The forks.green developer has restarted the site, but accounts are gone and people who had coins in the site have lost their coins. Getting information about what happened is difficult because the developer is Russian and there hasn’t been a lot of English language information coming directly. Its not a good look.
Basically it looks like a script kiddie found an exploit in either the version of the open-source exchange software that was the backbone of forks.green, or with the architecture and implementation specifically used in this instance. The database was extracted and dropped and all the database entries were lost.
From what I gather there was no actual coin taken by the hacker, it is all still sitting there, but there is no way to determine who owns what. There is a table of what was left in the site wallets floating around, but I do not know how accurate it is. Pretty incredible though.
- greendoge – 214 911
- apple – 12 464
- flax – 1 257
- chaingreen – 910 246
- wheat – 8 789
- n-chain – 3 658
- maize – 14 888
- spare – 4 263
- silicoin – 5 506
- dogechia – 2 863
- socks – 4 118
- tad – 5 327
- goji – 5 024
That’s a lot of fork coins! This is why its starting to look like a rug pull to the forks.green userbase, regardless of developer intent. Forks.green, the user on discord, is currently explaining in Russian what happened to users on the Chia Forks Russia discord server, and I have some of that conversation below. Again, take everything with a grain of salt but I do not believe this was a deliberate hack, just not good security or infrastructure practices and the inevitable results of that.
You might also notice there is no XCH in that list, although there was some in the site as you will see below. I am not sure what to make of this. I admire the dedication to try to restart the site even without the ability to return people’s coin, but I’m not sure about the morality of it.
This was pulled through Google Translate, so again – more grains of salt. This gist is that they are not going to pay the attacker, for what should be obvious reasons.
[11:58 PM] fut82hafl: Between users who were registered before the attack, and how to prove that he really was a user, this is the second moment
[11:59 PM] forks.green: the second and most important, which is not how not to prove
[11:59 PM] fut82hafl: Can you open a collection from everyone for this ransomware?
[12:00 AM] forks.green: this is not serious
[12:00 AM] forks.green: if he still starts to move the price down, there will be enough chia users to give them back to him. BUT how then to return the chia to users?
[12:01 AM] RusWtz (Igor): subtract 10-20% from each account in any coins
[12:01 AM] forks.green: not enough, we already thought
[12:01 AM] forks.green: 20% of all, not enough
[12:01 AM] forks.green: 100% chia from everyone is not enough
[12:02 AM] RashpiL: I support. If only the ransomware will reduce further
[12:02 AM] RusWtz (Igor): there is one silicone for $ 2500
[12:03 AM] RashpiL: Yes, at least 50 percent return, and that’s better than sitting with zero golum
[12:03 AM] fut82hafl: The amount he’s asking for. 0.07 btc (≈3400 $). Does it make sense to transfer this money to the extortionist. And where is the guarantee that it contains a promise.
[12:03 AM] forks.green: now, the huge question is that he will actually give it away)
[12:03 AM] RusWtz (Igor): it will halve and it will be normal
[12:03 AM] fut82hafl: Reputation is more important. I always wrote forks.green wherever I have not climbed. and now it’s not serious to close the shop like that
[12:04 AM] forks.green: after payment he will say that he changed his mind and asks for more
[12:04 AM] fut82hafl: Cipher caught?
[12:04 AM] RusWtz (Igor): well, explain that there will be no sense … maybe he sits here and sees everything
[12:05 AM] forks.green: no, this is a mother’s hacker with a script, and there I didn’t see it, I didn’t know that the container with the root decided to look at the Internet database
[12:05 AM] forks.green: he could draw the balance and bring out all the chia and so on, but no. dump database and deletes
This is a wild story, and still developing in real time. If anyone here has lost a small fortune in altcoins, please let me know what you lost and what you think is going to happen.
Thats insane, and after that they started again exchanges without explanation about lost coins ??
Has anyone from Peatio confirmed bug in software ?
No but forks was not running the latest version, nor even the latest version from their branch. I suspect there were other security issues as well.
I have .035 Chia and about 200ish Tad I traded for before the “attack” I did translate a nice message to Russian and DM’ed in Discord but no response. Not a huge deal to be, but sketchy at best. I’d really like to see better and more forks exchanges pop up for diversity.