The news
Hi,
Some explanations:
As discovered recently, starting several months ago, a focused series of attacks were executed on computer infrastructure connecting ltcgear with its users (website, database, and various layers behind).
The attacks were at beginning masked behind legit website utilization.
The attacks results ranged from DOS (denial of service) to more serious; creating fake shares or orders, or hijacking payment addresses (both for orders and share payments).
The attacks generated issues with payments, new asic, management and multiplications.
The methods used were not public knowledge at the time attacks started.
As about perpetrators, basically they were four kinds:
A. Attackers which were interested to hijack payments (both for orders and shares) and possible other occult agenda
B. Attackers which were interested to sell cheap shares to website users or sell service of order completion for a percent of real order value
C. Users which bought means for adding themselves free shares or complete themselves orders without payment to ltcgear
D. Attackers which were simply interested in service denial (e.g. denying Friday payment by starting a service denial attack).
As about identifying class A attackers, as I already informed certain parties from community, a direct connection to database was established starting from IP 178.21.117.208 belonging to directvps.nl and address 1AeFq5RbXiY1vsRqZjcF7fVodCxXwmDcMX (along with many others) was planted in database for payments. 1AeFq5RbXiY1vsRqZjcF7fVodCxXwmDcMX aggregates large amount of coins and sends funds to address 1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL (owner can be determined with 100% certainity)
For those needing a tip, here’s an article
http://qntra.net/2014/12/virransom-the-latest-ransomware/As about B and C type of attackers, ultimately users which benefited from such arrangements, once knowledge that they exist, were traceable.
As for example, it happened that an attacker injected in orders payment address pool a certain foreign address at a certain time, then next minute certain users came and placed big orders, all paid to foreign address until foreign address was removed, after which order frequency and value resumed regular trend.
Or there are users which placed 20 orders, but only paid one which had a previous planted foreign address. They kept generating orders waiting to see the address they knew will return coins to them.
Or simply, users were logged doing direct address injection and then paying to foreign address in order to get orders completed and shares added to account.
About D type, in case of regular DOS (DDOS or variants), it’s usually hard to get the perpetrators without help from authorities and process is long by itself.
In case of denial of service based by computer unauthorized access, attackers are easier to be identified.
As about measures to be taken; in class A, interested third parties were alerted.
As about B and C users, it was very uncomfortable to discover this sort behaviour, unauthorized computer access and modifications are very serious offences in all civilized world. It was even more uncomfortable to find some of this users pushing to get paid for their illegitimate shares via social engineering forums (forums were also used to sell and buy illegitimate shares or means to get them), e-mail or other public interfaces.
For the moment there is no final decisions, the measures will range from private actions to publishing list of users and alerting local authorities.
As for type D, the infrastructure will be fixed to mitigate those sorts of attacks.
As a note, there were attacks which moved beyond public infrastructure, but for the moment this won’t be detailed.
About legit payments
First of all, there was no way to perform payments once it was discovered that fake shares and orders were present in database (and backups) before database was cleaned.
Soon it was discovered, that there is no way to continue to pay weekly since the D class attacks simply interrupted each attempt of payment in December and January by generating various types of DOS.
The payments were moved to user balance and withdraw on demand. At this moment the payments are functional for a percent of users and will become functional gradually for entire database of legit users.
And one last thing it was no way to quantize and implement with database corrupted, shares have attached a maintenance tax which is paid “at the end of the year”. We are in the new year already so users will also find attached to account tax value and means to pay it.
The new ASIC
The new ASIC delivery date is now moved to February based on delays and issues induced by attackers.
Kind Regards,
Chris