Another day, another hack. This time the victim was the Bitcoin mining service Cloudminr.io, which collapsed following the digital attack.
Following the reported hack, Bitcoins were lost and personal user information was up for sale amidst accusations of fraud.
Last week, the first clients to visit Cloudminr.io’s site after the attack found a very strange scenario. The platform’s homepage had been altered and was advertising the sale of a list of passwords, email addresses and usernames belonging to 79,267 users of the cloud-based Bitcoin mining service. The hackers were simply asking for one BTC in exchange for all this private information.
Part of the list – 1,000 entries – had already been published on the site’s homepage as proof that the alleged hackers meant business. The service’s digital page is now offline.
According to Reddit user ‘peque2’, the entries published on the site’s front page are real. “The database is real. I Just tested many passwords and I got access to many Bitcoin Talk accounts, email addresses, Twitters…. I have sent and urgent email to the people in that list to change their password ASAP,” the user wrote on Bitcoin’s sub-Reddit.
Another Reddit user, ‘busterroni’, announced: “I just wrote a Python script that emailed all 1,000 people” warning them about the hack. “If anyone else knows any other emails that were compromised, I’ll send you the script to run it yourself, or you can send me the list and I’ll run it,” the user added.
Cloudminr, which is allegedly based in Norway according to its owners, started offering mining contracts in November of 2014 and had previously been accused of being a mining-related Ponzi scheme due to its operational secrecy.
The service first claimed it had been attacked by hackers on 6th July. A message published on the forum Bitcoin Talk explained a hack had taken place, adding that payouts were suspended because of concern over the legitimacy of the database’s payment addresses.
“What we can tell now is that we have been hacked, and the hackers were able to access our source code and database, as well as editing it. Right now we cannot be sure that the payout addresses are the correct ones, as well as emails and other data. We do have backups but we need to know when exactly when the hackers gained access to our server.”
“Part of the Bitcoins went to hackers addresses instead of our own payment addresses. Currently we are looking for any logs related to the hack and estimating the losses. We need to create a new website from scratch on new servers as hackers usually leave backdoors for later access. Stay tuned,” a company representative identified as Adrian wrote on the thread.
As expected, the announcement generated extreme backlash against Cloudminr.io. Several Bitcoiners accused the company of operating a Ponzi scheme and scamming thousands of Bitcoin miners and cryptocurrency users.
The thread hasn’t been updated since 6th July and the service’s clients are now understandably losing hope. Without any further news from the service’s team, all users of Cloudminr.io are recommended to change all their passwords.