A few days ago we found a security exploit that was uploaded into one of our testing environments through a trusted 3rd party provider. This 3rd party has verified the exploit on their end and after looking into the log records we know exactly what happened.
Luckily, our system is set up to lock itself down in case of a threat or unusual activity and this attempt was shut down very quickly (within 15 min). However, due to the access attained we are not taking any chances with member accounts so everyone will need reset their passwords and 2-factor authentications (Google Auth).
Steps to Restore Your Account…
Step 1: Change Password. You must log in with your existing account information and request your passcode via email. Follow the steps in the email and beware of fake emails or phishing attempts. The only thing you will receive in this email is your code, NO URL’s so if you receive something telling you to click on a link DO NOT click it.
*If you do receive any suspicious emails please forward them to us – firstname.lastname@example.org
Step 2: Reset your 2-factor security with Google Authenticator. Having 2 factor will save you! If a hacker gains access to your account but you have google authenticator enabled there is NOTHING they can do to steal your bitcoin so please take the time to set this up and protect yourself. If you already set up a Google Auth previously you will need to set up a new one!
All Pending Withdrawals Cancelled…
We have canceled all pending withdrawals for all cryptos. If you had a pending withdrawal that was not paid then your coins have been placed back into your wallet. You can now request withdrawals and we recommend changing your withdrawal address or at least verify that its correct before doing a withdrawal.
While the site was offline we took the opportunity to update our system with new protocols and a new payment scripts on the admin side that will allow helping us process your withdrawal requests a lot faster. This upgrade was scheduled for January but we pushed it online early with this downtime.
All Support Tickets Closed and Deleted
We had to do this for two reasons…
First, many tickets may contain sensitive information about your account, personal details, or whatever else. One of the first records in our logs, when this exploit happened, was into our ticketing system. We don’t want to take any chances on requests from accounts until that may have been compromised.
Second, we have a brand new ticketing system! This system was going to run in parallel to our old system but with this downtime, it provided perfect opportunity to switch everything over and start fresh with all new tickets. You will notice a simplified process when contacting support and from the backend, we will be able to provide support in English, Korean, and Japanese.
Coming soon… We are going to be adding a LIVE support chat feature that is fully interactive to help you solve issues automatically before connecting you to a live person via text/chat. This upgrade will be rolled out to the top ranks first and the plan is to make it live to everyone February 1st
With our new revamped platform you will begin to see a lot of new support features launching in 2018 and we are excited to get there!