Author

Topic: Important Security Announcement (Read 1606 times)

hero member
Activity: 728
Merit: 500
October 12, 2014, 09:37:04 PM
#8
Blank for me too, can't see anything.

Any update about this?
sorry, just seen it now, but yes now the site loads correctly for me
newbie
Activity: 34
Merit: 0
October 12, 2014, 12:23:19 PM
#7
nice
member
Activity: 114
Merit: 10
October 09, 2014, 09:00:06 AM
#6
Thanks for the announcement, and sorry to hear the incident and loss.

The "Important Announcement!" link on site doesn't seem to work right, and it shows a blank page https://cryptothrift.com/important-security-announcement.

Thanks for the support. The link seems to be working fine from here. Can you please double check?
Thanks
Blank for me too, can't see anything.

Any update about this?
hero member
Activity: 820
Merit: 1000
October 06, 2014, 10:31:48 PM
#5
Thanks for the announcement, and sorry to hear the incident and loss.

The "Important Announcement!" link on site doesn't seem to work right, and it shows a blank page https://cryptothrift.com/important-security-announcement.

Thanks for the support. The link seems to be working fine from here. Can you please double check?
Thanks
Blank for me too, can't see anything.

I've just tried it again and it's working fine for me
hero member
Activity: 728
Merit: 500
October 06, 2014, 10:18:11 PM
#4
Thanks for the announcement, and sorry to hear the incident and loss.

The "Important Announcement!" link on site doesn't seem to work right, and it shows a blank page https://cryptothrift.com/important-security-announcement.

Thanks for the support. The link seems to be working fine from here. Can you please double check?
Thanks
Blank for me too, can't see anything.
sr. member
Activity: 368
Merit: 250
bitify.com - Bitcoin Marketplace & Auction site
October 06, 2014, 09:25:13 PM
#3
Thanks for the announcement, and sorry to hear the incident and loss.

The "Important Announcement!" link on site doesn't seem to work right, and it shows a blank page https://cryptothrift.com/important-security-announcement.

Thanks for the support. The link seems to be working fine from here. Can you please double check?
Thanks
hero member
Activity: 653
Merit: 500
October 06, 2014, 08:57:00 PM
#2
Thanks for the announcement, and sorry to hear the incident and loss.

The "Important Announcement!" link on site doesn't seem to work right, and it shows a blank page https://cryptothrift.com/important-security-announcement.
sr. member
Activity: 368
Merit: 250
bitify.com - Bitcoin Marketplace & Auction site
October 06, 2014, 08:27:37 PM
#1
In the early hours of Sunday 5th October, CryptoThrift was subject to a well-planned and clinically executed security breach. Our hot wallet was compromised and our attackers managed to steal a little over 15 BTC of funds that were held in escrow. The nature of the attack was such that it was not immediately clear that anything had happened, which is why it has taken us until today to take action.

Fortunately the majority of users funds being held in escrow were safe in offline storage, so the impact of this attack was lessened. Please be assured that any users that have payments or refunds due will be contacted over the next few days and your money will be paid. The owners of CryptoThrift are absorbing the cost of this.

Whilst we have not yet completed our investigation, we have identified the attack vector as a vulnerability in a third party plugin. This was used to inject SQL queries into our database and manipulate the amounts on transactions being released from escrow. What we have not made public until now is that we have seen sustained and almost-daily attack attempts on the site for many months. We have been in contact with the Australian Federal Police regarding this, and will be sharing with them all data that we have on this attack as well as all previous attempts.

This attack has prompted us to reflect on our security measures, and we have concluded that we need to make some significant changes to our escrow process, our storage of customers funds, and have a third-party conduct a full security audit. Until this is complete, we feel we have no choice but temporarily suspend our escrow service for our users, as we simply cannot risk holding users funds. Effective immediately, buyers will no longer be able to choose to use escrow when purchasing items. All existing transactions that are in escrow will be honored until they are released or refunded.

CryptoThrift is owned and operated by two guys, both with families and full-time jobs, who run this site in their evenings and weekends to try and create something new for the crypto community. We have made every effort to provide good customer service and have put 100% of all profits back into development, advertising, and marketing. A such, the cost of this theft is being covered by us personally. If our attackers wish to do the right thing and return our funds to us, they can do so by sending it back to 19bBwiFrAaCLxZZoS4grTDoFFVszxzvPMo. If any of our users wish to help, we would gratefully receive donations of support to the same address.

We must sincerely apologize to our loyal users for this breach and our decision to temporarily remove our escrow service. It is heartbreaking for us to see our hard work destroyed by cold-hearted, thoughtless, hackers.

Thanks for all your support, and we hope that you continue to use our site. If you have any comments, please feel free to share them on our blog post

Paul & Ahmad
Team CryptoThrift
Jump to: