Several exchanges hacked through cloud hosts

News updates about the Prohashing pool
Forum rules
The News forum is only for updates about the Prohashing pool.

Replies to posts in this forum should be related to the news being announced. If you need support on another issue, please post in the forum related to that topic or seek one of the official support options listed in the top right corner of the forums page or on prohashing.com/about.

For the full list of PROHASHING forums rules, please visit https://prohashing.com/help/prohashing- ... rms-forums.
Locked
User avatar
Steve Sokolowski
Posts: 4585
Joined: Wed Aug 27, 2014 3:27 pm
Location: State College, PA

Several exchanges hacked through cloud hosts

Post by Steve Sokolowski » Sat Dec 26, 2020 7:14 am

This morning, several exchanges were hacked through their cloud hosting providers.

Altilly (https://www.altilly.com/) went offline when its servers suddenly rebooted. Someone had gained access to the hosting client portal and copied all of their data. Though Altilly was able to delete the data and move it to a different provider, the hackers had used the access to obtain an API key to download their backups.

Livecoin (https://livecoin.net) was also hacked yesterday, through a similar cloud hosting vulnerability. Livecoin's site is currently offline and no additional information is available about the hack.

Chris spent the last week, or about 60 hours, adding coins from Altilly, as a significant number of unique small coins are available on Altilly that are not available elsewhere. All of these coins are now in error, and payouts for those coins as well as a number of previously added small networks have been halted. While the pool is profitable and there is no shortage of general funds, we now have insufficient balances to pay customers on these very small networks only and there are no other exchanges to buy these unique single-listed coins. We cannot guarantee when, if ever, we will be re-able to re-add and pay those coins because an exchange needs to add them for trading for us to obtain them.

Most customers are not affected, and large networks that have many exchanges, like Bitcoin, Ethereum Classic, or Digibyte, are still operating as normal. Customers who were earning these large network coins, regardless of which coins their miners were assigned to, are not affected.

If a coin is not currently in error, then we know for certain that it will not be affected by the situation with Livecoin and Altilly.

Messages will go out to affected customers next week to notify them of this problem and those messages will be updated when Altilly and/or Livecoin resume operations. Chris needs to review which coins were only available at these two exchanges, and which coins can be obtained at existing exchanges, before he can post the messages, which is a time-consuming process. During this process, Chris will add other exchanges and bring the coins out of error if he can, or notify customers the coin has no listings if he can't.

One of Prohashing's security features is that we own 100% of the hardware we use. It is not possible for a hacker to gain access to a customer control panel, or for a hacker to convince a hosting provider employee to provide him with a copy of Prohashing's data, because we are the only people who have physical access to the physical computers that are serving our system. Thus, Prohashing is not vulnerable to this type of attack against its own systems.
Locked