Topic: [CLOSED] BTC Guild - Pays TxFees+NMC, Stratum, VarDiff, Private Servers (Read 902906 times)

I can't login to get my 2904 BTC I left on BTCGuild!

... just kidding.

The pool is now completely shut off, 177 days after the initial closure announcement.  This is 87 days more than was promised in our Terms of Service, the FAQ, and forum posts in the past about our closure process.  I had been extending the shutdown process to give more time for those who don't pay attention, but problems this evening have forced me to finally stop providing extensions and finish the shutdown.

After the pool removed its servers from colocation, the frontend was rewritten to provide a reduced functionality version that could run on a single temporary webserver to continue allowing withdrawal requests.  This rewrite required significant removal of checks that used to be done between multiple servers and DDoS protection scripts used to identify brute force attacks.  Since the site was no longer active, I assumed these shouldn't be required anymore since if somebody DDoS'd the site, it didn't really affect anything other than delaying withdrawals for a few hours/days until the attack stopped.

Unfortunately, this inadvertently removed the site's brute force protection on logins.  This evening, approximately 400 accounts (out of over 1 million) were logged into and had attempts to change the addresses.  Accounts that had no email setup for authentication were immediately changed, while those with emails setup received emails with a confirmation link.  Locked accounts obviously had nothing available to them.

Knowing that stripping out many layers of site functionality may have inadvertently added attack vectors, I removed automatic payout processing, leaving it as a fully manual process after the server move.  This allowed me to catch the fact that this happened and prevent the attacker from getting a payday (even if the total amount wasn't even half a Bitcoin).

---

Please remember going forward:  Don't re-use your usernames and passwords on multiple sites.  There are databases out there with tens of millions of username+password combinations.  There are likely over a million just from Bitcoin sites that have been compromised over the last 5 years.



EDIT:  To be clear, there is no evidence that this brute force attack was anything other than login attempts using usernames/passwords from a non-BTC Guild source.  If the attacker had information from BTC Guild's database, or the ability to modify it, they certainly wouldn't have hit ~400 accounts with a combined balance of less than 0.5 BTC.  All account wallet changes were done through the website (indicating no ability to modify the database), and was completely random in which accounts were affected (indicating no ability to access database information).

I really must disagree. Your post above in fact illustrates exactly WHY you are very influential. You ran an honest business in an era where bitcoin mining was very much like the Hollywood version of the old west. You helped a lot of people without much or any motive to do so, and when you did shut down, you did it exactly right. The example you set IS the standard that others are measured by, and most come up short.

While you may not be an activist in the street, the example you set will be forever part of the early history of cryptocurrencies, and Bitcoin in particular. One of the very best parts of that history. Your opinions carry far more weight than I think you realize.

No joke, I had one pool announce closing and flush out accounts in less then 7 days.  My coins were an involuntary donation to their cause, lucky Im not a big miner because that would be pretty upsetting for anyone spending alot of electricity as it was an alt coin setup.   Guild was well above the standard of many operations setup recently, caveat emptor

My hat is still off for you, sir.

You are with regards to 2015.

Thanks for the mention, but I'm certainly not an "influential" person in Bitcoin.  I ran a good pool, kept things running smoothly for 4 and a half years, and decided to gracefully shut down the service (and give people 6 months to clear old accounts) to make sure it ended on a positive note and under my own terms, not as the result of legal action or even worse, malicious actions.

When I hear influential, I think of people that are actually "doing something" for Bitcoin.  Either by pushing adoption, working on improving usability, working on improvements, or trying to inform/direct legal authorities into making decisions that will do the least damage if they insist on doing anything at all.  All BTC Guild really did that fits into any of that would be BIP32 support and then voicing opinions on BIP 100/101 and my agreement that block size should be increased.  But that's the real limits of influence:  Suggestion/confirmation.  I don't make myself an advocate and preach the benefits of them.  Oh, and my continued assault on  SPV mining done by pools like AntPool, BTC China, and F2Pool, meaning over 50% of the hashpower on the network isn't even doing their damn job properly.

I just voted in the Coindesk "Most influential People of BTC in 2015". It looks like someone at Coindesk forgot to put BTC Guild on the list so I'm sure a few of you, from here,  can find their way to use the write in at the bottom like I did.  HINT..ef'n..HINT!!!

Don't worry - I won't.

In this case, I never received notice that BTC Guild was shutting down. (And yes, I double-checked my email/spam.) Otherwise, I would have pulled the funds immediately.

Just don't do it again on another online service!  We're not wallets/long term storage, and the odds of any other Bitcoin service continuing to deal with account withdrawals 18 weeks after they shut down their services is extremely low.

I'd like to publicly thank eleuthria for not only running one of the greatest BTC pools ever, but also for personally taking care of my withdrawal in a timely fashion.

After the recent bump in the BTC exchange rate, I went to log into BTC Guild where I knew I had a few coins stashed. I read the closure notice, much to my dismay. To further my dismay, my account was deactivated.

After reaching out to eleuthria, he reactivated my account and manually approved the transfer.

Thanks for your professionalism and integrity, eleuthria!

No No they are mine Satoshi owes me money XD


And that sucks well since they are likely abandoned and forgotten accounts it seems fair that you get to keep them after this many years.

Yeah, I can imagine......no fun for you at all, I don't envy you.

I know it's a joke, but you have no idea how many emails I got over the last 3 months of people saying they forgot their username and password (and their email didn't match any account ever registered), but were adamant they had multiple BTC in their balance and were demanding help.

LULZ

They're mine as well actually.......

Oh, they're mine. I totally forgot about those um coins of mine. What are my usernames and passwords again?

wowsers, reminds me of the guy who mined like 100 btc and left the wallet on an old hard disk.  Forgot all about it, then threw away the disk, after years then realising its at the local dump.  Not much you can do if people have moved on, virtual money down the sofa back.

I cant remember my slush cz account just I know its barely got anything maybe a few nmc

There's a couple thousand accounts with less than 0.01 but more than 0.0001.  There's a few (less than 100) very old accounts with no email, no wallet, etc. assigned to them with more than 1 BTC owed, that haven't been logged in to since 2011-2012.

Just curious.
How many people still have dust in their accounts?
Any significant AWOL people, like any covert people that were mining at the Guild but never cared about the coins (implying they were just doing it to experiment or for some higher purpose)?

After giving it a lot of thought, the FINAL, deadline for withdrawals of BTC on BTC Guild, as well as any other information exports, will be

December 12, 2015


This date represents 180 days from the initial closure announcement.  It also covers the majority of the holiday buying season, where I expect there will be an uptick in the number of people trying to find the coins they had stashed away on various sites.  This effectively *doubles* the original time frame given for withdrawals which was already extremely generous.  It will also mean that more than 10% of the total time that BTC Guild existed was devoted entirely to letting people get their coins out after the service was closed.