CRITICAL Bitshares: DO NOT USE OPENLEDGER

in #bitshares7 years ago (edited)

Ronny Boesing:
ATTENTION please: To anyone normally using openledger urls whether domains bitshares.openledger.info or OpenLedger.io to access the trading platform we would highly recommend to access your account via the bitshares domain https://wallet.bitshares.org until further notice. We have lost control of above mentioned domains, and are awaiting for domain provider to change access. Hackers have full access to domain and SSL, so it’s not secure to use openledger domain even if it’s url is highlighted as trusted. There are phishing activated. To anyone who Got hacked We advice to change password and/or bin file more details here: https://github.com/bitshares/bitshares-ui/wiki/Cloud-Wallet-Login-and-changing-password. Our team has started investigation. We will be back with news soonest possible. Yours sincerely OpenLedger Team.

Will update once I know more details, just a quick heads up

Sort:  

To anyone unaware. This refers to the Openledger gateway no to the BitShares DEX itself.
So if you were accessing the DEX via any Openledger sites, that's were the danger lies.

Stay safe out there :)

Source?

OL CEO, Telegram

Additional source, OpenLedger on Facebook: https://www.facebook.com/OpenLedgerDC/posts/2279083625652540

Just trying to confirm that it's actually the website that's compromised, not the account reporting that the website is compromised...

Great i was looking for confirmation as well..

Although the announcement of the issue does not seem like an attack so if users just stop using the service until further notice then there seems to be no harm

"Hackers have full access to domain and SSL, so it’s not secure to use openledger domain even if it’s url is highlighted as trusted. There are phishing activated."

If they don't use the service while it's compromised they should be safe, but I don't know how long it has been compromised either. It sounds like it's definitely an attack and any keys loaded and unlocked in it currently will almost certainly be stolen.

Fully understand i was just making referance to the telegram msg from ronnie regarding the attack.. that message does not seem like a phishing message as it is directing people away from the compromised service

thanks for your information about bitshares,i hope this post is very important role everyone.

that post helps about openledger. thank u so much . thanks for share. that kind of post is very helpful .

This is not good ash.....maybe DEx's aren't that great after all...this makes them no more secure than just holding on an exchange...guess hardware wallets are a must...but then again they use a web browser to transact...i guess offline transactions are the only best bet...better brush up on this.

use local wallet and the desktop app https://github.com/bitshares/bitshares-ui/releases that's the true power of the system.

I've always just run the BitShares interface locally instead of pulling it from someone else's server on demand. I'd recommend at least doing that if you're working with enough value to be worth it.

Ideally we should separate the interface from the key storage and signing application, similar to MetaMask or an offline password management application.

When did you lose control? If someone used OpenLedger.io earlier today should they change their password?

I'm not OpenLedger

  • another one trouble with OL...

anyone know if bitshares.eu is ok?

when in doubt use the desktop wallet https://github.com/bitshares/bitshares-ui/releases

That sucks, thanks for the heads up!

Thanks for the information! Resteemed to let others know.