Author

Topic: Wallet address changed in Slush's pool. (Read 1560 times)

member
Activity: 87
Merit: 10
June 25, 2011, 12:32:46 AM
#7
No HTTPS by default on slush's pool when logging in. Certainly not good...
newbie
Activity: 56
Merit: 0
June 24, 2011, 10:09:28 PM
#6
That's why BTCguild has a payout lock.  I'm pretty sure you had a similar password on Mt. Gox as your BTCguild account.
Nope, randomly generated passwords.  No similarities at all.
newbie
Activity: 42
Merit: 0
June 24, 2011, 09:35:59 PM
#5
That's why BTCguild has a payout lock.  I'm pretty sure you had a similar password on Mt. Gox as your BTCguild account.

someone keeps repeatedly changing my wallet address on BTCGuild, but the payout lock owned them the first time, and the email-verification owned em the second time... hax away hax0rs.. i spose.. the box has nothing on it but ubuntu and the miner running so even if the box is compromised they cant get anything

A++ to btcguild for some common sense security maybe u should give mark kaspareto some lessons...
hero member
Activity: 630
Merit: 500
June 24, 2011, 09:30:59 PM
#4
That's why BTCguild has a payout lock.  I'm pretty sure you had a similar password on Mt. Gox as your BTCguild account.
newbie
Activity: 56
Merit: 0
June 24, 2011, 09:26:29 PM
#3
mine got changed twice a few days apart, i dont mine anymore so i only lost 0.2 btc that i didnt even know i had
my btc guild wallet was also changed
There must be someone on the inside, or the pooling software has some kind of security hole in it.  I know it isn't because of the Gox debacle, because I didn't use the same password or username.

Damn Hackers  Angry
newbie
Activity: 42
Merit: 0
June 24, 2011, 09:24:50 PM
#2
mine got changed twice a few days apart, i dont mine anymore so i only lost 0.2 btc that i didnt even know i had
my btc guild wallet was also changed
newbie
Activity: 56
Merit: 0
June 24, 2011, 09:18:03 PM
#1
On Slush's website, the latest news is a warning to change your password if your wallet address has changed.  When I logged in, the wallet address was set to Slush's site.

I changed it back to my wallet, and nothing has been lost.

So how could the password have been compromised?  It was like 14 chars of random uppercase,lowercase, numbers.  And not used anywhere else.

Anyone else with the same story?
Jump to: