Hi folks we've been experiencing some disruptions over the past couple days as we've been working to mitigate against an attacker who found and exploited a vulnerability in our system that allowed them to get password reset codes for accounts that didn't belong to them.
Using this exploit they were able to gain access to a number of accounts that they shouldn't have had access to and withdraw funds.
We've patched the issue and believe we've revoked the attacker's access to the compromised accounts by invalidating their JWT authentication tokens and NWC secrets.
We've instituted system-wide withdrawal limits as a precautionary measure while we work to fully restore and migrate the payment records of affected accounts.
If you are seeing a blank screen when you visit the Coinos site, you may need to visit https://coinos.io/logout or clear your browser cache. If you have Coinos installed as a PWA you may need to uninstall it and re-add it to your homescreen.
About 80 accounts had their passwords reset by the attacker but only a handful were actively stolen from. If your account was compromised you may be missing some recent transactions. We do have backups and will be writing scripts to find and restore those payment records over the coming days.
If you were using Coinos via NWC your NWC connection string secret may have changed in which case you will need to re-connect Coinos to your Nostr apps.
We'll be reverting unsolicited withdrawals and covering all losses ourselves to make all our users whole. Thankfully we caught the attack relatively quickly and managed to take corrective action before the attacker had time to fully drain our wallets.
Coinos is essentially a volunteer effort and one-man show on the tech front so please be patient as it's going to take me a few days to restore everything back to normal.
This incident has not shaken my resolve, only strengthened it.
Sincerely,
Adam Soltys
Thanks for the transparency 💜
nostr:npub16secklpnqey3el04fy2drfftsz5k26zlwdsnz84wtul2luwj8fdsugjdxk Violet pilling the whole world! 🌎
This song is called „Doce de Côco“ (which is a type of coconut candy in Brazil) and was written by the great Jacob do Bandolim. I connected with the genre Choro a few years ago, the melodies seemed so intuitive, like songs from my childhood. But now I need to dig deeper to understand the way they phrase and accent in this music. 💜
#nostr #music #guitar #brazil #choro #bullishbounty
GuMo! All those guys painting the wrong maps and probably Western point of view on certain proportions 😅
It is the half time of the opera I went to together with my wife and I am zapping on Nostr. Seeing so much old money and still zap 0,2 cents is pure bliss. Pure bliss.
#nostr #ftw
Can’t zap you. But some people on Nostr breath the US indoctrination of good (capitalism) and bad (communism). Pathetic…
Quillie ick warte schon die janze Zeit, dit du mir folgst, jetzt wird es aber allerhöchste Feuerwehr!!!einself
Coffeine + healthy bowl, there’s no second best to start the day!
The Czech banks know what’s up though! Maybe he should listen to them 💜
Looks very nice! Congrats! #proofofwork
Same goes with composing music, you have to compose 8 shit songs for 2 really decent ones!
Bless those families, man. 🥲
