Saturday, December 27, 2014

HashProfit Update: DDoS and Hacking?

If you're curious about why I'm cautious with HashProfit, the answer can be found in the past 12 hours. Starting some time last night, there was supposedly a DDoS (Distributed Denial of Service) attack on their server(s). I don't know if that's true or not, but the site was giving a 502 error earlier this morning when I checked. The site is now back online, but payouts didn't happen last night that I can see, and what's more you get news posts like this one. The English translation is so poorly done that it's worth quoting here (and I wouldn't be surprised if the site disappears in the near future):
Attention! There is highly coordinated and massive DDoS attack on Hash Profit service taking place right now.
27.12.2014 15:18

Site and infrastructure of Hash Profit is under unprecended massive DDoS attack right now.

Attackers spreading the word of panic about collapse of our service and other nonsence with only one main target - to provoke mass panic.

Many users neglecting common safety or being unaccurate has compromented their accounts and that has led to availability of malefactors to sell 15% of their hashrate for PFC and sell these coins via the exchange service, which in turn led to downgrade of PFC exchange rate.

All this is happening right now because lead companies of this market has understood the threat from HP service for their place in the market and they're doing everything possible to drown the company.

Right now HP team is working hard to reflect all the types of threats and the most important is defending of keeping and payout system - that's the main target of attackers.

Also our email is overcrowded with spam and rubbish from hacked users' mails, and that makes fast responses to real users questions very hard.

Main help from our service's users in solution of this difficult problem:

1. Don't panic.
2. Do everything possible to defend your own accounts - mails, BTC-wallets and computers.

We've succesfully deflected serious threats and attacks on our service earlier and we're sire that together we can do this even in a situation this hard.
The gist of the message is pretty clear -- "Hash Profit is fine, don't worry!" The problem is that I've seen and heard that same story so many times in the cryptocurrency world that it's practically a chorus. Basically they're claiming some users have had their accounts hacked, but it's only because those users "neglected common safety", not because of any error on the side of Hash Profit. The only way this would be true is if the users in question didn't set up any two factor authentication (2FA) and if they used the same password on multiple sites.

Assuming that actually happened (again), shame on the users for being stupid. More likely however is that the site itself was hacked and they're just trying to pass the buck. Or perhaps the site was a scam since the start and this is just part of the scam. The hack has supposedly allowed the hackers to sell hashing power for Profitcoin (PFC), which has then been dumped on the open market resulting in a massive crash in the price of PFC -- it's down to around 0.00077 BTC per PFC now, less than a fourth of the price just a few days ago.

Here's the real question: can Hash Profit recover and continue to mine and pay out BTC users? Or is this really just a big ponzi scheme that is now imploding and they're making a story as part of their exit strategy? "Sorry, we got hacked. Sucks to be us, and we lost all your coins. Dasvidaniya!" That's the worst case scenario right now, but it's a real possibility and in fact quite likely; hence I can't recommend anyone buy any more hashing power or PFC right now.

If you like to gamble a bit, there's a potential bright side. Let's say Hash Profit really hasn't lost a ton of money, they're not a ponzi scheme, and they still have a bunch of hardware that can happily hash away and make money for them. Their profits to date have been rather suspect -- no other site really is paying out as well as they have, and their "proprietary SmartMining algorithm" sounds like a bunch of hot air. Anyway, if you were to exchange 1BTC into PFC right now and then buy SmartMining KH at 11 KH per PFC, a single Bitcoin could buy about 14000 KH/s. 14000 KH at the current rate of payouts (assuming those continue) would pay for itself in roughly ten days. Ha!

You know the old saying: if it sounds too good to be true, it probably is. I will be very surprised at this stage if payouts continue at the previous rate, or even if they pay out at all. In fact, until I see more BTC paid out (e.g. tonight), Hash Profit has a huge red flag waving in the breeze. I'll update this post as things develop. Hopefully I'm just being overly pessimistic, and I stand to lose a moderate chunk of BTC if the site ends up being a scam, but worse things have happened to me with cryptocurrencies already.

Update, 12/27/2014 @ 11:32 PM PST: My BTC balance at Hash Profit has updated, and so have the balances of at least two friends that I checked with. The problem now is that the automated payouts haven't happened in well over 24 hours. Oh, and the PFC price temporarily rebounded and then took a further tumble. ROI time is now a ludicrous six days, but there's no way they can sell this amount of hashing power (income) at such low prices. Until I see otherwise, my suspicion is that all BTC at Hash Profit will remain at Hash Profit.

Dasvidanya, Hash Profit, 12/28/2014 @ 10:30 AM PST: The site is offline once more, payouts didn't happen, and some users have reported receiving email responses but nothing that's worth anything. LTCGear imploded in a similar fashion not too long ago, and it looks like today it was Hash Profit's turn. It's looking more and more like the days of profitable cloud mining are over... except for GAW, which continues to do well. Let's hope they at least can buck the trend.

9 comments:

  1. Time to update... that hashprofit is a total scam, and even more they laugh at their clients asking BTC for getting they messages. BTW they just collecting BTC, this do not mean that they get your message at all.

    ReplyDelete
    Replies
    1. Already updated. I timed my investment here very poorly. Ugh. I was worried it would turn out to be a ponzi, but figured it was worth a shot. There goes a few BTC. Lesson learned: don't be greedy.

      Delete
  2. Found link that says hashprofit down till Jan. 5th for security reasons. All experts will be back to work after new years. I hope thats true because I put a lot of money into it.

    Link:
    http://hashprofit.com
    (Not https)
    Will have to use a translater since it's in russian.

    ReplyDelete
    Replies
    1. Probably in Russian since the grand majority of their customers are in Russia.

      Delete
    2. Just click on the English flag in the upper right and you get exactly what Jarred cited above.

      What I'm wondering about: It's a hosted site, thus tere is no one needed to babysit hardware in front of him, but a versed person accessing the server via bash shell or something alike. And this can be done from anywhere as long as there is any internet connection at all and you've got the login credentials.

      And yes, running a site that is internationally active and making money would urge at least me to have at least one specialist ready for battle 24/7, come storm, high water or Christmas.

      Delete
    3. I would agree. Just have to wait and hope. I hope my balance continues to increase in the meantime.

      Delete
  3. Ummm....Mining haven´t ROI in this moment in at least 6 months and this cloud service seem me some type of ponzi schema as some other clouds.

    In other way, GAW Hashstacker paying less of 0.01 XPY/day for 90 days, seem as you could haven´t ROI at the end of investment time and not get returned the 1 XPY invested.

    Somebody can explain me why to place 1XPY for 90 days in a Hackstacker wich only pay <0.0097 XPY/Day??? What is the reason???
    At the end of 90 days you will only have, in the best of cases, 90x0.0097=0.87 XPY. Is say, you will loss 1-0.87 = 0.13 XPY per each 1 XPY invested.

    I follow thinking, buy BTC´s and hold. If price go down, do averaging price buys as needed at interval prices.
    When the BTC price return high newly, you will get the benefits. Easy and simple!


    Wich is our future in crypto?

    ReplyDelete
    Replies
    1. HashStaker gives you 0.00972 on average for 180 days if you buy the six month option, which means you get around 1.775115 XPY from your single XPY... and you also get the 1 XPY you put into the HashStaker back. So your returns are 177% after six months, or 87% after three months.

      Delete
    2. Thank you Jarred for your replay.

      "... and you also get the 1 XPY you put into the HashStaker back",

      That´s good. I not have had this in account. Anyway, you need to have in account also, the cost of the Hastacker itself.

      Delete