Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Announcements
Re: ♻️ CRYPTOMIXER.IO — FAST, SECURE and RELIABLE BITCOIN MIXER (Since 2016) ⭐⭐⭐⭐⭐
by
CryptoMixer.io
on 16/04/2021, 21:16:01 UTC
Quote from: CryptoMixer.io on March 18, 2021, 09:22:54 PM
RESOLUTION

First of all, we are confident that:
1) our servers were not compromised;
2) the operations of our customers did not fall into third hands.

At the moment we managed to repeat the experience of users who reported the problem with the fake signing address on our clearnet website, and eliminated this attack about 18 hours ago.

What have happened?

An attackers managed to access HTTP-traffic on one of the infrastructure nodes of upstream providers. Thus, they deceived the verification system of the global Certification Authority (CA) lettercrypt.org and issued a fake Domain Validation (DV) certificate, and were able to send HTTPS-traffic to their servers.

What does it mean?

This means that users who received letters signed by the wrong address has sent their money to attackers and will unlikely receive them back. Those users who received letters signed by the correct address may not worry - the data exchange was secured directly between them and our servers. Also, this incident did not touch on those who used our onion-mirror.

What do we plan to do?

We are very concerned how carefully and gracefully the phishing attack was performed. Unfortunately, this is possible in an open internet and this proves how much existing technologies of open internet are vulnerable. Therefore:
1) We will implement a set of measures to reduce the risks of such incidents with our clearnet website;
2) We will insistently recommend to use the onion website and check the signature, including creating economic incentives for this;
3) We will introduce the status-page on third-party reliable public  provider to provide the up-to-date status of the website.

What will happen to victims of this incident?

We value our customers and their trust very high and do not want to leave them as victims in this situation. During the coming days, we will continue to collect the information on users affected by this incident - when, we will see a complete picture and the amount of damage we will offer them an option to compensate the lost funds. If you haven't contacted me or support@cryptomixer.io yet, get in touch and provide the LOG on your operation.

OFFICIAL UPDATE

Further update on this issue.

Currently, we have compensated everyone who provided verifiable proof of a transaction. This process was complicated by the fact that different people applied for refunds with the same Letters of Guarantee, some of then were falsified, while others did not have letters - in all such cases, we had to make compensation only to the original source of the transaction. With customers whose amounts was significant, we have agreed to make compensation payout in parts during 2 months, but they will get their entire refund shortly. Kindly note, this payments are not a refund of the funds that we have received - but our voluntary compensation to the victims of this incident, so we ask you to understand the precautions that we apply with understanding.