I caught up with ‘DogeyMcDoge’ in the #Potcoin IRC channel earlier tonight. He agreed to chat with Coin Joint about the his recent leaking of information on the Cryptorush hack, the security of exchanges, and the future of cryptocoins.
<hybridsole> First of all, regarding the Cryptorush hack, do they have any indication how the coins were actually stolen? Was it a brute force attempt, or possibly someone internally?
<DogeyMcDoge> The original coins?
<DogeyMcDoge> Let me see if I can find the logs
<DogeyMcDoge> <@!ncLinkandzelda> if you guys want to know how it happened, we setup a gitbuh repo in public_html about 2 weeks ago, it had some config files in it. repo online was private on bitbucket. a lucky guy exploited the .git folder and brute forced the objects folder to gain access. he then logged right in and took the money and left. we’ve got full blockchain evidence and transaction IDs of the money moving, we also made contact with the hacker and his mo.
<DogeyMcDoge> Had to search logs
<hybridsole> Would you be able to explain what that means in more general terms? To someone who is not a dev or familiar with git repos.
<DogeyMcDoge> I’m not a dev myself, as I just did support, but a git repo is basically a space online where you can post code for a project, either open source, or private, in order to ease collaboration between developers. That is my understanding.
<hybridsole> By nature do they have to keep the wallet unlocked to serve as a ‘hot wallet’ like that? Or is this the mark of a poorly designed schema where they had no encryption on the private key?
<DogeyMcDoge> I can’t comment on that, as I do not know the specifics of how to code an exchange.
<DogeyMcDoge> Devianttwo commented in IRC about how they believe the person accessed their server where the wallet was stored and dumped the key to it
<hybridsole> I liked the train analogy you gave, I had not heard that before. I think it’s admirable and also courageous to do what you’ve done. Can you share any more thoughts on the leak and your thought process when you went public with it?
<DogeyMcDoge> I want to make it clear to everyone that I am very aware of the situation that I put the developers in, and if legal action were to be taken, I would myself be under fire as well. Holding that information from the users and even helping advise the owners on ways to regain BTC makes me an accomplice. When volumes were higher on our site I thought that the developers may be able to cover the loss with fees, but once I was certain they would not be able to do that, I had to let the users know.
<hybridsole> If only there were a legal recourse for the users to take. As far as I know, the Cryptorush owners are not publicly known, is that correct?
<DogeyMcDoge> I do not know how laws work regarding crypto currency exchanges, but there have already been people who have found the full names of at least the two developers.
<hybridsole> I would imagine there has been a mass exodus of users and withdrawals. At this point, wouldn’t they be better off re-branding and starting over?
<DogeyMcDoge> I think user loyalty and confidence is definitely at an all time low with CryptoRush users. It’s a gamble, and only time will tell if they will be able to restore user faith and gain traction again.
<hybridsole> Are there any particular exchanges you think have a bright future, based on what you’ve seen from cryptorush?
<DogeyMcDoge> I think any exchange that is transparent, that has developers with experience and past proven projects, and even gives their name to the public will likely be an exchange that I would be willing to do business with.
<hybridsole> Where do you see the future of all of these cryptocoins. Will we start to see a slow down in the release of new coins being added to exchanges?
<DogeyMcDoge> I think new coins will pop up daily. But I think coins that implement new technologies will be the ones to gain market cap ultimately.
<hybridsole> It was nice seeing you by chance in the #Potcoin channel. Is that a coin you have a particular fondness for? On/off the record
<DogeyMcDoge> I take interest in various coins, I joined the #potcoin IRC channel after a few Reddit users tipped me some on the initial thread. I am also currently holding Doge and Blackcoin. I think Doge has a great community, especially when it comes to crowdfunding, and Blackcoin interested me because it had 0% premine, 1% annual inflation, and relatively short Proof of Stake mature times. Then the community started a multipool that paid out in Blackcoin, and I think the community there is great.
<hybridsole> What’s next for DogeyMcDoge? Are other exchanges reaching out?
<DogeyMcDoge> I cannot speak on specifics, however I have had some crypto community members reach out to me and offer me various positions in their current or upcoming projects.
Note: If past or previous owners of CryptoRush would like to share their side of the story. We would be more than happy to publish a comment or interview with you personally in the interest of remaining fair and unbiased in the development of this story.