We encountered the hacker attack last week. The user has stolen approx. 5.5 BTC from our hot wallet. No problem for other users but we suffered a bit. The vulnerability was located and fixed quickly. Next day we got the email (posting the copy of it at the bottom) from someone who named himself WhiteHx Master. He said that he's the whitehat hacker, so he'll return everything that he got or keep it for showing us the bug. We've chosen the first option - get the stolen back, however favoring his efforts with one BTC he could keep. As the result never heard about him anymore.
Possibly it's a matter of time, so we're, looking forward, WhiteHx Master.
Meanwhile we would like to warn the community about this person. Moreover he has Bitcointalk account, associated with his wallet:
email: [email protected]
bitcointalk: https://bitcointalksearch.org/topic/m.11715038
username: psykachu
wallet: 15awDZEBVoJ4S5dheZLwByvNFsZFEqZF8AThe email we got from the hacker:Hello, as i can see, you finally noticed that i exploited your website... you took more than 24h lol
Don't worry, I'm not the bad guy ^^, I'm here to help you.
So, basically i found a exploit in your website, and as you can see i was able to get a high amount of BTC using it.
On really I was able to rape all your HotWallet ^^, and not only BTC, but Dogecoin and LTC too, but i didn't because that's was not my objective, I'm not a stealer, just got a big random amount to warn you that this exploit is really real, big and works.
So... i can give you 2 options from here...
1 - I can just give you back all BTC i got from your website. No support. ( haha, i don't prefer this option on really, actually this is my job (exploit hunter, whitehat), so please consider it...
2 - You can allow me to stay with BTC that i got from your website ( i think i deserve it, for my honestly and begin a good people) + Tips (Optional, if you think i deserve it ^^)
I can detail you how i did it and answer some question if you would like. Also i can help you to fix it, make some test to check if still exploitable,
Also, if eventually you got a problem with another third party exploit, i can help you fixing it or reproducing it, i'm profissional in this area ^^ , just email me with the problem and i can see what i can do to help.
Don't know if you understand... but I was able to take all your hotwallet (until you notice that (arround 24h lol) and i worked only 1-2h to get what i took), if i'm a bad guy (blackhat) i would really did it with all your hot wallet and run away ^^, also i'm offering the refund of all money i took case you want it back, if you consider i don't deserve it.. so when you choosing the option, please consider it. =D
I survive because most part of admin let me stay with the bounty, because they recognize my work, half of them still give me extra tips for it... doing this way i'll always be a good guy and stay happy with it...
Well, just consider that if i don't helped you now, or didn't alert you about this exploit... one day maybe a BlackHat (bad guy ^^) could really steal and run away forever, with all your pocket, who knows, using this same exploit haha, like i had the opportunity. And case you let the money with me... for you is just like a hacker had stoled it as it happened ^^, but like i said, i'm not a stealer and you can choose the option 1.
My address for tips: 15awDZEBVoJ4S5dheZLwByvNFsZFEqZF8A[/b]
Notes: Actually i can't give website names for privacy questions, but my Jobs finished is:
Alot of minor exploit, in average admins gave me extra tips (arround 0.1 - 1 BTC)
Alot of website like yours using same exploit, in average admins gave me extra tips (arround 2-10BTC)
Do you remember Hufflepuff on PrimeDice, the guy who stole 2000 BTC? (not me lol, he's the bad guy D, i found two other big website with the same vulnerability (before Stunna reveal what Hufflepuff did ^^, hehe now, i know Hufflepuff did same exploit that i had discovered a long time ago, after Stunna reveal how he exploited), beside raping like Hufflepuff did, i gave them same offer i gave you, and they paid me near (exploited value 80 BTC each) as reward.
Who know what could happen with this two website if Hufflepuff have find it before me? ^^
And Who know what can happen with your website if someone find it before me? ^^
Please, give you answer soon.
Regards,
WhiteHx Master