Bitcoin Forum

Alternate cryptocurrencies => Service Discussion (Altcoins) => Topic started by: bitwho on January 15, 2016, 04:17:40 AM



Title: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: bitwho on January 15, 2016, 04:17:40 AM
http://blog.cryptsy.com/

Quote
Announcement
Cryptsy has had problems for some time now and it’s time to let everybody know exactly why.  These problems were NOT because of any recent phishing attacks, or even a ddos attack, nor does it have anything to do with me personally.
About a year and a half ago, we were alerted in the early AM of a reduction in our safe/cold wallet balances of Bitcoin and Litecoin, as well as a couple other smaller cryptocurrencies.   After a period of time of investigation it was found that the developer of Lucky7Coin had placed an IRC backdoor into the code of wallet, which allowed it to act as a sort of a Trojan, or command and control unit.   This Trojan had likely been there for months before it was able to collect enough information to perform the attack.  It does not appear that this was the original developer for LK7, as on 5/22/2014, we received this message from the new developer who wanted to maintain the codebase:

Hello,
Lucky7Coin is not maintained and I would like to take care of it. I have announced that on bitcointalk.org in Lucky7Coin thread. You’re the only exchange for this coin and I hope you will let me take care of it. I’m responsible. You don’t have to be afraid of errors or forks. I’m developing multipool and I know bitcoin internals and protocol.
https://bitcointalk.org/index.php?topic=295157.msg6861797#msg6861797
For a start I’ve changed irc network, so clients could synchronize blockchain. Please upgrade as soon as you can.
Github repo:
https://github.com/alerj78/lucky7coin
Branch “master” will always be for stable version, branch “devel” could be dirty. In a 2-3 weeks I’ll release new version with p2pool support and checkpoints. Before that I’ll contact you to check few blocks hashes for checkpoints and make sure there is no fork.
I hope we can cooperate and make this coin live again!
Jack

These are the approximate figures taken:
Bitcoin:  13,000 BTC
Litecoin:  300,000 LTC
This of course was a critical event for Cryptsy, however at the time the website was earning more than it was spending and we still have some reserves of those cryptocurrencies on hand.   The decision was made to pull from our profits to fill these wallets back up over time, thus attempting to avert complete closure of the website at that time.   This worked fine for awhile, as profits decreased due to low volume and low Bitcoin prices, we would adjust our spending accordingly.  It wasn’t until an article from Coinfire came out that contained many false accusations that things began to crumble.   The article basically caused a bank-run, and since we only had so much in reserves for those currencies problems began. 
Our current customer liabilities for BTC is around 10,000 BTC, so as you can see we would like to see the Bitcoins returned for both our users and for ourselves.
Here are the transaction details from the Bitcoin wallet:
https://www.walletexplorer.com/wallet/0c07e0bec1002bd2
As you can see,  2014-07-29 13:17:36 is when the event occurred.   A very interesting fact here, however, is that those Bitcoins have not moved once since this happened.    This gives rise to the possibility they can be recovered.   In fact, I’m offering a bounty of 1000 BTC for information which leads to the recovery of the stolen coins.
If you happen to be the perpetrator of this crime, and want to send the coins back no questions asked, then you can simply send them to this address: 
1KNi4E4MTsF7gfuPKPNAbrZWQvtdQBTAAa
If they are returned, then we will assume that no harm was meant and will not take any action to reveal who you are.  If not, well, then I suppose the entire community will be looking for you.
Some may ask why we didn’t report this to the authorities when this occurred, and the answer is that we just didn’t know what happened, didn’t want to cause panic, and were unsure who exactly we should be contacting.   At one time we had a open communication with Secret Service Agent Shaun Bridges on an unrelated matter, but I think we all know what happened with him – so he was no longer somebody we could report this to.    Recently I attempted to contact the Miami FBI office to report this, but they instead directed me to report it on the I3C website.  I’ve not heard anything from them.
I think the only real people who can assist with this are the people of the Bitcoin community itself.
Trades and withdrawals will be suspended on the site indefinately until some sort of resolution can be made.
Here are our options:
1.   We shut down the website and file bankruptcy, letting users file claims via the bankruptcy process and letting the court make the disbursements.
-   or –
2.   Somebody else comes in to purchase and run Cryptsy while also making good on requested withdrawals.
-   or –
3.   If somehow we are able to re-aquire the stolen funds, then we allow all withdrawal requests to process.
I’m obviously open to any other ideas people may have on this.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Hollowman338 on January 15, 2016, 04:32:09 AM
..and another one bites the dust.

Decentralized exchanges need to happen.  Instantdex or Etherex, whoever, hurry up


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: cryptomann420 on January 15, 2016, 04:35:52 AM
..and another one bites the dust.

Decentralized exchanges need to happen.  Instantdex or Etherex, whoever, hurry up
                                                                                                                                               
Iam sure most everyone saw this coming! Will the new one in China be NEXT? ???


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: solid12345 on January 15, 2016, 04:45:32 AM
..and another one bites the dust.

Decentralized exchanges need to happen.  Instantdex or Etherex, whoever, hurry up

...or people just need to stop trusting their coins with former porn tsars and magic the gathering trading card dealers. There are plenty of big Bitcoin exchanges that are fully insured in the event of theft and funded by respectable business people with a reputation to keep, problem is the alt world is alot murkier.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: jabo38 on January 15, 2016, 04:48:46 AM
Crypsy is offering a pretty big bounty to get their coins back.

I am guessing the hacker will take the half million dollars and walk.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: box0214 on January 15, 2016, 05:12:35 AM
..and another one bites the dust.

Decentralized exchanges need to happen.  Instantdex or Etherex, whoever, hurry up

it already happened... nxt asset exchange using supernet's multigateway. its just missing the marketing strength it needs.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: sidhujag on January 15, 2016, 06:05:37 AM
..and another one bites the dust.

Decentralized exchanges need to happen.  Instantdex or Etherex, whoever, hurry up

it already happened... nxt asset exchange using supernet's multigateway. its just missing the marketing strength it needs.
Bitshares decentralized exchange too...

Btw where is popen and pclose defined? I know bitcoin has system call but that wont return data im sure this guy wants to pipe the data to a log and send the log so popen was needed as dooglus said.. But where is popen in the code?


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: mikhael on January 15, 2016, 06:08:04 AM
..and another one bites the dust.

Decentralized exchanges need to happen.  Instantdex or Etherex, whoever, hurry up
                                                                                                                                               
I am sure most everyone saw this coming! Will the new one in China be NEXT? ???

Of course its been months since Cryptsy started stopping withdrawals, locking users accounts and then this happened.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: iGotSpots on January 15, 2016, 06:34:01 AM
Gox -> Cryptsy
Malleability -> Backdoor

Same cup of soup, just reheated; both equally 'believable'

Not to mention a $7 million dollar loss not being reported in nearly two years? At this point it doesn't even matter if the blog is true or not. The only difference is which pile of shit it's going to land in

Karma is one cold-hearted bitch


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: CoinHoarder on January 15, 2016, 06:41:49 AM
So predictable. I am sorry to those who lost fund.  >:(

The "we were fine until the coinfire article" struck a nerve. They were not fine before that... I think the issue started when they were hacked to the tune of 13,000 BTC and 300,000 LTC.  ::)

I wonder how many times people will have to get Goxxed before they start using decentralized solutions such as Bitshares, Nxt/Supernet MultiGateway/InstantDex, Nushares/Nubits, or B&C Exchange?  ???

Disclaimer: I am an investor in all of the above projects.... because I can tell the future.  8)


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: iGotSpots on January 15, 2016, 06:44:07 AM
I wonder how many times people will have to get Goxxed before they start using decentralized solutions such as Bitshares, Nxt/Supernet MultiGateway/InstantDex, Nushares/Nubits, or B&C Exchange?

Disclaimer: I am an investor in all of the above projects.... because I can tell the future.  8)



Shilling where it doesn't belong is why nobody gives a shit


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: CoinHoarder on January 15, 2016, 06:47:57 AM
I wonder how many times people will have to get Goxxed before they start using decentralized solutions such as Bitshares, Nxt/Supernet MultiGateway/InstantDex, Nushares/Nubits, or B&C Exchange?

Disclaimer: I am an investor in all of the above projects.... because I can tell the future.  8)



Shilling where it doesn't belong is why nobody gives a shit

Hating on the only existing solutions to this issue is what this forum does, so I am not surprised by this response. Pushing people away from the only solutions pushes them towards centralized exchanges, which in turn pushes them towards getting goxxed. Do you always support thieves and inept businessmen? Or, do you only support them in this certain scenario when it props up whatever coins' value you happen to be bag holding?

You guys are delusional if you think these coins (or something similar) isn't going to be insanely valuable one day. In my opinion, these coins are in the best position to corner the decentralized exchange market and I have 2% to 5% of my portfolio in each one.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: sidhujag on January 15, 2016, 06:54:09 AM
I wonder how many times people will have to get Goxxed before they start using decentralized solutions such as Bitshares, Nxt/Supernet MultiGateway/InstantDex, Nushares/Nubits, or B&C Exchange?

Disclaimer: I am an investor in all of the above projects.... because I can tell the future.  8)



Shilling where it doesn't belong is why nobody gives a shit
Huh it is relevant.. Your post is nonsense


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: iGotSpots on January 15, 2016, 06:59:20 AM
Take your bagholding elsewhere, nobody cares


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: sidhujag on January 15, 2016, 07:04:02 AM
Why dont u go try to find the hacker who stole instead of wasting time with nonsense posts kiddo?


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Arrakeen on January 15, 2016, 07:06:46 AM
This Vern asshole really loves to throw the blame around.  As if a news article is to blame for him scamming his customers?  And to top it off, an official blog post saying "we still accepted your money for a year after 'being robbed'"

Let's look at just a few of the asshole's excuses & methods of stealing everyone's money!

'Equipment changes'
'Update issues'
'Denial of Service attack'
'brief outages'
'hardware swap'
'Server Failure'
'Scammers'
'Phishing attempts using our customer data'
'database issues'
'mailserver issues'

...and the INSANELY RIDICULOUS fees they've imposed, then INCREASED before shit started to really hit the fan.

How, just HOW could people continuously put up with bullshit like that?


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: markm on January 15, 2016, 07:15:10 AM
I read somewhere that Cryptsy had specifically denied running on fractional reserve, but this recent Big Vern blog post, if it is legitimate, seems to be claiming they have in fact been running on fractional reserve?

In addition to their purported outright claims that they were not on fractional reserve one could simply look at the massive profits available to anyone able to run arbitrage loops (by remaining able to withdraw bitcoins, as Cryptsy itself was presumably capable of doing, being in charge of the withdrawal-preventing measures).

So it seemed pretty obvious that even if they had lost some coin at some point the arbitrage opportunities alone would enable them to easily make up their losses.

Also, cold wallets are by definition cold. How could a trojan daemon running in its own virtual machine possibly enable the moving of coins by another daemon running on another virtual machine?

-MarkM-


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: GTO911 on January 15, 2016, 07:17:42 AM
Why would they add lucky7coin?

Adding shitcoins=doom

It took them ages to support legitimate projects like Monero, but they were fast at adding scam coins. I say fate well deserved


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smoothie on January 15, 2016, 07:45:56 AM
How do we know Cryptsy and its cronies didn't "hack" themselves and then now are claiming "we got hacked 1.5 years ago"

Kinda late eh?  ;)


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smoothie on January 15, 2016, 07:54:33 AM
Quote
Some may ask why we didn’t report this to the authorities when this occurred, and the answer is that we just didn’t know what happened, didn’t want to cause panic, and were unsure who exactly we should be contacting.   At one time we had a open communication with Secret Service Agent Shaun Bridges on an unrelated matter, but I think we all know what happened with him – so he was no longer somebody we could report this to.    Recently I attempted to contact the Miami FBI office to report this, but they instead directed me to report it on the I3C website.  I’ve not heard anything from them.

This is a load of bullshit ^

"were unsure who exactly we should be contacting"

"did not want to cause panic "

The problem with their shitty excuses is that as an exchange they had a RESPONSIBILITY to inform their customers/users the moment money got stolen.

But of course I don't believe they actually lost any money. I believe this is a whole charade to misdirect blame to the PHANTOM HACKER.

The new phrase to be coined is "You got VERNED!"


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smooth on January 15, 2016, 07:57:54 AM
"You got VERNED!"

Winner


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: cryptrol on January 15, 2016, 08:01:29 AM
Also there is an issue reporting the backdoor in Lucky7 in March.

https://github.com/alerj78/lucky7coin/issues/1

And no mention of it anywhere else I can see.
That's simply getting ridiculous.

Anybody can tell if there are currently running nodes ?


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smooth on January 15, 2016, 08:02:15 AM
Also there is an issue reporting the backdoor in Lucky7 in March.

https://github.com/alerj78/lucky7coin/issues/1

And no mention of it anywhere else I can see.

Was reported earlier here: https://bitcointalk.org/index.php?topic=935898.0


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smoothie on January 15, 2016, 08:04:32 AM
Cryptsy has failed to explain why they aren't returning the millions of alts still stored in its cold-storage coffers.

Why not return those coins to the rightful owners?

Because either:

1. They want to see if they can get away with keeping it.

2. They don't think they are at fault for the hack and so their users need to bear the burden of their losses.

3.  ???


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: tokeweed on January 15, 2016, 08:25:04 AM
..and another one bites the dust.

Decentralized exchanges need to happen.  Instantdex or Etherex, whoever, hurry up

Yup.  And that PPC/NU thing too...



Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: tokeweed on January 15, 2016, 08:26:10 AM

Hahahahaha!  Make a meme with his pic.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Timeline on January 15, 2016, 08:34:18 AM
Doesn't look too good for Cryptsy. I remember the good old days when Cryptsy was the biggest altcoin exchange now they are just a shadow of the past.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smoothie on January 15, 2016, 08:56:28 AM
Doesn't look too good for Cryptsy. I remember the good old days when Cryptsy was the biggest altcoin exchange now they are just a shadow of the past.

when was that?

BTC-e is pretty big and has been around before shitsy.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: iCEBREAKER on January 15, 2016, 09:22:11 AM
Cryptsy has failed to explain why they aren't returning the millions of alts still stored in its cold-storage coffers.

Why not return those coins to the rightful owners?

The alts were drained by customers using them to tunnel out of Cryptsy.

Didn't you notice all the recent 'you can still buy and withdraw AltcoinX from Cryptsy' 'yah but I'll lose Y% BOO HOO' posts?

The well is now dry, hence BigFraud's sudden, yet late, admission they got spear phished by one of their beloved shitcoins.

Even if Cryptsy still had alts, they are the property of the bankruptcy trustee, and thus cannot be distributed to creditors until the process advances to its final phase.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Liquid71 on January 15, 2016, 09:35:41 AM
So the paycoin scam with Mr. Garza wasn't enough to recover funds stolen LONG before your hack? You ran on fractional reserve and allowed people to entrust their money to you without informing them. Then joined Garza with his scam, then milked what you could for a few months and finally walk away with your coins and tell the community to eat shit and die...that sounds perfectly legal and a reasonable excuse for stealing from your customers.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Liquid71 on January 15, 2016, 09:37:15 AM
Cryptsy has failed to explain why they aren't returning the millions of alts still stored in its cold-storage coffers.

Why not return those coins to the rightful owners?
Because they are funding paycoin super stakers 2.0 with Josh Garza.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: logocreator on January 15, 2016, 09:51:30 AM
cryptsy hacked themselfs over 1.5 yrs ago,  ••• missing 10M $

https://i.imgur.com/0sTJDTa.jpg


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: vileygroun on January 15, 2016, 10:00:14 AM
This is a poor move by cryptsy. For over 1.5 years, they have kept it secretly. They would have suspended their operations immediately once they realize the missing coins from their wallets. They wouldn't have lost when they did it like that. Silence is the killing factor for cryptsy for now. If they did suspended their operations earlier, many people would have got the original value of the coins back. For the past months, people tried to convert btc to other altcoins for much loss to withdraw. This is isn't acceptable.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Hache on January 15, 2016, 11:05:21 AM
This is a poor move by cryptsy. For over 1.5 years, they have kept it secretly. They would have suspended their operations immediately once they realize the missing coins from their wallets. They wouldn't have lost when they did it like that. Silence is the killing factor for cryptsy for now. If they did suspended their operations earlier, many people would have got the original value of the coins back. For the past months, people tried to convert btc to other altcoins for much loss to withdraw. This is isn't acceptable.

Me I got NMC out but put it back because the loss was too big, 10-15% of value or more can't remember. Anyway, that was my decision and it was stupid.

I hope now, that if Vern or the employees didn't steal the coins, the hacker will put the BTC back into the accounts and take up on the promise that he will get 1000BTC and will walk away. Otherwise, in his feet I would take those 1000BTC, hire hackers to find her/him/them and hire some nice guys to pay him/her/them a last visit. But that's all wishful thinking since I lost 3.5BTC in that shithole.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: markm on January 15, 2016, 11:12:00 AM
Surely the limited liability shield is void in the face of so much totally criminal activity, lying etc?

This talk of a company going bankrupt seems off the mark, since a company is just a fiction that counts for nothing against criminal negligence malfeasance fraud theft and so on?

-MarkM-


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: edmundduke on January 15, 2016, 11:14:36 AM
It really feels as if there was really no hack and vern just pocketed the coins. If they really had happened then the steps that were taken after it really make no sense. Delaying withdrawals, closing the office and moving out months before they announced what happened.
Was Mintsy a try to make back the money they "lost" or a way to make more before they got out ?


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: graffix on January 15, 2016, 11:23:36 AM
Guys, just let's be honest.
If Cryptsy was your exchange and you got hacked and lost a lot of coins.
If you were struggling to keep the exchange open and notice a lot of traders are leaving the exchange.
Would you start a Prepaid Debit Card Program?
Personally I can't believe this. Even if you know it's a sinking ship, keeping the exchange open isn't a criminal offense. It could be seen as damage control.
But actually selling a product of which you know you can't deliver... IMO that's a crime. Why would they risk this?
Hence, I personally doubt about their explaination (and ofcourse added the fact they say they didn't inform the authorities).
Let's see where it ends.  


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: markm on January 15, 2016, 11:27:50 AM
The claimed way the attack was supposedly done makes no sense, even without using virtual machines no coin daemon running as one user would be able to access another running as another user unless someone deliberately forced passwords into the ps or top type readouts by putting them on commandlines, so even incompetents could hardly be expected to make the proposed attack method workable unless they really went out of their way to ensure such an attack would work, such as by running untrustable shitcoins as the same user as a real valuable coin, and on the same machine, or by deliberately passing passwords on the commandline so other users could see them on top and ps and such.

Basically you'd have to deliberately go out of your way to circumvent all the usual procedures everyone is always instructed to use even for just small personal wallets.

Such deliberate setting up of a situation intended to enable some pathetic excuse like "oh one daemon had a trojan in it" is surely at best criminal negligence and far more likely conspiracy to defraud and steal?

It is a pity really that there are so many regulations around this kind of app because all the perceived/expected additional expense imposed by red tape kind of makes the whole idea of running an exchange at all look way too expensive to the kinds of folks who might be competent to run one, whereas script-kiddies just wanting to set up a nice hackable environment so they can claim they were hacked can do so much cheaper / easier...

...Also come to think of it an IRC command-and-control on a cold-wallet machine would never be able to be commanded and controlled because cold means not on the net, right? Hmm...

-MarkM-



Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Fuserleer on January 15, 2016, 11:55:39 AM
Can't say I'm too surprised to hear such news, the vultures have been circling for some time.

It seems that period of time was gaming season for thefts as it was around then I was hit also for a combined total of ~900 BTC of both project and personal funds, there were others shortly before me, and others after, including Cryptsy...brings me to the conclusion it might of even been a group of people, who knows.

Fact is it sucks, and I know full well the sickly stomach churning feeling these guys must of had upon realizing those funds had gone.  So I feel for them and anyone else that gets robbed for that matter, no matter how much it is.

However, I can't really sympathize with the act of covering it up for 18 months even though I understand why they did.

In the case of myself I took a bit of time to try and figure out exactly what had happened, build a contingency and figure out a plan.  I knew though that I had maybe 2 months max to report the news to the community before the tide would turn. I also knew there would be a run by those that had supported the project for their funds back, and there was, which cost me a great deal personally.

Its a tough choice, in the case of Cryptsy they thought they could recover via profits, but I think that was a bit naive.  You can't be sure as a business in this sector you'll be around next year, let alone 5-6 years down the line, which seems to be the time period for which they would need to recover all this via profits.  In 18 months they've reduced the deficit by 3k.

It would of been a better more to announce it then, assure everyone that efforts would be made to return funds over time and do just that, no matter what or how long it took.  People can be patient if you are seen to be doing the right thing.  It took me months to reorganize my finances to pay everyone back in my situation, I kept everyone in the loop constantly, everyone was happy to be patient and all that wanted their funds got them.   I suppose its fortunate that I had plenty of assets available to liquidate, perhaps that wasn't the case here hence this decision.

Either way, its a kick in the nuts, so you have my sympathy in that regard.  Hope you do the right thing from this point forward.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: markm on January 15, 2016, 12:02:55 PM
If they intended to make good the losses they could have raked in 25 to 30 bitcoins per coin per day on some altcoins that had 100 bitcoins a day of volume and were much cheaper on other exchanges than on Cryptsy.

Part of what made them seem solid, over and above Vern's purported claims that they were not running on a fractional reserve, was the sheer amount of coin they could easily bring in per day just by doing arbitrage.

Now it is starting to seem more likely Vern and/or others who knew what was going on and could bypass withdrawal restrictions might have been doing arbitrage for personal gain not to rebuild the reserves, if they were doing any at all.

Seems pretty unlikely they won't be looking at some serious criminal charges?

And pretty stupid of they planned to make up the losses not to have been doing as much arbitrage as they could with all the bitcoins of their own they could muster.

Especially since by not reporting the theft right away they surely must have shattered any possibility of pretending the company is an entity apart from themselves, so that surely all their own personal wealth became as much at risk as the company? (Unlimited liability due to criminal culpability?)

-MarkM-


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: hotsurfing on January 15, 2016, 12:25:54 PM
I'm so glad i switched from Crpsty to Nxt MultiGateway


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: adhitthana on January 15, 2016, 12:34:11 PM
This should have been the final warning http://www.asx.com.au/asxpdf/20151007/pdf/431x6f9txp36pj.pdf


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: BSdetector on January 15, 2016, 01:28:46 PM
I smell it...

BS


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: e-coinomist on January 15, 2016, 01:39:07 PM
cryptsy hacked themselfs over 1.5 yrs ago,  ••• missing 10M $

https://i.imgur.com/0sTJDTa.jpg

 :D :D talented  :D :D


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Spoetnik on January 15, 2016, 02:17:04 PM
Cryptsy topic in my SIG has 200+ pages of info..

A LOT has happened along the way last 4 months.

And this topic may get moved to service discussion guys..


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Piston Honda on January 15, 2016, 03:09:44 PM
fuck that site and fuck most of alt/behind closed doors BS.
wow.  the shit never stops with the scammers/greed. wtf.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: sidhujag on January 15, 2016, 03:47:28 PM
The claimed way the attack was supposedly done makes no sense, even without using virtual machines no coin daemon running as one user would be able to access another running as another user unless someone deliberately forced passwords into the ps or top type readouts by putting them on commandlines, so even incompetents could hardly be expected to make the proposed attack method workable unless they really went out of their way to ensure such an attack would work, such as by running untrustable shitcoins as the same user as a real valuable coin, and on the same machine, or by deliberately passing passwords on the commandline so other users could see them on top and ps and such.

Basically you'd have to deliberately go out of your way to circumvent all the usual procedures everyone is always instructed to use even for just small personal wallets.

Such deliberate setting up of a situation intended to enable some pathetic excuse like "oh one daemon had a trojan in it" is surely at best criminal negligence and far more likely conspiracy to defraud and steal?

It is a pity really that there are so many regulations around this kind of app because all the perceived/expected additional expense imposed by red tape kind of makes the whole idea of running an exchange at all look way too expensive to the kinds of folks who might be competent to run one, whereas script-kiddies just wanting to set up a nice hackable environment so they can claim they were hacked can do so much cheaper / easier...

...Also come to think of it an IRC command-and-control on a cold-wallet machine would never be able to be commanded and controlled because cold means not on the net, right? Hmm...

-MarkM-


Only way is if root was running the wallet and other wallets were in the same machine.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: markm on January 15, 2016, 03:56:13 PM
Only way is if root was running the wallet and other wallets were in the same machine.

There is no way any ordinary/available/typical kind of machine, even high powered ones, could run all the coins Cryptsy was running.

Try it!

So it makes even less sense that some pathetic scamcoin would even be on the same physical machine as top of the line actually-valuable well-established coins, let alone on the same username in the same virtual machine.

For a newly-remade trojan without a large team of well known developers with expensive reputations on the line all using verifiable compile processes to sign releases and so on to manage to get run on the same machine as e.g. bitcoin itself would pretty much require a deliberate intent to expose a specific, known number of bitcoins to attack by that new potential-trojan.

In other words, when you choose which physical machine to run a coin on, and which virtual machine on that machine, and which username on that virtual machine, you are specifically deciding how many of which other coins you want to give that new program the opportunity to "attack if it is going to", so you know how many of which coin you want to put at risk and why, such as for example to decide how much temptation you want to expose that program's developer to in order to test his or her integrity and the integrity of the code they have provided.

It is thus pretty much unbelievable that some scamcoin such as lucky7 would ever even be on the same hardware machine, let alone virtual machine, let alone username, as bitcoin...

...Unless you chose for example to test the integrity by putting a half a bitcoin, or a bitcoin, or whatever your chosen bounty is for discovering a trojan, into its reach to test whether despite all your efforts to inspect it it might still harbour some nastiness...

-MarkM-


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: vlom on January 15, 2016, 09:07:12 PM
Cryptsy has failed to explain why they aren't returning the millions of alts still stored in its cold-storage coffers.

Why not return those coins to the rightful owners?

thats exactly what i was thing about after i read the blogpost.

maybe they are selling this coins somewhere else because they never will come back live again. so nobody will ever have the possibility to withdraw these coins. they need money to start a new life. and by selling the rest they can make some money.




Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smoothie on January 15, 2016, 09:19:46 PM
cryptsy hacked themselfs over 1.5 yrs ago,  ••• missing 10M $

https://i.imgur.com/0sTJDTa.jpg

lol you should add GOXED in there somewhere too


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smoothie on January 15, 2016, 09:21:41 PM
This is a poor move by cryptsy. For over 1.5 years, they have kept it secretly. They would have suspended their operations immediately once they realize the missing coins from their wallets. They wouldn't have lost when they did it like that. Silence is the killing factor for cryptsy for now. If they did suspended their operations earlier, many people would have got the original value of the coins back. For the past months, people tried to convert btc to other altcoins for much loss to withdraw. This is isn't acceptable.

Not just that...

People who were DEPOSITING BTC and alts into crypsty for the 1.5 years....is essentially a huge liability on cryptsy's part.

As they were operating essentially a PONZI scheme by robbing PETER (depositor) to pay PAUL (withdrawer).



Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smoothie on January 15, 2016, 09:23:52 PM
Guys, just let's be honest.
If Cryptsy was your exchange and you got hacked and lost a lot of coins.
If you were struggling to keep the exchange open and notice a lot of traders are leaving the exchange.
Would you start a Prepaid Debit Card Program?
Personally I can't believe this. Even if you know it's a sinking ship, keeping the exchange open isn't a criminal offense. It could be seen as damage control.
But actually selling a product of which you know you can't deliver... IMO that's a crime. Why would they risk this?
Hence, I personally doubt about their explaination (and ofcourse added the fact they say they didn't inform the authorities).
Let's see where it ends.  

Leaving the exchange open for people to deposit money to TRADE/EXCHANGE....is technically a product they were selling. Okay more like a service...but apples and oranges...its the same thing just looked at differently a bit in the eyes of "the law".


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smoothie on January 15, 2016, 09:32:35 PM
The claimed way the attack was supposedly done makes no sense, even without using virtual machines no coin daemon running as one user would be able to access another running as another user unless someone deliberately forced passwords into the ps or top type readouts by putting them on commandlines, so even incompetents could hardly be expected to make the proposed attack method workable unless they really went out of their way to ensure such an attack would work, such as by running untrustable shitcoins as the same user as a real valuable coin, and on the same machine, or by deliberately passing passwords on the commandline so other users could see them on top and ps and such.

Basically you'd have to deliberately go out of your way to circumvent all the usual procedures everyone is always instructed to use even for just small personal wallets.

Such deliberate setting up of a situation intended to enable some pathetic excuse like "oh one daemon had a trojan in it" is surely at best criminal negligence and far more likely conspiracy to defraud and steal?

It is a pity really that there are so many regulations around this kind of app because all the perceived/expected additional expense imposed by red tape kind of makes the whole idea of running an exchange at all look way too expensive to the kinds of folks who might be competent to run one, whereas script-kiddies just wanting to set up a nice hackable environment so they can claim they were hacked can do so much cheaper / easier...

...Also come to think of it an IRC command-and-control on a cold-wallet machine would never be able to be commanded and controlled because cold means not on the net, right? Hmm...

-MarkM-


Only way is if root was running the wallet and other wallets were in the same machine.

Yup amateur hour when it comes to security. They didn't even have the foresight to think perhaps something like this could happen and say split their pot of funds up into multiple wallets in different locations with multi-sig etc.

"no let's put it all in one place and then install random releases of new crapcoins on the same machine"...

wow just wow ^


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: MisO69 on January 15, 2016, 09:41:42 PM
..and another one bites the dust.

Decentralized exchanges need to happen.  Instantdex or Etherex, whoever, hurry up

Bitshares and Next are working. The problem is how to trade our beloved altcoins on those exchanges?? I don't think anyone has figured that out yet. Even then there would have to be some sort of centralization for fiat on and off ramps.



Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: tittiecoiner on January 15, 2016, 09:53:42 PM
The sad point is:

Looking at all the scams in this lovely crypto world, we need to state: If people would put all their efforts and phantasy in useful tasks instead of ripping other users off, at least Bitcoin would meanwhile have reached mainstream...


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: adhitthana on January 15, 2016, 11:55:20 PM
Were Dash stolen too?

https://dashtalk.org/threads/supposed-450-000-dash-embezzled-from-cryptsy.7649/


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Zer0Sum on January 16, 2016, 12:25:55 AM
Surely the limited liability shield is void in the face of so much totally criminal activity, lying etc?

This talk of a company going bankrupt seems off the mark, since a company is just a fiction that counts for nothing against criminal negligence malfeasance fraud theft and so on?

-MarkM-


This is definitely in criminal territory.

Calling Cryptsy a "fractional reserve" is lazy and apologia... since that's a legal way money is created by banks.

In contrast, Cryptsy was running a crude PONZI SCHEME and COMINGLING CUSTOMER FUNDS and 100 other offenses...
They kept running and lying for 2 years by using new deposits to pay off withdrawals = random delays.

Big Bern and the principals will definitely face Florida criminal justice. No place to hide now, baby.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Arrakeen on January 16, 2016, 01:00:25 AM
Florida

That explains everything.  Florida really needs to be either nuked, cut into an island and detached from the united states, or walled off.  It's like a completely different country down there; either something in the water or heat stroke is really messing with those folks.  Haven't met one person from florida (while living there) that I could trust; met many that resulted in personal losses of all sorts - just like people losing money to craptsy. 

What is it with people down there?  Runaway convicts hiding as south as possible? Results on a social level from Florida's pill mills (the source of the country's oxycontin problem & resulting heroin epidemic)?  There are so many reasons why they're fucked in the head, it's hard to choose one


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: hanzac on January 16, 2016, 01:50:55 AM
This large woodworm is harmful to these alt coins affected.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: BitcoinEXpress on January 16, 2016, 01:53:24 AM
So I guess it's true after all.

Cryptsy really does suck


~BCX~


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: hanzac on January 16, 2016, 01:56:25 AM
..and another one bites the dust.

Decentralized exchanges need to happen.  Instantdex or Etherex, whoever, hurry up

Bitshares and Next are working. The problem is how to trade our beloved altcoins on those exchanges?? I don't think anyone has figured that out yet. Even then there would have to be some sort of centralization for fiat on and off ramps.



We have to turn to the decentralized exchange systems. The system should do automatically escrow.

Trust machine is a way ahead. But maybe in future we need to be careful to the rise of AI. ;D


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: sidhujag on January 16, 2016, 04:11:56 AM
Cltv has been used to do acct with any coin using cltv.. I plan to allow payments in bitcoin in my decentralized marketplace of offers.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: entertheabyss on January 16, 2016, 04:41:10 AM
So I guess it's true after all.

Cryptsy really does suck


~BCX~

Hey, better late than never ;)


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: smoothie on January 16, 2016, 05:08:31 AM
So I guess it's true after all.

Cryptsy really does suck


~BCX~

lol and after all this support you gave them publicly....it was for nothing.  :D


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: The Sceptical Chymist on January 16, 2016, 05:15:29 AM
Christ, it sounds like they did everything they could to keep the truth from their customers, and now all is fucked.

What we need are exchanges that are actually run by businessmen and not computer geeks and such.  Geeks have an important part in this, but these exchanges need people who know how to run an exchange, know what I mean?  It sounds like no one put on their problem-solving hats when they found out about the trojan.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: wpalczynski on January 16, 2016, 05:21:09 AM
So I guess it's true after all.

Cryptsy really does suck


~BCX~

lol and after all this support you gave them publicly....it was for nothing.  :D

Of course, it was likely in on the scam, it likely benefited greatly from the cryptsy thievery.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Arrakeen on January 16, 2016, 08:37:35 AM
Christ, it sounds like they did everything they could to keep the truth from their customers, and now all is fucked.

What we need are exchanges that are actually run by businessmen and not computer geeks and such.  Geeks have an important part in this, but these exchanges need people who know how to run an exchange, know what I mean?  It sounds like no one put on their problem-solving hats when they found out about the trojan.

Cryptsy did put on their problem-solving hats...hiding the truth for maximum profits was the solution, it seems.    ::)


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Bustart on January 16, 2016, 11:44:07 AM
Christ, it sounds like they did everything they could to keep the truth from their customers, and now all is fucked.

What we need are exchanges that are actually run by businessmen and not computer geeks and such.  Geeks have an important part in this, but these exchanges need people who know how to run an exchange, know what I mean?  It sounds like no one put on their problem-solving hats when they found out about the trojan.

Cryptsy did put on their problem-solving hats...hiding the truth for maximum profits was the solution, it seems.    ::)

The delay in withdraws in the last few months could be to win time to get their hands on the customer coins.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: markm on January 16, 2016, 12:25:15 PM
Well maybe there is a simple balance-reconciliation system that could not only work for Cryptsy but as a regularly running reconciliation routine all exchanges could use, akin to the trial balance and month-end balance used in business accounting routines.

Simply add up regularly the number of actual coins of each type that are actually held by the exchange, compare that to the total of each coin the customer balances add up to, and apply the ratio to the customer balances.

Basically reflect the fractional reserve directly by converting all customer balances every day or week or month or whatever so they add up to the number of coins actually in the exchange.

If that was running all the time, within hours or a day or whatever of any coins vanishing of any type, all the customers holding coins of that type would see their loss right away.

If one third of a given type of coin goes missing, presto all customer balances of that type of coin go down by one third.

Simple, direct, and avoids co-mingling of coins of different types.

Coins more highly targeted by thieves and thus presumably at higher risk would reflect their temptingness by people's relative reluctance to hold that type of coin as compared to some other coin they feel is less likely to be targeted.

All losses would be seen as soon as possible, so people could adjust their trading strategies accordingly.

Nice and transparent and simple, and it even keeps the risk / reward of each coin type to itself instead of holders of one kind of coin being forced to pay for the losses of folks who choose to hold a more risky / more likely to be targeted type of coin.

-MarkM-


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: BITDV on January 16, 2016, 12:54:12 PM
One of the biggest problems is people use exchangers as banks , there not banks people have to learn do there trades and then put there cryptos in there personal wallets not leave them laying around on exchanges , this just puts bulls eyes on the exchanger's for hackers!!


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Arrakeen on January 16, 2016, 06:57:59 PM
One of the biggest problems is people use exchangers as banks , there not banks people have to learn do there trades and then put there cryptos in there personal wallets not leave them laying around on exchanges , this just puts bulls eyes on the exchanger's for hackers!!

Yup, even after ALL the hysteria over Gox, people still leave all their funds on exchanges, then get mad when that exchange goes down...

...that reminds me, I should probably make some withdraws  ;D


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: tittiecoiner on January 16, 2016, 07:05:26 PM
btw, I guess in the US, delayed filing of insolvency is considered a crime, too?


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: healthhealer4 on January 22, 2016, 09:33:10 PM
trade in exchange that dont have control over your coins then the rest will follow . www.bitstock.com and www.multisigna.com (http://www.multisigna.com/?referral=3262117448)


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Bustart on January 29, 2016, 11:56:43 AM
btw, I guess in the US, delayed filing of insolvency is considered a crime, too?

In UK, running a company in insolvency status is a crime.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: erk on January 29, 2016, 12:48:49 PM
How anyone could allow a payout from a wallet without checking that there is a corresponding valid client order for a withdrawal in their database, is beyond me.



Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Nameless Coin on January 29, 2016, 09:32:50 PM
How anyone could allow a payout from a wallet without checking that there is a corresponding valid client order for a withdrawal in their database, is beyond me.



I think their exchange was managed by schoolkids.
How can they run a operation worth 13k BTC and have this kind of security?


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: wikenpp on January 30, 2016, 11:02:42 PM
How anyone could allow a payout from a wallet without checking that there is a corresponding valid client order for a withdrawal in their database, is beyond me.



I think their exchange was managed by schoolkids.
How can they run a operation worth 13k BTC and have this kind of security?

I doubt they even had security. How in the hell can they lose all their coins?
It's make no sense such a company as cryptsy can lose so much coins.


Title: Re: crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc
Post by: Bustart on February 11, 2016, 09:46:59 AM
How anyone could allow a payout from a wallet without checking that there is a corresponding valid client order for a withdrawal in their database, is beyond me.



I think their exchange was managed by schoolkids.
How can they run a operation worth 13k BTC and have this kind of security?

I doubt they even had security. How in the hell can they lose all their coins?
It's make no sense such a company as cryptsy can lose so much coins.

So it could be an inside job. The BigVern or somebody else stole the money. Somebody inside create the (lucky) coin and persuade the BigVern to install the wallet and steal the bitcoins.