Topic: Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred - page 33. (Read 158131 times)
November 05, 2013, 01:08:36 AM
I have the same problem too. Withdraw 5 BTC from coinlenders but not appear in my inputs account. 4 hours passed. Please help!
November 05, 2013, 12:23:53 AM
A full update will be posted soon, don't panic. Only people with the API key enabled was compromised (and will be reimbursed), passwords are securely stored one way in the database.
Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).
There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.
Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).
There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.
by the way, just wondering, what are API keys? are they some special feature which allows access to our account, and how do I disable such a feature if it is ON
November 04, 2013, 11:21:10 PM
How do I revoke an API key? I accidentally generated one and can't seem to get rid of it.
November 04, 2013, 10:03:11 PM
Unable to send BTC from my inputs.io account. Getting error: Sending has failed. The hot pocket may be empty. We have being notified of this.
That's kind of worrying (and also grammatically incorrect).
EDIT: working now
That's kind of worrying (and also grammatically incorrect).
EDIT: working now
November 04, 2013, 09:59:48 PM
Hi TF,
I just withdrew about 43 BTC from coinlenders to inputs, and it didn't show up in my inputs account.
Could you please check on that? I'll send you an email with my account details.
Thanks!
I just withdrew about 43 BTC from coinlenders to inputs, and it didn't show up in my inputs account.
Could you please check on that? I'll send you an email with my account details.
Thanks!
November 04, 2013, 09:39:48 PM
A full update will be posted soon, don't panic. Only people with the API key enabled was compromised (and will be reimbursed), passwords are securely stored one way in the database.
Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).
There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.
Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).
There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.
keep us posted and I'm unsure what 'side channel' attack means.
November 04, 2013, 09:13:13 PM
you had API key enabled.?
Yes. 
November 04, 2013, 09:03:42 PM
thanks TF.
November 04, 2013, 08:59:18 PM
A full update will be posted soon, don't panic. Only people with the API key enabled was compromised (and will be reimbursed), passwords are securely stored one way in the database.
Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).
There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.
Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).
There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.
good update, looking for more.
November 04, 2013, 08:22:08 PM
A full update will be posted soon, don't panic. Only people with the API key enabled was compromised (and will be reimbursed), passwords are securely stored one way in the database.
Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).
There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.
Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).
There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.
November 04, 2013, 07:47:32 PM
0.12843117 BTC gone from my account "dailybitcoins" to the 15Ctwosw7VCNHp5Rp1ZoviLaV41nZ59spx. Please make a refund.
you had API key enabled.?
November 04, 2013, 07:46:56 PM
The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.
Everyone who has lost money will be fully reimbursed.
Everyone who has lost money will be fully reimbursed.
pretty scary. luckily my coins are intact. I have never enabled the API keys.
November 04, 2013, 07:40:58 PM
Where are you getting all these addresses from?
Maybe you are getting them from here, either way this is a MAJOR issue:
http://www.reddit.com/r/Bitcoin/comments/1pw46j/someone_just_transferred_0095_from_my_inputsio/
TradeFortress any comments??
http://www.reddit.com/r/Bitcoin/comments/1pw46j/someone_just_transferred_0095_from_my_inputsio/
TradeFortress any comments??
That's correct. He is sleeping apparently. Although coinchat seems to be down. EDIT: I guess coinchat has been down for a few days.
I think he's on Sydney timezone
November 04, 2013, 07:37:39 PM
0.12843117 BTC gone from my account "dailybitcoins" to the 15Ctwosw7VCNHp5Rp1ZoviLaV41nZ59spx. Please make a refund.
November 04, 2013, 05:30:25 PM
The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.
Everyone who has lost money will be fully reimbursed.
Everyone who has lost money will be fully reimbursed.
That's good to hear. Ignore the email I've sent you
November 04, 2013, 06:25:21 PM
The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.
Everyone who has lost money will be fully reimbursed.
Everyone who has lost money will be fully reimbursed.
Oblivious to what was going on today, I withdrew from coinlenders & have not received it in inputs. I assume the reasoning behind this is related to this situation. Thanks in advance for your hard work and service provisions. Godspeed...
November 04, 2013, 05:52:20 PM
When will my bitcoin be refunded?
Do you need my address?
Do you need my address?
November 04, 2013, 05:50:02 PM
The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.
Everyone who has lost money will be fully reimbursed.
i assume you will make an announcement detailing the full extent of the compromise and what is being done to patch the vulnerability? this makes me very worried to keep funds on there?Everyone who has lost money will be fully reimbursed.
i never enabled api key. are my wallets secure?
I would assume so. API keys are very dangerous. They have full access to your account. Never enable api keys for an account you are actually using if you are not using it for development purposes. Create secondary accounts if you want to play with API's. Everyone should also make sure all their accounts on other exchanges/online wallets don't have API's enabled if you aren't using them.
In either case. I have withdrawn my funds temporarily until we get a proper update and a full understanding of what happened.
same here. i look forward to hearing an update from TF regarding the extent of what happened. another reminder not to keep much on online wallets..... unfortunately..... i felt safe with all of inputs security features.
November 04, 2013, 05:26:26 PM
The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.
Everyone who has lost money will be fully reimbursed.
i assume you will make an announcement detailing the full extent of the compromise and what is being done to patch the vulnerability? this makes me very worried to keep funds on there?Everyone who has lost money will be fully reimbursed.
i never enabled api key. are my wallets secure?
I would assume so. API keys are very dangerous. They have full access to your account. Never enable api keys for an account you are actually using if you are not using it for development purposes. Create secondary accounts if you want to play with API's. Everyone should also make sure all their accounts on other exchanges/online wallets don't have API's enabled if you aren't using them.
In either case. I have withdrawn my funds temporarily until we get a proper update and a full understanding of what happened.
November 04, 2013, 05:25:19 PM
Everyone who has lost money will be fully reimbursed.
Thank you, it is the way to go
Jump to: