Looks like there was an attack over at coinarmy today (or recently). I just wanted to re-post his warning here so hopefully other pools will see it. MooPool.com took steps to improve our security today, but we're still unsure exactly how the hacker managed to fake his shares on coinarmy. Supposedly we will get more information after Christmas. Beef up your security everybody, and stay safe.
http://gyazo.com/f369ba2786bef6e193fca5edc0eb5521.png
I'm the admin at http://csc.hash.so/ and I must say, wow. I wasn't going to say much about coinarmy, but now that they are calling me out I guess I must. My pool has quite a few users, and I'm sure they agree that my pool has had a pretty solid record, no cheating is going on in there.http://gyazo.com/f369ba2786bef6e193fca5edc0eb5521.png
I have been watching coinarmy every since they had "issues" and ended up stealing 30k CSC or so from their users. (posted about it here)
So:
Quote
SECURITY ALERT -----> I have matched records pinning the hacker on another CSC pool. His username is "crypto_8888". He is mining right now on http://csc.hash.so/ -----> .so = somalia AND somalia = 90% FRAUD! Do your research, if you have any rigs on that pool GET THEM OFF NOW! It looks like he is trying to keep his hash legit on that pool, meaning the hacker could be the owner of the pool! WATCH OUT! This pool will be taken down from all listings after Christmas. I have close communication with the creator of CSC! - Jason
I chose the hash.so domain because it was available
I'm not from Somalia nor do I think 90% of Somalia is a fraud. I haven't heard anything about my pool getting delisted, I think it's just FUD.I also checked shares submitted by crypto_8888 and they looked pretty legit to me. My pool (and other pools listed in the first post) are performing pretty well, shares estimated versus actual shares are around 107% - 118%. The only one that hasn't been performing well is Coinarmy, and it looks like they have reset the block numbers 3-4 days ago: http://casinocoin.coinarmy.com/index.php?page=statistics&action=blocks
You can look at the other pools and compare the numbers to see which ones are looking weird:
http://csc.hash.so/index.php?page=statistics&action=blocks
http://moopool.com/csc/index.php?page=statistics&action=blocks
http://csc.dedicatedpool.com/index.php?page=statistics&action=blocks
https://www.megamineros.com/CSC/index.php?page=statistics&action=blocks
http://casinocoin.coinarmy.com/index.php?page=statistics&action=blocks
(only the last one
)Edit: also Coinarmy hasn't reached out to me regarding this incident, which seems rather odd, if they think I might be behind the "hacking" of their pool. Faking shares is only possible if you have access to the backend MySQL DB, I don't think it's possible remotely without access...