We’ve tried figuring out (still trying) how they got in. Our seeds are stored offline. Passwords are secure, nothing on the logs that can help. It appears the hacker got access to the cmd and that can only be a fault from the hosting provider.
Login to reply
Replies (1)
There are surely techniques to acquire command line access to a server with publicly facing services by exploiting the accessible service and break out of the confines of that service into the OS.
If you're running software and possibly also an OS that you manage on a hosted server then surely there's a remote access service (eg: sshd) running.
I'm not saying it wasn't hosting provider, just that there's surely other layers that are also possible.
The most hardened services on the Internet get hacked. I feel for you and hope you can identify the point of entry and root cause.