I have many problems with this.
- "We" refers to one person, am I correct?
- Why were deposits and withdrawal not disabled?
- If the hack occurred in October, how is it possible API keys were compromised in November and money was stolen?
- Why was the "hot pocket" not immediately emptied after the hack?
1. No. Inputs.io isn't just me, although I do the majority of the work.
2. They were in limited capacity. A withdrawal amount limit didn't work as people simply broke up.
3. The hacker dumped API keys and PIN from the DB. API keys (re)generated after the hack haven't being stolen.
4. The attacker didn't take all of the BTCs, perhaps wanting to remain undetected and steal more.
I don't understand how people who made deposits to inputs (then onto coinlenders) well after the attack are out money.
The amount has been withdrawn in full by other users. There was a limit designed to prevent much of that, but it was per transaction and people got around it.
And allowed people to continue to deposit, as I did??
Please don't, although if you deposited very recently you should get 100%. It'll be handled on a case by case basis, specify that in the email.
Wait so YOU decided when you were Inside Jobbing it up to leave a bunch unstolen?