A wallet containing B&C Exchange shareholder NSR under my control has been compromised. The exact method of compromise is not known, though it is suspected the attack vector was a sigaint.org email account used to register the VPS upon which the encrypted wallet was being used. Sigaint is a Tor based email service that suddenly disappeared recently. While my sigaint credentials were not compromised, it is possible that either the sigaint administrator or a hacker who had compromised the sigaint operation has used their privileged access.

The release blocks transactions from the compromised wallet addresses and the addresses compromised funds were directly sent to, all of which have been confirmed not to be exchange addresses through correspondence with our exchanges.

Here is a list of restricted addresses:

SYrndApJNq5JrXGu83NQuzb3PHQoaeEwx8
SRcyHX5JE1tprmtUNswHFsgWqwciwkqigk
SeTPb7fj6PLn2E4aMa5TbR83Pw6MSs37fM
SQGuknAk53MpBMy9fuX632Kqi8FWoNMQ2v
SXQcdc5THvdUAdfmK4NEYQpvqANwz4iBHg
ShGVUEJpyZBTgK6V5ZzBorv899R1LP7pqm
SNdbH9sUJ8z33iE8oNBCwCLfwP9tafyZh3
SUgGG6PYXeoXtrUU85rViuWbxsVczwQX7i
SMv2C8x41mtkZvv5wNejdqSsBQPPTfPEDj
Sb84GHDPxy1dzE4VttDTrLwYLzLw4hEDUV
SQTHenWRCF7tZQb5RQAbf3pVYN3Jq5RET4

SfhbL4Hmkvh8t79wkFEotnGqf64GvvB7HV
SY3mR9hhtN6V4JVG8nf466SMr6Vx2asDSp
SVZ9C4D78Xmca7S4edFoghJB6znVcjBf9s
ST2FF2LybChMcpj5dywaLTG2P4pezvspiJ
SV3ZNwQ9CCDaHFb3BjwviUZzq1sDDycDtH
SMgrPVqXaVfcrFgMFesJZT37b4VBohWxqr
Se3FvyRoshq6zjGbiWLYYAKAJnP3kH4Xvj
SeSuCVYzdPT1Biw9cfuK4mHYGTeihqY7Cq
SUGfxGPyCgaNg3FjXjcpMwtco1CTNbRSwG
SUGCjFktPEdXBquPJdSemuxZFy4AxvbXH4
Sg6aYkT7MP2R6FttKoKAPXqtTw1CHEzkZN
SNQ4BWMpiumVtTEmrW4xAYfbJFhxdHZBxz
STWUi4iSgpAwJrycwrurn1j7DTS18w7ZDN
Sg6aYkT7MP2R6FttKoKAPXqtTw1CHEzkZN
SNQ4BWMpiumVtTEmrW4xAYfbJFhxdHZBxz
STWUi4iSgpAwJrycwrurn1j7DTS18w7ZDN
SickUboc7GTJK7TxF7vfYnunFLk81NLr9p
SeDCHvv8VQx1dsZFBJRJEmcjTTEvKU1QxH
Sf8xcBTzjxHV7518BE3xuQqHTzTr9BKTfr
SNbMQJnVDymEvE2vpyHfqdKzedjekXsGQi
ScDYXcJc4TShVLcKBmgRq9rz6ZvqfLrAkv
Sh5okqoxnFoiCVAJEdzfxzHqSyunriVPmp
SNf4uyshit1fj8dWKVxHsKTgTrNR61RskY
SSajkovCPXwdw46nyJ7vpTDkwtRZJzyY2z

Here the downloads for Linux and Windows:

https://bitbucket.org/JordanLeePeershares/nubit/downloads/nu-5.0.1-linux-gitian.zip
https://bitbucket.org/JordanLeePeershares/nubit/downloads/nu-5.0.1-win-gitian.zip

Checksums:
dff4e8d07dd56f95dcc4e7927e2e10c050c3775af1a33e5089ab4d1ec42b0c80 nu-5.0.1-linux-gitian.zip
4ac99b684dfef46e9f7be7787799d2aea85f724c94b4700c7b77920830314111 nu-5.0.1-win-gitian.zip

@jooize will be providing an OS X build soon.

I’m really sorry for this. There were ways I could have protected the wallet better which were on my to do list, specifically creating a new wallet and getting a new VPS, but I just hadn’t been able to prioritize them yet. I didn’t expect this to occur.

In the coming hours we will be looking closer at the public record of what happened and report additional info about losses.

Nu 5.0.1 for macOS

https://github.com/jooize/Nu-macOS/releases/download/v5.0.1/Nu-5.0.1.dmg

shasum -a 256 Nu-5.0.1.dmg
48de80c5fed8891bc694eada0a40d26460146249ff4b12275b4ed8ef3d307092  Nu-5.0.1.dmg

Edit: Hadn’t fetched the latest commits in previous build.

Isn’t that like the second release that blackballs addresses, which were in @Phoenix’ sole control that got compromised ?
But I haven’t really understood, to whom the addresses belonged that were blackballed in the last release.

What a pity that FLOT has been sent packing. The narrative here has it that they were a bunch of incompetent people. As far as I’m aware funds controlled by FLOT multisig were never compromised.

It’s easier to sling mud at others who realized that it isn’t worth trying to correct false narratives.
Not answering important questions like

isn’t being punished. Why would he answer them?
Has the question ever been answered by what motion the B&C development fund has been converted to NBT in the first place?
It very much looks like this was based on @JordanLee’s/@Phoenix’ discretion. Would be a bad move, if no motion demanded that.

I wasn’t logged in for some time. I thought and still think it isn’t worth the efforts.
But I honestly couldn’t help from pointing out how unreliable and irresponsible @JordanLee/@Phoenix is.

What was the total amount of NSR that was compromised? Do you have any theory about why the funds were sent to so many different addresses?

Sorry this happened.

I’m a bit puzzled, but a properly encrypted wallet is still worthless unless the password has been exposed. Did that happen? Interested in understanding how.

This forking doesn’t look great and doesn’t help getting exchanges aboard. Time for multisig?

I will post numbers (total funds, lost, …) when I’ve determined them.

Any updates on the details here? Is this 5.0.1 now the active version? Did it stop the thief from accessing the stolen funds?

Sorry for the delay. The current block explorer displays negative balances for some of the addresses the thief sent to, and I didn’t figure out if I can work around that and get accurate numbers. I’ve asked @backpacker and @woolly_sammoth to take a look. @woolly_sammoth has had to prioritize changes to NuBot’s price feeds in order to resolve straying peg appearance at CoinMarketCap, and an improved explorer which should resolve that problem at the same time.

The release was successful in securing most but not all funds.

In the coming hours?

Soon^TM.

I wonder how that public report manages to avoid talking about the B&C dev fund that was used for minting (although promised otherwise) and lost 200 million NSR.
Maybe that’s the reason why talking about it at all gets avoided.

Let’s sit things out again!

Look. Yes, that was the plan at the time. Then it turned out the block explorer displayed negative balances which delayed the investigation. You have no patience for how much time it takes to do everything, the issues that keep appearing along the way (you two are part of those), and I don’t work all the time though I wish I could.

You make people pointing out issues, issues?
That sounds like weird Phoenix logic.

Oh and btw, Cryptopia is well aware of the situation

The issue I have with you is that you run to conclusions which I later break down. You then move on to the next thing you find that can be suspicious without acknowledging you’ve been wrong.

What do you mean by that?

Just noticed that I haven’t been able to successfully mint block with my Nu client v5.01 in the last 24 hours. They all went unconfirmed after creation although I have 8 connections. My Peercoin client is still minting so it appears not to be the computer or connection. Anyone else seeing the same issues or do I need to restart the client or my computer?

I’m having the same issue.

All blocks unconfirmed since yesterday morning. I’ve restarted the client and computer with no luck so far.

There has been many reorganizations (51 yesterday). The most likely is that some major shareholders have a bad connection and mint on old blocks because they failed to receive yours, or because their own blocks sometimes fail to propagate and finally reach the rest of the network when they find a second or a third block (and then yours are forked out because your chain is shorter because you and the other nodes could not create that many blocks during the same time).

To verify that it’s what’s happening you can look at the “new block found” occurrences in your log. If they are always followed by 2 or more block received and a “REORGANIZE” then that’s probably what is happening.

It could also be a major shareholder that deliberately modified the client to not mint on blocks generated by others.

Hold on now. You accuse people of things that they could have done (guesses). I counter your assumption with scenarios that can make it look like that but isn’t necessarily so. I’ve in several cases gathered detailed data suggesting statements of yours were false. You then go silent in that topic or find something new to focus on.

What you suggest is guilt unless proven innocent.

This argument we’re having here is not one where I’ve breaken down your statements. Do not conflate those to invalidate my point for readers who do not follow our strife.

There is no question he said those shares would not be used to mint. He did announce it, though I’m not aware of within which timeframe of beginning minting. As for being authorized by B&C Exchange shareholders, there’s the following passed motion that means the US-NBT were transferred to be handled by @Phoenix “in the interest of” B&C Exchange shareholders. They later passed the motion to trade all US-NBT for NSR.

All B&C shareholders funds in existence as of August 21st, 2016 shall be transferred to @Phoenix immediately upon passage of this motion, to be used in the interest of shareholders. This includes funds held by Jordan Lee and Angela. It excludes any funds that may be given by shareholders as a BlockShare or BlockCredit custodial grant.

— [Passed] Phoenix for Custodian of B&C Funds

Your crusade to enlighten everyone of what they should care about is apparently fair game according to those who control this forum. The fact you don’t know why they were used to mint suggests your primary interest in it lies not in whether it was best for B&C Exchange, but to find another weapon against @Phoenix and Nu.

I have found 163 entries with Reorganize in my logs (last week). Most are 2-5 blocks, found one with 6 blocks:

REORGANIZE
REORGANIZE: Disconnect 6 blocks; 525a93b7077822027583…8b950a4c7b02a3903beb
REORGANIZE: Connect 6 blocks; 525a93b7077822027583…4ac4f625b19ca5569b26

Wouldn’t be surprised about that given the current ‘climate’.

Things appeared to have returned closer to normal by now, although I still see an elevated number of orphans.