Pages:
Author

Topic: Multiple YiiMP pools hacked, this is what we know so far.. (Read 15717 times)

member
Activity: 120
Merit: 11
Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

Is what hacked?  There are many sites using this software.

Since NiceHash went offline there are thousands of miners trying to find new pools.  We've had about about 800% growth in connections over the past few days.  This was initially causing problems on the web frontend until performance adjustments were made.

Other pools running closer to the performance limit of their servers might take longer to adjust.

Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).

No thread, sorry.  Contact is via PM and announcements are made on the pool website.

Nice mining setup!

Got it.

Also, thanks, got it all changed over yesterday and it's running smooth.

I only have one issue & also had it with ZPOOL -- sometimes NEMO will hang up on the intro screen for a LONG time trying to call the API for profit data. This starts to happen once I get past ~30 or so workers. It can take 10+ minutes to start mining.

Sometimes the DB load spikes and causes queries to take a long time.  Tpruvot recently fixed one cause of this but I think another one remains somewhere else in the code:

https://github.com/tpruvot/yiimp/commit/6c09e5f1b909f5f6aaf9bdec490d974d6cad7018
hero member
Activity: 714
Merit: 512
Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

Is what hacked?  There are many sites using this software.

Since NiceHash went offline there are thousands of miners trying to find new pools.  We've had about about 800% growth in connections over the past few days.  This was initially causing problems on the web frontend until performance adjustments were made.

Other pools running closer to the performance limit of their servers might take longer to adjust.

Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).

No thread, sorry.  Contact is via PM and announcements are made on the pool website.

Nice mining setup!

Got it.

Also, thanks, got it all changed over yesterday and it's running smooth.

I only have one issue & also had it with ZPOOL -- sometimes NEMO will hang up on the intro screen for a LONG time trying to call the API for profit data. This starts to happen once I get past ~30 or so workers. It can take 10+ minutes to start mining.
member
Activity: 120
Merit: 11
Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

Is what hacked?  There are many sites using this software.

Since NiceHash went offline there are thousands of miners trying to find new pools.  We've had about about 800% growth in connections over the past few days.  This was initially causing problems on the web frontend until performance adjustments were made.

Other pools running closer to the performance limit of their servers might take longer to adjust.

Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).

No thread, sorry.  Contact is via PM and announcements are made on the pool website.

Nice mining setup!
hero member
Activity: 714
Merit: 512
Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).

No, don't think so. Check the message on the site:

"As always you can PM us on bitcointalk if you have any questions or concerns."

The owner seems like a cool guy. Have sent messages with him before.

Edited to add: Do you have pics of your "setup" somewhere? Would love to see it. Smiley

Sure do -- I actually have done a "build log" of sorts for the main section (dedicated mining). I also run all my office & home PCs on mining, hehe.

https://bitcointalksearch.org/topic/building-cheap-miners-my-secret-1955358

Here are the three main racks that are totally done:



My fourth rack will be done within a week.
hero member
Activity: 1218
Merit: 534
Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).


No, don't think so. Check the message on the site:

"As always you can PM us on bitcointalk if you have any questions or concerns."



The owner seems like a cool guy. Have sent messages with him before.



Edited to add: Do you have pics of your "setup" somewhere? Would love to see it. Smiley
hero member
Activity: 714
Merit: 512
Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

Is what hacked?  There are many sites using this software.

Since NiceHash went offline there are thousands of miners trying to find new pools.  We've had about about 800% growth in connections over the past few days.  This was initially causing problems on the web frontend until performance adjustments were made.

Other pools running closer to the performance limit of their servers might take longer to adjust.

Sorry to be OT... does Hash Refinery have a thread on this forum and/or another forum ?

I am switching over all my machines today... around 60 PCs (150+ GPUs) so I'd like to bookmark any official forum(s).
member
Activity: 120
Merit: 11
Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!

Is what hacked?  There are many sites using this software.

Since NiceHash went offline there are thousands of miners trying to find new pools.  We've had about about 800% growth in connections over the past few days.  This was initially causing problems on the web frontend until performance adjustments were made.

Other pools running closer to the performance limit of their servers might take longer to adjust.
newbie
Activity: 1
Merit: 0
Is it hacked again? the stats and wallet pages seem to be gone and I stopped getting payments, just realized DOH!
full member
Activity: 298
Merit: 100
hashbag.cc
The source code was updated with new stuff to prevent this from happening again, you should be safe to use yiimp. However make sure to secure your servers themselves - yiimp is only one part of the equation. Smiley
newbie
Activity: 80
Merit: 0
So, is this software updated against the hack. Or the hacker can use the same hack to hack pools and steel again ??
I am using Unomp right now but want to use yiimp.
jr. member
Activity: 71
Merit: 2
Absolute nonsense! Are you writing Haiku or just trying to be funny?

You don't code, do you?  Grin

Does old school BAL, IBM Basic Assembly Language count? https://en.wikipedia.org/wiki/IBM_Basic_assembly_language_and_successors
full member
Activity: 186
Merit: 100
granatgas-pool.info
all will be cause on some people on some owner of pool. So for all issue about loses, you can move to other pool that have compensated on it like zpool or other pool that make responsibility on that. so miner that have choice to find honestly pool or owner that make this safe on their money and get in owner personal loses Smiley
sr. member
Activity: 304
Merit: 250
I dont know about other Pools, But Hash Refinery, They 100% honor their commitment, He Personally bought ONIONS out of his own pocket and paid my ONIONS, Even though I had told him that i am not in a hurry. I definitely recommend Hash Refinery for mining.
For the proof anybody can follow may Onion Address on Hash Refinery.   
http://pool.hashrefinery.com/?address=Dq8VPnpqXfEeeazHt1HKwFQfNsCGRVCR7e
sr. member
Activity: 346
Merit: 251
Do it right or don't do it at all.
Sorry to Quote something I'm not a party of... nonetheless, i'm not trying to be judgmental....
I think the pool operator scope of responsibility  extends to the moment the mined assets are transmitted to the miner.. being lost for one reason or the other is meaningless to the miner.. unless they choose for forfeit  their right of claiming those mined assets; the pool operator is responsible for compensating the miners for such losses..
at least that's the unwritten but very logical rule we abide by - speaking on behalf of MinerTopia - and a bunch more yiimp/other pools we know have bought coins from the market to settle miners dues .. it's only the right thing to do..

my 2 cents

I disagree. The pool owners and operators are also victims in this story. The money was stolen; That's a fact cause it happened on multiple sites. In real life people have insurances against theft or robbery. This is the altcoin world. It's decentralised. That's the risk you take.

Oh yeah, edited to add: No one forced you to mine at a specific pool. When mining at a new pool, it's always a gamble wether or not you are going to get paid.

^^^ my sentiments as well.  I lost $60-70K .... what did you loose BBoBB? Regardless, we all have to take a loss when this shit happens and move on. I did.

You miss understood my statement... we lost money too @MinerTopia  and we took the looses and moved on too ..
Miners should not mine to pools that wash their hands of their commitment when a hack like the one we all got hit by happens..
and as you said... until we get insurance ... this is a risk that we have to take and bare if we want to remain in this business..
 
P.S. i was not at liberty of naming your pool.. but i know you covered your miners as we did too
legendary
Activity: 3486
Merit: 1126
Sorry to Quote something I'm not a party of... nonetheless, i'm not trying to be judgmental....
I think the pool operator scope of responsibility  extends to the moment the mined assets are transmitted to the miner.. being lost for one reason or the other is meaningless to the miner.. unless they choose for forfeit  their right of claiming those mined assets; the pool operator is responsible for compensating the miners for such losses..
at least that's the unwritten but very logical rule we abide by - speaking on behalf of MinerTopia - and a bunch more yiimp/other pools we know have bought coins from the market to settle miners dues .. it's only the right thing to do..

my 2 cents

I disagree. The pool owners and operators are also victims in this story. The money was stolen; That's a fact cause it happened on multiple sites. In real life people have insurances against theft or robbery. This is the altcoin world. It's decentralised. That's the risk you take.

Oh yeah, edited to add: No one forced you to mine at a specific pool. When mining at a new pool, it's always a gamble wether or not you are going to get paid.

^^^ my sentiments as well.  I lost $60-70K .... what did you loose BBoBB? Regardless, we all have to take a loss when this shit happens and move on. I did.
hero member
Activity: 1218
Merit: 534
Sorry to Quote something I'm not a party of... nonetheless, i'm not trying to be judgmental....
I think the pool operator scope of responsibility  extends to the moment the mined assets are transmitted to the miner.. being lost for one reason or the other is meaningless to the miner.. unless they choose for forfeit  their right of claiming those mined assets; the pool operator is responsible for compensating the miners for such losses..
at least that's the unwritten but very logical rule we abide by - speaking on behalf of MinerTopia - and a bunch more yiimp/other pools we know have bought coins from the market to settle miners dues .. it's only the right thing to do..

my 2 cents

I disagree. The pool owners and operators are also victims in this story. The money was stolen; That's a fact cause it happened on multiple sites. In real life people have insurances against theft or robbery. This is the altcoin world. It's decentralised. That's the risk you take.

Oh yeah, edited to add: No one forced you to mine at a specific pool. When mining at a new pool, it's always a gamble wether or not you are going to get paid.
member
Activity: 120
Merit: 11
Hi @hashrefinary.
I have  over 622 ONIONS stuck at your, when can i expect them to be credited to my wallet. I know you must be busy resolving the hacking related issues, your answer will be appreciated.
Following is my Pool link.
http://pool.hashrefinery.com/?address=Dq8VPnpqXfEeeazHt1HKwFQfNsCGRVCR7e
Hi @maleemk,

I have replied to your PM to discuss options.

TL;DR - ONION balance was stolen in the hack and we haven't mined enough since then to cover the payout.

Sorry to Quote something I'm not a party of... nonetheless, i'm not trying to be judgmental....
I think the pool operator scope of responsibility  extends to the moment the mined assets are transmitted to the miner.. being lost for one reason or the other is meaningless to the miner.. unless they choose for forfeit  their right of claiming those mined assets; the pool operator is responsible for compensating the miners for such losses..
at least that's the unwritten but very logical rule we abide by - speaking on behalf of MinerTopia - and a bunch more yiimp/other pools we know have bought coins from the market to settle miners dues .. it's only the right thing to do..

my 2 cents


I agree with you 100%.  No miners have lost funds due to the hack - the pool covered 100% of stolen funds from reserves.

There are however delays with users getting payouts in coins that are not actively being mined by the pool.  There is always a risk of this happening with non-BTC payment addresses due the way yiimp operates when in exchange mode.  It will automatically trade any other coin to BTC, but will never buy other coins using BTC to make payouts.

The main page of the pool says:
Quote
If you elect to be paid in a coin other than BTC your payout will be delayed if the pool is not currently mining your preferred coin due to low profitability.

Zpool has a similar but more detailed message:
Quote
Non-BTC payouts depend on that coin being mined as your BTC balance is traded internally by our system to your currency of choice. If we have not or are not mining that currency your payouts will be delayed until the pool has mined the blocks for you to get paid. If you notice in the pools status that the currency is red, it means there is not sufficient amount of the currency to pay miner(s). It's recommended to use BTC as any other coin could be removed at anytime and payouts will not occur.

If miners get caught out by this I have in the past made special arrangements so they can be paid out and I have made a similar offer to maleemk via PM.  Typically however all coins are paid on the normal schedule.
sr. member
Activity: 346
Merit: 251
Do it right or don't do it at all.
Hi @hashrefinary.
I have  over 622 ONIONS stuck at your, when can i expect them to be credited to my wallet. I know you must be busy resolving the hacking related issues, your answer will be appreciated.
Following is my Pool link.
http://pool.hashrefinery.com/?address=Dq8VPnpqXfEeeazHt1HKwFQfNsCGRVCR7e
Hi @maleemk,

I have replied to your PM to discuss options.

TL;DR - ONION balance was stolen in the hack and we haven't mined enough since then to cover the payout.

Sorry to Quote something I'm not a party of... nonetheless, i'm not trying to be judgmental....
I think the pool operator scope of responsibility  extends to the moment the mined assets are transmitted to the miner.. being lost for one reason or the other is meaningless to the miner.. unless they choose for forfeit  their right of claiming those mined assets; the pool operator is responsible for compensating the miners for such losses..
at least that's the unwritten but very logical rule we abide by - speaking on behalf of MinerTopia - and a bunch more yiimp/other pools we know have bought coins from the market to settle miners dues .. it's only the right thing to do..

my 2 cents
member
Activity: 120
Merit: 11
Hi @hashrefinary.
I have  over 622 ONIONS stuck at your, when can i expect them to be credited to my wallet. I know you must be busy resolving the hacking related issues, your answer will be appreciated.
Following is my Pool link.
http://pool.hashrefinery.com/?address=Dq8VPnpqXfEeeazHt1HKwFQfNsCGRVCR7e
Hi @maleemk,

I have replied to your PM to discuss options.

TL;DR - ONION balance was stolen in the hack and we haven't mined enough since then to cover the payout.
legendary
Activity: 1453
Merit: 1030
Is renting coming back to Yiimp pools?
Pages:
Jump to: