Cryptsy hacked and telling the story

The reasons why we should trust the software, know what it does, and have a check, and a verification of cleanliness, with the hash and the approval comment, etc…

http://blog.cryptsy.com/post/137323646202/announcement

Announcement
Cryptsy has had problems for some time now and it’s time to let everybody know exactly why. These problems were NOT because of any recent phishing attacks, or even a ddos attack, nor does it have anything to do with me personally.
About a year and a half ago, we were alerted in the early AM of a reduction in our safe/cold wallet balances of Bitcoin and Litecoin, as well as a couple other smaller cryptocurrencies. After a period of time of investigation it was found that the developer of Lucky7Coin had placed an IRC backdoor into the code of wallet, which allowed it to act as a sort of a Trojan, or command and control unit. This Trojan had likely been there for months before it was able to collect enough information to perform the attack. It does not appear that this was the original developer for LK7, as on 5/22/2014, we received this message from the new developer who wanted to maintain the codebase:

Hello,
Lucky7Coin is not maintained and I would like to take care of it. I have announced that on bitcointalk.org in Lucky7Coin thread. You’re the only exchange for this coin and I hope you will let me take care of it. I’m responsible. You don’t have to be afraid of errors or forks. I’m developing multipool and I know bitcoin internals and protocol.

We can hope for cryptsy that the lucky7coin gets fixed for real, and hopefully it can get checked out before it got integrated.

7 Likes

Its very bizzare that someone would confess to a ponzi scheme so publicly.

1 Like

are you referring to the alternatives proposed to keep the cryptsy exchange in business?

Whether it is legit or not is besides me, though exchanges need to trust so many different coins and their software. I imagine how easy it could be that they just went along with all the software offered for the coins turned out that one has a trojan.

I remember seeing someones computer who was an early bitcoin adopter, he had a list of 30 or 40 icons so many on the tool bar on a mac. They were so tiny there were so many, and “that’s the alt coin wallets, I try many of the coins”

And that guy is hacked and lost practically all of his bitcoins, and likely a case of downloading spy software through one of those alt coin wallets.

2 Likes

This doesn’t absolve them from failing to protect their cold wallets. There are simple well known measures that would prevent a hacked hot wallet from compromising the security of cold wallets - as I’m sure you are aware with your crowdfunded coin storage!

It’s also possible this was really an inside job. This is $4.5m I think. That’s quite a temptation.

2 Likes