CIF Community,
We were notified as of around 6:00 EST today that there was an issue with our web wallet and that funds were being leached from
approximately 35 of the wallets into this account - CUZb7aVB2s2NZUaGTJozw4Ep5HKhvK4ndD.
We know the developers of our wallets personally and there was no malicious intent from anyone on our team. Upon further investigation we discovered the issue was not with the wallets themselves but with our VPS provider.
Although we paid for the highest level of security and the most robust protection with our VPS provider (and were repeatedly informed that we were rock solid secure) - we discovered that they did not enable an SSL certificate. This is an embarrassing conclusion however we are glad that this was flagged to us when it had such an inconsequential financial impact.
We were under the assumption that SSL was enabled and everyones web wallets were safe (that is what we paid for!). However, we immediately flagged the problem, escalated and are working on a permanent fix which will be implemented in under 3 hours. In doing so we can ensure the CIF community that this WILL NOT happen again.
We urge everyone to move their funds from their web wallet to an encrypted desktop wallet until informed otherwise. If you have LOST funds - please fill out this form with your new DESKTOP wallet address and you will be reimbursed from the CIF TEAMS portion of the token allocation.
CIF Reimbursement Form
https://goo.gl/forms/zgfS8bhufgqts0pE3Again as unfortunate as this was, we are glad this weakness (error on our hosters part) was flagged so early on in our project. We thank you for sticking by us as well!
The fact that we were targeted... means we're doing something right!Please take a moment to read a short address from Scott Douglas regarding the attack.
Medium Press Release 
