Cryptsy was hacked

source: Bitbargain.com

2016. Jan. 15. 11:17

Cryptsy was hacked

As it turns out, the people who were called ‘trolls’ and accused of spreading FUD (myself included) were correct in the assumption that Cryptsy may have been insolvent or suffered a hack that lead to withdrawal processing problems.

http://blog.cryptsy.com/post/137323646202/announcement

We learn from this blog entry that:

- Cryptsy were running altcoins under the same account as Bitcoin. Either that, or they had an old kernel and lack of protections in place to prevent a root exploit.

- Much like Mt.Gox, Cryptsy do not know what a safe/cold wallet means. They claim that a hot wallet compromise (which should have been confined to the type of coin, not other coins on the same server) somehow lead to the attackers being able to steal 13k BTC and 300k LTC from the cold wallets. Clearly there is a missing piece in the story.

- The hack happened over 1.5 years ago.

- Even though Cryptsy had known about the hack for long, they didn’t report it to police because they just “didn’t know what happened” (other than you know, someone stealing a lot of money from them, which is clearly too little information, so they figured continuing business as usual was the right call).

- Cryptsy continuously kept this information hidden on purpose. They accepted deposits from users and deliberately didn’t post any warnings on the front page about possible withdrawal problems.

- CoinFire is blamed for posting an article about the withdrawal problems and the suspicious communication (or lack of it). Apparently the bank run is their fault.

- They have finally realized that they can no longer keep up the charade, so now they turned to the general public to *now* ask them what to do (file bankruptcy, get someone to buy the company, or wait for the hacker to feel bad about taking all those coins and return it).