Good News, Bad News, Good News: A hack, P2P, and a white/gray hat

image.png

So, crypto is a weird place. Today was supposed to be one of my favorite days in crypto. @eonwarped took code from @harpagon, adjusted it, and got our P2P system working. We've been silently running an internal test net and the goal for today was to announce a public test net.

How this day actually went is that in the middle of the night I started getting texts. Bad news is that we were hacked. The main node for Hive-Engine was directly accessed and the balances changed.

This is especially ironic, because if the P2P network which we are/were planning on launching today had been been active then this hack wouldn't have been successful.

What was lost

500,000 HIVE
1.05 BTC

Then what...

So, we close up all the access points and redo the security on the servers. We get a backup replaying so that we can get correct balances showing. It's literally just hive-engine balances that were effected, so no one else should notice anything. We'll switch to the backup shortly.

Then I'm sitting here trying to figure out what the fuck I'm going to do. Because 500k Hive and 1.05 BTC is a lot of money.

Hive Engine makes money, but I spend more money than what I make to turn this thing into something exceptional. So, a $100k hack is enough to really fuck with this project considering it's losing money every month while we're developing the core features.

So, my mind is flashing through all the options: tell people, hide it, close it down, personally guarantee it all, flee to Mexico... The whole panic thought line goes through my head, but ultimately I know the right thing to do is fess up ASAP and figure out how to secure this thing so funds are SAFU.

So, I'm getting ready to write up a post talking about how we're still ok and I'm gonna cover the damn thing personally. I go to start a power down on @aggroed when I see my aggroed account has 477k of Hive which has been deposited.

Now, I'm not a computer crypto forensic guy, but I feel pretty good assuming the gray/white hat that just kicked my ass has returned most of the Hive.

I'm made more confidant in that because they left these messages:

BTC

We'll see what they do with the BTC. Hopefully they return most of it. I'm in the process of getting some BTC into the system to make sure it's all covered.

More irony

So, the reason we were able to quickly detect and diagnose the problem is that the P2P system is actually quite nice. We're adjusting it slightly based on this extreme test case, but feel like we're in a good position with it.

So... What's this all mean?

  1. The server has been resecured. We're replaying a backup we'll switch to so that the correct balances show.
  2. Hive has been restored and BTC should be there by end of day.
  3. Aggy lost some money, but funds are SAFU, and I'll call the Hive difference a bug bounty.
  4. Surprise! We have a functioning P2P network that has worked great internally and we'll share more details this week about it going public. It's useful to prevent hacks just like this one!!! FML...

Crypto is weird

HIVE on!

94 Comments