Multiple YiiMP pools hacked, this is what we know so far..

hashrefinery

member

Activity: 120

Merit: 11

Quote from: sundownz on December 10, 2017, 08:50:32 AM

Quote from: hashrefinery on December 10, 2017, 12:32:38 AM

Quote from: sundownz on December 09, 2017, 10:36:55 AM

Quote from: hashrefinery on December 08, 2017, 11:14:42 PM

Quote from: teknikl on December 08, 2017, 07:28:31 PM

Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

Is what hacked? There are many sites using this software.

Since NiceHash went offline there are thousands of miners trying to find new pools. We've had about about 800% growth in connections over the past few days. This was initially causing problems on the web frontend until performance adjustments were made.

Other pools running closer to the performance limit of their servers might take longer to adjust.

Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).

No thread, sorry. Contact is via PM and announcements are made on the pool website.

Nice mining setup!

Got it.

Also, thanks, got it all changed over yesterday and it's running smooth.

I only have one issue & also had it with ZPOOL -- sometimes NEMO will hang up on the intro screen for a LONG time trying to call the API for profit data. This starts to happen once I get past ~30 or so workers. It can take 10+ minutes to start mining.

Sometimes the DB load spikes and causes queries to take a long time. Tpruvot recently fixed one cause of this but I think another one remains somewhere else in the code:

https://github.com/tpruvot/yiimp/commit/6c09e5f1b909f5f6aaf9bdec490d974d6cad7018

sundownz

hero member

Activity: 714

Merit: 512

Quote from: hashrefinery on December 10, 2017, 12:32:38 AM

Quote from: sundownz on December 09, 2017, 10:36:55 AM

Quote from: hashrefinery on December 08, 2017, 11:14:42 PM

Quote from: teknikl on December 08, 2017, 07:28:31 PM

Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

Is what hacked? There are many sites using this software.

Since NiceHash went offline there are thousands of miners trying to find new pools. We've had about about 800% growth in connections over the past few days. This was initially causing problems on the web frontend until performance adjustments were made.

Other pools running closer to the performance limit of their servers might take longer to adjust.

Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).

No thread, sorry. Contact is via PM and announcements are made on the pool website.

Nice mining setup!

Got it.

Also, thanks, got it all changed over yesterday and it's running smooth.

I only have one issue & also had it with ZPOOL -- sometimes NEMO will hang up on the intro screen for a LONG time trying to call the API for profit data. This starts to happen once I get past ~30 or so workers. It can take 10+ minutes to start mining.

hashrefinery

member

Activity: 120

Merit: 11

Quote from: sundownz on December 09, 2017, 10:36:55 AM

Quote from: hashrefinery on December 08, 2017, 11:14:42 PM

Quote from: teknikl on December 08, 2017, 07:28:31 PM

Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

Is what hacked? There are many sites using this software.

Since NiceHash went offline there are thousands of miners trying to find new pools. We've had about about 800% growth in connections over the past few days. This was initially causing problems on the web frontend until performance adjustments were made.

Other pools running closer to the performance limit of their servers might take longer to adjust.

Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).

No thread, sorry. Contact is via PM and announcements are made on the pool website.

Nice mining setup!

sundownz

hero member

Activity: 714

Merit: 512

Quote from: BitBustah on December 09, 2017, 12:19:25 PM

Quote from: sundownz on December 09, 2017, 10:36:55 AM

Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).

No, don't think so. Check the message on the site:

"As always you can PM us on bitcointalk if you have any questions or concerns."

The owner seems like a cool guy. Have sent messages with him before.

Edited to add: Do you have pics of your "setup" somewhere? Would love to see it.

Sure do -- I actually have done a "build log" of sorts for the main section (dedicated mining). I also run all my office & home PCs on mining, hehe.

https://bitcointalksearch.org/topic/building-cheap-miners-my-secret-1955358

Here are the three main racks that are totally done:

My fourth rack will be done within a week.

BitBustah

hero member

Activity: 1218

Merit: 534

Quote from: sundownz on December 09, 2017, 10:36:55 AM

Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).

No, don't think so. Check the message on the site:

"As always you can PM us on bitcointalk if you have any questions or concerns."

The owner seems like a cool guy. Have sent messages with him before.

Edited to add: Do you have pics of your "setup" somewhere? Would love to see it.

sundownz

hero member

Activity: 714

Merit: 512

Quote from: hashrefinery on December 08, 2017, 11:14:42 PM

Quote from: teknikl on December 08, 2017, 07:28:31 PM

Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

Is what hacked? There are many sites using this software.

Since NiceHash went offline there are thousands of miners trying to find new pools. We've had about about 800% growth in connections over the past few days. This was initially causing problems on the web frontend until performance adjustments were made.

Other pools running closer to the performance limit of their servers might take longer to adjust.

Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).

hashrefinery

member

Activity: 120

Merit: 11

Quote from: teknikl on December 08, 2017, 07:28:31 PM

Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

Is what hacked? There are many sites using this software.

Since NiceHash went offline there are thousands of miners trying to find new pools. We've had about about 800% growth in connections over the past few days. This was initially causing problems on the web frontend until performance adjustments were made.

Other pools running closer to the performance limit of their servers might take longer to adjust.

teknikl

newbie

Activity: 1

Merit: 0

Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

enkayz

full member

Activity: 298

Merit: 100

hashbag.cc

The source code was updated with new stuff to prevent this from happening again, you should be safe to use yiimp. However make sure to secure your servers themselves - yiimp is only one part of the equation.

CryptoPunkyXL

newbie

Activity: 80

Merit: 0

So, is this software updated against the hack. Or the hacker can use the same hack to hack pools and steel again ??
I am using Unomp right now but want to use yiimp.

MrMaxwell

jr. member

Activity: 71

Merit: 2

Quote from: AK74XXX on September 13, 2017, 06:59:20 AM

Quote from: MrMaxwell on September 12, 2017, 09:57:58 PM

Absolute nonsense! Are you writing Haiku or just trying to be funny?

You don't code, do you? Grin

Does old school BAL, IBM Basic Assembly Language count? https://en.wikipedia.org/wiki/IBM_Basic_assembly_language_and_successors

granat

full member

Activity: 186

Merit: 100

granatgas-pool.info

all will be cause on some people on some owner of pool. So for all issue about loses, you can move to other pool that have compensated on it like zpool or other pool that make responsibility on that. so miner that have choice to find honestly pool or owner that make this safe on their money and get in owner personal loses

maleemk

sr. member

Activity: 304

Merit: 250

I dont know about other Pools, But Hash Refinery, They 100% honor their commitment, He Personally bought ONIONS out of his own pocket and paid my ONIONS, Even though I had told him that i am not in a hurry. I definitely recommend Hash Refinery for mining.
For the proof anybody can follow may Onion Address on Hash Refinery.
http://pool.hashrefinery.com/?address=Dq8VPnpqXfEeeazHt1HKwFQfNsCGRVCR7e

BBoBB

sr. member

Activity: 346

Merit: 251

Do it right or don't do it at all.

Quote from: crackfoo on September 22, 2017, 02:41:54 PM

Quote from: BitBustah on September 22, 2017, 02:38:48 PM

Quote from: BBoBB on September 19, 2017, 09:15:54 AM

Sorry to Quote something I'm not a party of... nonetheless, i'm not trying to be judgmental....
I think the pool operator scope of responsibility extends to the moment the mined assets are transmitted to the miner.. being lost for one reason or the other is meaningless to the miner.. unless they choose for forfeit their right of claiming those mined assets; the pool operator is responsible for compensating the miners for such losses..
at least that's the unwritten but very logical rule we abide by - speaking on behalf of MinerTopia - and a bunch more yiimp/other pools we know have bought coins from the market to settle miners dues .. it's only the right thing to do..

my 2 cents

I disagree. The pool owners and operators are also victims in this story. The money was stolen; That's a fact cause it happened on multiple sites. In real life people have insurances against theft or robbery. This is the altcoin world. It's decentralised. That's the risk you take.

Oh yeah, edited to add: No one forced you to mine at a specific pool. When mining at a new pool, it's always a gamble wether or not you are going to get paid.

^^^ my sentiments as well. I lost $60-70K .... what did you loose BBoBB? Regardless, we all have to take a loss when this shit happens and move on. I did.

You miss understood my statement... we lost money too @MinerTopia and we took the looses and moved on too ..
Miners should not mine to pools that wash their hands of their commitment when a hack like the one we all got hit by happens..
and as you said... until we get insurance ... this is a risk that we have to take and bare if we want to remain in this business..

P.S. i was not at liberty of naming your pool.. but i know you covered your miners as we did too

crackfoo

legendary

Activity: 3430

Merit: 1126

Quote from: BitBustah on September 22, 2017, 02:38:48 PM

Quote from: BBoBB on September 19, 2017, 09:15:54 AM

Sorry to Quote something I'm not a party of... nonetheless, i'm not trying to be judgmental....
I think the pool operator scope of responsibility extends to the moment the mined assets are transmitted to the miner.. being lost for one reason or the other is meaningless to the miner.. unless they choose for forfeit their right of claiming those mined assets; the pool operator is responsible for compensating the miners for such losses..
at least that's the unwritten but very logical rule we abide by - speaking on behalf of MinerTopia - and a bunch more yiimp/other pools we know have bought coins from the market to settle miners dues .. it's only the right thing to do..

my 2 cents

I disagree. The pool owners and operators are also victims in this story. The money was stolen; That's a fact cause it happened on multiple sites. In real life people have insurances against theft or robbery. This is the altcoin world. It's decentralised. That's the risk you take.

Oh yeah, edited to add: No one forced you to mine at a specific pool. When mining at a new pool, it's always a gamble wether or not you are going to get paid.

^^^ my sentiments as well. I lost $60-70K .... what did you loose BBoBB? Regardless, we all have to take a loss when this shit happens and move on. I did.

BitBustah

hero member

Activity: 1218

Merit: 534

Quote from: BBoBB on September 19, 2017, 09:15:54 AM

Sorry to Quote something I'm not a party of... nonetheless, i'm not trying to be judgmental....
I think the pool operator scope of responsibility extends to the moment the mined assets are transmitted to the miner.. being lost for one reason or the other is meaningless to the miner.. unless they choose for forfeit their right of claiming those mined assets; the pool operator is responsible for compensating the miners for such losses..
at least that's the unwritten but very logical rule we abide by - speaking on behalf of MinerTopia - and a bunch more yiimp/other pools we know have bought coins from the market to settle miners dues .. it's only the right thing to do..

my 2 cents

I disagree. The pool owners and operators are also victims in this story. The money was stolen; That's a fact cause it happened on multiple sites. In real life people have insurances against theft or robbery. This is the altcoin world. It's decentralised. That's the risk you take.

Oh yeah, edited to add: No one forced you to mine at a specific pool. When mining at a new pool, it's always a gamble wether or not you are going to get paid.

hashrefinery

member

Activity: 120

Merit: 11

Quote from: BBoBB on September 19, 2017, 09:15:54 AM

Quote from: hashrefinery on September 19, 2017, 07:40:49 AM

Quote from: maleemk on September 18, 2017, 06:39:59 PM

Hi @hashrefinary.
I have over 622 ONIONS stuck at your, when can i expect them to be credited to my wallet. I know you must be busy resolving the hacking related issues, your answer will be appreciated.
Following is my Pool link.
http://pool.hashrefinery.com/?address=Dq8VPnpqXfEeeazHt1HKwFQfNsCGRVCR7e

Hi @maleemk,

I have replied to your PM to discuss options.

TL;DR - ONION balance was stolen in the hack and we haven't mined enough since then to cover the payout.

Sorry to Quote something I'm not a party of... nonetheless, i'm not trying to be judgmental....
I think the pool operator scope of responsibility extends to the moment the mined assets are transmitted to the miner.. being lost for one reason or the other is meaningless to the miner.. unless they choose for forfeit their right of claiming those mined assets; the pool operator is responsible for compensating the miners for such losses..
at least that's the unwritten but very logical rule we abide by - speaking on behalf of MinerTopia - and a bunch more yiimp/other pools we know have bought coins from the market to settle miners dues .. it's only the right thing to do..

my 2 cents

I agree with you 100%. No miners have lost funds due to the hack - the pool covered 100% of stolen funds from reserves.

There are however delays with users getting payouts in coins that are not actively being mined by the pool. There is always a risk of this happening with non-BTC payment addresses due the way yiimp operates when in exchange mode. It will automatically trade any other coin to BTC, but will never buy other coins using BTC to make payouts.

The main page of the pool says:

Quote

If you elect to be paid in a coin other than BTC your payout will be delayed if the pool is not currently mining your preferred coin due to low profitability.

Zpool has a similar but more detailed message:

Quote

Non-BTC payouts depend on that coin being mined as your BTC balance is traded internally by our system to your currency of choice. If we have not or are not mining that currency your payouts will be delayed until the pool has mined the blocks for you to get paid. If you notice in the pools status that the currency is red, it means there is not sufficient amount of the currency to pay miner(s). It's recommended to use BTC as any other coin could be removed at anytime and payouts will not occur.

If miners get caught out by this I have in the past made special arrangements so they can be paid out and I have made a similar offer to maleemk via PM. Typically however all coins are paid on the normal schedule.

BBoBB

sr. member

Activity: 346

Merit: 251

Do it right or don't do it at all.

Quote from: hashrefinery on September 19, 2017, 07:40:49 AM

Quote from: maleemk on September 18, 2017, 06:39:59 PM

Hi @hashrefinary.
I have over 622 ONIONS stuck at your, when can i expect them to be credited to my wallet. I know you must be busy resolving the hacking related issues, your answer will be appreciated.
Following is my Pool link.
http://pool.hashrefinery.com/?address=Dq8VPnpqXfEeeazHt1HKwFQfNsCGRVCR7e

Hi @maleemk,

I have replied to your PM to discuss options.

TL;DR - ONION balance was stolen in the hack and we haven't mined enough since then to cover the payout.

Sorry to Quote something I'm not a party of... nonetheless, i'm not trying to be judgmental....
I think the pool operator scope of responsibility extends to the moment the mined assets are transmitted to the miner.. being lost for one reason or the other is meaningless to the miner.. unless they choose for forfeit their right of claiming those mined assets; the pool operator is responsible for compensating the miners for such losses..
at least that's the unwritten but very logical rule we abide by - speaking on behalf of MinerTopia - and a bunch more yiimp/other pools we know have bought coins from the market to settle miners dues .. it's only the right thing to do..

my 2 cents

hashrefinery

member

Activity: 120

Merit: 11

Quote from: maleemk on September 18, 2017, 06:39:59 PM

Hi @hashrefinary.
I have over 622 ONIONS stuck at your, when can i expect them to be credited to my wallet. I know you must be busy resolving the hacking related issues, your answer will be appreciated.
Following is my Pool link.
http://pool.hashrefinery.com/?address=Dq8VPnpqXfEeeazHt1HKwFQfNsCGRVCR7e

Hi @maleemk,

I have replied to your PM to discuss options.

TL;DR - ONION balance was stolen in the hack and we haven't mined enough since then to cover the payout.

samspaces

legendary

Activity: 1451

Merit: 1030

Is renting coming back to Yiimp pools?

Topic: Multiple YiiMP pools hacked, this is what we know so far.. (Read 15652 times)