Bitcoin Forum

Thursday, August 4th, 2011

From the desk of Tom Williams, operator of MyBitcoin.com

For immediate release.

As you have probably noticed, MyBitcoin.com had been down for almost a week due to an unfortunate event.

On Friday of last week we noticed that one of our pooled holding servers was missing a large amount of Bitcoins. After a prompt investigation we realized that the security of our SCI (Shopping Cart Interface) system had been breached by an unknown attacker.

Our response was rash, but necessary. We simply switched the system off until we could have system-wide forensics performed. The forensics took some time, as the system is quite complex by nature.

After weighing all of our options, we have realized that we have no option but to go into receivership. We will settle all accounts with a online claim process that we are currently in the process of working out.

We will release more detailed information about the security breach, the claim process, and our balance sheet in the next few days.

Tom Williams

Why make us all think he was a crook?  Why not install just a html index page and explain what happened?

Thursday, August 4th, 2011

On Friday of last week we noticed that one of our pooled holding servers was missing a large amount of Bitcoins.

Buying time?

How do we know this is actually Tom Williams? The last 'From the desk of Tom Williams' (http://pastebin.com/eRegFJ5R) message was signed by whoever owns this PGP key: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x9FB9834EA5027A85

So why isn't this one signed to confirm that it's from the same person?

Does that mean the entire business, customers and all, can be bought cheap?

-MarkM-

he just said he's declaring bankruptcy....   there is no figure on what people will get back... if anything...  maybe 10% back... maybe 50% back... maybe 0% back..

If he's declaring bankruptcy that means that it was a huge loss.

We will settle all accounts with a online claim process that we are currently in the process of working out.

he just said he's declaring bankruptcy....   there is no figure on what people will get back... if anything...  maybe 10% back... maybe 50% back... maybe 0% back..

If he's declaring bankruptcy that means that it was a huge loss.

So he's now he has the money to pay everyone back?

where did it all come from?

To put it simply (and it might differ slightly depending on the country), when a company goes down, its remaining assets are totaled up and used to pay off creditors (in this case including customers with deposits) in order of priority, i.e. a secured creditor gets their share first. If there are more than one in each priority class, it's proportioned out accordingly. Very often the smallest guys without any security/contract get nothing or just pennies.

So depending on how much MBC has left, every 1 BTC you kept with them, might only get you say 0.1 BTC back.

this means nothing..

so he going to declaring bankruptcy.

and then sell the stolen bitcoins!

Well, almost as importantly we can hopefully get more info on the mybitcoin owner now that he's appeared back on the scene, and maybe we can find out whether the bitcoins or some portion of them are lost, stolen, or safe.

Why not install just a html index page and explain what happened a week ago?  

Maybe once he saw the posts about a bounty on his head, he got a little antsy.  These geeks are some great detectives.

Maybe once he saw the posts about a bounty on his head, he got a little antsy.  These geeks are some great detectives.

Did people say most of the coins haven't been moved?... If this happens to me, my first reaction would be moving all remaining coins into a new wallet.

I won't believe this until he provides transaction details.

If you are going to posit that theory you might as well also float somewhat the opposite:

Upon seeing that Luigi, Kneecapper, Throatcut, Sniper, and DaBossMan had all lost huge numbers of bitcoins by using his shopping interface on their MurderIncorporated.i2p site he seriously considered trying to vanish, until after days of valium and perusing the forum he woke up to the idea that maybe somehow the geek squad maybe even with or without the aid of Agent Andersen of the - oops I mean *not* of the - CIA might somehow be able to keep DaBossMan and his goons at bay...

-MarkM- (What, that could be fiction? Gosh, really? However do you come up with that idea?)

I've been up way to long and can't make sense of this post, I will sleep and try again in the morning. :)

I've been up way to long and can't make sense of this post, I will sleep and try again in the morning. :)

Don’t worry, I’ve given up on making sense of any of his posts for a long time myself.

Regarding MyBitcoin, this is at least better than the owner being a fraudster. Either way, a criminal made a killing, and all of us are encouraging that.

Regarding MyBitcoin, this is at least better than the owner being a fraudster.

That's still not determined and at either rate the damage is already done.

Cheers,
Kermee

I see a lot of similarities with the MtGox hack, they got out of it stronger. This should be possible for MyBitcoin as well.

www.mybitcoin.com doesn't work for me, What URL are you guys using to view this press release?

Sorry I just have to see it for myself before believing it.

It's going to be harder for him, since he was MIA for a week.  He should have said something right away. 

www.mybitcoin.com doesn't work for me, What URL are you guys using to view this press release?

Sorry I just have to see it for myself before believing it.

If MyBitcoin wants to come back online and stay in business, they should prevent a bank run. Which is quite likely to happen and would worsen the situation.

If MyBitcoin wants to come back online and stay in business, they should prevent a bank run. Which is quite likely to happen and would worsen the situation.

imo there 'll be a haircut when it comes to enabling the service.
(speculation: let's assume he had 3/4 of the bitcoins offsite, 1/4 is gone; he'll not enable withdrawing 1:1 but rather get the offloaded bitcoins from backup online and enables the appropriate share of coins to be returned, with an equal loss to every account)

it's an index page on the domain name mybitcoin.com ...  that means whoever wrote that has full access to his server...   It's him.

www.mybitcoin.com doesn't work for me, What URL are you guys using to view this press release?

Sorry I just have to see it for myself before believing it.

It would be best for Tom to distribute all the Bitcoins as best he can, THEN to call in the receivers. Otherwise, I predict that the Receiver's fees will be about equal to the value of the coins, and depositors will get nothing. That's how it tends to work when a small business is wound up.

I see a lot of similarities with the MtGox hack, they got out of it stronger. This should be possible for MyBitcoin as well.

You are dreaming. MBC is going into receivership. Game. Over.

You are dreaming. MBC is going into receivership. Game. Over.

uhm, how does that follow? server might be owned.

uhm, how does that follow? server might be owned.

I called it. This is basically exactly what I've been theorizing happened. After MtGox got a lot of criticism for explaining before they knew the facts, it only makes sense that MyBitcoin (or anyone else exploited) would keep silent until they had a good idea what was going on.

Hope this isn't true.
Then the Tom Williams impostor can create a claim page installing loads of shit on your computer.

One more reason to wait and see whether there's any statement forthcoming naming a receiver.

I wouldn't expect it to be a rapid process either.  The receiver will have to ensure that Bitcoins are being sent to valid depositors and not to false claimants or other wallets owned by the operators.  That's going to take time.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

            From the desk of Tom Williams, operator of MyBitcoin.com

                          For immediate release.

There are a lot of unanswered questions floating around on the Bitcoin
forum and other places about the recent Mtgox password leak, and theft
from the MyBitcoin system.

I will attempt to answer as many of the questions and concerns as best
as I can in order to silence the rumor-mill once and for all.

As many of you already know, Mtgox was hacked and its password file was
leaked. As soon as we heard about the leak we were closely monitoring
the system for abnormal activity, and we didn't see any.

At first glance, we didn't see any hard evidence that a password leak
had even occurred. There was just a lot of speculation to an SQL
injection vulnerability in Mtgox's site. A few clients of ours had
informed us of the forum threads, and we watched them carefully.

The following morning a client of ours sent us the download link to the
leaked Mtgox password file. We prompty downloaded the file, put up a
warning on the main page, and disabled the login.

We attempted to line up usernames from the leak, and we found a lot of
matching ones. We started locking down all of those accounts using a
script that we had to have written at a moment's notice. It was during
this time that we noticed a flurry of spends happening. Yes, even with
the site disabled.

The attacker had active sessions open to the site. We quickly flushed
them and the spends stopped abruptly. We disabled the SCI, all payment
forwarding, and all receipt URL traffic on all of the usernames in the
Mtgox leak.

We proceeded to change the password on every account where the username
matched our system's database. PGP-signed emails went out to all of the
accounts that we changed the password on. If an account didn't have an
email address or had already been compromised we put up a bulletin.
(Email addresses were mandatory when we opened our service initially,
but people complained that it wasn't truly anonymous so we made them
optional. Unfortunately this makes contacting a security-compromised
customer impossible.)

An investigation was conducted at that time, and we determined that the
attacker had opened up a session to each active user/password pair ahead
of time, solved the captcha, and used some sort of bot to maintain a
connection so our system wouldn't timeout on the session. It was likely
his intent to gain access to more accounts than he did, but as soon as
he noticed that we had changed the main page of the site he sprung into
action by sending a flurry of spends.

(Before you ask: no, we don't limit logins per IP address. We can't. We
have a lot of users that come in from Tor and I2P that all appear to
share the same source IP address.)

We've concluded that around 1% of the users on the leaked Mtgox password
file had their Bitcoins stolen on MyBitcoin. It is unfortunate, and a
horrible experience for the Bitcoin community in general.

The IP address that the attacker used was a Tor exit node and the spends
were to an address that is outside of our system.

Now to address the rumors:

No, our database wasn't compromised. We had a 3rd party company audit
our site for SQL injection attacks and we passed. (We did, however, have
one XSS hole in the address book page last month that would allow an
attacker to insert fake entries into a customer's address book. It was
promptly fixed and offending address book entries were purged. Not a
single customer had spent to the fake address book entries.) Every line
of code was audited last month. Literally line by line audited by
professionals, and it was deemed safe.

No, this site isn't being ran by some amateur that just learned how to
program computers. It was created by seasoned programmers that
understand security.

Yes, we use password encryption. We are currently using SHA-256, but
since the recent Mtgox hack we will be upgrading that to something
stronger. It's surprising how many sites still use MD5, even though it
was broken years ago. It is my personal opinion that MD5 be deprecated
from modern operating systems.

We also use whole-disk level encryption on every single one of our
servers. When you fail a disk in a NOC and a level 1 technician replaces
it does he wipe the disk before the RMA/tossing it in the garbage? Not
usually! We know these mistakes happen, so we take precautions. Any and
all servers with an IP KVM on them are ran in secure console mode. The
root passwords are required even for single user mode. All disk keys are
held off-site and were never generated anywhere near the internet. All
server passwords are unique per server and per user, of course. Only two
technicians have access to the secure servers. This access is over a VPN
and we only use secured workstations running Linux and BSD to access
them.

We use BSD servers with MAC, immutable flags, jails, PAX, SSP,
randomized mmap, secure level, a WAF, a DDoS mitigation and alert system
- -- the works. Like I said earlier. We are not amateurs. In fact,
combined we have over 30 years of experience in the payment
processing (credit card arena) industry.

A large amount of the Bitcoin holding is in cold (offline) storage. We
only have a percentage of the holding available hot. This is done for
obvious reasons.

Going forward we are implementing a 2-factor login system,
user-configurable spend limits, better session token tumbling, and a
bunch of new SCI features.

Wishing the Bitcoin community all the best and a swift recovery, and
sincerely yours,


Tom Williams

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MBC v1.0

iQEcBAEBAgAGBQJOAki5AAoJEJ+5g06lAnqF3tcH/0QNKf7aBEg08vML9MCkwTjF
VCoTAPzVaVsdbZOqiRwE2/6420tcFZrsWTXYZYbjXckEiYrl7/DQ2XsLyhk4W567
T1sOCmpH99Z2/VAvTfAd5obRTEGpMQ0SLIrfznyc8MmG4C1GvtVUr4jM79asPmRY
jsIn7v53o9Ra1sN3QcvMskRUU1JmqfqU6MlJrYwXrtc/P9Tjm7D3AtsjfvJRX12Z
9g5y1N+zRGVpp7OK35VFnfmIKtOOtb3IMgG5EhiUllsoXKfz1eE08v4f4d0aQstL
+HGMi3PktL1HBpIRni2n4MAaIXq/EyzxDSzkSHp6v032H70c1kkUibL//QNxQuM=
=VaXC
-----END PGP SIGNATURE-----

Here's a google cached version of an earlier posting on the site "From the desk of Tom Williams", including PGP sig:

http://webcache.googleusercontent.com/search?q=cache:EN0mtcwBftAJ:https://www.mybitcoin.com/downloads/incident-report-2011-06-22.txt+From+the+desk+of+Tom+Williams,+operator+of+MyBitcoin.com&cd=1&hl=en&ct=clnk&gl=de&source=www.google.de

You really have to wonder why the current info is not signed...

I somehow doubt it's Tom Williams talking to us...

what the hell... there's a signed version somehow after all... I'm confused now:

https://www.mybitcoin.com/downloads/incident-report-2011-06-22.txt (it displays the current text, not the one from 6/22)

https://www.mybitcoin.com/index.txt

???

That's not why MtGox got criticism. MtGox released specific statements that not just turned out to be premature and wrong, but that they had to have known were false at the time; for example, there's no way they could honestly have claimed both that it was just a single account that was compromised and that they had enough Bitcoin funds to cover their deposits because even from the outside it was easy to see they didn't have enough Bitcoins to cover the amount in that single account, let alone everyone else's deposits.

Here's a google cached version of an earlier posting on the site "From the desk of Tom Williams", including PGP sig:

http://webcache.googleusercontent.com/search?q=cache:EN0mtcwBftAJ:https://www.mybitcoin.com/downloads/incident-report-2011-06-22.txt+From+the+desk+of+Tom+Williams,+operator+of+MyBitcoin.com&cd=1&hl=en&ct=clnk&gl=de&source=www.google.de

You really have to wonder why the current info is not signed...

I somehow doubt it's Tom Williams talking to us...

EDIT: decided to post the text here, in case google cache forgets:

  GOXED again!

when will people learn to keep their money offline?   they could save themselves a lot of time by just throwing their money away.

I read somewhere they were registered to a Nevis LLC. Forgive me If I am incorrect, I will look for the reference when I get a sec, or if anyone else can post or link (or confirm there isn't one).

MyBitcoin, LLC
Main Street
PO Box 556
Charlestown, Nevis
KN

What company are you talking about? Did mybitcoin.com have company registered in Nevis? Please provide a link if you have any...

Thanks guys,
Thats what I was thinking, the name you guys have become familiar with was just a agent they use. He woould already have a copy of that agents resignation in hand for the day he wants to take control and cash out. That's how they work.

For some reason people insist on keeping money online. It baffles me.

Are you being saracastic? Or questioning why someone would trust in bitcoins?

Are you being saracastic? Or questioning why someone would trust in bitcoins?

this wasn't clear... the bounty will be on the hacker of my bitcoin .. maybe thats Tom Williams him self, and maybe not ..

How much $$$$$ is that bounty?

I trust bitcoins, but I do not trust online wallet services. I keep the bulk of mt btc offline in USB sticks. When they are online they boot up with linux and are in an encrypted wallet. I do it every once in a while to update balances and update the blockchain.

If the actual money(bitcoin) is held safely online, the wallet can be held just as securely...

I find that proposition to be absurd. I only really trust ME. Not some anonymous guy on the internet.

There are protocols for being able to store info online...its just that's its vaporware right now for our community.

so far we have a poeple have committed a total of 25 btc

how ever we these poeple are holding on to the coins themselves, seeing how no one seems to trust anyone these days

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                                                     Friday, August 5th, 2011

           From the desk of Tom Williams, operator of MyBitcoin.com

                         For immediate release.

                      _SECURITY_BREACH_DISCLOSURE_

After careful analysis of the intrusion we have concluded that the software
that waited for Bitcoin confirmations was far too lenient. An unknown
attacker was able to forge Bitcoin deposits via the Shopping Cart Interface
(SCI) and withdraw confirmed/older Bitcoins. This led to a slow trickle of
theft that went unnoticed for a few days. Luckily, we do keep a percentage of
the holdings in cold storage so the attackers didn'tt completely clean us out.
Just to clarify, we weren't "fully" hacked aka "rooted". You can still trust
our PGP, SSL, and Tor public keys.

It appears to be human error combined with a misunderstanding of how Bitcoin
secures transactions into the next block. Our programmer was under the
assumption that one block was good enough to secure a transaction. Two years
ago when the software was written, this single confirm myth was a popular
belief.

In hindsight we should have credited deposits after one confirmation so they
would show up in the transaction history, and held the deposit until it reached
at least 3 confirmations. Keeping track of two balances and displaying them in
the login area would have been trivial.

                       _CLAIM_PROCESS_DISCLOSURE_

We are in the process of building a claim procedure for the remainder of the
holdings now. We expect that we will have it online soon.

The claim process will consist of a online form where the claimant will be
required to enter their MyBitcoin username and password. Their balance will be
displayed along with the percentage of remaining Bitcoins that we still have in
our holdings. That percentage will be paid to a Bitcoin address of their
choosing. This percentage will be based on our current total liabilities vs.
our existing assets. We will disclose these figures as soon as they have been
totaled.

Each online claim will be written to a ledger and will be manually approved
within 48 hours of being filed online. We have decided to have a manual claim
approval process for better security. The last thing we all need right now is
for someone to breach the claim form. We are confident clients will find this
satisfactory.

                            _RECEIVERSHIP_

After some research and careful consideration regarding the appointment of a
receiver we have concluded that it would be very costly and slow.

Also, finding a receiver that even understands what a Bitcoin is or how to
handle the claim process online would be troublesome, and would only end up in
increasing our costs. Receivers are typically paid from the remaining assets
and we'd like to maximize the amount that we can disperse to our clients.

We have been trying to figure out a way to appoint a 3rd party to certify the
asset/liability figures, but there are many risks involved. It would involve
having us trust some unknown agent that could possibly just steal the rest of
the holdings out from under us. Or, we could be accused of bribing the 3rd
party to agree with our figures, and on and on. Trust is a real problem with an
anonymous and irrevocable currency.

It is true that we could disclose all of the Bitcoin payment addresses we
manage and let everyone look them up and track the lineage of the coins. This
is also troublesome due to the way that we defragment small payments to keep
the processing engine speedy. Also there are the moral implications of
disclosing our client's finances. We are sure that, unknowingly to us, that our
processing system has been used for nefarious purposes.

                       _A_GIFT_TO_THE_COMMUNITY_

After the claims have all been filed and dealt with we will be releasing the
entire MyBitcoin processing engine into the public domain. Our only hope is
that the community can improve and adapt the software to all sorts of new and
interesting Bitcoin-related things.


Tom Williams

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MBC v1.0

iQEcBAEBAgAGBQJOPKN1AAoJEJ+5g06lAnqFeOYH/3XC0EPw23Yv9UPvvutvi7rR
2xkC3lQnltmUD9hiW1awCEVqLw3ehaU/5/9tf8NtjOlABhw0OPIGHGDasg3OYDW+
eg80/YRQ/sxfkRU362fxcxA8pQW6MLT75PggAO8YXZ0Dgghed8J3m3kLMcnsaO10
o3kvGYUeuRzoRnF+bCAhbrfJLMWGITFyQRV+36/t4D2Wh6WisEm6xrk388Zwdb/f
KaRxpwxtzopgQXuGHIOf6E3vCk/RsmLXdV6rLjSErL4k/eozEKQ0a7OCx7Yurd0B
eXRp0VOf2k4AeVS89qc2a1wGhVvT40P85agUVpICgSSRKS5vDcBSGmDWVIoQ6PU=
=NDRV
-----END PGP SIGNATURE-----

For non-Tor: https://www.mybitcoin.com/index.txt

Oh, sry. Didn't know that... non ssl connection redirects to hiden service :)

I'm surprised that, even with 1 block confirmations, stealing bitcoins in the way that Tom describes would be feasible without a considerable amount of compromised computing power.  If my understanding is correct, for an attack to succeed an attacker would have to compute 2 blocks containing their false transactions before the rest of the network computes one.  This computation could be done offline so the attacker could wait until they have been lucky and computed these blocks before publishing them, but it would still require a non-insubstantial amount of compute or waiting a long time before being able to make the attack.

I'm not saying that pools are involved in this, but if even a small pool was involved, then this attack would be a lot more believable.

Will

I'm pretty sure it would work something like this.

1.) Peer directly to the bitcoind running on MyBitcoin.
2.) Solve the next block with your dubious transactions.
3.) Wait for someone else to solve the block you solved.
4.) After the same block was found, but before MyBitcoin's bitcoind hears it, announce your dubious block to MyBitcoin.
5.) That is 1 confirm, funds will now show up. Transfer the funds out, the next block on the network will orphan your dubious one.

Step 2 is a problem, not impossible, but would require a substantial mining investment.   If i took all of my $X000 investment in mining gear I would be able to do that about once a month and it would not be guaranteed each time I solved a block. 

Understood.  I was commenting on how hard it is to generate a single block though six months ago it was not so hard.

Step 2 is a problem, not impossible, but would require a substantial mining investment.   If i took all of my $X000 investment in mining gear I would be able to do that about once a month and it would not be guaranteed each time I solved a block. 

But, if you're mining anyway and can steal a couple hundred extra bitcoins half the time you solve a block; this is a pretty good scam.

If you're creating an orphaned block then you wouldn't get the 50btc... so your whole reward would be the stolen coins.

I can't believe that this wasn't foreseen. Bitcoin transactions can be reversed, it happens. It's absolutely irresponsible to not reconcile the block chain against your accounting backend every so many blocks.

MyBitcoin is still accepting payments with only 1 confirmation. This is insane for a bank. Any miner capable of mining two blocks in a row can steal money from MyBitcoin pretty easily. I'm surprised no one has attempted it yet.

There's another attack made possible by accepting payments with less than 6 confirmations that would allow you to see exactly which coins MyBitcoin has, and possibly do other damage.

This was forseen:


This is not a fault with bitcoin, and bitcoin transactions still can't be 'reversed'.  Anyone accepting bitcoins should be waiting for more than 1 confirmation.  Sensationalist posts saying 'Bitcoin transactions can be reversed' don't help.

Will

There is actually a simple way to still keep the 50btc - you just need to pay it to the mybitcoin depodit address that your other funds are being sent too.. then, assuming mybitcoin accepts it, you get to keep the 50BTC also.

I thought the guy was a BTC millionaire...if he is, shouldn't he have more than enough to pay back everyone in full and still be left with some money for himself?