Update November 7 @ 08:40
We have heard back from Inputs.io. According to a reply we received on our email, the service was hacked on October 24 and the wallet claims that the attackers are the same ones who managed to hack “GigaDice, another Bitcoin service a month earlier.”
When asked if Inputs.io will be returning the lost BTC we were told “We’ve lost most of the BTC due to the hack, however I’m personally paying out of my pocket to make sure users receive as much as they can.”
Dubbed Advertised as a high-security bitcoin web wallet and a Bitcoin Foundation silver member, Inputs.io has been hacked with total of 4100 BTC siphoned off. The secure web wallet has revealed that it is not in a position to pay all user balances.
“Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances”, reads a message on inputs.io website. The attacker managed to compromise the hosting account of input.io through the use of an old email address, which didn’t have any phone numbers attached to it. “The attacker was able to bypass 2FA due to a flaw on the server host side.”
The web wallet notes that the hackers managed to gain access to the database, but stresses that passwords are secure as they are hashed on the client. “Bitcoin backend code were transferred to 10;[email protected]:[email protected] (most likely another compromised server).”
Inputs.io has asked all those uses having more than 1BTC in their wallets to email [email protected] with a Bitcoin address.
“I know this doesn’t mean much, but I’m sorry, and saying that I’m very sad that this happened is an understatement”, the last statement reads.
Users can still access the Inputs.io can check for their balances. The site is asking users to refrain from adding any coins to their wallet.