DEVTOME.COM HOSTING COSTS HAVE BEGUN TO EXCEED 115$ MONTHLY. THE ADMINISTRATION IS NO LONGER ABLE TO HANDLE THE COST WITHOUT ASSISTANCE DUE TO THE RISING COST. THIS HAS BEEN OCCURRING FOR ALMOST A YEAR, BUT WE HAVE BEEN HANDLING IT FROM OUR OWN POCKETS. HOWEVER, WITH LITERALLY NO DONATIONS FOR THE PAST 2+ YEARS IT HAS DEPLETED THE BUDGET IN SHORT ORDER WITH THE INCREASE IN ACTIVITY ON THE SITE IN THE PAST 6 MONTHS. OUR CPU USAGE HAS BECOME TOO HIGH TO REMAIN ON A REASONABLE COSTING PLAN THAT WE COULD MAINTAIN. IF YOU WOULD LIKE TO SUPPORT THE DEVTOME PROJECT AND KEEP THE SITE UP/ALIVE PLEASE DONATE (EVEN IF ITS A SATOSHI) TO OUR DEVCOIN 1M4PCuMXvpWX6LHPkBEf3LJ2z1boZv4EQa OR OUR BTC WALLET 16eqEcqfw4zHUh2znvMcmRzGVwCn7CJLxR TO ALLOW US TO AFFORD THE HOSTING.

THE DEVCOIN AND DEVTOME PROJECTS ARE BOTH VERY IMPORTANT TO THE COMMUNITY. PLEASE CONTRIBUTE TO ITS FURTHER SUCCESS FOR ANOTHER 5 OR MORE YEARS!

Inputs.io Hacked for over 4000 Bitcoins

bitcoinprbuzz.com_wp-content_uploads_2013_07_inputs.io_.jpg

Inputs.io, a shared online wallet run by a little-known Australian web developer known as TradeFortress, was allegedly hacked on October 26th, 2013. TradeFortress informed the bitcoin community that approximately 4,100 bitcoins—currently valued at over $1.2 million—were stolen from the shared wallet that held bitcoins deposited by inputs.io users. He neglected to inform his customers until the evening of November 6th (US time). At that time, he took down the inputs.io homepage and posted the following message:

“Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side.

Database access was also obtained, however passwords are securely stored and are hashed on the client. Bitcoin backend code were transferred to 10;15Hd@mastersearching.com:mercedes49@69.85.88.31 (most likely another compromised server).

What about my coins there? If you stored more than 1 BTC, send an email to support@inputs.io with a Bitcoin address (preferably, an offline, open source light/SPV wallet like Multibit or Electrum). Use the same email you're using on Inputs. Please don't store Bitcoins on an internet connected device, regardless of it is your own or a service's.

I know this doesn't mean much, but I'm sorry, and saying that I'm very sad that this happened is an understatement.”

The news of the alleged hack has seen quite a mixed response, with some customers expressing support for TradeFortress on the Bitcointalk Forum. There has also been quite a backlash against him from others. Multiple scam accusation threads have popped up on the forum, accusing TradeFortress of orchestrating the alleged hack, and stealing the bitcoins his user base had on deposit.

He participated in an interview with ABC News (Australia), which shed more light on the incident:

“TradeFortress, who says he is not much older then 18, does not want to be identified because he is worried about his personal safety. He and his users know the chances of getting their bitcoins back are extremely unlikely because bitcoin transactions can't be reversed. The bitcoin transaction trail is designed to be anonymous, which has led to speculation this was an inside job and that TradeFortress took the coins for himself. But when asked by AM he strenuously denied those accusations, and that despite his $1 million dollar loss he is unlikely to report the theft to the police. ‘The police don't have access to any more information than any user does when it comes to bitcoin. Some say it gives them control of their money,’ TradeFortress said.”

As for how the alleged hackers managed to compromise the security of inputs.io and make off with the bitcoins, TradeFortress had this to say in an interview with CoinDesk:

“The attacker was able to compromise older email accounts which were easily reset as they didn’t have phone numbers attached. Compromising one older email account led to the compromise of another, eventually allowing them to reset the password for the hosting account and obtaining shell access after bypassing two-factor authentication on the host’s side...We don’t use client-side encryption; that’s hardly foolproof and gives people a false sense of security.”

Many in the bitcoin community have complained that TradeFortress’s explanations regarding how the attack was carried out—or lack thereof—have been insufficient. They have also questioned the security decision to maintain the entirety of bitcoins held by inputs.io in a “hot wallet” connected to the internet on a virtual server. On the latter point, users have pointed out that such decisions could make for an easy scapegoat for an alleged hack, as these vulnerabilities are what led to the theft of about 43,000 bitcoins from Bitcoinica in 2012.

As for compensation for the victims of the alleged hack, TradeFortress has been issuing partial refunds on a “sliding scale” of “generally 40-75 per cent” to those who contact him.

The hack, which—based on dollar value—is among the largest in bitcoin’s history, is yet another reminder of the danger of using hosted wallets like inputs.io or Coinbase, which do not give users control of their private keys. Thus, users of hosted wallets are unable to fully secure their bitcoins, and must trust the operator of the hosted wallet to keep them safe. Online wallet provider Instawallet was compromised in April of this year. Some users are still complaining that they have not received compensation from that incident, though a spokesman for the company behind Instawallet said that “99.5% of instawallets will be fully refunded.”

For more information on securing your bitcoin wallet, see this helpful wiki.


QR Code
QR Code inputsio_hacked_for_over_4000_bitcoins (generated for current page)
 

Advertise with Anonymous Ads