Topic: BTC-E.COM NICE RECOVERY FROM THE HACK! =) - page 5. (Read 51029 times)

I wonder how the attack worked... You think there's a way to brute force the API key offline? Did btce or LR allow millions of attempts at guessing it? Probably got hacked some other way.

Neither the servers nor the database were compromised. There were no SQL injections.

At 04:07 MSK (GMT+4) our LR API Secret Key was compromised. It's 16 uppercase, lowercase letters and digits. They may have bruteforced it for long.

Using the key the hacker imitated LR deposits from many accounts and bought up Bitcoins, Namecoins and Litecoins.

Withdrawal BTC is temporary off.

Dear users of the Exchange Btc-e.com

The exchange is not going to close. We will refund all losses from our reserves.

Neither the servers nor the database were compromised. There were no SQL injections.

At 04:07 MSK (GMT+4) our LR API Secret Key was compromised. It's 16 uppercase, lowercase letters and digits. They may have bruteforced it for long.

Using the key the hacker imitated LR deposits from many accounts and bought up Bitcoins, Namecoins and Litecoins.

We lost our daily volume, approx. 4500 BTC. The attacker couldn't withdraw more
as most BTC were distributed over several offline wallets.

At 10:30 we restored the database to the state it was at 04:00, right before the attack. All trades after 4:00 are reverted.

People who attempted withdrawals before 04:00 MSK will get their funds withdrawn later today.

For people who deposited BTC, LTC and NMC after 04:00 MSK the funds will be put to their balances before market opens.
We are working on the scripts for this.

If you deposited USD after 04:00 MSK you should send us your login, amount and payment system used by email or PM.

Our plan:

1. The trade will be disabled until we restore the balances to the point before market crash.

2. After that, the trade and deposit/withdrawal will be back on, approx. within 1-2 days.

Icq - 610112128
Skype - btc-e.support
E-mail - [email protected]

Not yet. They can draw USD and BTC balances as they were before the hack, but what will happen if everyone try to withdraw all their money? Does BTC-e have enough funds to cover every claim?

Equilibrium restored

Also, watching it happen, it wasn't obvious to me that it was an exchange hack until much later. In fact, until very late I considered it still a possibility that someone was using a large amount of real LR.

After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back.

After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back.

Unfortunately, it's not problem solved for at least two reasons. First, you can't rollback coin withdrawals. (They may have a similar problem with LR withdrawals, but I doubt it.) Second, you will have customers who will, in many cases justifiably, feel that rolling back legitimate trades rips them off. (You'll also have a bunch of jerks demanding to keep their ill-gotten gains, such as people who deposited BTC, sold them for $50 each, and then tried to withdraw USD. But screw them.)

For example, consider someone who saw the price rise at BTC-e and then bought a Mt. Gox code and then bought bitcoins at Mt. Gox, withdrew them from Gox and deposited them at BTC-e. A rollback would give them their bitcoins back. That still leaves them out the commission they paid for the Gox code plus  two Mt. Gox commissions (buying the bitcoins and then having to sell them). They also may take exchange losses depending on the timing and are left having to withdraw USD from Mt. Gox.

well, theres no meneaning in being rude.

"Our advantages:

 •Trading in automatic mode.
•Addition USD deposits within 24 hour
•Instant deposit/withdrawal all coin
•USD Withdrawal within 24 hours

i havent tried withdrowing more than 2000 btc.
so if im wrong, than its good.

Not true. there is a 2000BTC limit. Asshole doesnt know what the fuck he is talking about.

That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"

No limit(

...

They can reverse all the trades and restore balance to pre-hack time. But they will not be able to give back BTC that have been withdrawn. So either they make good and buy it in the market, or they say tough luck and customers lose. I expect they'll reverse everything and then see how much BTC they would need to buy. And at that point they'll decide who loses.

dev: we do rollback right now