newbie
Activity: 1
Merit: 0
Copy paste from their latest update:
Official Hashcows Update – December 26th 2013
As has been mentioned in an earlier update, on December 24th 2013 someone was able to modify the Bitcoin payout addresses of many users of Hashcows, and trigger a manual cashout of current balances. 754 total users (out of a total of 8,142 registered users, 5,000+ of which have a BTC balance > 0) had BTC removed from their accounts, accounting for approximately 14.2% of users who held BTC on Hashcows. A total of 40.7815 BTC was removed and sent to address 13R87ropkDKzDEuVeQoX64kkcLvPWVdTKH. Hashcows staff have followed up with all major exchanges and a number of other large pools to confirm if they had any trace of this address in their systems, which as of this time has not turned up any useful results.
Since the attack was noticed on the 24th, we've placed the site in a locked down read-only mode, and disabled all payouts. While we understand this has caused some frustration among users, not being able to see if their accounts were affected, we felt it was the responsible course of action to take, given we knew we were unable to dedicate the time required to diagnose and address the security issues on Christmas Eve and Christmas Day.
We've been working since this time, both in determining the cause of the attack, and its potential scope, including an external audit of the source code by a trusted 3rd party. At this time the belief is still sql injection, based on the nature of the attack and how it was carried out. However, regardless of the technical results of ongoing audits, 2 things are confirmed. #1 The web instance and the mining/stratum instances are physically seperate. The mining instance remains unnafected by the web based lockdown, which is why mining continues to function as usual. #2 The web front-end is undergoing a rebuild from scratch as we speak, by both myself and another developer, utilizing different technologies, improved security features, and new hardware. We hope to have a basic version of this up in the coming days.
What does this mean in the immediate future? We'd prefer to not turn on write access for the website in its current form, but obviously understand people can't be expected to wait much longer for balances held up by the system (both old balances still intact, and earnings mined over the days since lockdown). We'll be posting a simple tool for people to use, allowing you to login with your credentials, at which point it will send out an email verification link, including your current balance and payment address the site has for you. Once clicked, your balance will be sent to the address specified. If you need to make changes to these details, instructions will be provided on the tool page. We hope to have this posted by tomorrow.
Last but not least, perhaps the question many have been waiting for an answer on. What does Hashcows plan to do about the missing 40 BTC? We've thought long and hard on this, and its obviously one of the most important decisions we'll have made in our short existence as a pool and community. Its a situation and decision that has hung over us throughout the last couple days spent with family.
Hascows will be re-imbursing every miner 100% of losses incurred on earnings made within the last 7 days prior to the incident (Dec 17th's payout inclusive). This means any funds you earned between Dec 17th and Dec 24th that were cashed out of your account by the attacker, will be re-added to your account at Hashcows expense. This payout will recover 100% of losses for 463 of the 754 affected users. For the remaining 291 users, we'll be offering reduced fees of 0.5% for at least the next 60 days to help with any shortfall.
In closing, both aTriz and I want to make a statement on more of a personal level, we have been absolutely stunned by the community that you have all created with this pool. There has been a tremendous amount of support and encouragement through these not so fortunate times and we would personally like to say Thank You. We look forward to the future of this pool while we begin the rebuilding stage which will continue to bring this wonderful community more features, more safety, more support, and more cows!
nearmiss.
I´d encourage you to join their irc.frenode.net channel: #hashcows , and ask there for help / news.
Regards.
José.