Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: Digitalcoin Dev ROBBED!
by
samson
on 13/04/2014, 11:11:06 UTC
Quote from: memecoin on April 13, 2014, 01:26:48 AM
Quote from: samson on April 13, 2014, 01:01:56 AM
Quote from: memecoin on April 13, 2014, 12:53:59 AM
Quote from: rumlazy on April 13, 2014, 12:43:44 AM
Quote from: memecoin on April 13, 2014, 12:38:03 AM
Baritus has claimed that CryptoAve was attacked with the Heartbleed vulnerability roughly one month prior to the vulnerability being uncovered and made public. If an individual had knowledge of this flaw before the the entire world, why would that individual choose to attack CryptoAve of all places? Why not go after a much larger website? Why not sell the knowledge of this vulnerability to the highest bidder?

This does not make any rational sense.

Sources:
http://digitalcoin.co/forums/index.php/topic,951.0.html
http://heartbleed.com/
http://digitalcoin.co/forums/index.php/topic,1010.0.html

The heartbleed bug existed in the wild for months before it was made public.


It has been in the code for roughly two years. The point to all of this is why CryptoAve? If one has knowledge of this flaw, why would one attack a brand new exchange with few users and no potential to profit for doing so?

If you look back to the first weeks of March there were a lot of different sites being hacked every other day.

Gox had gone and I suspect they were coming for the leftovers.

I've posted the basic facts. I see that CloudFlare claims to have been notified prior to 03 April, but the facts I provided are not incorrect according to the sources. It is entirely possible, and probable, that individuals knew of Heartbleed before these recent weeks. I know that you are a supporter of Digitalcoin and will defend it in all instances, but you cannot deny that it seems odd CryptoAve would have been attacked with this flaw. The volume on the exchange was minimal, and the deposit amount was no doubt minimal as well.

To me, the order of events seems suspicious and convenient. If someone can prove to me otherwise, I will concede. I hope for your sake and the sake of others that Baritus is more than confident with the security of CryptoAve when it launches again. BCX will be relentless.

BCX may well be relentless. Anyone attacking an exchange will be reported to the relevant authorities.

Having made lots of public threats in this forum really won't help anyone apart from the federal police should anyone manage to hack this site once it's relaunched.