Input.io “Wallet” Hack: Difference between revisions

Latest revision as of 13:57, 28 December 2023

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Input.io Homepage/Logo

Inputs.io operated a centralized wallet service. The service suffered attacks on October 23rd and then again the next day on October 24th, although this was later reported by Tradefortress as having occurred on October 26th. This breach apparently started from an attacker breaking into the Linode admin account through resetting old email addresses. Despite resetting the access credentials, the attackers managed to get back in the next day and at that point initiated a 4,000 BTC transaction from the hot wallet. The attack was not reported for over a week, during which time users continued to deposit more funds into the service. The site was eventually brought offline on November 7th. TradeFortress actually has made a continual effort to reach out and repay victims since the event.

This exchange or platform is based in Australia, or the incident targeted people primarily in Australia.^[1]^[2]^[3]^[4]^[5]^[6]^[7]^[8]^[9]^[10]^[11]^[12]^[13]^[14]^[15]^[16]^[17]^[18]^[19]^[20]^[21]^[22]^[23]^[24]^[25]^[26]^[27]^[28]^[29]^[30]^[31]^[32]

About Input.io

"In Early 2013 Inputs.io was launched; a free online Bitcoin wallet and anonymous Bitcoin transfer network: featuring instant off chain Bitcoin transfers and embedded automatic untraceable 'mixing' of all Bitcoin transactions. Featuring truly instant, anonymous and highly secure Bitcoin transactions, the inputs.io platform brings a plethora of key innovations to the table, setting a new benchmark for online Bitcoin wallet services. Anyone worldwide can open an inputs.io online wallet in 30 seconds or less."

"TradeFortress created a free online bitcoin wallet (Inputs.io)." "Inputs.io was a free Bitcoin web wallet that leveraged its own off chain payment network. Inputs implemented numerous security measures, and featured instant, fee-less offchain confirmations with an easy to implement developer API." "Inputs.io is a new bitcoin payment processor leveraging an offchain payment network."

"Send bitcoins instantly to an email address - no waiting for confirmations, no fees and no double spending." "Inputs.io Enables Anyone To Send Bitcoin Instantly And Securely" "It's easy and free. We made Bitcoin easy while powerful. Get your secure wallet in 30 seconds. Bitcoin transactions take a hour to confirm. Inputs.io makes it instant with no fees. The most secure wallet ever created. Automatic free mixing for your privacy." "Bitcoin made easy - shave 8 GB of the blockchain off your hard drive, and make a wallet in 30 seconds. Works everywhere - your desktop to mobile." "Off chain transactions are also easier to use. The average user does not want to remember addresses - they want to use Bitcoin like PayPal instead of seeing a "Waiting for 0/6 confirmations"... Zzz."

"No fee for Inputs.io to Inputs.io transactions. If we pay no fee for blockchain transactions.. well, your transactions aren't going to confirm fast (or at all, if it doesn't meet priority requirements)." "Sending Bitco[i]n directly to another inputs.io account via the recipients email address has a number of advantages unique to the service. There are no fees; as the transaction does not go through the Bitcoin blockchain it is not subject to a 0.0005 BTC fee. As these transactions are off the blockchain there is absolutely zero risk of double spending attacks. Bitcoin transfers sent to an email address are also 100% anonymous: processed internally without utilizing the public Bitcoin blockchain. Transactions sent to email addresses are also truly instantaneous and confirm instantly. Currently the Bitcoin network can only handle 7 transactions a second, while inputs.io's system can scale up to theoretically handle an infinite number of transactions per second: enabling the platform to transcend one of the core limitations of Bitcoin itself in its present form."

"Connectivity - push your TX out to the network with more connected nodes, get exchange rates, email notifications of transactions." "If you're using Chrome or another browser that supports desktop notifications, you'll see a new option to enable it under Transactions. You'll receive a notification when you make or receive a transaction, even if you're in another window. No downloads or browser extensions are needed."

"Automatic free mixing - don't use a wallet service that destroys your anonymity (change address reuse) and sells your privacy back to you for 0.5%." "As inputs.io mixes your wallet for you automatically, none of the sending addresses of your transactions actually belong to you for privacy." "3-4 digits of BTC volume per day. There's pretty high variance however."

"I developed Inputs because I was tired of waiting an undetermined amount of time for transactions to go through, especially when I am trading on multiple exchanges. The issue with confirmations is that you don't know how long it will be for a block to be produced - there sometimes are streaks of a hour without a single block." "It's instant, there is no privacy issue with this as you're not sending to one address to have it sent to another - your balance is deducted 'off the chain' and an unrelated transaction is sent to the destination address." "You can generate signed payment receipts to prove that you did send a transaction however if you want, for example for a group by."

"Unlike some shared wallet service, we don't freeze/lock/'chargeback' bitcoins because of claims of scamming. Bitcoins sent are irreversible. Unlike some hybrid wallet service, we don't disclose personal information because of claims of scamming either, unless we're authorized to do so under the privacy policy." "Inputs is privacy focused, which rules us out from touching fiat (at least directly). I will just say: it is an absolutely horrible idea to use a wallet for transactions tied to your identity for Bitcoin. Let's not think of Bitcoin as another funding method, but why Bitcoin was created."

"Easy to integrate API - set dead simple callbacks, send with one URL call." "The reception of our beta to those who know Bitcoin but are not power users who browse this forum have being universally positive - Bitcoin will never succeed if people need to sync 200 weeks of prior transactions, have all their 100% payments public , and worry about keeping their private key safe in case of a natural disaster. We're here to fill this need."

"Security security security - PIN keypad, location based authentication, session & useragent tracking and view, configurable limits, anti phishing bar." "Passwords hashed with SHA256 before sent to the server - we never know your password. Passwords bcrypted on the server with user unique salt. SSL encryption to protect against MITM attacks. Randomized PIN pad protects against nearly all keyloggers. Location based authorization - email confirmation required when signing in from new geographical location. Optional two factor auth protects against malware and remote compromise. Configurable account sending limits on a rolling 48 hour window. XSS (Cross site scripting) hardened. Automatic account locking after a number of attempts to thwart brute force attacks. IP based login rate throttling. Anti phishing bar - makes it harder for phishing sites to be effective. Session tied to IP address & useragent, and is regenerated upon login - preventing session fixation attacks. Protected against SQL injections by escaping all possible user input. CSRF countered by requiring a token for requests. Recovering password and PIN requires recovery key - no risk if your email is compromised. Cold storage system protects coins against server compromise. Automated and manual security auditing system. Web server (the one you are connected to now) communicates to hot pocket and main server securely. Zero bitcoins are kept on this server. Optional GPG auth requires decryption of a key in order to sign in. Tor detection - accounts that registered using Tor can use Tor, other accounts may not for security reasons." "We use bcrypt with a user unique salt. The server does not get plaintext passwords, because your browser does not send it." "Our site is secure against XSS attacks, as well as CSRF attacks." "We use Google's 2FA security model - you can disable 2FA without entering the code in case you lost your phone - this requires you to have a signed in session. Sessions are both IP and user agent locked."

"We're upgrading the security of Inputs.io to make it more resistant to attacks even if our web facing server was compromised. Inputs.io is not compromised at all, this is to make Inputs even more secure." "We have redundancy plans (aka 'dead man's switch'), both automated and manual. This isn't just for seizes / etc, the hot pocket will dump all coins in secure storage if it detects an intrusion." "As ironic as it may sound, not disclosing my identity publicly protects the safety of your coins against physical attacks of extortion. Many trusted members here, including Casascius and people who I have done business with knows my identity and address." "We have decoy accounts which are populated by "real" user data from our other databases. The hot pocket server automatically dumps all coins to cold storage if it sees a payment request from a decoy account. We have methods that makes it very hard for an attacker to determine if an account is decoy or not, even with root access to the linode machine and listening to traffic." "Your session is locked to your IP address and useragent. If someone has physical access to your machine, then you are screwed in every sense of the word - through the attacker must still figure out your PIN. The most malicious thing they could do without your PIN is delete your addressbook."

"Inputs.io was a Bitcoin Foundation Silver industry member." "DailyBitcoins.org now supports Inputs.io!" "We handle thousands of Bitcoins for CoinLenders which has never been hacked for months, a rarity in the Bitcoin world, and Inputs.io expands upon all the security measures." "Inputs.io processed more than 235,000 BTC during it's operation." "Inputs has transferred more than 235,790 BTC."

Homepage:^[33]

The Reality

Tradefortress operated from an apartment building in Hornsby, New South Wales^[34].

"Inputs.io isn't just me, although I do the majority of the work." The personality of TradeFortress for the general public remains unknown." In one telephone interview he said about his age: “I’m over 18 but not much over."

"No fractional reserve unless you move coins into CoinLenders. If there is any change to this policy, it will be announced in advance."

"All Bitcoin services require trust, and this includes services like Blockchain.info, Coinbase and others. For example, it is trivial for Blockchain.info to make you sign a transaction sending all the coins to them while hiding that on their own website / block explorer." "FYI, I worked on Blockchain.Info's chrome extension, and if I wanted to I could easily have stolen coins with a innocent line of code. It took months or years for bugs in mission critical open source cryptography software to be discovered (see: OpenSSL), and you are deluded if you think that other offerings are more secure. Our security has been independently audited by multiple pen testers - as well as experience with running large Bitcoin services." "I have also put in 570 BTC locked as collateral in Just-Dice, and you can check my trust rating for more assurances. If you want, you can use Inputs as an extended green address where your exposure your risks is in milliseconds." "What is the most valuable thing in the Bitcoin world is reputation - security and trustworthiness. CoinLenders handles XX,XXX BTC sums and we have never been hacked."

"TradeFortess was warned that it is not OK to use Linode hosting back in July [2013]. Migrating to a physical server could be trivial, but instead he decided to stay with Linode and ignored all warnings."

"I fully expect to be banned for this but I feel wrong not disclosing this information. theymos on behalf of Bitcoin Talk openly promoted Inputs.io through banner ads and Donations even after being warned by the community several times that Inputs.io was highly unsecure to top it off he also gave him Default Trust allowing TradeFortress to have a Green Positive Rating regardless of any negative ratings issued. To top it off other Moderators and Staff are to blame as they have a direct link to Banner Ads and revenue affiliated with Bitcoin Talk but because they had no choice whether or not theymos chose to have affiliation with TradeFortress I am not listing them as outright Scammers. Kluge on the other hand has yet to remove his Inputs.io signature and is still openly promoting TradeFortress and Inputs.io."

"Theoretically, we can spend everyone's coins, but that is true for other services too (even the client JS ones) and it makes very little business sense to do so. If you think I'm here to scam people, check out CoinLenders - our total deposits have been going down for a while (3500 BTC less from peak) due to competition, but I make money from the spread on lending and investments, not scamming."

"It seems you put a lot of thought into security measures. Still it seems the callback API is somehow lacking. The only proof that the callback is actually coming from your site is the IP-Address of the sender. There are possibilities to spoof the source IP of a TCP connection, especially in a case where the attacker has access to the subnet of the receiving system." "You should consider adding another security layer here. For example on bitcoinmonitor.net callback notifications I added a signature to the callback data which makes sure that the callback was created by the server and not someone else." "Thank you for your comments. We support adding secrets to your callback URL. Use SSL so others will not know your secret. It is not open to replay attacks as for record keeping purposes you should be recording all transactions including the TXID."

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Input.io “Wallet” Hack
Date	Event	Description
October 23rd, 2013 12:45:00 PM MDT	Main Event	Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
November 7th, 2013 5:48:33 PM MST	Inputs.io Homepage Captured	A capture is taken of the inputs.io homepage, which is still online after the breach^[33].
November 7th, 2013 7:53:19 PM MST	Sydney Morning Herald Article	The Sydney Morning Herald reports that an Australian Bitcoin bank, Tradefortress, reported a hacking incident resulting in the theft of over $1 million worth of Bitcoins held in its wallet service. The hack occurred on October 23 and 26, impacting thousands of customers, including one individual planning to use the Bitcoins to buy a house. Tradefortress, the operator, revealed the breach this week, stating that the stolen funds, 4100 Bitcoins, were stored on US servers. Despite offering a purportedly secure web wallet, the incident raises questions about the viability and security of Bitcoin. Tradefortress, who won't report the theft to law enforcement, intends to refund users using his personal Bitcoins, acknowledging potential trust issues in the Bitcoin community. The incident underscores concerns about the lack of regulation for online Bitcoin wallets and the importance of personal security measures^[30].
November 8th, 2013 7:24:00 AM MST	Yahoo Finance Article	A Yahoo Finance article^[34] reposted from Business Insider^[35] reports on the inputs.io theft. An 18-year-old Australian claims that $1 million in Bitcoin was stolen from the Bitcoin "bank" he operated, Tradefortress. The individual refrains from reporting the theft to the police, citing concerns that giving authorities access to investigate would grant them control over the funds. Bitcoin transactions are irreversible unless the recipient agrees to a refund. The alleged victim denies accusations of an inside job and asserts that the police lack more information than any regular user in the Bitcoin space. Tradefortress operated from an apartment building in Hornsby, New South Wales, with Bitcoin transactions being public and traceable through the Blockchain ledger. The incident highlights the challenges and complexities surrounding Bitcoin theft and the pseudonymous nature of transactions^[34].
December 2nd, 2013 7:03:20 PM MST	Inputs.io Homepage Warning Displayed	The inputs.io homepage displays a warning about the theft and insolvency of the inputs.io platform^[36].

Technical Details

"His Linode administrative account was first accessed by the hacker on Oct 23rd, from IP Address 101.0.79.18, at 11:57am UTC+10 from Australia." "He gained access to the account by compromising the email address "lailai625@hotmail.com" and requesting a password reset from the Linode server. The reset link was automatically forwarded from the administrative email "admin@glados.cc" to "lailai625@hotmail.com"."

"[T]he attacker rented an Australian server to proxy as close to my geographical location so it won't raise alarms with email recoveries." When CoinDesk approached Tradefortress for comment he informed us that "the attacker was able to compromise older email accounts which were easily reset as they didn't have phone numbers attached. Compromising one older email account led to the compromise of another, eventually allowing them to reset the password for the hosting account and obtaining shell access after bypassing two-factor authentication on the host's side." He continued: “We don’t use client-side encryption; that’s hardly foolproof and gives people a false sense of security".

"This wallet was hacked." "Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side."

"4000 bitcoins were stolen on October 24 of 2013, TradeFortress did not have any bitcoins stored in a cold wallet."

"Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side."

"The alleged hacking happened on both October 23 and 26, with the service's operator, known only as "Tradefortress", saying hackers stole all 4100 Bitcoins held by the wallet service, or $1.3 million at the time of writing. The Bitcoins were stored on servers in the US and it wasn't until this week that he decided to notify customers."

"Why did this change from a few days ago, when people were complaining about a too-small "hot pocket"? The hack occurred on 2013-10-26."

"TradeFortress reset his Linode Manager password and logged into it by 8:25pm UTC+10."

"Inputs.io says that although the hack took place on October 23rd, even depositors who made deposits after that date are not safe, as other users were able to make withdrawals from the shared wallet."

"Since Boelens have decided to only selectively pick responses, after the 4K btc compromise I cloned the disk image as soon as I could (after disbelieving and in horrendous shock), investigated the scope of the breach, regenerated all credentials, and have been exploring any options that allows Inputs users to not lose any money."

"Database access was also obtained, however passwords are securely stored and are hashed on the client. Bitcoin backend code were transferred to 10;15Hd@mastersearching.com:mercedes49@69.85.88.31 (most likely another compromised server)."

Total Amount Lost

"Inputs.io says that although the hack took place on October 23rd, even depositors who made deposits after that date are not safe, as other users were able to make withdrawals from the shared wallet."

The total amount lost has been estimated at $1,267,000 USD.

Breach of Client Data

"Database access was also obtained, however passwords are securely stored and are hashed on the client. Bitcoin backend code were transferred to 10;15Hd@mastersearching.com:mercedes49@69.85.88.31 (most likely another compromised server)."

Immediate Reactions

"Tradefortress did not shut down the site, he did not move any of the coins to a cold wallet, he did not report the theft to local authorities, he did not notify any depositors, and he did not stop any new users from depositing to his site."

Announcement on Inputs.io Website

At some point in December 2013, the inputs.io website was changed to display a PGP-signed announcement on the situation^[36].

Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side.
Database access was also obtained, however passwords are securely stored and are hashed on the client. Bitcoin backend code were transferred to 10;15Hd@mastersearching.com:mercedes49@69.85.88.31 (most likely another compromised server).
What about my coins there? If you stored more than 1 BTC, send an email to support@inputs.io with a Bitcoin address (preferably, an offline, open source light/SPV wallet like Multibit or Electrum). Use the same email you're using on Inputs. Please don't store Bitcoins on an internet connected device, regardless of it is your own or a service's.
I know this doesn't mean much, but I'm sorry, and saying that I'm very sad that this happened is an understatement.

Withdrawal Capacity Limitations

"Why were deposits and withdrawal not disabled? They were in limited capacity. A withdrawal amount limit didn't work as people simply broke up."

"I don't understand how people who made deposits to inputs (then onto coinlenders) well after the attack are out money. The amount has been withdrawn in full by other users. There was a limit designed to prevent much of that, but it was per transaction and people got around it."

Community Reactions to Contact Server Admin

"He worked on Blockchain.info I doubt he's going to take anyones money! Someone needs to contact his server administrator and have this fixed if he's not around."

"Why was the "hot pocket" not immediately emptied after the hack? The attacker didn't take all of the BTCs, perhaps wanting to remain undetected and steal more."

Apology From Tradefortress

"Tradefortress did not shut down the site, he did not move any of the coins to a cold wallet, he did not report the theft to local authorities, he did not notify any depositors, and he did not stop any new users from depositing to his site."

"I know this doesn't mean much, but I'm sorry, and saying that I'm very sad that this happened is an understatement."

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Partial Return of Stolen Coins

"After everything become known TradeFortress announced that he will partially compensate for the losses, by its own admission, he did it from the deposits of new users, who, without suspecting anything, continued to transfer bitcoins."

When queried over how much Inputs.io will be able to reimburse users he responded somewhat obscurely: "[We'll be able to refund] as much as 100%. For Inputs it is solely based on the amount. 1 BTC at the current sliding scale would be 74%, 2 BTC 65%... This figure is not final, and if we have leftover coins we'll be able to refund more." In other words: if you had less than 1 BTC on Inputs you should get it back, otherwise, be prepared to take a haircut."

"In an email interview with Fairfax, he said he would try to refund some of the hacked money using more than 1000 Bitcoins he personally owned and some not taken by hackers."

"Users are being repaid up to 100 per cent depending on the amount (sliding scale), generally 40-75 per cent," Tradefortress said.

"For example, the most affected: DumbFruit, he lost 955.24 BTC, got 199.38 BTC in compensation." "Refunds are based on the amount, and a higher refund % means they withdrew less coins than you, and vice versa."

"We apologize sincerely for the lost Bitcoins. It's been a very hard lesson for us, and we're sorry that we have to pass it onto our users. Please respond to the email if you have any queries."

"Due to major hacks, Inputs does not have enough BTC to repay everyone fully. We're dividing up the coins we do have left based on a sliding scale, and have sent it to the specified address. On your Inputs account, your balance should have flipped to the negative to indicate you've received a refund."

"There's a huge amount of emails that are being worked through. People are getting refunded, but Inputs doesn't have enough coins to pay everyone fully. Send an email to support@inputs.io with your BTC address."

"The major concern now is that TF is asking for ID. He's already considered a scammer and many don't trust him with ID. Therefore many will lose a lot of coins which he KEEPS which was his plan all along. He thought he looked good doing partial refunds to begin with."

Customers Receive Refunds

"Just received most of what I had deposited on October 27th, the day after the hack was discovered. It wasn't a lot of coin, but it was to me, and I salute TF's efforts. Immediate responsiveness, contrasted with Roman/bitfloor."

Accusations of Tradefortress Theft

"The ugly responses were from users who accused Tradefortress of making up the hacking story."

"Some people think I have their money. I don't and I'm using my personal coins to compensate users, yet there's some ugly messages I'm receiving."

"If you actually read about what has been going on instead of jumping to the "Post" button, the attack was detected in hours but it was only announced today as we investigated and explored our options."

Termination of Inputs.io Service

"Inputs is dead and you'll need to find a new service provider. I don't recommend storing any Bitcoins accessible on computers connected to the internet."

"Inputs.io [was] no longer operational as [of] November 7th, 2013."

Theft Not Reported

"A spokesman for the Australian Federal Police says to his knowledge a theft of bitcoins has never been investigated at either a federal or state level. But he says if it was reported it would be treated like any other theft."

"In a phone interview with Australia's AM radio show Tradefortress responded to challenges that the theft was 'an inside job', though he insisted that he wouldn't be reporting the theft to the police because the bitcoins are untraceable and it would be impossible to track the culprit."

Total Amount Recovered

The total amount recovered has been estimated at $1,000,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

The primary issue with Inputs.io was that all funds were in a hot wallet on the server. The theft could have been fully prevented by having the majority of funds in an offline cold storage.

Another key factor was that the funds were held by an inexperienced and unknown operator, and not part of a multi-signature wallet. Better training or a multi-signature wallet would have also prevented the issue.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] (Jan 28, 2020)
↑ 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25, 2020)
↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (Feb 15, 2020)
↑ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
↑ security - What is the story behind the "Linode problem"? - Bitcoin Stack Exchange (Mar 14, 2022)
↑ Legendary profiles of bitcointalk. (Mar 7, 2022)
↑ Inputs.io - Free and Secure Bitcoin Wallet for Everyone (Mar 14, 2022)
↑ Inputs.io - Bitcoin Wiki (Mar 14, 2022)
↑ Inputs.io - Free and Secure Bitcoin Wallet for Everyone (Mar 14, 2022)
↑ Inputs.io - Free and Secure Bitcoin Wallet for Everyone (Mar 14, 2022)
↑ Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 14, 2022)
↑ Coinchat Is A Chatroom Where Talking Sense Earns You Bitcoin – TechCrunch (Mar 14, 2022)
↑ Someone just transferred 0.095 from my Inputs.io wallet without my authorization. : Bitcoin (Mar 14, 2022)
↑ Inputs.io Hacked and Shutdown - 4100 BTC Stolen : Bitcoin (Mar 14, 2022)
↑ Inputs.io Security (Mar 14, 2022)
↑ Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 14, 2022)
↑ Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 14, 2022)
↑ SCAM ACCUSATION: TradeFortress + Inputs.io + theymos (Mar 14, 2022)
↑ SCAM ACCUSATION: TradeFortress + Inputs.io + theymos (Mar 14, 2022)
↑ Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 14, 2022)
↑ Inputs.io: Is it a high-security bitcoin web wallet? (Mar 14, 2022)
↑ Hackers steal $1.2 Million of bitcoins from Inputs.io, a wallet service (Mar 14, 2022)
↑ Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 15, 2022)
↑ Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 15, 2022)
↑ Inputs.io HACKED, 4K+ BTC stolen (Mar 15, 2022)
↑ AM - Massive bitcoin robbery hits Australian website, raises questions over regulations 08/11/2013 (Mar 15, 2022)
↑ https://abcmedia.akamaized.net/news/audio/am/201311/20131108-rnam-bitcoin-robbery.mp3 (Mar 15, 2022)
↑ Inputs.io hacked – 4100 BTC stolen | Hacker News (Mar 15, 2022)
↑ Transaction: 9536feebe3a50b94f85ca27d56e669a7209bd4188385d55c5b97227c95cf7f74 | Blockchain Explorer (Mar 15, 2022)
↑ ^30.0 ^30.1 Australian Bitcoin bank hacked: $1m+ stolen - Sydney Morning Herald (Mar 15, 2022)
↑ https://whatismyipaddress.com/ip/101.0.79.18 (Mar 15, 2022)
↑ CoinLenders Script :: Bitcoin Bank (Borrow+Deposit) Software :: Demo Available (Mar 20, 2022)
↑ ^33.0 ^33.1 Inputs.io - Free and Secure Bitcoin Wallet for Everyone Archive November 7th, 2013 5:48:33 PM MST (May 29, 2022)
↑ ^34.0 ^34.1 ^34.2 18-Year-Old Reports $1 Million Bitcoin Theft From 'Bank' He Controlled — And Says He Can't Call The Cops - Yahoo Finance (Mar 15, 2022)
↑ $1 Million Bitcoin Theft in Australia - Business Insider (Mar 15, 2022)
↑ ^36.0 ^36.1 Note About Theft On Inputs.io Homepage Archive December 2nd, 2013 7:03:20 PM MST (May 29, 2022)

[bitcointalklistold-20-1] List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] (Jan 28, 2020)

[kylegibson-86-2] 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25, 2020)

[bitcointalklist-87-3] List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (Feb 15, 2020)

[bitcoinexchangeguide-218-4] Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)

[bitcoinstackexchange-7171-5] security - What is the story behind the "Linode problem"? - Bitcoin Stack Exchange (Mar 14, 2022)

[bitcointalklegendaryprofiles-6924-6] Legendary profiles of bitcointalk. (Mar 7, 2022)

[inputsarchive-7173-7] Inputs.io - Free and Secure Bitcoin Wallet for Everyone (Mar 14, 2022)

[bitcoinwiki-7174-8] Inputs.io - Bitcoin Wiki (Mar 14, 2022)

[inputsarchive-7175-9] Inputs.io - Free and Secure Bitcoin Wallet for Everyone (Mar 14, 2022)

[inputsarchive-7177-10] Inputs.io - Free and Secure Bitcoin Wallet for Everyone (Mar 14, 2022)

[bitcointalk-7178-11] Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 14, 2022)

[techcrunch-7179-12] Coinchat Is A Chatroom Where Talking Sense Earns You Bitcoin – TechCrunch (Mar 14, 2022)

[reddit-7180-13] Someone just transferred 0.095 from my Inputs.io wallet without my authorization. : Bitcoin (Mar 14, 2022)

[reddit-7181-14] Inputs.io Hacked and Shutdown - 4100 BTC Stolen : Bitcoin (Mar 14, 2022)

[bitcointalk-7182-15] Inputs.io Security (Mar 14, 2022)

[bitcointalk-7183-16] Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 14, 2022)

[bitcointalk-7184-17] Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 14, 2022)

[bitcointalk-7185-18] SCAM ACCUSATION: TradeFortress + Inputs.io + theymos (Mar 14, 2022)

[bitcointalk-7186-19] SCAM ACCUSATION: TradeFortress + Inputs.io + theymos (Mar 14, 2022)

[bitcointalk-7187-20] Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 14, 2022)

[coindesk-7188-21] Inputs.io: Is it a high-security bitcoin web wallet? (Mar 14, 2022)

[coindesk-7189-22] Hackers steal $1.2 Million of bitcoins from Inputs.io, a wallet service (Mar 14, 2022)

[bitcointalk-7190-23] Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 15, 2022)

[bitcointalk-7191-24] Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred (Mar 15, 2022)

[bitcointalk-7192-25] Inputs.io HACKED, 4K+ BTC stolen (Mar 15, 2022)

[abcaustralia-7193-26] AM - Massive bitcoin robbery hits Australian website, raises questions over regulations 08/11/2013 (Mar 15, 2022)

[abcmedia-7194-27] ttps://abcmedia.akamaized.net/news/audio/am/201311/20131108-rnam-bitcoin-robbery.mp3 (Mar 15, 2022)

[ycombinatornews-7195-28] Inputs.io hacked – 4100 BTC stolen | Hacker News (Mar 15, 2022)

[blockchaindotcom-7196-29] Transaction: 9536feebe3a50b94f85ca27d56e669a7209bd4188385d55c5b97227c95cf7f74 | Blockchain Explorer (Mar 15, 2022)

[smhaustralia-7197-30] 30.0 ^30.1 Australian Bitcoin bank hacked: $1m+ stolen - Sydney Morning Herald (Mar 15, 2022)

[whatismyipaddress-7200-31] ttps://whatismyipaddress.com/ip/101.0.79.18 (Mar 15, 2022)

[bitcointalk-7334-32] CoinLenders Script :: Bitcoin Bank (Borrow+Deposit) Software :: Demo Available (Mar 20, 2022)

[inputsarchive-7792-33] 33.0 ^33.1 Inputs.io - Free and Secure Bitcoin Wallet for Everyone Archive November 7th, 2013 5:48:33 PM MST (May 29, 2022)

[yahoofinance-7199-34] 34.0 ^34.1 ^34.2 18-Year-Old Reports $1 Million Bitcoin Theft From 'Bank' He Controlled — And Says He Can't Call The Cops - Yahoo Finance (Mar 15, 2022)

[businessinsider-7198-35] $1 Million Bitcoin Theft in Australia - Business Insider (Mar 15, 2022)

[inputsarchive-7791-36] 36.0 ^36.1 Note About Theft On Inputs.io Homepage Archive December 2nd, 2013 7:03:20 PM MST (May 29, 2022)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

[29]

[30]

[31]

[32]

[33]

[34]

[35]

[36]

Input.io “Wallet” Hack: Difference between revisions

Latest revision as of 13:57, 28 December 2023

Contents

About Input.io

The Reality

What Happened

Technical Details

Total Amount Lost

Breach of Client Data

Immediate Reactions

Announcement on Inputs.io Website

Withdrawal Capacity Limitations

Community Reactions to Contact Server Admin

Apology From Tradefortress

Ultimate Outcome

Partial Return of Stolen Coins

Customers Receive Refunds

Accusations of Tradefortress Theft

Termination of Inputs.io Service

Theft Not Reported

Total Amount Recovered

Ongoing Developments

General Prevention Policies

Individual Prevention Policies

Platform Prevention Policies

Regulatory Prevention Policies

References

Navigation menu

Input.io “Wallet” Hack: Difference between revisions

Latest revision as of 13:57, 28 December 2023

About Input.io

The Reality

What Happened

Technical Details

Total Amount Lost

Breach of Client Data

Immediate Reactions

Announcement on Inputs.io Website

Withdrawal Capacity Limitations

Community Reactions to Contact Server Admin

Apology From Tradefortress

Ultimate Outcome

Partial Return of Stolen Coins

Customers Receive Refunds

Accusations of Tradefortress Theft

Termination of Inputs.io Service

Theft Not Reported

Total Amount Recovered

Ongoing Developments

General Prevention Policies

Individual Prevention Policies

Platform Prevention Policies

Regulatory Prevention Policies

References

Navigation menu

Search