|
Title: Correspondence with the XCP White Hat Post by: busoni on February 27, 2014, 07:14:50 AM As many of you know, about a week ago, a hacker found a major security hole in the Counterparty protocol that enabled him to send XCP from anyone's address. He used this to send 35,000 XCP from the Poloniex wallet to himself, which he then deposited into his own Poloniex account. He then sold the XCP for 150 BTC and withdrew 115 BTC. Following that, he explained the security hole and offered to return the BTC. He has still not returned the BTC, but my correspondence with him is ongoing.
Users have asked to see the correspondence and the Counterparty developers have all given the OK on publishing it, so here it is: https://poloniex.com/correspondence.pdf There was more to his message from today, which I have not included because it arrived after the developers gave the OK. Title: Re: Correspondence with the XCP Hacker Post by: sadface on February 27, 2014, 07:55:56 AM i wonder what takes him so long to return those btc
Title: Re: Correspondence with the XCP Hacker Post by: Chuck on February 27, 2014, 08:04:49 AM Thanks for posting,
So - Anyone live in Brazil? How hard is it to send this guy some Reais so he can have a day's worth of time on the Internet! (It's so strange I think I believe him) Title: Re: Correspondence with the XCP Hacker Post by: metraX on February 27, 2014, 08:15:58 AM You write him, "by Tristan D'Agosta on Wed, Feb 19 at 11:22 AM ... You asked for an address to send the BTC to before, this is the address: 1My4UPJ1tGDEGxck3W94BSZwTcEAE7Pfj8" Looks like he sent you 50 back ?? On the 22nd ?? https://blockchain.info/address/1My4UPJ1tGDEGxck3W94BSZwTcEAE7Pfj8 Title: Re: Correspondence with the XCP Hacker Post by: yashin on February 27, 2014, 08:18:52 AM If he truly wanted to steal those BTC, I dont see why he would be contacting them?
Title: Re: Correspondence with the XCP Hacker Post by: CoinHoarder on February 27, 2014, 09:04:20 AM I am pretty familiar with Brazil.. I dated a girl that was from there for a couple years and even visited there for a month once. There is a lot of poverty in Brazil, and if he is a custodian at a hostel, I can guarantee he doesn't make more than $80 a month. At current prices that 120 BTC is equal to 71 years of work...
I'm sorry, but you're never going to get this BTC back. :( Title: Re: Correspondence with the XCP Hacker Post by: PyroClasTix on February 27, 2014, 09:30:57 AM This is interesting. Hmmm...will stay tuned.
Title: Re: Correspondence with the XCP Hacker Post by: JakeThePanda on February 27, 2014, 01:07:44 PM I think there are only 24 Starbucks locations in Brazil and we know what time he was there. He already left too much information for even a crappy detective. I guess getting the video surveillance from Starbucks would be a problem.
Title: Re: Correspondence with the XCP Hacker Post by: qznc on February 27, 2014, 01:30:05 PM I think there are only 24 Starbucks locations in Brazil and we know what time he was there. He already left too much information for even a crappy detective. I guess getting the video surveillance from Starbucks would be a problem. Assuming that he did not lie about Starbucks or Brazil or everything. Title: Re: Correspondence with the XCP Hacker Post by: iampingu on February 27, 2014, 01:39:33 PM I think there are only 24 Starbucks locations in Brazil and we know what time he was there. He already left too much information for even a crappy detective. I guess getting the video surveillance from Starbucks would be a problem. Assuming that he did not lie about Starbucks or Brazil or everything. Lies? On the Internet? Title: Re: Correspondence with the XCP Hacker Post by: JakeThePanda on February 27, 2014, 02:43:54 PM I think there are only 24 Starbucks locations in Brazil and we know what time he was there. He already left too much information for even a crappy detective. I guess getting the video surveillance from Starbucks would be a problem. Assuming that he did not lie about Starbucks or Brazil or everything. Of course, but I don't think so. Why would he go though any of this if his initial intention was to run off with the dough. I think he started off being genuine and that's when he mentioned where he was and what he does for a living. It doesn't matter. It's not like anyone is going to investigate. Title: Re: Correspondence with the XCP Hacker Post by: busoni on February 27, 2014, 04:24:10 PM You write him, "by Tristan D'Agosta on Wed, Feb 19 at 11:22 AM ... You asked for an address to send the BTC to before, this is the address: 1My4UPJ1tGDEGxck3W94BSZwTcEAE7Pfj8" Looks like he sent you 50 back ?? On the 22nd ?? https://blockchain.info/address/1My4UPJ1tGDEGxck3W94BSZwTcEAE7Pfj8 He did, he just told me. For some reason, the deposits never credited to the account, so I missed them. The 50 BTC is being returned to users as we speak. He also said he plans to return the other 65, pending my agreement not to hold him responsible for anything. Title: Re: Correspondence with the XCP Hacker Post by: MysticalPotato on February 27, 2014, 05:03:11 PM As many of you know, about a week ago, a hacker found a major security hole in the Counterparty protocol that enabled him to send XCP from anyone's address. He used this to send 35,000 XCP from the Poloniex wallet to himself, which he then deposited into his own Poloniex account. He then sold the XCP for 150 BTC and withdrew 115 BTC. Following that, he explained the security hole and offered to return the BTC. He has still not returned the BTC, but my correspondence with him is ongoing. Users have asked to see the correspondence and the Counterparty developers have all given the OK on publishing it, so here it is: https://poloniex.com/correspondence.pdf There was more to his message from today, which I have not included because it arrived after the developers gave the OK. What an incredibly weird episode. A lone cleaner living in near poverty in South America hacking a reputable exchange located 4,000 miles away in N.J. If this guy returns the entire 115BTC, my faith in humanity would be greatly strengthened. Title: Re: Correspondence with the XCP Hacker Post by: pgbit on February 27, 2014, 05:55:35 PM As many of you know, about a week ago, a hacker found a major security hole in the Counterparty protocol that enabled him to send XCP from anyone's address. He used this to send 35,000 XCP from the Poloniex wallet to himself, which he then deposited into his own Poloniex account. He then sold the XCP for 150 BTC and withdrew 115 BTC. Following that, he explained the security hole and offered to return the BTC. He has still not returned the BTC, but my correspondence with him is ongoing. Users have asked to see the correspondence and the Counterparty developers have all given the OK on publishing it, so here it is: https://poloniex.com/correspondence.pdf There was more to his message from today, which I have not included because it arrived after the developers gave the OK. What an incredibly weird episode. A lone cleaner living in near poverty in South America hacking a reputable exchange located 4,000 miles away in N.J. If this guy returns the entire 115BTC, my faith in humanity would be greatly strengthened. Title: Re: Correspondence with the XCP Hacker Post by: kelsey on February 28, 2014, 12:56:04 AM If this guy returns the entire 115BTC, my faith in humanity would be greatly strengthened. If anyone actually believes this bs story my faith in the IQ of people on this forum is greatly weakened ::) Title: Re: Correspondence with the XCP Hacker Post by: cubicdissection on February 28, 2014, 01:34:40 AM At any rate, this is the death of Counterparty. And why is that? Title: Re: Correspondence with the XCP Hacker Post by: cryptohunter on February 28, 2014, 03:05:44 AM At any rate, this is the death of Counterparty. And why is that? Well, it was just hacked apparently by an $80 month cleaner. I'm asking my maid to look the code over......she's nearly done with the dusting so i'd get your BTC out whilst you can. Title: Re: Correspondence with the XCP Hacker Post by: metraX on February 28, 2014, 03:10:18 AM https://blockchain.info/address/1My4UPJ1tGDEGxck3W94BSZwTcEAE7Pfj8
Wow, he just sent the remaining amount. Wow, I did not expect that. Title: Re: Correspondence with the XCP Hacker Post by: metraX on February 28, 2014, 03:21:43 AM The whole story is complete bullshit. Inside job, plain as day. At any rate, this is the death of Counterparty. ~BCX~ Why would they put an exploit in their code, let it sit for months, then exploit it, then give it all back, making prices drop in meantime? hurting themselves, I dont see anything they gain by it? Title: Re: Correspondence with the XCP Hacker Post by: CoinHoarder on February 28, 2014, 03:33:40 AM The whole story is complete bullshit. Inside job, plain as day. At any rate, this is the death of Counterparty. ~BCX~ Why would they put an exploit in their code, let it sit for months, then exploit it, then give it all back, making prices drop in meantime? hurting themselves, I dont see anything they gain by it? /puts tinfoil hat on If it was indeed an inside job, possibly he realized that the story was somewhat unbelievable and it was going to ruin the exchange's reputation, so he decided to return the BTC to save face and keep the exchange business. Title: Re: Correspondence with the XCP Hacker Post by: Warren on February 28, 2014, 04:07:54 AM As many of you know, about a week ago, a hacker found a major security hole in the Counterparty protocol that enabled him to send XCP from anyone's address. He used this to send 35,000 XCP from the Poloniex wallet to himself, which he then deposited into his own Poloniex account. He then sold the XCP for 150 BTC and withdrew 115 BTC. Following that, he explained the security hole and offered to return the BTC. He has still not returned the BTC, but my correspondence with him is ongoing. Users have asked to see the correspondence and the Counterparty developers have all given the OK on publishing it, so here it is: https://poloniex.com/correspondence.pdf There was more to his message from today, which I have not included because it arrived after the developers gave the OK. Wow! Reading through the correspondence all I can say is that this guy is awesome! We SO need him to become part of the Counterparty development team! Title: Re: Correspondence with the XCP Hacker Post by: jimhsu on February 28, 2014, 04:42:20 AM https://blockchain.info/address/1My4UPJ1tGDEGxck3W94BSZwTcEAE7Pfj8 Wow, he just sent the remaining amount. Wow, I did not expect that. Give the guy his bounty, please. +1 Ideally, also pay for some real internet access for the guy, if possible. Prepaid cards? Title: Re: Correspondence with the XCP Hacker Post by: busoni on February 28, 2014, 05:26:26 AM BTC distributed. Everyone has their BTC back!
Title: Re: Correspondence with the XCP Hacker Post by: 520Bit on February 28, 2014, 05:47:56 AM BTC distributed. Everyone has their BTC back! Great to hear that. Title: Re: Correspondence with the XCP White Hat Post by: Zzzack on February 28, 2014, 07:38:46 AM I never got mine. Just send 2.33 BTC to 18KYS3R9CopNJH4xowSiQZk3wXdTL2ySuV
Title: Re: Correspondence with the XCP Hacker Post by: username here on March 01, 2014, 07:04:01 AM https://blockchain.info/address/1My4UPJ1tGDEGxck3W94BSZwTcEAE7Pfj8 Wow, he just sent the remaining amount. Wow, I did not expect that. Yes, but I am baffled, I just don't get why he would ever do this. |