Pages:
Author

Topic: Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred - page 33. (Read 158152 times)

member
Activity: 81
Merit: 10

I have the same problem too. Withdraw 5 BTC from coinlenders but not appear in my inputs account. 4 hours passed.  Please help!
newbie
Activity: 11
Merit: 0
A full update will be posted soon, don't panic. Only people with the API key enabled was compromised (and will be reimbursed), passwords are securely stored one way in the database.

Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).

There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.

by the way, just wondering, what are API keys? are they some special feature which allows access to our account, and how do I disable such a feature if it is ON
legendary
Activity: 1246
Merit: 1077
How do I revoke an API key? I accidentally generated one and can't seem to get rid of it.
member
Activity: 83
Merit: 10
Unable to send BTC from my inputs.io account. Getting error:  Sending has failed. The hot pocket may be empty. We have being notified of this.

That's kind of worrying (and also grammatically incorrect).

EDIT: working now
full member
Activity: 126
Merit: 100
Hi TF,
I just withdrew about 43 BTC from coinlenders to inputs, and it didn't show up in my inputs account.

Could you please check on that? I'll send you an email with my account details.

Thanks!
legendary
Activity: 2128
Merit: 1002
A full update will be posted soon, don't panic. Only people with the API key enabled was compromised (and will be reimbursed), passwords are securely stored one way in the database.

Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).

There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.

keep us posted and I'm unsure what 'side channel' attack means.
hero member
Activity: 806
Merit: 1000
COINMIXER.NET
newbie
Activity: 20
Merit: 0
A full update will be posted soon, don't panic. Only people with the API key enabled was compromised (and will be reimbursed), passwords are securely stored one way in the database.

Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).

There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.

good update, looking for more.
vip
Activity: 1316
Merit: 1043
👻
A full update will be posted soon, don't panic. Only people with the API key enabled was compromised (and will be reimbursed), passwords are securely stored one way in the database.

Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).

There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.
legendary
Activity: 2128
Merit: 1002
0.12843117 BTC gone from my account "dailybitcoins" to the 15Ctwosw7VCNHp5Rp1ZoviLaV41nZ59spx. Please make a refund.

you had API key enabled.?
legendary
Activity: 2128
Merit: 1002
The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.

Everyone who has lost money will be fully reimbursed.

pretty scary. luckily my coins are intact. I have never enabled the API keys.
legendary
Activity: 2128
Merit: 1002
Where are you getting all these addresses from?
Maybe you are getting them from here, either way this is a MAJOR issue:

http://www.reddit.com/r/Bitcoin/comments/1pw46j/someone_just_transferred_0095_from_my_inputsio/

TradeFortress any comments??

That's correct. He is sleeping apparently. Although coinchat seems to be down. EDIT: I guess coinchat has been down for a few days.

I think he's on Sydney timezone
legendary
Activity: 1582
Merit: 1002
0.12843117 BTC gone from my account "dailybitcoins" to the 15Ctwosw7VCNHp5Rp1ZoviLaV41nZ59spx. Please make a refund.
legendary
Activity: 2198
Merit: 1989
฿uy ฿itcoin
The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.

Everyone who has lost money will be fully reimbursed.

That's good to hear. Ignore the email I've sent you Smiley
sr. member
Activity: 400
Merit: 250
the sun is shining, but the ice is still slippery
The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.

Everyone who has lost money will be fully reimbursed.

Oblivious to what was going on today, I withdrew from coinlenders & have not received it in inputs. I assume the reasoning behind this is related to this situation. Thanks in advance for your hard work and service provisions. Godspeed...
sr. member
Activity: 308
Merit: 250
When will my bitcoin be refunded?
Do you need my address?
full member
Activity: 204
Merit: 100
The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.

Everyone who has lost money will be fully reimbursed.
i assume you will make an announcement detailing the full extent of the compromise and what is being done to patch the vulnerability? this makes me very worried to keep funds on there?

i never enabled api key. are my wallets secure?

I would assume so. API keys are very dangerous. They have full access to your account. Never enable api keys for an account you are actually using if you are not using it for development purposes. Create secondary accounts if you want to play with API's. Everyone should also make sure all their accounts on other exchanges/online wallets don't have API's enabled if you aren't using them.

In either case. I have withdrawn my funds temporarily until we get a proper update and a full understanding of what happened.

same here. i look forward to hearing an update from TF regarding the extent of what happened. another reminder not to keep much on online wallets..... unfortunately..... i felt safe with all of inputs security features.
sr. member
Activity: 322
Merit: 250
The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.

Everyone who has lost money will be fully reimbursed.
i assume you will make an announcement detailing the full extent of the compromise and what is being done to patch the vulnerability? this makes me very worried to keep funds on there?

i never enabled api key. are my wallets secure?

I would assume so. API keys are very dangerous. They have full access to your account. Never enable api keys for an account you are actually using if you are not using it for development purposes. Create secondary accounts if you want to play with API's. Everyone should also make sure all their accounts on other exchanges/online wallets don't have API's enabled if you aren't using them.

In either case. I have withdrawn my funds temporarily until we get a proper update and a full understanding of what happened.
sr. member
Activity: 552
Merit: 250
Everyone who has lost money will be fully reimbursed.

Thank you, it is the way to go
Pages:
Jump to: