PSA - (Redacted Poloniex) New Wallets from Coinbase in Suspected Bitcoin Replay Attack (Updated Tuesday 12th Sep)
Redacted Statement
Apologies are needed in my haste to report i had mistaken some key details,
The active side in this is Coinbase
The passive sides are Huobi Bittrex Polo
Im told by @collapzcursed Twitter that Coinbase is where the transactions came from and are going to Bittrex Huobi Poloniex.
Here is what Coinbase said on the matter via : collapzcursed
Sorry again if my incorrect information inconvenience anyone.
I have struck out the incorrect information and removed some screens/images from this post.
There has been a recent replay attack occurring with Poloniex and Coinbase,
It is advised to move coins from Poloniex and Coinbase as soon as possible.
A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution.
Another way of describing such an attack is: "an attack on a security protocol using replay of messages from a different context into the intended (or original and expected) context, thereby fooling the honest participant(s) into thinking they have successfully completed the protocol run.
What is a Bitcoin Replay Attack: The Merkle
Tx ids Showing some transactions relating to.
A TXID (Transaction ID) is basically an identification number for a bitcoin transaction.
4.44110abfd91e9276bbb43ca7fe5edc4c1ab494caeeee17e3585737a915359a27
5.c8c7eef7ad324a5938d3b2d2f1f16dfc8ecfdbed2379808bc2e6f779cbdf92aa
6.d7f879377e71e6fb7e0565ab8f303ac6417d005d3142ed279fa5649efa901132
7.77a9d5b61bc4e5b965b4ce99ee43e11f5a1c428ac6786a6117d4de0f725d984b
What this means for funds on poloniex
Someone managed to use an exploit on Poloniex's ability with broadcasting of Bitcoin transactions to new wallets from Coinbase generating multiples of the same stealing funds.
The transactions originated from Coinbase wallets.
At this time is unknown how much was taken or how many users were effected.
It is advised to move funds to another wallet or exchange.
its always safest to use your own personal wallet and to keep your private keys safe and backed up.
If you are using an exchange to trade i would suggest:
I would also like to warn against depositing to Kraken at this time due to withdrawals being delayed and support is under heavy backlog.
Update
It seems both Coinbase and Poloniex could be comprised,
with funds coming out of multiple wallets Poloniex to a wallet owned by Hacker group The Shadow Brokers,
This is a hot wallet used by Poloniex for unspent transactions
12cgpFdJViXbwHbhrA3TuW1EGnL25Zqc3P
Also it seems Coinbase stopped responding to support emails.
Mention of coinbase stopping accepting emails on support
Discovery of Hacker wallet.
The offending users wallet 12cgpFdJViXbwHbhrA3TuW1EGnL25Zqc3P
This wallet belongs to the Shadow Broker Hacker Group
Is a Hot Wallet owned by Poloniex for unspent transactions.
There isn't any confirmation from either Coinbase or Poloniex on the matter at this time will update post as soon as more information is available.
Any idea how much poloniex lost?
no idea,
There hasn't been any statement from Poloniex or Coinbase yet and withdrawals are continuing so far.
is around 214 BTC lost from the TX id's shown.
................. wtffff that's not a small amount almost a million, sooo can't people just use other crypto's that's so stupid, just withdraw ltc, eth, any of the eth derivatives. .....
i didnt say it was small or big just the amount i can see from tx ids,
yes you can withdraw others i was suggesting to move from the exchange altogether,
because i think once this is fully realized withdrawal of many coins will be "temporarily" disabled
what does coinbase have to do with poloniex? i dont quite understand yet
They have no connection,
its specifically concerning the configurations of the fresh Coinbase wallets and an exploit on the Poloniex side that one user managed to use to withdraw the same transaction multiple times
yeah re-read it after coffee, i get it now ;)
good post!
thanks but was my bad hadn't formatted properly with line breaks or explained in full,
it has been amended :)
oh so it's fine just polo getting trashed :( at least it's not getting users to loose everything.
what do you mean getting trashed?
This was first based on tweet from crypotcobain on twitter, you can review txids for the suspicious enmass transactions ending in a wallet belonging to the Shadow Brokers hacker group.
Argh: Very bad news. Hurts the whole cryptocurrency scene. Because mainstream will state: "See - it's no good/secure/etc. Let's stay with FIAT."
I dont think will be of too much effect on the perception of the network or the faith in Bitcoin as the problem has been identified and future development would factor the possibility of this happening again,
bolstering security in the network/wallets/exchanges with protocols etc. that would reduce or prevent future recurrence.
In terms of mainstream, most see dollars signs and without knowing about blockchain wouldn't be here or there on whatever risk a possible flaw could have big or small.
Maybe you are right… Mainstream does not read those news or: Remember them long enough to make them think about blockchain in detail.
Wow. I heard via SteemPh Discord. Thanks for the explanation. Sounds scary!
Thanks @isacoin . I'm a little worried having much on polo !
This post received a 20% vote by @minnowsupport courtesy of @kingscrown from the Minnow Support Project ( @minnowsupport ). Join us in Discord.
Upvoting this comment will help support @minnowsupport.
thank you @kingscrown and @minnowsupport
less liquidity on poloniex leads to locally falling prices which makes arbitrage trading interesting...
I only claim
why would you suggest moving coins to Poloniex with this ongoing for any reason?
I'm sure they're will be many discounts and premiums on coins to attract users,
But at the cost of security is it worth the small gains.
Ah, sorry. I didn't want to. I was just saying that this also could be fake news since i haven't found official statements from poloniex. Same as happening with China at the moment...
CRYPTO CO฿AIN tweeted @ 08 Sep 2017 - 09:58 UTC
ᶰ tweeted @ 08 Sep 2017 - 09:50 UTC
Disclaimer: I am just a bot trying to be helpful.
great content! and thanks again for following!