UPDATE:
Explanation for loss of service and plans for recovery and repayment.
From the day Ecrypto started operating it was under attack. Many attempts to penetrate the servers occured and attempts to hack my personal accounts were constant. Unfortunatly on the morning of December 28 the attacker was successful in gaining entry to the wallet servers. Things were operating normally when I noticed the wallet balance had gone to -11 BTC. A few minutes later the wallet servers stopped responding completly, and access to them through the command line became impossible. Digital Ocean began to investigate the problem and after some time sent this response.
Greetings,
I appreciate your patience. After loading your droplet's into a recovery environment, it appears that someone has compromised both of your droplet's, and stolen your bitcoin from the `W2` droplet. This is confirmed from the `.bash_history` file, which the attack did not effectively remove. In an attempt to cover their tracks, they attempted to wipe out your droplets filesystem with `rm -rf /`, but mistakenly left the `/root` folder, which left some of the data for the blocks you had found.
On the `W1` droplet, it is not apparent if there were any *coin's transferred, as the .bash_history folder over there was effectively wiped out prior to the `rm -rf /` on that droplet.
For your reference, both droplets remain in the recovery environment right now, and have the drives mounted. I've taken a few screenshots of the console and pulled of the transfer of your 11 bitcoin on blockchain.info to confirm the theft:
http://screencast.com/t/Ba7Mvgh6md0 http://screencast.com/t/1eKtogngnw https://blockchain.info/address/19Xn6GPjMoj8FMLMWg77Wq7PNiFSUsZxSVGiven the nature of bitcoin, this theft is effectively irreversible. Unfortunately, even if the data of your droplet's did remain intact, the theft would remain irreversible.
I would certainly be quite suspicious of this compromise, as if these bitcoin were just transferred last night, it would seem someone associated with you, or the other party, is well aware of your two mining droplets, or may have had access to the droplet's prior.
Unfortunately, there is truly nothing more that we are able to do for you at this point.
Regards,
Russell Mitchell | Support Team
There is noone with access to the account information hare so clearly this was a pure hack. I made great efforts to make the servers impossible to hack, however the hacker simply walked right in and stole everything. The coins they did not steal, they deleted. Since the attack I have just been sick to my stomach. Ecrypto has taken 6 months of 16 hour days to build, and anyone suggesting this was a theft by me is a complete fool. The total stolen was only 11 BTC which is not a huge amount. If the hacker had waited, they would have been able to steal a significant amount more, but it is obviously just an impatient child. I am currently reworking the entire setup, making significant changes that will make it impossible to penetrate. The wallet servers will have NO communications with the website server at all, and gaining access to them should be impossible. The weak point will be the weak passwords that Digital Ocean automatically generates for servers, but since the wallet server will have no connection with the website, even finding the server will be nearly impossible. I will also change the location of the wallet server at least once a week, and transfer the majority of BTC and LTC in the wallets into cold storage for additional security.
So the next question is, when will you get the coins you lost back? We have backup images of the wallet balances at the time of the attack. When the site comes back up, 100% of fees collected by the site will go to pay back lost coins. Not only will you receive the coins you lost, you will receive a 50% bonus. So for every 2 coins you had at the time of the attack - you will receive 3 coins as repayment.
Unfortunatly this is the best I can do for now. I personally suffered a large loss as well which makes it impossible to repay the lost coins faster than the plan.
When will the service resume operations? I am thinking a month or so. I need to make the servers bulletproof, and that will take time. If you feel the need to rant or call me names you can email
[email protected]. Reasonable emails will be responded to ASAP.
