A wallet containing B&C Exchange shareholder NSR under my control has been compromised. The exact method of compromise is not known, though it is suspected the attack vector was a sigaint.org email account used to register the VPS upon which the encrypted wallet was being used. Sigaint is a Tor based email service that suddenly disappeared recently. While my sigaint credentials were not compromised, it is possible that either the sigaint administrator or a hacker who had compromised the sigaint operation has used their privileged access.
The release blocks transactions from the compromised wallet addresses and the addresses compromised funds were directly sent to, all of which have been confirmed not to be exchange addresses through correspondence with our exchanges.
Here is a list of restricted addresses:
Here the downloads for Linux and Windows:
@jooize will be providing an OS X build soon.
I’m really sorry for this. There were ways I could have protected the wallet better which were on my to do list, specifically creating a new wallet and getting a new VPS, but I just hadn’t been able to prioritize them yet. I didn’t expect this to occur.
In the coming hours we will be looking closer at the public record of what happened and report additional info about losses.