Hacks Everywhere!

A

admin

Guest
So C-Cex was hacked last week and now Poloniex. Who's next Cryptsy?
 

HammerHedd

Member
Mar 10, 2014
182
34
88
Conspiracy theory: Governments are hacking the exchanges to demonstrate how insecure crypto currency is so that they have a good reason to regulate (and tax) it.

Probable theory: We are literally in the horse and buggy days of exchanges, and a lot of them just aren't robust enough. The ones that will survive will be the better for it, and that's how we do things here in the jungle...
 

eizh

New Member
Mar 13, 2014
11
1
3
This is why I tolerate Cryptsy's problems and use them for any appreciable amounts.
 

HammerHedd

Member
Mar 10, 2014
182
34
88
I typically use Cryptsy, too... If only they had a convenient way to exchange fiat money as well.
 

pvkt

New Member
Mar 11, 2014
11
0
1
34
Conspiracy theory: Governments are hacking the exchanges to demonstrate how insecure crypto currency is so that they have a good reason to regulate (and tax) it.

Probable theory: We are literally in the horse and buggy days of exchanges, and a lot of them just aren't robust enough. The ones that will survive will be the better for it, and that's how we do things here in the jungle...
Welcome to the jungle it gets worse here everyday :)

But in all honesty it comes with the territory. We do what we gotta do to survive. I just dont leave coins on an exchange. So far ive been good.

Xs8jKu3dqPy6mXPx1fEcfvu9NHNpU4Wucq
 

Lzeppelin

Member
Feb 27, 2014
283
57
88
Welcome to the jungle it gets worse here everyday :)

But in all honesty it comes with the territory. We do what we gotta do to survive. I just dont leave coins on an exchange. So far ive been good.

Xs8jKu3dqPy6mXPx1fEcfvu9NHNpU4Wucq
Welcome to the jungle we've got fun 'n' games, sorry I couldn't resist. I had money in poloniex at the time of the hack but luckily it was all in DRK and the hack only took BTC, Since that close call though I've been doing like you pulling everything out as soon as I trade, it works out well.
 

TanteStefana

Grizzled Member
Foundation Member
Mar 9, 2014
2,871
1,863
1,283
Conspiracy theory: Governments are hacking the exchanges to demonstrate how insecure crypto currency is so that they have a good reason to regulate (and tax) it.

Probable theory: We are literally in the horse and buggy days of exchanges, and a lot of them just aren't robust enough. The ones that will survive will be the better for it, and that's how we do things here in the jungle...
Yah, but it hurts when you're victimized by these hacks :( Unfortunately, I totally agree, there's no safety in the jungle until you get the walls built around the keep!
 

DarkAuR{iga

New Member
Mar 12, 2014
12
0
1
I dont hink there are any govs interested to spent resources on this.

It doesent take much to aquire an 0day, learn basic exploitation techniques etc.

Sysly, there are very effective exploitation/social engineering techniques that can be carried out by any individual with some common sense, if some talented guys with bad intentions meet up to collaborate, these exchanges hacks are what happens, my conclusion.

A basic exploitation could be like this:

Scan target running software, services. web services and ports. (For admins, hide anything you can ^^)
Port Service scan, discover what is running where. (Too bad these services have footprints)
Scan for improper set permissions. (Wouldnt it be nice to upload a shell without further work)
Scan discovered processes / services for vulnerabilities. (Yeah, outdated software is an invitiation)
Check if databases are vulnerable to direct attack. (Maybe the database is all we want, so its just fine to target this first)
If social engineering, make a target scan and gather information. (As we know human failure, lol)
Eventually start bruteforcing logins while proceeding. (Ahh yess, weak passwords)
Compile a list of vulnerabilities and targets. (Opps your webapplication is vulnerable, too bad)
Exploit those targets, if exploit fails go to social engineering. (Can be anything from spear phishing, driveby too full blown profile scraping

If one can write there own buffer overflow exploits this gets really interesting
youtube.com/watch?v=aEZKGW_VTd4

Why you should not visit untrusted links: youtube.com/watch?v=n0YXFJuHIxQ
Why you should check emails twice before following a link: youtube.com/watch?v=srYbFR21RP8

My point is, its not just govs who have resources and knowledge to break exchanges, id bet there are quite a few it-sec pros that would love to not jsut break into some crypto coin exchange but into something really big.
So why shouldn’t ordinary script kiddies and it-sec pros target crypto exchanges when even there are significant amounts lurking around, get real guys. The business has large amounts of money moving, so the bad guys are tempted. My conclusion with this market growing it will only increase.

PS: The bad guys looking for ANY way to break into something that has a good chance of gain. Also consider your node ip beeing logged when connecting to other nodes, better use some VPN or whatever to hide your ip.
 

HammerHedd

Member
Mar 10, 2014
182
34
88
I dont hink there are any govs interested to spent resources on this.

PS: The bad guys looking for ANY way to break into something that has a good chance of gain. Also consider your node ip beeing logged when connecting to other nodes, better use some VPN or whatever to hide your ip.
Yeah, all of that is possible, and more... It's funny that you are more or less OK as a little, independent miner, but once you have a big exchange, you become a target... Even though it seems like most of the exchanges have a tiny staff - probably not proportional to there throughput.
 

Sub-Ether

Well-known Member
Mar 31, 2014
1,516
1,256
183
The sdeF have to get their BTC somehow, you dont expect them to actually mine it do you ;), I heard they own 1.5% of the entire market. Thousands of ex hackers are employed, most systems in the world have been hacked for 'security reasons', Mt Gox is a walk in the park, and tiny exchanges even easier when you consider stuff like stuxnet.