Update: How the hacker hacked BitcoinicaI don't think this should be a secret, so I would just share my version of the story.
- I received several emails regarding password reset and finding out the username for our Rackspace account.
- I initially thought it was Patrick, because he did a password reset a few days ago, but I became suspicious when I realized that someone forgets the username of the account! (So it must not be Bitcoinica team member.)
- I immediately set the password back, and log in to the account. I SSH'd into the Bitcoin wallet server and found that everything is gone.
- This thread was posted and I tried to contact Rackspace the lock down the account.
- They suspended all servers, so that the hacker couldn't log in. However, despite two password changes and server suspension, the hacker is still in the session. I asked Rackspace to terminate his session but it seems that they don't know how to do it.
- The hacker recreated the server using our database backup, and possibly got the database successfully.
- Later we found out that Patrick's email server was compromised, and since he is in our mailing list, all emails sent to
info@bitcoinica.com were delivered to his compromised email account.
- We are now working on a settlement plan. Patrick is in charge of the claim page.
If anything of the following happened this would be prevented:
- Patrick's email was not added to the mailing list, and he used Bitcoinica email instead.
- Rackspace should just terminate the sessions then at least the database would be safe.
- We should not use the official Bitcoin client because it's very hard to secure it without large investments and affecting instant withdrawals in large amounts.
I hope this insight can help some of you understand our situation right now.