Quantcast
Channel: Hacker News 50
Viewing all articles
Browse latest Browse all 9433

VIRCUREX !!! IMPORTANT !!!

$
0
0

Comments:"VIRCUREX !!! IMPORTANT !!!"

URL:https://bitcointalk.org/index.php?topic=135919.0


Kumala
Sr. Member

Online

Posts: 274

Ignore

Today at 12:19:25 PM

 #1
We sadly need to announce that our wallet has been compromised thus DO NOT send any further funds to any of the coin wallets, BTC, DVC, LTC, etc. We will setup a new wallet and reset all the addresses. This will most likely take the whole weekend.
Logged
Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
Advertisement: No Excuses; no Exchanges; just Fast payouts. FastCash4Bitcoins
stan.distortion
Hero Member

Offline

Posts: 881

Ignore

Today at 12:31:16 PM

 #2

Ouch, good luck with it. Bitcoin central's down too, looks like someone's being a pain in the ass.

Logged

julz: "Susanne Posel's unwitting work in shepherding the dumbest of the dumb away from Bitcoin is a great benefit to the community, for which we should all be grateful."

John (johnthedong)
Global Janitor and
Global Moderator
Hero Member

Offline

Posts: 3173

Ignore

Today at 01:06:40 PM

 #3

Posted an announcement regarding this at Important Announcements subforum.

Logged
My BTC Tip Jar: 1NB1KFnFqnP3WSDZQrWV3pfmph5fWRyadz
My GPG key ID: B3AAEEB0 My OTC ID: johnthedong
Free escrow service available - tips appreciated! (PM Me)
Endgame
Full Member

Offline

Posts: 205

Ignore

Today at 01:25:49 PM

 #4

Sorry to hear that. How bad is the loss? Will users be out of pocket, or can vircurex cover it?

Logged
Kumala
Sr. Member

Online

Posts: 274

Ignore

Today at 01:58:50 PM

 #5
Further update:  The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore.
Logged
Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
ripper234
Hero Member

Offline

Posts: 1140


Ron Gross

Ignore

Today at 03:06:08 PM

 #6
Further update:  The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore.

Sorry for your lose.

Amm ... the RoR volnurability was posted to multiple large forums, including Slashdot.

Did the attacker see the announcement before you were able to realize it affects you and shut off your systems? How come you missed it for so long that you didn't shut your stuff off / upgrade in time?

Logged
- Blog
- About
- BTCtoX.org - translate between BTC and any other currency.
thebaron
Sr. Member

Offline

Posts: 460


wat

Ignore

Today at 03:10:11 PM

 #7

Exploit released yesterday, eh? How convenient...

Logged
I run http://mail-to-jail.com. I am "thebaron-btc" on Bitcoin-OTC.
Kumala
Sr. Member

Online

Posts: 274

Ignore

Today at 03:14:21 PM

 #8

Before the wild speculations beginn, the service will be recovered and we pay the losses out of our own pockets.

Logged
Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
davout
Staff
Hero Member

Offline

Posts: 2493


1davout

Ignore

Today at 03:36:07 PM

 #9

Ouch, good luck with it. Bitcoin central's down too, looks like someone's being a pain in the ass.

That's just scheduled maintenance
We deployed the fixes within five minutes after receiving the notification from the Rails security mailing list.
Logged
Buy and sell EUR at Bitcoin-Central.net.
Also check-out Instawallet and Instawire, don't need to sign-up to anything!
-- The problem with the French, is that they don't even have a word for entrepreneur
davout
Staff
Hero Member

Offline

Posts: 2493


1davout

Ignore

Today at 03:36:52 PM

 #10

Exploit released yesterday, eh? How convenient...

It's the truth.
Logged
Buy and sell EUR at Bitcoin-Central.net.
Also check-out Instawallet and Instawire, don't need to sign-up to anything!
-- The problem with the French, is that they don't even have a word for entrepreneur
makomk
Hero Member

Online

Posts: 890

Ignore

Today at 03:40:53 PM

 #11

Exploit released yesterday, eh? How convenient...

Bit slow of the attacker. I was actually half-expecting someone to start hacking Bitcoin sites before any exploit was even publicly released.
Logged
Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
Kumala
Sr. Member

Online

Posts: 274

Ignore

Today at 05:05:41 PM

 #12
Service restored: deposits, trading and withdrawals are working again

For the time being, some restrictions apply until we have sorted out the account details and validated data integrity.

TradingDepositsWithdrawals
BTCActiveActiveOn hold
NMCActiveActiveOn hold
LTCActiveActiveOn hold
DVCActiveActiveActive
SCActiveActiveOn hold
IXCActiveActiveActive
PPCActiveActiveActive
USDActiveActiveActive
EURActiveActiveActive
Logged
Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
Atruk
Jr. Member

Online

Posts: 61

Ignore

Today at 05:21:42 PM

 #13
Service restored: deposits, trading and withdrawals are working again

For the time being, some restrictions apply until we have sorted out the account details and validated data integrity.

TradingDepositsWithdrawals
BTCActiveActiveOn hold
NMCActiveActiveOn hold
LTCActiveActiveOn hold
DVCActiveActiveActive
SCActiveActiveOn hold
IXCActiveActiveActive
PPCActiveActiveActive
USDActiveActiveActive
EURActiveActiveActive


It's good to see you are recovering so quickly, especially with the severe downtime or outright collapse most exchanges seem to go through.
Logged

1H8Ep63MQ1BPF8uoDUpz2KFhTAzYKqaUE5

davout
Staff
Hero Member

Offline

Posts: 2493


1davout

Ignore

Today at 05:24:34 PM

 #14

Service restored: deposits, trading and withdrawals are working again


Did you switch servers ?
Logged
Buy and sell EUR at Bitcoin-Central.net.
Also check-out Instawallet and Instawire, don't need to sign-up to anything!
-- The problem with the French, is that they don't even have a word for entrepreneur
Kumala
Sr. Member

Online

Posts: 274

Ignore

Today at 05:58:42 PM

 #15
It's been a couple of stressful hours here.

No we did not switch servers, we:
 - applied the Ruby Rails patch
 - backed up all log files for further analysis
 - log files show the XML code injection, we validated all triggered commands to ensure nothing other than withdrawing funds (e.g. backdoor) was done.
 
2AM here, will need to catch some sleep,  mistakes are easily made when being too tired.

Logged
Exchange: https://vircurex.com BTC, LTC,DVC Stockexchange: http://www.cryptostocks.com
DVC 6/49 Lottery: https://dvc-lotto.com BTC 6/49 Lottery: https://btc-lotto.com
Earn money browsing the Internet: http://www.profitclicking.com/?r=rwrehp4reyg
mc_lovin
Hero Member

Offline

Posts: 1835


www.bitcointrading.com

Ignore

Today at 06:38:45 PM

 #16
Total value lost in the heist?

Sorry for your loss indeed.  Sucks that the vulnerability was in rails and not in your app. 

Logged
kiba
Hero Member

Online

Posts: 5580

Ignore

Today at 07:28:24 PM

 #17

DId you hold ALL your money in cold wallets?

Logged
honest bob
Hero Member

Offline

Posts: 1177

Ignore

Today at 08:32:53 PM

 #18

I'm not sure if I feel worse for bitcoin, vicurex, the people with funds there, or ruby on rails.

Logged
TorGuard VPN: Don't get caught using Bittorrent! Spend your bitcoins on a topnotch VPN/Proxy service! I'm renewing my subscription again later this year.

Viewing all articles
Browse latest Browse all 9433

Trending Articles