Earlier this evening, amid complaints of fraudulent withdrawals from many of our miners, we at Hackshard launched a full investigation into our databases, websites, and other software with the goal of identifying and eliminating the faulty code, hardware, or security. We discovered no fault in the cronjobs, databases, stratum servers, wallets, or any of the other various components of the Hackshard mining pools. While this did confirm that the Hackshard infrastructure was not at fault, our findings hinted at something perhaps even more worrisome. We found that several dozen miners had recently withdrawn to a single address: the same address as that which many of those claiming fraud had presented to us as having stolen their coins. Given the extreme unlikelihood of so many miners being host to the same keylogging virus, and given the complete lack of evidence that our own pools have been infiltrated by malicious agents, we have concluded that the issue could only have arisen from miners using identical login credentials with multiple pools. If this is the case, with a significant portion of our miners having been victims, we further conclude that only one with access to the database of a rather large pool could have been the thief. As such, we request that all miners who have been affected by this theft respond immediately with a full list of pools which they have recently used so that we may attempt to identify the malignant pool. We further request that all pool owners search their outgoing transactions for multiple usernames withdrawing to a few addresses.

We strongly urge everyone to use separate credentials on each and every pool he or she uses and to enable automatic payments.