Hacker News new | ask | show | jobs
by jessieplk 4465 days ago
+ there was another bug (or "feature") that allowed all access to all funds via API access key.

Sure, the user needs to allow the permissions first, but the warning where disproportionate to the power it gave away.

They've disabled this kind of access since though.

http://www.theverge.com/2014/2/7/5386222/a-string-of-thefts-...
1 comments
dobbsbob 4465 days ago
That was an old trick used by Liberty Reserve scammers too who would social engineer you to activate the API then clean out your wallets.
link