CRITICAL Bitshares: DO NOT USE OPENLEDGER

in #bitshares7 years ago (edited)

Ronny Boesing:
ATTENTION please: To anyone normally using openledger urls whether domains bitshares.openledger.info or OpenLedger.io to access the trading platform we would highly recommend to access your account via the bitshares domain https://wallet.bitshares.org until further notice. We have lost control of above mentioned domains, and are awaiting for domain provider to change access. Hackers have full access to domain and SSL, so it’s not secure to use openledger domain even if it’s url is highlighted as trusted. There are phishing activated. To anyone who Got hacked We advice to change password and/or bin file more details here: https://github.com/bitshares/bitshares-ui/wiki/Cloud-Wallet-Login-and-changing-password. Our team has started investigation. We will be back with news soonest possible. Yours sincerely OpenLedger Team.

Will update once I know more details, just a quick heads up

Sort:  

To anyone unaware. This refers to the Openledger gateway no to the BitShares DEX itself.
So if you were accessing the DEX via any Openledger sites, that's were the danger lies.

Stay safe out there :)

Source?

OL CEO, Telegram

Additional source, OpenLedger on Facebook: https://www.facebook.com/OpenLedgerDC/posts/2279083625652540

Just trying to confirm that it's actually the website that's compromised, not the account reporting that the website is compromised...

Great i was looking for confirmation as well..

Although the announcement of the issue does not seem like an attack so if users just stop using the service until further notice then there seems to be no harm

"Hackers have full access to domain and SSL, so it’s not secure to use openledger domain even if it’s url is highlighted as trusted. There are phishing activated."

If they don't use the service while it's compromised they should be safe, but I don't know how long it has been compromised either. It sounds like it's definitely an attack and any keys loaded and unlocked in it currently will almost certainly be stolen.

Fully understand i was just making referance to the telegram msg from ronnie regarding the attack.. that message does not seem like a phishing message as it is directing people away from the compromised service

thanks for your information about bitshares,i hope this post is very important role everyone.

When did you lose control? If someone used OpenLedger.io earlier today should they change their password?

I'm not OpenLedger

anyone know if bitshares.eu is ok?

Thanks for the information! Resteemed to let others know.

This is not good ash.....maybe DEx's aren't that great after all...this makes them no more secure than just holding on an exchange...guess hardware wallets are a must...but then again they use a web browser to transact...i guess offline transactions are the only best bet...better brush up on this.

use local wallet and the desktop app https://github.com/bitshares/bitshares-ui/releases that's the true power of the system.

Thanks ash

I've always just run the BitShares interface locally instead of pulling it from someone else's server on demand. I'd recommend at least doing that if you're working with enough value to be worth it.

Ideally we should separate the interface from the key storage and signing application, similar to MetaMask or an offline password management application.

that post helps about openledger. thank u so much . thanks for share. that kind of post is very helpful .

  • another one trouble with OL...

That sucks, thanks for the heads up!

Important note from Ronny Boesing

Dear All, I sympathize with those users who were affected by the recent hosting provider’s account breach. Though it wasn’t our fault that credentials of some OpenLedger DEX wallets were stolen, resulting in lost crypto assets, I couldn’t stay still. Starting from July 2, our trading platform will launch the Reimbursement Program for such users. Read more in the official announcement at https://dex.openledger.io/access-issue-ol-reimbursement-program/

Yours sincerely Ronny Boesing, CEO, OpenLedger ApS.