Recent hacking by doris-payne

[MarsResident]

Everyone read this

This is the biggest Compumatrix thread on the Internet with the most information, so I am going to put this here.

Ok, so it seems like every year Compumatrix is just Trick-Or-Treating their members for Halloween, and saying "Maybe you'll get a treat... Oops, nope, it was another Trick... But Christmas, just wait... Just a little longer" then before you know it is is October again and it is another Trick.


If you are a Compumatrix user, and want to be part of something created a by a Compumatrix user who is tired of Henry James and his bullshit (like many are, I know many, many people have left Compumatrix over the years, and there are people who told me I was stupid for thinking it was going to work this year after last year).

And I actually still trusted them. Until today. I made my own currency, and suggested to everyone that when my coin gains value, I can use my coin to raise the price of Compuceeds for everyone, and Gail was acting like I was an enemy because I made a coin.

So if anyone is looking to leave Compumatrix for something better, somethin that is actually going to work, because it has real currencies involved, not just Bitshares Assets (we will also make Bitshares assets, and Ethereum Tokens, and are looking at making our own version of the Graphene Blockchain, which is what makes Bitshares and Steemit work), then Join Temple Coin

Here is the Temple Coin ICO
https://bitsharestalk.org/index.php?topic=25621.0

Temple Coin Town
https://bitcointalk.org/index.php?topic=2681032.0

[btswildpig]

it's better to view every single web wallet provider as centralized wallet instead of 100% pure decentralized secure wallet .

Light wallet is the least safe bet for significant funds while web wallet is for small funds .

[Stan]

This whole episode has been very educational.

Hopefully others can learn from it.

[Dochas]

thank you ....we did that....I'm ready to move forward out of this....lol

[abit]

This didn't happen till the new update came out with the ability to use password and username to get into accounts...I'm not a programmer but this is obviously connected (in my mind anyway) as we had NO problems like this since the time we joined over a year ago....I'm not debating and I still love the Bitshares DAX.  I prefer this site over others I have been on hands down.

pc we DID see that transaction while investigating, hence, we began to figure out what happened. the hacker DID obviously exploit the permissions of compumatrix1.  and as I said, setting permissions was done to help protect the members from the beginning and turned out to be not a good idea..hindsight again proves to be clearer than foresight....they have all been removed now. A lesson well learned BUT blaming and insinuating compumatrix1 to be a "scammer or a thief" is not fair.

I think we can agree we want this ecosystem to grow and prosper...THAT is good for all of us. and it would be great if we could all be supportive of each other .....

It appears the issue has been fixed and for that we are very grateful...we are ready to move on and put this behind us...

I feel you.

To prevent future damage, please change password/active key of compumatrix1 from a secure wallet as soon as possible (may perhaps cause some function disabled on your website, so best make an announcement), then check your logs and audit your website to find out the hole.

[tehdos]

I am trying to wrap my head around compumatrix moving funds for users. Having the OPTION for Installing permissioned keys to wallets isn't a bad idea for a solid exchange with identity verifications and appropriate security, but if this is a shady application of that service we should aim to reduce these instances.

[Dochas]

you statement is hollow and ignorant....but carry on thinking that way....just intensifies our resolve to prove you wrong.....

[nmywn]

The only things exploited here is Compumatrix's users minds. It's a scam.

[Dochas]

This didn't happen till the new update came out with the ability to use password and username to get into accounts...I'm not a programmer but this is obviously connected (in my mind anyway) as we had NO problems like this since the time we joined over a year ago....I'm not debating and I still love the Bitshares DAX.  I prefer this site over others I have been on hands down.

pc we DID see that transaction while investigating, hence, we began to figure out what happened. the hacker DID obviously exploit the permissions of compumatrix1.  and as I said, setting permissions was done to help protect the members from the beginning and turned out to be not a good idea..hindsight again proves to be clearer than foresight....they have all been removed now. A lesson well learned BUT blaming and insinuating compumatrix1 to be a "scammer or a thief" is not fair.

I think we can agree we want this ecosystem to grow and prosper...THAT is good for all of us. and it would be great if we could all be supportive of each other .....

It appears the issue has been fixed and for that we are very grateful...we are ready to move on and put this behind us...

[btswildpig]

so for these  reasons, web wallet is  not 100%  secure unless u fully trust the web wallet provider.

the better bet is lightwallet .

we could never know if the web wallet provider turned bad because websites are not open sourced

[pc]

I HOPE there is as much time and energy spent on fixing the obvious fault in the system as there is pointing fingers!!  [/size]

Please stop shouting.

And please explain what the "obvious fault in the system is".

Like alt said,

for the transaction at block 15973155
http://cryptofresh.com/b/15973155
lil-bi.t-of-techs-us sent 80,238 BTCPLUS to doris-payne
the signature is "1f4393f0ca49098a42cdd046bfd213081e005c83f290046d267f19740dc0956d8c40670c299d6488c5421c0605386e8804b79498159bfa826599cd4c05b05d2a17"
it's signed by key "BTS5VRaCZGCVQrPWsFAutV5fDVu8cGePg2cRowvHNdGQywhaQTyM5" which belong to compumatrix1
and you all set account compumatrix1 as your active auth account.

Cryptography doesn't lie. The transaction was authorized by someone with access to compumatrix1's private key. So either it was them, or someone stole their keys. In either case I don't see how this is a "fault in the system".

[fav]

to sum up :

register via a bad guy's website can lead to money being stolen.

but what about importing ur existing secure wallet bin file to a bad guy's website? Can it be stolen as well ?

sure, why not? they could just change the way how you import your account and catch everything.

[btswildpig]

to sum up :

register via a bad guy's website can lead to money being stolen.

but what about importing ur existing secure wallet bin file to a bad guy's website? Can it be stolen as well ?

[fav]

Compumatrix1 KNEW way ahead of time  that  there were very un-savvy members who would no doubt LOSE their bin files and their passwords and therefore LOSE their assets. He had them add the permissions so that he would have a way of sending the lost assets to a new account they set up, which of course HAPPENED MANY times and he INDEED sent their assets to the NEW account they made. ....they would have just LOST them if it weren't for him doing that to protect them from themselves....Henry is NO thief and anyone with half a brain would know that!!  THIS hacker, doris-payne, found a crack in the system VIA those permissions and took advantage of it.  That is IT in a nutshell.

HOW would he know this would happen??  can you look up a cow's ass and guess the price of butter in China???  if you can you need to get yourself a new career wearing a turban!!

IT is just pitiful the accusations that some are throwing in here...and it's damn sad that our group has never been made to feel welcome or wanted from the beginning here...

I HOPE there is as much time and energy spent on fixing the obvious fault in the system as there is pointing fingers!! 

Prevention is better than cure. Should've educated your user base on passwords instead of baby sit them. This is entirely based on incompetency

[Dochas]

I want to thank you xeroc for your help in resolving this .... many kudos to you for that. Hopefully we can all turn this to a positive and grow from it...

it is a darn shame there are thieves who would rather use their talents to steal from others instead of making a contribution in creating a better world for everyone...but that is life I suppose.

Our members who lost won't be forgotten...