Topic: EgoPay servers compromised? Sending fake transactions to merchants - page 2. (Read 8816 times)
December 28, 2014, 03:23:29 PM
I was wondering when the hackers were going to hit things like Egopay, PerfectMoney, etc.
December 28, 2014, 02:54:13 PM
Now it looks like the whole EgoPay merchant callback server is down. Any attempts to verify transaction callbacks result in "404 Not Found" error from the EgoPay server. Looks like they became aware that their server has been hacked and disabled it. Still no response from their support team. This starts looking serious.
December 28, 2014, 09:03:57 AM
its the right place to be posting
December 28, 2014, 08:56:51 AM
I am sorry if this is a wrong forum to post this, but I couldn't find a better one. The matter is urgent and since EgoPay is one of the most popular payment methods connected with bitcoin trading, I think it is vital that the whole community is aware what is happening.
This morning we received several transaction notifications from EgoPay via merchant API. These notifications were posted from the usual IP adress of Egopay (95.211.120.119) and were verified correctly by the SCI callback to the www.egopay.com server. However, the funds from these transactions were not added to our wallet. The transactions have very similar IDs, for example ZYYYXL-CLB1B2-AB93GV and ZYYYXX-WHQJNB-E2HQ1S, which is also suspicious because normally the IDs of the transactions are very different.
It looks that someone has hacked EgoPay servers and is/was sending fake transactions to merchants. We suspect this because (a) the notifications come from the IP address of EgoPay server and (b) the transactions were verified correctly by the callback to EgoPay server.
We have double-checked everything on our side and our scripts were not compromised (which was verified by comparing checksums of all scripts). We are posting this information here for all merchants using EgoPay because this matter is very serious and we haven't heard anything from the EgoPay support team so far.
We suggest that anyone having an EgoPay account change their password immediately, and any merchant using EgoPay as a method of payment disable it until we hear the explanation from EgoPay about this incident.
This morning we received several transaction notifications from EgoPay via merchant API. These notifications were posted from the usual IP adress of Egopay (95.211.120.119) and were verified correctly by the SCI callback to the www.egopay.com server. However, the funds from these transactions were not added to our wallet. The transactions have very similar IDs, for example ZYYYXL-CLB1B2-AB93GV and ZYYYXX-WHQJNB-E2HQ1S, which is also suspicious because normally the IDs of the transactions are very different.
It looks that someone has hacked EgoPay servers and is/was sending fake transactions to merchants. We suspect this because (a) the notifications come from the IP address of EgoPay server and (b) the transactions were verified correctly by the callback to EgoPay server.
We have double-checked everything on our side and our scripts were not compromised (which was verified by comparing checksums of all scripts). We are posting this information here for all merchants using EgoPay because this matter is very serious and we haven't heard anything from the EgoPay support team so far.
We suggest that anyone having an EgoPay account change their password immediately, and any merchant using EgoPay as a method of payment disable it until we hear the explanation from EgoPay about this incident.
Jump to: