At 2a.m. Korea time, GlassHunt.co’s Double Spend Tool was savagely penetrated on its back-end via a SQL hacker who broke into our database and confiscated nearly $5,000 in bitcoin from active users in the process of their double spend activities on our site. Sorry about that. We publish hackable contracts for Ethereum hackers on our Challenges site, but this one, unlike those, was not anticipated by us.

At Glass Hunt, we celebrate hackers. So through all the hate mail, the threats, the cries for help, and money we personally lost due to our inability to collect commissions and maintain trust, we say…. we salute you, unknown hacker (You could have at least left us a message… because we are recruiting).

As should be the case when anyone gets hacked, small or large, we would like to issue a few statements.

The hacker can’t use the same exploit anymore. In short, he/she/it cracked one of our read-only SQL account passwords, and we have since reset them to uber-super-super-amazingly strong passphrases that we personally could never remember. We have added super-duper encryption of private keys, so that even if the hacker returns into the database, the information will be of very little use. We have beefed up our firewalls to ensure that any suspicious activity will be blocked, locked and shut the F* down. As an additional measure, we have added SSL encryption to our site, so that if anyone (including your favorite VPN provider) is snooping on your network connection… well, that activity will now be meaningless.

Takeaways:

Everything is safe now and you can double spend on our site securely. No, we will not return any lost funds to users. Again, we are hackers ourselves, and we have a belief set that would be completely compromised if we returned funds to people double spending… Essentially, you use our tool at your own peril. We will do the best we can to ensure this doesn’t happen again Almost all accounts (new and old) were drained. Sorry, older account users who left or lost funds in an account.

We wish for the hack to remain with everyone involved with us. We are truly happy we got kicked in the balls. Because though that kick hurt us and many others, the only way to be hack-proof is to get hacked. We welcome future attempts. We know it’s the only way to become stronger.

And beware, we are on high alert. And we take no prisoners; that is, unless you would like to join the ranks.

May the hack be with you.