back to article Dogevault praying backups work after confirming attack

Stop us if you've heard this one before, but the day after it went down for mysterious reasons, crypto-currency wrangling site Dogevault.com has confirmed someone stole its kibble. “On the 11th of May, the Doge Vault online wallet service was compromised by attackers, resulting in a service disruption and tampering with wallet …

COMMENTS

This topic is closed for new posts.
  1. Dave 62

    Cryptocurrency: How does it even work?

    Excusing my ignorance as idk how cryptomonies werks but, if the datas has been taken then deleted, rather than just deleted, do the attackers now have the dogecoins and does that mean that in restoring the backup the dogecoins will duplicate those dogecoins and essentially create monies?

    I was under the vague impression that each cryptomoney was some sort of piece of data which was sort of sold and traded and moved about?

    1. TopOnePercent

      Re: Cryptocurrency: How does it even work?

      If the hackers transferred the crypto coins before trashing the virts, and the blockchain was accepted, the the backups will likely not achieve anything other than quantifying the loss endured by the users.

      The currency can't be duplicated in that way - the original coins would exist (if transferred) and can't be recreated as they'd be refused. If, however, the attack was pure vandalism of the servers rather than theft of the coins, then provided the backups work, the coins would have remained in their original wallets with no new block chain entries.

      I'm happy to be corrected by those more knowledgeable on the subject, but that's my laymans take on it.

      1. d3rrial

        Re: Cryptocurrency: How does it even work?

        An accurate assessment of the situation.

      2. Raumkraut

        Re: Cryptocurrency: How does it even work?

        Indeed, as the TopOnePercent says; essentially, what would be stored in the backups are the keys used to authorize transactions on behalf of users. If the dogecoin has already been transferred away from the ownership of Dogevault's users, then all they'll regain is the ability to transfer a zero balance.

    2. TheVogon

      Re: Cryptocurrency: How does it even work?

      "Doge"

      Presumably pronounced as 'Dodgy'

  2. Krizzlin

    Bravo chaps

    Now that's a headline and strap that made me do a GLOL

    1. Lamont Cranston

      Re: Bravo chaps

      I'm not entirely sure what Dogecoin is but, based on the subheads to these articles, I'm assuming that it's something for morons. The financial equivalent of Cheezburger, or somesuch.

      1. jb99

        Re: Bravo chaps

        Yeah its kind of a spoof/joke currency. Except that somehow it seemed to gain some traction and actually be marginally useful for tips and small micropayments so is probably a little more of a real loss than it might appear.

      2. Jonathan 29

        Re: Cheezburger

        The Cheezburger connection is more accurate than you know. The co-founder of the successful web meme company I Can Has Cheezburger, Eric Nakagawa, is a prominent supporter of dogecoin and spearheaded one of the charity initiatives there to build water wells in Kenya using dogecoin donations.

        Morons is a little unfair, but 'morons' is a large demographic.

        1. Lamont Cranston
          Happy

          Re: Cheezburger

          Nice to hear that something good has come out of those stupid cat pictures!

  3. jb99

    Why

    Surely they have learned by now that storing the bulk of the wallets on computers that have a direct connection to the internet is a very very very bad idea. I find it beyond belief that any virtual currency operation does so any more.

    it's as if a real bank put their entire cash reserve in the desk of an assistant in a bank branch, and then were surprised when it all got stolen. No, they put 99% of it in a safe that isn't accessible at all in any way to the general public and only transfer the small amount of working capital to the public areas.

    Why don't these organizations learn that if they are dealing with cash, even virtual cash, they need to operate in the same way that banks do.

    1. JimC

      Re: Why they don't operate in the same way banks do?

      Because it would cost them far too much in overheads at a guess...

    2. Tom 13

      Re: Why

      Wow! You really have no clue how real banks work.

      In point of fact real banks DO effectively put their cash reserves online, and most of their onhand cash is frequently in the teller drawers. Have you ever tried to get even $15,000 in cash out of a bank on what they regard as short notice? I have. Somehow or another they misplaced our change order and therefore hadn't gotten extra cash reserves transferred in from the federal reserve. Ever deposited even more than that because the armored car didn't make the scheduled stop for a pickup? I've done that too. You should see the look on the branch chief's face when he realizes you're handing him a Rubbermaid bin with more cash than his branch has in reserves with the Fed.

      Here in the US, reserves are generally held by the Federal Reserve. Every night the banks connect to the fed and settle up their account transfers. Since it's mostly all virtual money even though it is dollar denominated this is all very easy. Back in the day it was all done with modems and special encryption cards (which might cost even more than the PC) in a desktop PC somewhere in the bank. These days I expect they've done away with the modems and connect right over the internet just like Mt. Gox.

      What protects your account isn't physical separation of assets, but a web of interconnected security measures. First up, being a real, regulated bank, they have proper backup, access, and encryption regimes. Next up, they have constant and ongoing audits to make sure everything checks and balances. Then they have the ability to reverse transactions. And the final security measure is FDIC insurance backed by the Federal government.

      1. Destroy All Monsters Silver badge

        Re: Why

        And the final security measure is FDIC insurance backed by the Federal government.

        That's the one that undoes all the others again.

        1. Tom 13

          Re: That's the one that undoes all the others again.

          No, that's the one that screws all of us for the mistakes made by a few. But as a security measure to the single depositor it works.

  4. I ain't Spartacus Gold badge
    Headmaster

    The outfit is “in the process of identifying the extent of the attack and potential impact on user's funds."

    That's OK then. No big story. If there's only one user, there's probably not that big a loss.

    I guess it's the pedant icon for me...

    1. Anonymous Coward
      Anonymous Coward

      'user funds' is perfectly correct english. It refers to the funds belong to any user, not a singular user

      1. SteveK

        "'user funds' is perfectly correct english. It refers to the funds belong to any user, not a singular user"

        Indeed it does. But as the non-Spartacusy-one pointed out, the article makes use of "user's funds", not "user funds" or "users' funds". i.e., the funds of a (singular) user.

        Pedantic, I agree, but grammatically correct!

  5. Anonymous Coward 101

    With cryptocurrency, all one needs is faith in mathematics and one need not trust anyone else, except for trading platforms set up by 20 year old high school drop outs. Regulation isn't needed!

    Here is a brief description of Dogecoin:

    http://buttcoin.org/dogecoin-will-destroy-bitcoin

  6. Jonathan 29

    Reimbursements

    Getting the data from the backup will not magically restore the coins, but it will help identify which users lost money and how much. This will be important if the operator or the community chooses to reimburse those who lost out as they did after another online dogecoin wallet site was hacked at Christmas time.

    In the future we will probably move towards mandatory multi-signature transactions. That means that an attacker will have to compromise several servers and offline key storage areas to move coins. Please remember that all crypto currency is an experiment in progress. Bitcoin and dogecoin are in beta at the very least and serious money should not be invested unless you can afford to lose it.

    Most sites do store the bulk of their coins in offline storage. We will have to wait to see why this wasn't the case with dogevault if the coins have indeed been stolen.

  7. Paul Smith

    Duh...

    So its a hard 'g' as in doggy and not a soft 'g' as in dodgy.

    Silly me...

This topic is closed for new posts.