Mysterious Hamster

A nostr:lnbc210n1p5jq4rnpp5jxgj3gjxshp7m3c9kwsvhyndwyuw7r36z3lwlxgfw0d7chgwzjfshp57e7jfj63xwg3exs4qlyqtaghrj3ef6gt40rndcl3d6z5cjl8kreqcqzpuxqrwzqsp5lpcj0kmwph938lu2xrcusn7rkkzdd90agk9v55sg84frt9ses6js9qxpqysgql7wazzs3gd7whaaerqrpvyzrl6vt4gpejp69j5utsr9j6623em7kfmdt8pwahly079pdtrf30tyx5u67j7ad0g6zdlhan2c4nyxys6cphfk0pe

lnbc1m1p50qe6csp5hvpjvgm5yd8k6637zhhhhfcmzz470qxwls7x5nhewtzltgj68lfspp5yaamv4h7llxyyahfslmpuq3cses9h77kj6a9e89j08gryl5qn5mqhp5uwcvgs5clswpfxhm7nyfjmaeysn6us0yvjdexn9yjkv3k7zjhp2sxq9z0rgqcqpnrzjqdq8jm79ttkfnk83gfjee4n7ryyqzq9f36s5azgk2ftcndt7q48txr0hdyqqdcgqqqqqqqlgqqqqzycqyg9qxpqysgq6ff05gewzuxk7m9kkhz6ztn0vjdfh7ec3p3l4v29vw3cxyvzwntxyhyc9tcpqdj6a3yec8tx9mf8da0eytwlpws3xzeemp0mtq6xj5sqh354tf

lnbc100n1p50qewssp52agzj04srg9veluuaz4tpq0wzkhrh48xk5phl22txr8p65z3t6fspp5tzcp3nfex7csjvsh45ysky9n0l2t07f288nurtexeenyu7staayqhp5uwcvgs5clswpfxhm7nyfjmaeysn6us0yvjdexn9yjkv3k7zjhp2sxq9z0rgqcqpnrzjqt9dfmzv3vxu93crtgvf37teerr3dx7l7a8qrttv57h2t8v9ck0gkrvumyqqh5cqqyqqqqqqqqqq8usqjq9qxpqysgq9dphna05k6vucgmv8r0n2zjvkj2x57vfnn2fqhc4wjqm0a8yy9kxq8vsjdrv3nzs97lrr4cjajslq0pr2d9j767g5wpxy6fhkx9tmtqq42yfq0

How this account got compromised: https://stacker.news/items/1242185

lnbc171580n1p5ddujssp5y060qyjrla8pmngrr85u9hryrsypeskwvn4r49d2zwrj9y5vj7nspp53896ncmz8vlvpfyn2rgfqu6kazmrcgpfvkygpytww4l0t85kqeqshp5uwcvgs5clswpfxhm7nyfjmaeysn6us0yvjdexn9yjkv3k7zjhp2sxq9z0rgqcqpnrzjqdqne4nrkxmz96ktnngat4nzx7sv0kf5uqmgfvqvvars7pac7fn9wr8fjvqq3csqqqqqqqqqqqqqycsqvs9qxpqysgqpr69gcr50sj8zpyhkahfypyt8zk5zj0q0e733vlu9t0gurtvrf5n8gd2s787czm9cxfwlq3uq9zh08ckhcy5rj7d2974nrtfply8zhsphfxsu0

aa

THIS ACCOUNT HAS BEEN COMPROMISED Please unfollow this account and follow our new account nostr:npub1w27mc4aa6m0ufe3xs5z3m6qyr52gc0rglept7vqlwx4xeaf72tasnqz70r

We're speaking at Learning Bitcoin 2025 this August – it’s a community focused Bitcoin education conference that really deserves your support! Use code COINOS for 20% off tickets: learningbitcoin.ca Direct purchase link: https://www.learningbitcoin.ca/event-details-registration/learning-bitcoin-2025 Direct purchase link (BTC): https://btcpay.learningbitcoin.ca

Vancouver Bitcoiners now ranked #2 GLOBALLY on the btcmap leaderboard! https://btcmap.org/communities/leaderboard

We're still investigating what happened here. It seems a handful of accounts may have been compromised and had their autowithdrawal settings tampered with, including our own "coinos@coinos.io" account. We ran a script to search for accounts that had the attacker's "speed.app" withdrawal address in place and found about 9 that seem to have been affected. There could be more though, we will update as we have more information. I worry that this may be the same attacker who exploited a password reset vulnerability back in January which allowed them to gain access to a number of accounts. It's possible that since that time they have been sitting on the account data and working to brute force the encrypted nostr private keys that we had on file for some accounts that had imported their nostr key into Coinos. Those keys were encrypted at rest in our database but it's possible they may have been cracked. We no longer store nostr private keys for accounts and have since added support for external signing apps and browser extension login, but there was a time when we were storing encrypted nsec private keys. Having a users nsec would allow an attacker to authenticate into Coinos by signing a nostr event and change the user settings. It also means your entire nostr profile and identity may be compromised. This is only a hypothesis at this point and we need to investigate further but we may end up recommending that affected users rotate their nostr keys. nostr:nevent1qvzqqqqqqypzpggzvz325tcf9kz79s9c9627430ccc82r8rgujycwxd43n92y037qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcqyrdx8njpnvvulfcsqqd7ud47uw6dnzl4a3fmsrafsp0rte9f29h5uxpgg73

Vancouver Bitcoiners is now ranked #2 globally on the leaderboard of BTCMAP! https://btcmap.org/communities/leaderboard

We've just enabled withdrawals for another 1000 accounts or so. We're still piecing together account balances and transaction history from our logs to recover the information that we lost last weekend. About 80 accounts remain that still have locked funds because we suspect we may be missing withdrawal records for them. Our priority is to get those sorted out ASAP. More than that number will be missing deposits but we'll be tackling those in due course. Missing deposits may be harder for us to confidently assign to the right users so we may end up asking for help with that but we'll update again when we have a clearer picture of what we can do with what we have.

SERVICE UPDATE: We have just re-enabled withdrawals for all user accounts that do not appear to have activity in our server logs during the time that we are missing data for (2am May 9 to 4pm May 10 UTC). About 1100 accounts are still unable to withdraw funds that were deposited before May 10 at 4pm UTC but should be able to withdraw any funds that were deposited after that time. We are continuing to work on shortening that list, correcting balances and missing payments, and restoring full access to everyone. Thank you for your continued patience and understanding!

SERVICE UPDATE (Copied from Telegram) At the moment I'm still trying to scan through a 2 TB disk image I took of the Coinos server to see if I can find remnants of any more recent but deleted backups that were created closer to the time that our database failure occurred. If I can locate some then I need to piece them together because they may just be partial fragments on the disk and parts of them may have been overwritten. If I can recover some data from them then I'll start using that to get people's balances. Failing that I will have to see if I can start cross referencing my web server logs. My application server logs would have been a lot more helpful but they were rotated away too unfortunately because they grew too large as the application was spamming a ton of error messages for a few hours while the DB was down. This morning I hatched a bit of a plan to try and enable partial withdrawals while I continue working on this data recovery. I'd like to allow people to withdraw any funds that they deposited after the incident occurred because I know those are legit. I just need to code that up so that I can maintain a separate balance for pre-incident and post-incident funds. I can't enable full withdrawals until I do a full accounting of all the activity that occurred in between my last backup and the db failure. Some people will be missing funds that they deposited but others will have extra funds that they withdrew already but are now showing back up in their balance because everyone's balances were rolled back by a day or two. I still don't have any solid ETA but probably at least another day or two before full withdrawals are back. Hopefully by tonight I'll have partial withdrawals for any funds that were deposited after about 10am PT yesterday.

SERVICE UPDATE: Coinos is back online but withdrawals are currently frozen due to a data loss incident. We lost our whole database sometime overnight and the latest available backup is about 24 hours old so we will need to piece together payment records and balance updates that occurred in the meantime from logs somehow. We're working on it. We also had an unplanned outage of about 4 hours yesterday due to issues arising from an Internet connection upgrade at our data center. It's not clear whether these two incidents are related. We don't suspect any foul play. Funds are safe and we will make sure everything is accounted for. Thank you for your patience as we work to restore service. Adam Soltys