VIRCUREX !!! IMPORTANT !!!

VIRCUREX !!! IMPORTANT !!!

Today at 12:19:25 PM

We sadly need to announce that our wallet has been compromised thus DO NOT send any further funds to any of the coin wallets, BTC, DVC, LTC, etc. We will setup a new wallet and reset all the addresses. This will most likely take the whole weekend.


	Image may be NSFW. Clik here to view. Logged

Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg

Advertisement: No Excuses; no Exchanges; just Fast payouts. FastCash4Bitcoins

stan.distortion

Hero Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Offline

Posts: 881

Image may be NSFW.
Clik here to view.

Today at 12:31:16 PM

Ouch, good luck with it. Bitcoin central's down too, looks like someone's being a pain in the ass.


	Image may be NSFW. Clik here to view. Logged

julz: "Susanne Posel's unwitting work in shepherding the dumbest of the dumb away from Bitcoin is a great benefit to the community, for which we should all be grateful."

John (johnthedong)

Global Janitor and
Global Moderator
Hero Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Offline

Posts: 3173

Image may be NSFW.
Clik here to view.

Today at 01:06:40 PM

Posted an announcement regarding this at Important Announcements subforum.


	Image may be NSFW. Clik here to view. Logged

My BTC Tip Jar: 1NB1KFnFqnP3WSDZQrWV3pfmph5fWRyadz
My GPG key ID: B3AAEEB0 My OTC ID: johnthedong
Free escrow service available - tips appreciated! (PM Me)

Endgame

Full Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Offline

Posts: 205

Image may be NSFW.
Clik here to view.

Omnicoins - Buy Bitcoins, Litecoins and Namecoins in Australia | OTC Ratings

Today at 01:25:49 PM

Sorry to hear that. How bad is the loss? Will users be out of pocket, or can vircurex cover it?


	Image may be NSFW. Clik here to view. Logged

Kumala

Sr. Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Online

Posts: 274

Today at 01:58:50 PM

Further update: The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore.


	Image may be NSFW. Clik here to view. Logged

ripper234

Hero Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Offline

Posts: 1140

Image may be NSFW.
Clik here to view.

Ron Gross

Quote from: Kumala on Today at 01:58:50 PM

Today at 03:06:08 PM

Sorry for your lose.

Amm ... the RoR volnurability was posted to multiple large forums, including Slashdot.

Did the attacker see the announcement before you were able to realize it affects you and shut off your systems? How come you missed it for so long that you didn't shut your stuff off / upgrade in time?


	Image may be NSFW. Clik here to view. Logged

- Blog
- About
- BTCtoX.org - translate between BTC and any other currency.

thebaron

Sr. Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Offline

Posts: 460

Image may be NSFW.
Clik here to view.

wat

Today at 03:10:11 PM

Exploit released yesterday, eh? How convenient...


	Image may be NSFW. Clik here to view. Logged

I run http://mail-to-jail.com. I am "thebaron-btc" on Bitcoin-OTC.

Kumala

Sr. Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Online

Posts: 274

Today at 03:14:21 PM

Before the wild speculations beginn, the service will be recovered and we pay the losses out of our own pockets.


	Image may be NSFW. Clik here to view. Logged

davout

Staff
Hero Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Offline

Posts: 2493

Image may be NSFW.
Clik here to view.

1davout

Quote from: stan.distortion on Today at 12:31:16 PM

Today at 03:36:07 PM

Ouch, good luck with it. Bitcoin central's down too, looks like someone's being a pain in the ass.

That's just scheduled maintenanceImage may be NSFW.
Clik here to view.

We deployed the fixes within five minutes after receiving the notification from the Rails security mailing list.


	Image may be NSFW. Clik here to view. Logged

Buy and sell EUR at Bitcoin-Central.net.
Also check-out Instawallet and Instawire, don't need to sign-up to anything!
-- The problem with the French, is that they don't even have a word for entrepreneur

davout

Staff
Hero Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Offline

Posts: 2493

Image may be NSFW.
Clik here to view.

1davout

Quote from: thebaron on Today at 03:10:11 PM

Today at 03:36:52 PM

#10

Exploit released yesterday, eh? How convenient...

It's the truth.


	Image may be NSFW. Clik here to view. Logged

makomk

Hero Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Online

Posts: 890

Quote from: thebaron on Today at 03:10:11 PM

Today at 03:40:53 PM

#11

Exploit released yesterday, eh? How convenient...

Bit slow of the attacker. I was actually half-expecting someone to start hacking Bitcoin sites before any exploit was even publicly released.


	Image may be NSFW. Clik here to view. Logged

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS

Kumala

Sr. Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Online

Posts: 274

Today at 05:05:41 PM

#12

Service restored: deposits, trading and withdrawals are working again

For the time being, some restrictions apply until we have sorted out the account details and validated data integrity.

	Trading	Deposits	Withdrawals
BTC	Active	Active	On hold
NMC	Active	Active	On hold
LTC	Active	Active	On hold
DVC	Active	Active	Active
SC	Active	Active	On hold
IXC	Active	Active	Active
PPC	Active	Active	Active
USD	Active	Active	Active
EUR	Active	Active	Active


	Image may be NSFW. Clik here to view. Logged

Atruk

Jr. Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Online

Posts: 61

Image may be NSFW.
Clik here to view.

Quote from: Kumala on Today at 05:05:41 PM

Today at 05:21:42 PM

#13

Service restored: deposits, trading and withdrawals are working again

For the time being, some restrictions apply until we have sorted out the account details and validated data integrity.

	Trading	Deposits	Withdrawals
BTC	Active	Active	On hold
NMC	Active	Active	On hold
LTC	Active	Active	On hold
DVC	Active	Active	Active
SC	Active	Active	On hold
IXC	Active	Active	Active
PPC	Active	Active	Active
USD	Active	Active	Active
EUR	Active	Active	Active

It's good to see you are recovering so quickly, especially with the severe downtime or outright collapse most exchanges seem to go through.


	Image may be NSFW. Clik here to view. Logged

1H8Ep63MQ1BPF8uoDUpz2KFhTAzYKqaUE5

davout

Staff
Hero Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Offline

Posts: 2493

Image may be NSFW.
Clik here to view.

1davout

Quote from: Kumala on Today at 05:05:41 PM

Today at 05:24:34 PM

#14

Service restored: deposits, trading and withdrawals are working again

Did you switch servers ?


	Image may be NSFW. Clik here to view. Logged

Kumala

Sr. Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Online

Posts: 274

Today at 05:58:42 PM

#15

It's been a couple of stressful hours here.

No we did not switch servers, we:
- applied the Ruby Rails patch
- backed up all log files for further analysis
- log files show the XML code injection, we validated all triggered commands to ensure nothing other than withdrawing funds (e.g. backdoor) was done.

2AM here, will need to catch some sleep, mistakes are easily made when being too tired.


	Image may be NSFW. Clik here to view. Logged

mc_lovin

Hero Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Offline

Posts: 1835

Image may be NSFW.
Clik here to view.

www.bitcointrading.com

Today at 06:38:45 PM

#16

Total value lost in the heist?

Sorry for your loss indeed. Sucks that the vulnerability was in rails and not in your app.


	Image may be NSFW. Clik here to view. Logged

ɃitcoinTrading.com - Bitcoin buy/sell classifieds forum.
Operation Fabulous - Bitcoin's #1 advertising system.

kiba

Hero Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Online

Posts: 5580

Today at 07:28:24 PM

#17

DId you hold ALL your money in cold wallets?


	Image may be NSFW. Clik here to view. Logged

Bitcoin Weekly, bitcoin analysis and commentary

honest bob

Hero Member
Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Offline

Posts: 1177

Image may be NSFW.
Clik here to view.