Dogecoin off the leash after Doge Vault admits server attack
So restored. Much bare metal panic. Very insecurity
Cryptocurrency exchange Doge Vault has confirmed it has lost about seventy per cent of Dogecoin it held on its customers' behalf.
The outfit has updated its website to say “It is believed the attacker gained access to the node on which Doge Vault’s virtual machines were stored, providing them with full access to our systems.”
That sounds nasty, in two ways. If the attacker was able to access either the physical server, all sorts of questions need to be asked of whoever it was that hosted Doge Vault's servers. If it was possible to access the underlying virtualisation tools, it would sure be nice to know what they were so we can all scratch them off the list of kit to be considered for secure multi-tenancy rigs.
Doge Vault seems, at least, to have had some success restoring its data, writing that “After salvaging our wallet we have ascertained that around 280 million Dogecoins were taken in the attack, out of a total balance of 400 million kept in our hot wallet. 120 million Dogecoins have been since recovered and transferred to an address under our control.”
The service is asking punters not to ask for their coin back just yet while things are sorted out and has not said when it will become more responsive to either retrieval requests or deposits (for anyone mad enough to business with it after this incident). It's also said it is best to assume all passwords and private keys have been compromised. ®