informative downtime message Smiley
But yeah, it's a pity they're the ones with a breach again

The fact that they don't run their own dedicated servers, but rely on a vulerable third party speaks mountains about their level of security, or lack thereof. What they fail to understand is that when running such a delicate service as they do, they need to be in control of everything themselves and be paranoid about security. Obiously they've failed on all accounts. The question is, how many hacks can they take before they throw in the towel and quits alltogether.
hero member
Activity: 868
Merit: 1000
At least they came clean quickly this time... communication +1. Although you have to ask serious questions about their security protocols...

Just relax, they've hired independent security auditors prior to this incident. Nothing to see here, move on!
legendary
Activity: 1221
Merit: 1025
e-ducat.fr
oh for fucks sake!

just about the only place I have some fiat left ;|


At least your fiat should be safe-ish, I had some btc over there :/
DISCLOSURE: I am a co-founder of Paymium

I can assure you that your funds (both fiat and BTC) are safe and that you will get a full refund if you so wish.
You may alos leave them wih us until we resume operations, this time without a hot wallet..

We have weathered nasty attacks but we did so while preserving our customers funds (in cold storage).
sr. member
Activity: 351
Merit: 250
I'm curious if the hot wallet was encrypted, and if so, was the passphrase stored machine encrypted?

This seems like the best practice for a hot wallet on a machine.
sr. member
Activity: 476
Merit: 250
Keep it Simple. Every Bit Matters.
If Bitcoin Centeral keep getting compromised, something is dangerously wrong.

Either their code has a gaping hole in their security, easy to exploit, or their host provider is the security hole. Or both.

If they are going to blame it on their host, why do I get the feeling they are staying? The host wouldn't cover that sort of lose, not for the sort of prices they have listed on the website. I'd like to point out, they do most VPS and Dedicated servers, not Colo. So their host could be the one stealing it for all they know as they have all the necessary access to do so.
legendary
Activity: 1498
Merit: 1000
The site has an update:


Apr. 25 2013 14:00 CEST UPDATE

Dear all, we'd like to give everyone an update as to what exactly is happening, has happened, and will happen in relation to the recent events at Bitcoin-Central.net.

Here are a few questions that require an immediate answer.

Have funds been lost?

A few hundred Bitcoins have been stolen from our hot wallet.

Will users lose funds?

No. We will cover 100% of the theft.

How did it happen?

Someone managed to reset the password from our hosting provider web interface, this enabled the attacker to lock us out of the interface and request a reboot of the machine in 'rescue' mode. Using this, the attacker copied our hot wallet and sent away what was present.

This very hosting provider (OVH) had been compromised a couple of days ago, in the exact same way, leading to loss of funds on mining.bitcoin.cz.

What is the plan?

We have taken the decision to suspend the service for the time being. Coming up with a different security approach will take some time. We owe our users to be on the safe side.

As a consequence we will refund everyone who so wishes up to the last cent and satoshi and take the needed time, without rush, to come up with a platform, an infrastructure and procedures to meet the new challenges that are faced by the Bitcoin exchange ecosystem at large.

Doing the right thing is not always easy. It's ok, riding the Bitcoin is not for the faint of heart, we'll take the time to prepare and we'll be back.

How exactly will this happen?

We will reopen the platform tomorrow, but won't be accepting any new Bitcoin or Euro deposits. Users will be expected to clear their accounts in order for us to settle all balances.

People who have very small EUR balances that aren't practical to wire will be offered a settlement in Bitcoin at generally available market rate at the time of the settlement.

Users will be able to place wire transfer orders, they will be processed as usual. The Bitcoin transfers will be processed directly from our cold-storage and will be sent as daily batches.

Can we refund everyone?

Yes, because Bitcoin-Central has, is, and will always will be full-reserve. We can refund everyone at the same time.

Unclaimed balances will be held until they are claimed, if they are still not claimed when the platform reopens they will be made available to the relevant imported user accounts. All Bitcoin balances left with us will be held in cold storage.

When will I be able to get my BTC/EUR back?

As soon as we re-open you will be able to request your account settlement which will be processed as fast as possible.

We aim at reopening the web interface on April 26th at 14:00 CEST. In case of delays we will post additional updates.

We thank all our users for their trust and business.
We thank everyone that supported us when everything was starting to get hard.

We'll be back, also skateboards.


https://bitcoin-central.net/
legendary
Activity: 1498
Merit: 1000
This is starting to get really annoying - second time they are compromised, BTC24 f@cked up, Bitfloor terminated, MtGox DDoSed, bitcoin.de with issues, BTC-e compromised too...

BIPS and WalletBit are still doing just fine Cool WalletBit is the only service of its type still running since June 2011 and BIPS is its successor (free Bitcoin processing).
I will search WalletBit - so is it a kind of exchange or more of an online wallet?
BIPS interests me professionally I hope soon I will be PMing you (I was looking it yesterday)...
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
My feeling is that the louder and richer bitcoin gets the worse and more frequent things like this will happen. Bank robbery is profitable but limited in frequency due to the risks. What is there to risk in hacking a bitcoin site?
vip
Activity: 1316
Merit: 1043
👻
Holy shit, tards still use anything made by paymium?
legendary
Activity: 1778
Merit: 1008
ozcoin hacked last week, slush earlier this week, now bitcoin central... sheesh.
hero member
Activity: 868
Merit: 1000
How come we never hear about Ameritrade getting hacked or one of the big online stockbrokers?  Maybe these fledgling bitcoin "exchanges" need to consult with how those guys do it, because this is getting ridiculous.

Because the amount that big players in the conventional world spend on security is mind-blowing.  Even then, they still suffer from successful fraud attempts and intrusions but they have the capacity to absorb those losses (and are often insured against them).

What happens in Bitcoinland is that services quickly find themselves handling large amounts of funds before they have the money available to spend on the security which should have been baked in from day 1.
Pages:
Jump to: