Kicked In The Balls, But Back On Our Feet

Written by glasshunt | Published 2016/09/29
Tech Story Tags: security | bitcoin | ethereum | double-spend | glasshunt

TLDRvia the TL;DR App

At 2a.m. Korea time, GlassHunt.co’s Double Spend Tool was savagely penetrated on its back-end via a SQL hacker who broke into our database and confiscated nearly $5,000 in bitcoin from active users in the process of their double spend activities on our site. Sorry about that. We publish hackable contracts for Ethereum hackers on our Challenges site, but this one, unlike those, was not anticipated by us.

At Glass Hunt, we celebrate hackers. So through all the hate mail, the threats, the cries for help, and money we personally lost due to our inability to collect commissions and maintain trust, we say…. we salute you, unknown hacker (You could have at least left us a message… because we are recruiting).

As should be the case when anyone gets hacked, small or large, we would like to issue a few statements.

  1. The hacker can’t use the same exploit anymore. In short, he/she/it cracked one of our read-only SQL account passwords, and we have since reset them to uber-super-super-amazingly strong passphrases that we personally could never remember.
  2. We have added super-duper encryption of private keys, so that even if the hacker returns into the database, the information will be of very little use.
  3. We have beefed up our firewalls to ensure that any suspicious activity will be blocked, locked and shut the F* down.
  4. As an additional measure, we have added SSL encryption to our site, so that if anyone (including your favorite VPN provider) is snooping on your network connection… well, that activity will now be meaningless.

Takeaways:

  1. Everything is safe now and you can double spend on our site securely.
  2. No, we will not return any lost funds to users. Again, we are hackers ourselves, and we have a belief set that would be completely compromised if we returned funds to people double spending… Essentially, you use our tool at your own peril.
  3. We will do the best we can to ensure this doesn’t happen again
  4. Almost all accounts (new and old) were drained. Sorry, older account users who left or lost funds in an account.

We wish for the hack to remain with everyone involved with us. We are truly happy we got kicked in the balls. Because though that kick hurt us and many others, the only way to be hack-proof is to get hacked. We welcome future attempts. We know it’s the only way to become stronger.

And beware, we are on high alert. And we take no prisoners; that is, unless you would like to join the ranks.

May the hack be with you.

Hacker Noon is how hackers start their afternoons. We’re a part of the @AMIfamily. We are now accepting submissions and happy to discuss advertising &sponsorship opportunities.

To learn more, read our about page, like/message us on Facebook, or simply, tweet/DM @HackerNoon.

If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!

Published by HackerNoon on 2016/09/29
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy