Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: DeathAndTaxes on March 09, 2014, 04:52:47 PM


Title: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: DeathAndTaxes on March 09, 2014, 04:52:47 PM
http://www.reddit.com/r/Bitcoin/comments/1zz21j/mtgox_2014_hack_database_revealed_live_from_mark/

(oh and the dump is hosted on Mark's blog).

WARNING:  I haven't verified or scanned the files.  It is at least possible they contain malware including the bitcoin stealing kind.   BE SMART and take precautions when downloading unknown files from self described hackers.

On edit: the exe in the zip file a wallet stealer.  Don't run unless you have too many bitcoins and then it will solve that problem for you.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Definit on March 09, 2014, 05:16:41 PM
they just removed his post.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Beliathon on March 09, 2014, 05:24:01 PM
Quote from: Definit on March 09, 2014, 05:16:41 PM
they just removed his post.
Well that was fast.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Moebius327 on March 09, 2014, 05:25:39 PM
Mod note: be careful with the executable, run it only on an isolated virtual machine

Files are legit. I verified them myself with my account balance. Be careful with .exe and .pdf (didn't take a look at that)

Edit: Here is the leak http://pastebin.com/f7DPskc7

the hackers removed december, january and february, but the user endbalances are right.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: dserrano5 on March 09, 2014, 05:27:43 PM
Quote from: Beliathon on March 09, 2014, 05:24:01 PM
Quote from: Definit on March 09, 2014, 05:16:41 PM
they just removed his post.
Well that was fast.

Mod note: be careful with the executable, run it only on an isolated virtual machine

Copy: http://pastebin.com/f7DPskc7

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: bitjoint on March 09, 2014, 05:28:08 PM
It's back...

http://www.reddit.com/r/Bitcoin/comments/1zz21j/mtgox_2014_hack_database_revealed_live_from_mark/cfya4jg

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Moebius327 on March 09, 2014, 05:30:33 PM
It seems gox were 450 000 btc short, but still had around 501 000 btc in storage. So this is getting interesting.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Kenshin on March 09, 2014, 05:32:05 PM
Mod note: be careful with the executable, run it only on an isolated virtual machine

You can still get them from here:

http://blog.magicaltux.net/wp-content/uploads/2014/03/MtGox2014Leak.zip [1] (716MB)

http://89.248.171.30/MtGox2014Leak.zip [2]

http://pastebin.com/f7DPskc7 [3]

http://burnbit.com/download/280433/MtGox2014Leak_zip

https://mega.co.nz/#!0VliDQBA!4Ontdi2MsLD4J5dV1-sr7pAgEYTSMi8rNeEMBikEhAs

The magnetlink is:

magnet:?xt=urn:btih:b6545ecc7db8d44c8cbc4e93989edf8221af75f5&dn=MtGox2014Leak.zip&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp%3A%2F%2Ftracker.istole.it%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&ws=http%3A%2F%2Fblog.magicaltux.net%2Fwp-content%2Fuploads%2F2014%2F03%2FMtGox2014Leak.zip


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: encrypto on March 09, 2014, 05:36:42 PM
UPDATE: Guys on irc confirmed that the dump is legit!!!

*To check your balance, you need your Mtgox USER ID, from your first email of registration at MtGox.


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: broolstoryco on March 09, 2014, 05:59:49 PM
The posts keep disappearing off /r/bitcoin. this is some serious bullshit

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: BitCoinDream on March 09, 2014, 06:00:14 PM
Insane !!! How they got access to even Mark's personal blog ?

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: leopard2 on March 09, 2014, 06:05:12 PM
Quote from: Moebius327 on March 09, 2014, 05:30:33 PM
It seems gox were 450 000 btc short, but still had around 501 000 btc in storage. So this is getting interesting.

so hackers manage to do this piece of bookkeeping in their free time

the guys who own Gox had 365 days a year to do it, and never noticed that coins were missing?

absolutely fucking ridiculous and it stinks to the moon.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: stsbrad on March 09, 2014, 06:08:47 PM
So user data is in the zip? Ugh

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Taras on March 09, 2014, 06:12:32 PM
 I'll proceed to make cool visualizations with this zip.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Remember remember the 5th of November on March 09, 2014, 06:13:34 PM
Quote from: stsbrad on March 09, 2014, 06:08:47 PM
So user data is in the zip? Ugh
No sensitive user data, I believe.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: WindMaster on March 09, 2014, 06:14:24 PM
Quote from: encrypto on March 09, 2014, 05:36:42 PM
*To check your balance, you need your Mtgox USER ID, from your first email of registration at MtGox.

For anyone curious, here's how to find your balance.  For example, my original account creation Email from Gox looks about like this (with some numbers redacted):


Quote
Welcome to Mt.Gox!

Thank you for creating your account with us.

Your login: ZZZZZZZ

In order to enable your account, you need to enter your validation code on the Mt.Gox website.

Your confirmation code: ZZZZZZZZZZZZZZZZ

Alternatively you can click on or copy it into your browser via this url:
https://mtgox.com/signup/validate?ID=00000000-0000-0000-0000-000000000000&Code=ZZZZZZZZZZZZZZZZ


Best regards,
The Mt.Gox Team
info@mtgox.com
https://mtgox.com/

Note the bolded portion above.  I've replaced mine with 0's in the above, but yours will have a UUID-looking string of hexadecimal groups of numbers separated by hyphens.  Cross-reference this with the "mtgox_balances" file from the leak.  Your user ID will match the "User__" column.

I can confirm my BTC balance shown there matches what it was when Gox shut down, so this is recent data and appears to be a legit database dump.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: WindMaster on March 09, 2014, 06:17:58 PM
Quote from: Remember remember the 5th of November on March 09, 2014, 06:13:34 PM
No sensitive user data, I believe.

While true, I'm sufficiently convinced (by checking my own account and BTC balance) that it's a legit database dump, so I'm also convinced Gox was pretty thoroughly owned and it is likely that all data Gox had was compromised.  That means everyone's sensitive user data is probably out there *somewhere*, just not necessarily included in this particular set of leaked files.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: crazynoggin on March 09, 2014, 06:25:29 PM
While these guys who released the files likely are doing it for the good of the community, there is that possibility that sensitive files are out there and you might want to assume that is the case and do all you can to protect yourself.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: leopard2 on March 09, 2014, 06:26:54 PM
Yikes. Sure I would not want to be in M.K.'s shoes these days.  :P

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: DeathAndTaxes on March 09, 2014, 06:27:19 PM
Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?  

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Moebius327 on March 09, 2014, 06:31:27 PM
Quote from: DeathAndTaxes on March 09, 2014, 06:27:19 PM
Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?  

My guess is the db was stolen from a business associate/employee.

left from the leaker:
Code:
<!-- I hated working with you.   You deserve everything you get for what you did. -->

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: WindMaster on March 09, 2014, 06:31:34 PM
Top 10 (apparent) account balances in the leaked database dump:

711a4e9d-e183-...    44547.7 BTC
34fcda44-5832-...    43768.2 BTC
c0b24126-f199-...    19985.0 BTC
92d047e9-9f2b-...    11500.6 BTC
ff84fc35-b22a-...    11007.8 BTC
0afba433-817e-...     9819.2 BTC
19b38844-b58b-...     8752.6 BTC
945e5a15-4100-...     8000.0 BTC
4339257e-4b12-...     6051.3 BTC
0766852e-9187-...     5199.9 BTC

Ouch, I don't feel too bad now about losing single-digit quantities of BTC.  I'd assume that at least some of these accounts are Mark however (depending whether or not one believes he took the BTC himself).

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Patel on March 09, 2014, 06:36:03 PM
Is there any proof in these documents if these coins were stolen by Gox, or stolen by hackers?

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Hawkix on March 09, 2014, 06:36:26 PM
I found some 100k BTC *deposits* into MtGox in 2012-05 .. nice.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Moebius327 on March 09, 2014, 06:40:51 PM
Quote from: Patel on March 09, 2014, 06:36:03 PM
Is there any proof in these documents if these coins were stolen by Gox, or stolen by hackers?

Some accounts have negative balances. Not that this proves anything.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Loozik on March 09, 2014, 06:49:02 PM
Quote from: Moebius327 on March 09, 2014, 05:25:39 PM
the hackers removed december, january and february, but the user endbalances are right.

December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder  ???

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Patel on March 09, 2014, 06:49:50 PM
My theory is that Mark Karpeles himself leaked this documents and is pretending his website and reddit got hacked, to strengthen his argument that the coins got hacked.

There isn't really any way to prove if he did or not.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Timo Y on March 09, 2014, 06:50:45 PM
I can confirm that this leak is legit!

I checked the leak against some of my known trades and they match. I never disclosed this information to anyone.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: jbrnt on March 09, 2014, 06:54:49 PM
Are there any email and passwords in the leaked data? Cos I had an account there and am worried about the leak.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: rocks on March 09, 2014, 07:03:28 PM
Quote from: Moebius327 on March 09, 2014, 06:40:51 PM
Quote from: Patel on March 09, 2014, 06:36:03 PM
Is there any proof in these documents if these coins were stolen by Gox, or stolen by hackers?

Some accounts have negative balances. Not that this proves anything.

Maybe those are the accounts that used transaction malleability to withdraw the same funds several times over? 

No that would assume Mark had some level of competency required to get his customer service and accounts in order.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Moebius327 on March 09, 2014, 07:05:20 PM
Quote from: Loozik on March 09, 2014, 06:49:02 PM
Quote from: Moebius327 on March 09, 2014, 05:25:39 PM
the hackers removed december, january and february, but the user endbalances are right.

December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder  ???

because there are no hackers and mark made the leak himself?

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: The Bitcoin Foundation on March 09, 2014, 07:12:40 PM
Wheres our 11,000BTC Mark!-

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: mrdavis on March 09, 2014, 07:13:32 PM
Quote from: jbrnt on March 09, 2014, 06:54:49 PM
Are there any email and passwords in the leaked data? Cos I had an account there and am worried about the leak.

You should assume nefarious people have all your personal data you gave Gox, even if not included here.

Quote from: Loozik on March 09, 2014, 06:49:02 PM
Quote from: Moebius327 on March 09, 2014, 05:25:39 PM
the hackers removed december, january and february, but the user endbalances are right.

December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder  ???

This and the data nanashi____ leaked were both old, I think I even remember it being pointed out that the source code leaked was probably old.  Seems that another possible explanation (which still implies Karpeles' incompetence) is this hack happened earlier or the hack involved an old server image.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: mrdavis on March 09, 2014, 07:26:02 PM
Quote from: DeathAndTaxes on March 09, 2014, 06:27:19 PM
Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?  

Is there data that suggest this? I'm not yet on a machine with an environment I can open it, so I'm only going off the reports of the last few months missing from the CSV. or is that just based on when the rumors of this started. Until I see data that proves the hack happened after the shutdown I'm going to assume they don't have it because it happened before or only involved a backup.

I mean, at this point it wouldn't surprise me in the least if Mark still had it facing the web, but I'm not about to trust the word of the hackers without evidence.


EDIT: Ah, user end balances are supposedly correct, that would be evidence supporting the word of the hackers.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: WindMaster on March 09, 2014, 07:30:57 PM
Quote from: mrdavis on March 09, 2014, 07:26:02 PM
EDIT: Ah, user end balances are supposedly correct, that would be evidence supporting the word of the hackers.

My last trade was on 2014-01-23, and the balance in the leaked data is correct for what my BTC balance was at that point.  So, apparently it happened on or after that date.  If enough people post after checking their accounts in the leaked data, we can determine the earliest date the leak could have occurred by consensus.  At least for the final user balance dump.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Loozik on March 09, 2014, 07:35:45 PM
Quote from: Moebius327 on March 09, 2014, 07:05:20 PM
Quote from: Loozik on March 09, 2014, 06:49:02 PM
Quote from: Moebius327 on March 09, 2014, 05:25:39 PM
the hackers removed december, january and february, but the user endbalances are right.

December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder  ???

because there are no hackers and mark made the leak himself?

Maybe. I have three four explanations (including yours):

1. There are no hackers and Mark made the leak himself (and did not reveal december, january and february in order to protect the ''thieves'')

2. Hackers are connected to the ''thieves'' (and did not reveal december, january and february in order to protect the ''thieves'')

3. Hackers are neither connected to Mark nor ''thieves'' (and did not reveal december, january and february in order to run their own investigation on who withdrew easily large amount of coins and fiat - when all other people had problems with withdrawals - in december, january, february thus causing Gox to collapse).

4. Hackers need time to alter december, january, february data for reasons we can't yet understand.


Dear hackers, if option 3 is the correct one, please give us unaltered december, january and february data, so that we could investigate too  :)

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: WindMaster on March 09, 2014, 07:40:46 PM
Quote from: Loozik on March 09, 2014, 07:35:45 PM
1. There are no hackers and Mark made the leak himself (and did not reveal december, january and february in order to protect the ''thieves'')

On a closely related note to option #1, note that the original post and data dump is still posted on Mark's personal blog, several hours later.  I do find that somewhat suspicious.  It shouldn't have taken particularly long for Mark to notice, and to take corrective action to remove the post and data (assuming he is able).

http://blog.magicaltux.net/ (http://blog.magicaltux.net/)

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: BrewCrewFan on March 09, 2014, 07:42:56 PM
Quote from: WindMaster on March 09, 2014, 07:40:46 PM
Quote from: Loozik on March 09, 2014, 07:35:45 PM
1. There are no hackers and Mark made the leak himself (and did not reveal december, january and february in order to protect the ''thieves'')

On a closely related note to option #1, note that the original post and data dump is still posted on Mark's personal blog, several hours later.  I do find that somewhat suspicious.  It shouldn't have taken particularly long for Mark to notice, and to take corrective action to remove the post and data (assuming he is able).

http://blog.magicaltux.net/ (http://blog.magicaltux.net/)

Coulda been sleeping... its like the middle of the night over there.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Alonzo Ewing on March 09, 2014, 07:48:47 PM
I haven't downloaded anything due to fear of malware, but would I be able to get my trade data off this?  I need it to do my taxes.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: V4Vendettas on March 09, 2014, 07:49:55 PM
Great a life time of goxxing inbound. What a massive clusterfuck.

So identity theft aside its kind of funny you have more chance getting you account information from hackers than Gox themselves.

I honestly think Mark has effected my life in a bad way more than any other human being.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: FeedbackLoop on March 09, 2014, 07:52:17 PM
Quote from: DeathAndTaxes on March 09, 2014, 06:27:19 PM
Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?  

Lazyness.


Quote from: Moebius327 on March 09, 2014, 06:31:27 PM
My guess is the db was stolen from a business associate/employee.

left from the leaker:
Code:
<!-- I hated working with you.   You deserve everything you get for what you did. -->

Is that in the database itself? Could it be a message left there long ago?

Just playing devil's advocate.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Hawkix on March 09, 2014, 07:53:14 PM
Quote from: Alonzo Ewing on March 09, 2014, 07:48:47 PM
I haven't downloaded anything due to fear of malware, but would I be able to get my trade data off this?  I need it to do my taxes.

You can download it, its ZIP with plenty of CVS files (harmless text files). Do not run EXE files, or open PDF.

If you know your user guid (long hexa string you received with your registration), you can find yourself in the dump.


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: E.exchanger on March 09, 2014, 08:00:38 PM
can't find anything there no files nothing i think thy removed the links ???

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Armis on March 09, 2014, 08:02:59 PM
Although the info may be a smoke screen on it's face, it is likely to include valuable bits of info providing additional dimenions to inner workings of the organization and it's leadership; as such the data was sent to the 'CSI lab'  https://bitcointalk.org/index.php?topic=492776.0;all


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: bananas on March 09, 2014, 08:51:09 PM
Quote from: Alonzo Ewing on March 09, 2014, 07:48:47 PM
I haven't downloaded anything due to fear of malware, but would I be able to get my trade data off this?  I need it to do my taxes.

there is no danger, the data is in csv(text) files..there is a /bin with executables, just ignore or delete this one.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: amspir on March 09, 2014, 09:00:11 PM
Quote from: DeathAndTaxes on March 09, 2014, 06:27:19 PM
Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?  

Whoever is in charge of reorganization definitely did not do due diligence and take exclusive control of the company's servers, where ever they may be.  That should have been obvious once the nature of mtGox's business was understood.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: contemptx on March 09, 2014, 09:02:08 PM
Quote from: BrewCrewFan on March 09, 2014, 07:42:56 PM
Quote from: WindMaster on March 09, 2014, 07:40:46 PM
Quote from: Loozik on March 09, 2014, 07:35:45 PM
1. There are no hackers and Mark made the leak himself (and did not reveal december, january and february in order to protect the ''thieves'')

On a closely related note to option #1, note that the original post and data dump is still posted on Mark's personal blog, several hours later.  I do find that somewhat suspicious.  It shouldn't have taken particularly long for Mark to notice, and to take corrective action to remove the post and data (assuming he is able).

http://blog.magicaltux.net/ (http://blog.magicaltux.net/)

Coulda been sleeping... its like the middle of the night over there.


Because he is too busy moving money, trying to hide his tracks & feeding his face in Starbucks.

I feel sorry for those that lost thousands due to the incompetence of Mark But they knew the risk was there by keeping that much money online on an unregulated exchange with no security to back it up.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Lauda on March 09, 2014, 09:07:58 PM
This doesn't come as a surprise.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: SteamGamesBTC.com on March 09, 2014, 09:16:00 PM
Quote from: E.exchanger on March 09, 2014, 08:00:38 PM
can't find anything there no files nothing i think thy removed the links ???
Here you are:
https://www.google.com/search?q=B6545ECC7DB8D44C8CBC4E93989EDF8221AF75F5

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: The Bitcoin Foundation on March 09, 2014, 09:18:57 PM
Mod note: be careful with the executable, run it only on an isolated virtual machine

http://burnbit.com/torrent/280433/MtGox2014Leak_zip


Torrent available. Seed it people

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: kuroman on March 09, 2014, 09:49:39 PM
951K bitcoins, I guess the difference is Marks own BTCs, considering clients BTC is 800k, that's a hugeeeeeeeeeeee amount

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Phinnaeus Gage on March 09, 2014, 09:59:03 PM
Quote from: LaudaM on March 09, 2014, 09:07:58 PM
This doesn't come as a surprise.

Today I learnt that Mark Karpeles paid $4,600/mo USD to rent his apartment. Boy, am I glad I didn't have one satoshi in Mt Gox, otherwise I would be one pissed off motherfucker right about now.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Loozik on March 09, 2014, 09:59:27 PM
Dear hackers,

I hope you posses december, january and february data. Please investigate buys (huge ones) in yellow circles at Gox and match them with corresponding (huge ones) withdrawals.

Gox is on top, bitstamp lower and then btc-e.

https://i.imgur.com/OgtJYcY.jpg

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Phinnaeus Gage on March 09, 2014, 10:01:37 PM
Quote from: The Bitcoin Foundation on March 09, 2014, 09:18:57 PM
http://burnbit.com/torrent/280433/MtGox2014Leak_zip


Torrent available. Seed it people

I'm surprised that TBF is so kind now to help out. I'm not a conspiracy nut... Let me rephrase that!

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: bananas on March 09, 2014, 10:06:38 PM
All those leaks seems to be by Karpeles himself, probably to show authorities how "hackable" they are. Just when it would be possibly of his interest, everything Karpeles-related gets hacked: company, blog, reddit. Very strange. Yet more strange, is the lack of the 3 last months.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Loozik on March 09, 2014, 10:10:14 PM
Quote from: bananas on March 09, 2014, 10:06:38 PM
All those leaks seems to be by Karpeles himself, probably to show authorities how "hackable" they are.

This is probably correct given the hackers gave us all data except for the one that matters (dec, jan, feb).

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Nathonas on March 09, 2014, 10:17:21 PM
As the reddit post said, this looks like an attempt by hackers to pin the lost bitcoins on Karpeles. I don't think he's stupid enough to steal that many bitcoins for himself, especially when he's already rich.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: tvbcof on March 09, 2014, 10:25:12 PM

Can anyone cross check my results here:  I skimmed this thread and didn't see it.

snip@snip ~> sha256 MtGox2014Leak.zip
SHA256 (MtGox2014Leak.zip) = ffcf6742ab84d7e29ef16ca4f0829d7c4e7a4f739414d2b6d2ded52f05e75a67

Also, has anyone found any hack attempts in any of the data files?  (I cannot get the dump file home to look at it until midnight due to quotas.)


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: WindMaster on March 09, 2014, 10:34:55 PM
Quote from: tvbcof on March 09, 2014, 10:25:12 PM
snip@snip ~> sha256 MtGox2014Leak.zip
SHA256 (MtGox2014Leak.zip) = ffcf6742ab84d7e29ef16ca4f0829d7c4e7a4f739414d2b6d2ded52f05e75a67

SHA256 hash matches my copy.

And, I see Mark's blog on blog.magicaltux.net containing the original posting of the leaked data has finally been taken down.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Lord F(r)og on March 09, 2014, 10:39:29 PM
Quote from: WindMaster on March 09, 2014, 10:34:55 PM
Quote from: tvbcof on March 09, 2014, 10:25:12 PM
snip@snip ~> sha256 MtGox2014Leak.zip
SHA256 (MtGox2014Leak.zip) = ffcf6742ab84d7e29ef16ca4f0829d7c4e7a4f739414d2b6d2ded52f05e75a67
SHA256 hash matches my copy.

me too

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: tarmi on March 09, 2014, 10:40:49 PM
Quote from: Loozik on March 09, 2014, 09:59:27 PM
Dear hackers,

I hope you posses december, january and february data. Please investigate buys (huge ones) in yellow circles at Gox and match them with corresponding (huge ones) withdrawals.

Gox is on top, bitstamp lower and then btc-e.

https://i.imgur.com/OgtJYcY.jpg





THIS!

data from january and feb are crucial!

proves for insider trades and withdrawals are all there!

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: LiteCoinGuy on March 09, 2014, 10:40:54 PM
http://techcrunch.com/2014/03/09/mt-gox-hack-allegedly-reveals-bitcoin-balances-customer-account-totals/


http://coinalpha.com/wp-content/uploads/2014/02/Mt-Gox-CEO-620x372.jpg

"Sorry" 


;D

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Loozik on March 09, 2014, 10:56:21 PM
Quote from: LiteCoinGuy on March 09, 2014, 10:40:54 PM
http://techcrunch.com/2014/03/09/mt-gox-hack-allegedly-reveals-bitcoin-balances-customer-account-totals/


http://coinalpha.com/wp-content/uploads/2014/02/Mt-Gox-CEO-620x372.jpg

"Sorry" 


;D

You made my day  ;D

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 09, 2014, 11:01:56 PM
https://mega.co.nz/#!0VliDQBA!4Ontdi2MsLD4J5dV1-sr7pAgEYTSMi8rNeEMBikEhAs is a mirror of the files thats still online.


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: btcdrak on March 09, 2014, 11:02:08 PM
So much censorship at Reddit. Someone mirrored the data and made a torrent. Here it is: http://cryptoanarchic.me/goxhax/

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: smooth on March 09, 2014, 11:03:26 PM
Quote from: DeathAndTaxes on March 09, 2014, 06:27:19 PM
Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?  

Is competence even a question any more?

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Alonzo Ewing on March 09, 2014, 11:05:32 PM
Quote from: Hawkix on March 09, 2014, 07:53:14 PM
Quote from: Alonzo Ewing on March 09, 2014, 07:48:47 PM
I haven't downloaded anything due to fear of malware, but would I be able to get my trade data off this?  I need it to do my taxes.

You can download it, its ZIP with plenty of CVS files (harmless text files). Do not run EXE files, or open PDF.

If you know your user guid (long hexa string you received with your registration), you can find yourself in the dump.

Crap, I don't have my user id.  What I do have is an excel file that's a partial list of trades.  For example, it has trades #53-#110.  What I don't have is trades #1-#52.  I thought I had downloaded all the trades, but for some reason my file only had some of them.  

Would I be able to use information from my excel file to identify the rest of my trades?  It has various tid's for some trades, and it also has bitcoin addresses that I used to move my coins elsewhere.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Pierre on March 09, 2014, 11:06:18 PM
Getting my popcorn ready  :)

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: TheButterZone on March 09, 2014, 11:07:46 PM
"Any sufficiently advanced incompetence is indistinguishable from malice."

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: chessnut on March 09, 2014, 11:13:22 PM
Quote from: TheButterZone on March 09, 2014, 11:07:46 PM
"Any sufficiently advanced incompetence is indistinguishable from malice."

and "never attribute to malice that which can be adequately explained by stupidity"

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: janos666 on March 09, 2014, 11:13:23 PM
I just found myself on the excel list. I searched for my balance and the corresponding timestamp matches with the time of my last trade. :O

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Armis on March 09, 2014, 11:13:34 PM
Quote from: TheButterZone on March 09, 2014, 11:07:46 PM
"Any sufficiently advanced incompetence is indistinguishable from malice."

variation:
"advanced" incompetence take knowledge

translation:
inside job
 

Quote from: chessnut on March 09, 2014, 11:13:22 PM
and "never attribute to malice that which can be adequately explained by stupidity"


stupid is knowing right from wrong but choosing wrong anyway

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 09, 2014, 11:14:22 PM
Scary Stuff.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: TheButterZone on March 09, 2014, 11:15:28 PM
Quote from: chessnut on March 09, 2014, 11:13:22 PM
Quote from: TheButterZone on March 09, 2014, 11:07:46 PM
"Any sufficiently advanced incompetence is indistinguishable from malice."

and "never attribute to malice that which can be adequately explained by stupidity"

Sorry, that level of stupidity would require daily retraining on toilet hygiene. Not bloody adequate, or likely.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: seriouscoin on March 09, 2014, 11:18:21 PM
And you guys said i'm evil for wishing him a horrible death?

This fat fuck will suffer for the rest of his life.

Obviously he knows the exchange missing coins, he and his associates have been MANIPULATING the market clear and simple.


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 09, 2014, 11:19:19 PM
Quote from: seriouscoin on March 09, 2014, 11:18:21 PM
And you guys said i'm evil for wishing him a horrible death?

This fat fuck will suffer for the rest of his life.

Obviously he knows the exchange missing coins, he and his associates have been MANIPULATING the market clear and simple.



He has certainly cost alot of people alot of their assets. The fact that this has gone on for as long as it has is just unacceptable.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: chessnut on March 09, 2014, 11:24:10 PM
Quote from: TheButterZone on March 09, 2014, 11:15:28 PM
Quote from: chessnut on March 09, 2014, 11:13:22 PM
Quote from: TheButterZone on March 09, 2014, 11:07:46 PM
"Any sufficiently advanced incompetence is indistinguishable from malice."

and "never attribute to malice that which can be adequately explained by stupidity"

Sorry, that level of stupidity would require daily retraining on toilet hygiene. Not bloody adequate, or likely.

whats more stupid, losing 1000k BTC or, stealing 1000k bitcoins from an exchange you own. in either case, stupidity exceeds malice.

over to you.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: solex on March 09, 2014, 11:26:55 PM
My last company has closed. Can I have a job?

http://bitcoinhistory.net/MtGox_Dump/Files/Misc_Internals/Docs/CV-Mark_Karpeles_20100325.pdf

http://www.itespresso.fr/wp-content/uploads/2014/02/bitcoin-mark-karpeles-mtgox.jpg


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Loozik on March 09, 2014, 11:33:12 PM
Quote from: tarmi on March 09, 2014, 10:40:49 PM

THIS!

data from january and feb are crucial!

proves for insider trades and withdrawals are all there!

Insider withdrawals are more important. I just examined non-btcusd Gox charts. Look at sells of coins for yen and rubble and subsequent logical fiat withdrawals in these exotic currencies. Someone with insider knowledge must have known Gox's collapse is being orchestrated.


https://i.imgur.com/Z1YUaB8.jpg

https://i.imgur.com/Eca1mNU.jpg

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: tvbcof on March 09, 2014, 11:35:02 PM
Quote from: TheButterZone on March 09, 2014, 11:15:28 PM
Quote from: chessnut on March 09, 2014, 11:13:22 PM
Quote from: TheButterZone on March 09, 2014, 11:07:46 PM
"Any sufficiently advanced incompetence is indistinguishable from malice."

and "never attribute to malice that which can be adequately explained by stupidity"

Sorry, that level of stupidity would require daily retraining on toilet hygiene. Not bloody adequate, or likely.

Agree.  It would take some pretty strong evidence to convince me that these various losses of control and releases of information are not deliberate and staged.  Either through some sort of an internal plan or through some sort of coercion.  I've not thought up any noteworthy ideas about what such a strategy would achieve though.

When Krapholes bough a violin I figured that a) they had and were making money, and b) they were employing technical talent for systems engineering work.  That went some distance toward my decision to take a chance and go ahead and verify and do a partial sale as part of the process of removing my funds (last summer.)  I seem to have been in error in my estimates.  My mistake.  I still doubt that Mark is incompetant or detached enough to lose data on this scale.  He might lose such information to state actors, but it does not seem likely that they would dump the data in this manner.


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: TheButterZone on March 09, 2014, 11:38:43 PM
Quote from: chessnut on March 09, 2014, 11:24:10 PM
Quote from: TheButterZone on March 09, 2014, 11:15:28 PM
Quote from: chessnut on March 09, 2014, 11:13:22 PM
Quote from: TheButterZone on March 09, 2014, 11:07:46 PM
"Any sufficiently advanced incompetence is indistinguishable from malice."

and "never attribute to malice that which can be adequately explained by stupidity"

Sorry, that level of stupidity would require daily retraining on toilet hygiene. Not bloody adequate, or likely.

whats more stupid, losing 1000k BTC or, stealing 1000k bitcoins from an exchange you own. in either case, stupidity exceeds malice.

over to you.

Nope.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 09, 2014, 11:40:30 PM
Quote from: WuttWutt on March 09, 2014, 11:28:45 PM
Fuck Mark I lost 1000 euro hope he goes to jail and gets throatfucked to death

Sorry for those who lost more

I agree that he may belong in jail.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: chessnut on March 09, 2014, 11:43:12 PM
Quote from: TheButterZone on March 09, 2014, 11:38:43 PM
Quote from: chessnut on March 09, 2014, 11:24:10 PM
Quote from: TheButterZone on March 09, 2014, 11:15:28 PM
Quote from: chessnut on March 09, 2014, 11:13:22 PM
Quote from: TheButterZone on March 09, 2014, 11:07:46 PM
"Any sufficiently advanced incompetence is indistinguishable from malice."

and "never attribute to malice that which can be adequately explained by stupidity"

Sorry, that level of stupidity would require daily retraining on toilet hygiene. Not bloody adequate, or likely.

whats more stupid, losing 1000k BTC or, stealing 1000k bitcoins from an exchange you own. in either case, stupidity exceeds malice.

over to you.

Nope.

Nope indeed.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: TTBit on March 09, 2014, 11:45:17 PM

We all knew June 2013.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: CompNsci on March 09, 2014, 11:56:55 PM
Appears this dump may not contain transactions prior to the June 2011 compromise and database reset.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 09, 2014, 11:57:49 PM
Quote from: CompNsci on March 09, 2014, 11:56:55 PM
Appears this dump may not contain transactions prior to the June 2011 compromise and database reset.

Yeah but isn't that database already available?

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: AngelSky on March 10, 2014, 12:15:57 AM
http://media.giphy.com/media/Pb419ihn0e4ZW/giphy.gif

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: moni3z on March 10, 2014, 12:18:21 AM
This is MK leaking his own db. Not only does it now help provide the legal defense of evil hackers did it, we didn't run a ponzi, but the db even shows that they should still have bitcoins left over. The db is useless since it's just internal mtcrap accounting what you need is his wallet to match up to transactions to prove they didn't run a ponzi which was probably quickly moved to new keys and deleted.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: CompNsci on March 10, 2014, 12:22:10 AM
The btc_xfer_report.csv appears to include only deposits and withdrawals to external addresses, though no bitcoin addresses. It doesn't include the results of trading.

It also appears to include withdrawals which never went through and whose balances were subsequently refunded.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 10, 2014, 12:23:51 AM
Quote from: CompNsci on March 10, 2014, 12:22:10 AM
The btc_xfer_report.csv appears to include only deposits and withdrawals to external addresses, though no bitcoin addresses. It doesn't include the results of trading.

It also appears to include withdrawals which never went through and whose balances were subsequently refunded.

The xls was anonomyzed.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Alonzo Ewing on March 10, 2014, 01:02:07 AM
Well, I have solved a major problem.  I've been trying to do my taxes for a while but lacked my account trade data since Gox went down.  Today, I got it back.

What a crazy world we live in: Gox can't give me my own trade history, but hackers can!

Thank you hackers!

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: V4Vendettas on March 10, 2014, 01:14:05 AM
Quote from: Alonzo Ewing on March 10, 2014, 01:02:07 AM
Well, I have solved a major problem.  I've been trying to do my taxes for a while but lacked my account trade data since Gox went down.  Today, I got it back.

What a crazy world we live in: Gox can't give me my own trade history, but hackers can!

Thank you hackers!


Yea real sunshine thu the rain stuff  ;D :'( ;D :'( :'(

The times we live in hey.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: tugvarish on March 10, 2014, 02:27:09 AM
Quote from: Patel on March 09, 2014, 06:49:50 PM
My theory is that Mark Karpeles himself leaked this documents and is pretending his website and reddit got hacked, to strengthen his argument that the coins got hacked.

There isn't really any way to prove if he did or not.
Probably partially true...
I think he is on a Government gag order, if he talks directly he will go to prison for long time, and in this way he can give the info to the world.
They said on multiple occasion that there was an investigation that they could not talk about and at the beginning they also said they still have the BTC, but for a technicality, of which they also could not explain in details) could not be accessed. And about that part somewhere else few days ago some big wallet start moving BTC around.
The BTC are there and somewhere in the world are also the Keys.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: TheFootMan on March 10, 2014, 02:33:32 AM
Quote from: tugvarish on March 10, 2014, 02:27:09 AM
Quote from: Patel on March 09, 2014, 06:49:50 PM
My theory is that Mark Karpeles himself leaked this documents and is pretending his website and reddit got hacked, to strengthen his argument that the coins got hacked.

There isn't really any way to prove if he did or not.
Probably partially true...
I think he is on a Government gag order, if he talks directly he will go to prison for long time, and in this way he can give the info to the world.
They said on multiple occasion that there was an investigation that they could not talk about and at the beginning they also said they still have the BTC, but for a technicality, of which they also could not explain in details) could not be accessed. And about that part somewhere else few days ago some big wallet start moving BTC around.
The BTC are there and somewhere in the world are also the Keys.

It was claimed on irc by the original 'spokesperson' for the hacker group that they'd had access to mtgox servers for a long time. Taking that into consideration, it would not be strange if they had access to login credentials for Mark to various services. Judging from the level of security he's been running, he might as well have stored all passwords in a text file..

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Pangia on March 10, 2014, 02:34:51 AM
Quote from: tugvarish on March 10, 2014, 02:27:09 AM
Quote from: Patel on March 09, 2014, 06:49:50 PM
My theory is that Mark Karpeles himself leaked this documents and is pretending his website and reddit got hacked, to strengthen his argument that the coins got hacked.

There isn't really any way to prove if he did or not.
Probably partially true...
I think he is on a Government gag order, if he talks directly he will go to prison for long time, and in this way he can give the info to the world.
They said on multiple occasion that there was an investigation that they could not talk about and at the beginning they also said they still have the BTC, but for a technicality, of which they also could not explain in details) could not be accessed. And about that part somewhere else few days ago some big wallet start moving BTC around.
The BTC are there and somewhere in the world are also the Keys.

You mean you're guessing without any proof. You're just another GOX turd. Go fuck yourself.

Karpeles is a thief and you're another GOX lover burying your head in the sand.  I should apologize though you're not as bad as the ones claiming the "bankster" are responsible for the GOX mess.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: chinacoinbase on March 10, 2014, 02:42:18 AM
I checked , that data is correct ,but.....

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 10, 2014, 02:43:20 AM
Karpeles is a criminal in my mind because of his gross negligence when handling with MtGox customer funds.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: relm9 on March 10, 2014, 02:53:49 AM
The .exe in the info dump is a wallet stealer apparently. Haven't seen this posted yet?

http://www.reddit.com/r/Bitcoin/comments/200k30/the_tibannebackofficeexe_executable_is_wallet/

If you ran it, hopefully you did so on a sandboxed computer or VM.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: TheFootMan on March 10, 2014, 03:05:32 AM
Quote from: relm9 on March 10, 2014, 02:53:49 AM
If you ran it, hopefully you did so on a sandboxed computer or VM.

Well - downloading files from a hack - then proceeding to run an executable in said collection - well, if anybody loses bitcoin over that, sorry I can't say I'm having much sympathy.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: darkmule on March 10, 2014, 03:08:51 AM
Quote from: relm9 on March 10, 2014, 02:53:49 AM
The .exe in the info dump is a wallet stealer apparently. Haven't seen this posted yet?

http://www.reddit.com/r/Bitcoin/comments/200k30/the_tibannebackofficeexe_executable_is_wallet/

If you ran it, hopefully you did so on a sandboxed computer or VM.

Who could possibly have predicted that an exe file in an archive distributed by hackers would be a wallet stealer?  I bet some idiots ran it, too.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: darkmule on March 10, 2014, 03:13:31 AM
Quote from: relm9 on March 10, 2014, 02:53:49 AM
The .exe in the info dump is a wallet stealer apparently. Haven't seen this posted yet?

http://www.reddit.com/r/Bitcoin/comments/200k30/the_tibannebackofficeexe_executable_is_wallet/

If you ran it, hopefully you did so on a sandboxed computer or VM.

Someone should probably create another clean torrent without the malware and distribute that instead.  I know anyone dumb enough to run an executable in something like this basically has it coming, but there's no good purpose to be served by knowingly distributing malware.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Phinnaeus Gage on March 10, 2014, 03:31:54 AM
Quote from: relm9 on March 10, 2014, 02:53:49 AM
The .exe in the info dump is a wallet stealer apparently. Haven't seen this posted yet?

http://www.reddit.com/r/Bitcoin/comments/200k30/the_tibannebackofficeexe_executable_is_wallet/

If you ran it, hopefully you did so on a sandboxed computer or VM.

Well, ain't this motherfuckin' special! I waited till the all clear prior to downloading the file and unzipping it. Now, I learn that that wasn't a good idea.

What am I up against here, guys?

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Remember remember the 5th of November on March 10, 2014, 03:54:06 AM
Quote from: Phinnaeus Gage on March 10, 2014, 03:31:54 AM
Quote from: relm9 on March 10, 2014, 02:53:49 AM
The .exe in the info dump is a wallet stealer apparently. Haven't seen this posted yet?

http://www.reddit.com/r/Bitcoin/comments/200k30/the_tibannebackofficeexe_executable_is_wallet/

If you ran it, hopefully you did so on a sandboxed computer or VM.

Well, ain't this motherfuckin' special! I waited till the all clear prior to downloading the file and unzipping it. Now, I learn that that wasn't a good idea.

What am I up against here, guys?
Missing bitcoins, possible suicide.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 10, 2014, 03:59:43 AM
Quote from: Phinnaeus Gage on March 10, 2014, 03:31:54 AM
Quote from: relm9 on March 10, 2014, 02:53:49 AM
The .exe in the info dump is a wallet stealer apparently. Haven't seen this posted yet?

http://www.reddit.com/r/Bitcoin/comments/200k30/the_tibannebackofficeexe_executable_is_wallet/

If you ran it, hopefully you did so on a sandboxed computer or VM.

Well, ain't this motherfuckin' special! I waited till the all clear prior to downloading the file and unzipping it. Now, I learn that that wasn't a good idea.

What am I up against here, guys?

If you just unzipped it you should be fine. Just don't open the .exe or .pdf

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: usabitcoinbuyer on March 10, 2014, 04:24:06 AM
I'm trying to do some datamining on the files.  Here are some interesting initial observations:

- There are 88267 accounts with BTC balances; I was under the impression there should be more than that.
- There appear to be wallet ids in the transaction history that aren't in the mtgox_balances file.  This would explain the above.
- Some accounts have negative BTC balances (-85 BTC!).  Oops!

Edit: it looks like 0 balance accounts aren't in mtgox_balances, so you can't xref user ids with wallet ids for those.

Edit2: There are 39905 accounts with only fiat balances, for a total of 128172 unique user accounts in the mtgox_balances file.  The btc_xfer_report has 147079 unique wallet ids that have either deposited or withdrawn bitcoin.  That implies at least 18907 users who have shown BTC deposit/withdrawal activity got all their funds out.  I haven't yet gone through the trade history logs, so this is just a lower bound.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Bit_Happy on March 10, 2014, 04:26:29 AM
Quote from: WindMaster on March 09, 2014, 06:31:34 PM
Top 10 (apparent) account balances in the leaked database dump:

711a4e9d-e183-...    44547.7 BTC
34fcda44-5832-...    43768.2 BTC
c0b24126-f199-...    19985.0 BTC
92d047e9-9f2b-...    11500.6 BTC
ff84fc35-b22a-...    11007.8 BTC
0afba433-817e-...     9819.2 BTC
19b38844-b58b-...     8752.6 BTC
945e5a15-4100-...     8000.0 BTC
4339257e-4b12-...     6051.3 BTC
0766852e-9187-...     5199.9 BTC

Ouch, I don't feel too bad now about losing single-digit quantities of BTC.  I'd assume that at least some of these accounts are Mark however (depending whether or not one believes he took the BTC himself).

Whale blubber got trimmed, ouch.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Phinnaeus Gage on March 10, 2014, 04:27:02 AM
Quote from: joesmoe2012 on March 10, 2014, 03:59:43 AM
Quote from: Phinnaeus Gage on March 10, 2014, 03:31:54 AM
Quote from: relm9 on March 10, 2014, 02:53:49 AM
The .exe in the info dump is a wallet stealer apparently. Haven't seen this posted yet?

http://www.reddit.com/r/Bitcoin/comments/200k30/the_tibannebackofficeexe_executable_is_wallet/

If you ran it, hopefully you did so on a sandboxed computer or VM.

Well, ain't this motherfuckin' special! I waited till the all clear prior to downloading the file and unzipping it. Now, I learn that that wasn't a good idea.

What am I up against here, guys?

If you just unzipped it you should be fine. Just don't open the .exe or .pdf


Too late! I opened the CV-Mark_Karpeles...... one. I guess that explains why the the page deal for blank.

Now what? Besides any wallets that a person may have stored on their computer, of which is not the case with me, luckily, can the malware perform any other tasks like sniff for keystrokes, passwords, etc. I truly don't know anything on this regard, that's why I had 1,132 BTC stored on InstaWallet last year, because the general consensus is that they could be trusted.

It's also why I told a guy here in Sandwich, IL, that Bitcoinica was okay, so he put in $10K USD (I have strong reason to believe that's the correct figure considering the sources, though he claims it's a lot more)--because I trusted them. I told the guy not to use Mt Gox, so he didn't. Guess what happened? Sick!

But I digress, and look forward to an answer to the earlier question in this post.

Thanks in advance, from me and any others that the answers may help.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Phinnaeus Gage on March 10, 2014, 04:35:11 AM
Quote from: usabitcoinbuyer on March 10, 2014, 04:24:06 AM
I'm trying to do some datamining on the files.  Here are some interesting initial observations:

- There are 88267 accounts with BTC balances; I was under the impression there should be more than that.
- There appear to be wallet ids in the transaction history that aren't in the mtgox_balances file.  This would explain the above.
- Some accounts have negative BTC balances (-85 BTC!).  Oops!

88,267 is a far cry from 1M: https://www.facebook.com/MtGox

Quote
Holiday Discount to celebrate reaching 1 Million Customers and a new partnership with Mayzus FS

Dear MtGox Customers,

Thank you for your patience and support all throughout 2013.
As we noted in our previous update there are many things happening, and we’re proud to announce two more major developments that will make MtGox both easier and more economical for our valued customers:

1) One million MtGox customers and reduced fees for the holidays!

BTW, that's 1M customers that should have equated to more accounts. 88,267 accounts equates to lot less fewer customers.

InstaWallet pulled the same shit with their 3M customers claim. I can easily add up all the customers they paid out via the blockchain. BTW, they still have ~3000 BTC in that account after the last payout, and 1,132 BTC of it is mine.

One more thing: Google Mayzus.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Bobsurplus on March 10, 2014, 04:42:32 AM
Quote from: Moebius327 on March 09, 2014, 06:31:27 PM
Quote from: DeathAndTaxes on March 09, 2014, 06:27:19 PM
Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?  

My guess is the db was stolen from a business associate/employee.

left from the leaker:
Code:
<!-- I hated working with you.   You deserve everything you get for what you did. -->

That's deep. He must have really fucked over everyone around him too.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: usabitcoinbuyer on March 10, 2014, 04:48:30 AM
Quote from: Holliday on March 10, 2014, 04:38:26 AM

It's possible that there were accounts without bitcoin balances.

Although, I still don't trust anything Gox says.

Right.  I just realized that.  Reference my edited post above...

But... then that would mean that 900,000 of the customers either 1) never deposited any BTC or 2) were smart enough to get it all out before the final goxxing.  I wasn't that smart, and I'd find it hard to believe that 90% of users who ever had a balance actually got it out.  On the other hand, I wouldn't be surprised that Gox would claim any registered account as a customer, even if it never had any deposit/trade activity.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: smooth on March 10, 2014, 04:56:18 AM
Quote from: usabitcoinbuyer on March 10, 2014, 04:48:30 AM
Quote from: Holliday on March 10, 2014, 04:38:26 AM

It's possible that there were accounts without bitcoin balances.

Although, I still don't trust anything Gox says.

Right.  I just realized that.  Reference my edited post above...

But... then that would mean that 900,000 of the customers either 1) never deposited any BTC or 2) were smart enough to get it all out before the final goxxing.  I wasn't that smart, and I'd find it hard to believe that 90% of users who ever had a balance actually got it out.  On the other hand, I wouldn't be surprised that Gox would claim any registered account as a customer, even if it never had any deposit/trade activity.


I stopped using the site last year and withdrew essentially all of my btc when they stopped paying USD and had other issues. Was a huge red flag to me.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: bananas on March 10, 2014, 04:56:33 AM
Quote from: Phinnaeus Gage on March 10, 2014, 04:27:02 AM
Quote from: joesmoe2012 on March 10, 2014, 03:59:43 AM
Quote from: Phinnaeus Gage on March 10, 2014, 03:31:54 AM
Quote from: relm9 on March 10, 2014, 02:53:49 AM
The .exe in the info dump is a wallet stealer apparently. Haven't seen this posted yet?

http://www.reddit.com/r/Bitcoin/comments/200k30/the_tibannebackofficeexe_executable_is_wallet/

If you ran it, hopefully you did so on a sandboxed computer or VM.

Well, ain't this motherfuckin' special! I waited till the all clear prior to downloading the file and unzipping it. Now, I learn that that wasn't a good idea.

What am I up against here, guys?

If you just unzipped it you should be fine. Just don't open the .exe or .pdf


Too late! I opened the CV-Mark_Karpeles...... one. I guess that explains why the the page deal for blank.



There is no problem if you opened with Acrobat Reader, only the full version of Acrobat may execute some kind of virus.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 10, 2014, 04:57:14 AM
It can't represent all of their customers if there's only 80K or so accounts, that's way too few.

At one point they were handling thousands of verifications a day weren't they? Or was it all just one big lie...?

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: smooth on March 10, 2014, 05:00:51 AM
Quote from: Phinnaeus Gage on March 10, 2014, 04:27:02 AM
Now what? Besides any wallets that a person may have stored on their computer, of which is not the case with me, luckily, can the malware perform any other tasks like sniff for keystrokes, passwords, etc.

Bruno your tone is sometimes to read online but if you are serious, my answer would be to never trust that computer again until after wiping it, and be extremely cautious with any "data" files stored there.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 10, 2014, 05:03:36 AM
Quote from: smooth on March 10, 2014, 05:00:51 AM
Quote from: Phinnaeus Gage on March 10, 2014, 04:27:02 AM
Now what? Besides any wallets that a person may have stored on their computer, of which is not the case with me, luckily, can the malware perform any other tasks like sniff for keystrokes, passwords, etc.

Bruno your tone is sometimes to read online but if you are serious, my answer would be to never trust that computer again until after wiping it, and be extremely cautious with any "data" files stored there.


Opening the zip in an of itself shouldn't be a problem.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: smooth on March 10, 2014, 05:04:39 AM
Quote from: joesmoe2012 on March 10, 2014, 05:03:36 AM
Opening the zip in an of itself shouldn't be a problem.

Correct (assuming it has been verified to be a valid zip without some hidden executable component), but he said he also opened a PDF file. That's dangerous.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 10, 2014, 05:06:13 AM
Quote from: smooth on March 10, 2014, 05:04:39 AM
Quote from: joesmoe2012 on March 10, 2014, 05:03:36 AM
Opening the zip in an of itself shouldn't be a problem.

Correct (assuming it has been verified to be a valid zip without some hidden executable component), but he said he also opened a PDF file. That's dangerous.


yes, have to be careful with PDF's. Though I don't think that the CV contained a virus.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: usabitcoinbuyer on March 10, 2014, 05:39:16 AM
Some more interesting info... 

The btc_xfer_report shows withdrawals occurring well after the Feb 7 BTC withdrawal suspension.  There are 1360 withdrawals dated Feb 10 or later, involving 315 wallet ids, totaling 15541 BTC.

Many of these are paired with deposits to other wallet ids, so this suggests that the xfers document internal non-blockchain transfers as well. 

There is a screenshot.png in the bin folder which shows some withdrawals in an admin interface.  For whatever reason, they are all associated with wallet id 023e30c1-9c0d-41be-a471-6ac6992f62f1.  I wonder if there's something significant about that wallet vs. the others, or it was just a random example.  In any case, if this was intended to show that there were "special" external withdrawals after the freeze, that wasn't the case.  It looks like all of the withdraws from this account went to wallet id a6acd802-bb4f-412b-be6d-b0bf3f2bb055.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: joesmoe2012 on March 10, 2014, 05:41:29 AM
Quote from: usabitcoinbuyer on March 10, 2014, 05:39:16 AM
Some more interesting info... 

The btc_xfer_report shows withdrawals occurring well after the Feb 7 BTC withdrawal suspension.  There are 1360 withdrawals dated Feb 10 or later, involving 315 wallet ids, totaling 15541 BTC.

Many of these are paired with deposits to other wallet ids, so this suggests that the xfers document internal non-blockchain transfers as well. 

There is a screenshot.png in the bin folder which shows some withdrawals in an admin interface.  For whatever reason, they are all associated with wallet id 023e30c1-9c0d-41be-a471-6ac6992f62f1.  I wonder if there's something significant about that wallet vs. the others, or it was just a random example.  In any case, if this was intended to show that there were "special" external withdrawals after the freeze, that wasn't the case.  It looks like all of the withdraws from this account went to wallet id a6acd802-bb4f-412b-be6d-b0bf3f2bb055.

Alot of the internal, off-blockchain transfers were likely people speculating on GoxBTC vs RealBTC, like what bitcoinbuilder had setup.

I wonder how many GoxBTC ended up in bitcoinbuilder's account...

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: darkmule on March 10, 2014, 06:06:54 AM
Quote from: joesmoe2012 on March 10, 2014, 05:06:13 AM
yes, have to be careful with PDF's. Though I don't think that the CV contained a virus.

Most virus scanning software is simple pattern matching.  It looks for the signature of known viral code.  This isn't going to detect something like wallet stealing software that is custom made for one particular purpose, never released into the wild, and which is not technically a virus but a trojan.  A virus gets your computer to replicate it to other media.  This kind of thing doesn't.

Even AV that uses some kind of heuristic method to detect the kind of code that might be viral, i.e. looking for specific kinds of suspicious behavior, is still probably not going to recognize something aimed at a specific application, like Bitcoin wallet software.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Phinnaeus Gage on March 10, 2014, 06:13:02 AM
Quote from: joesmoe2012 on March 10, 2014, 05:06:13 AM
Quote from: smooth on March 10, 2014, 05:04:39 AM
Quote from: joesmoe2012 on March 10, 2014, 05:03:36 AM
Opening the zip in an of itself shouldn't be a problem.

Correct (assuming it has been verified to be a valid zip without some hidden executable component), but he said he also opened a PDF file. That's dangerous.


yes, have to be careful with PDF's. Though I don't think that the CV contained a virus.

I do open PDF's all the time, but seem to be spooked by this one due to the warnings. This is the main laptop I use for everything. In fact, I even had it in Atlanta and stored it in BitPay's Coke (as in soda) locker that Friday evening, unlocked. The next day, it was under the table where the Bitcoin Magazine was being sold in the conference lecture room. If stolen, the thief could have easily gotten tens of thousands of dollars from me, and that's with not having a personal bitcoin wallet. Yes, I'm still using a third party service, not learning my lesson after InstaWallet went dark.

I guess my only concern is some keylogger program and password sniffer being in place now. Is such a possibility with any malware that may now be in place?

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: smooth on March 10, 2014, 06:16:37 AM
Quote from: Phinnaeus Gage on March 10, 2014, 06:13:02 AM
I do open PDF's all the time, but seem to be spooked by this one due to the warnings.

It's more than just warnings. We know for a fact* that the very same zip file contained wallet-stealing malware. That makes the rest of the zip very suspicious as well. You are justified in being spooked.

* Fact in the sense that someone claimed to disassemble it and posted the code. In theory that could be fake.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Phinnaeus Gage on March 10, 2014, 06:16:42 AM
Is the following site safe to visit: bitcoincorp.de/MtGox_Ba            lances.txt (broken up with spaces, so just connect the a to the l -- self-explantory)

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: bananas on March 10, 2014, 07:35:44 AM
Quote from: joesmoe2012 on March 10, 2014, 04:57:14 AM
It can't represent all of their customers if there's only 80K or so accounts, that's way too few.

At one point they were handling thousands of verifications a day weren't they? Or was it all just one big lie...?

The balance file states this:

mysql> SELECT * FROM platform.User_Wallet WHERE platform.User_Wallet.Balance != 0 ORDER BY platform.User_Wallet.Balance DESC;

Means that only accounts with balance different of 0 were retrieved.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: usabitcoinbuyer on March 10, 2014, 07:43:27 AM
One more installment of random stats...

Most of the 16 accounts with negative BTC balances have no corresponding BTC deposit/withdrawal history.  I was hoping to find some evidence of the transaction malleability exploit there.  It looks like most of the negative balance accounts date back to 2011, so they could represent fallout from the database reset.  The negative balances "only" total about 300 BTC.

If you're keeping score on relative magnitude of goxxage, here's a CDF of the BTC balances:

Code:
Total = 88267 
Accounts greater than or equal to (BTC/satoshi)

10000    B = 5 (0.006%)
 1000    B = 101 (0.114%)
  100    B = 1367 (1.549%)
   10    B = 8658 (9.809%)
    1    B = 26470 (29.99%)
    0.1  B = 42766 (48.45%)
    0.01 B = 55324 (62.68%)
    0.001B = 69266 (78.47%)
10000    s = 79420 (89.98%)
 1000    s = 84957 (96.25%)
  100    s = 86350 (97.83%)
   10    s = 87069 (98.64%)
    1    s = 88251 (99.98%)

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: coinage on March 10, 2014, 08:40:35 AM
Quote from: Phinnaeus Gage on March 10, 2014, 06:16:42 AM
Is the following site safe to visit: bitcoincorp.de/M... [snip]

Currently, the URL you posted appears to return a plain 42MB text file with a columnar text report showing user identifiers, balances, withdrawal limits, etc. It currently seems safe to retrieve with a tool such as wget and to view with a simple plain text viewer.

Chances are the data is valid and the person posting it is providing a useful service.

However, don't let anyone categorically tell you a site or page is safe, unless they're in control of it and you trust them (and you believe it won't be hacked by the time you retrieve it).

Reason: sites can be programmed to return different data to different users.

Example: On linux, using wget (a file retrieval tool) with its default user agent string (not pretending to be using something else), I seem to be getting an ordinary text file (based on a quick view of the beginning, end, and some random points along the file). But a user on another OS, or using an actual web browser (or anyone tomorrow, or maybe just every 17th user) could be sent an entirely different file which could have an exploit. It's also possible this 42MB file could have embedded data which might attack a particular word processor should you try to open it in one.

So: always best to use a computer (or virtual computer) you don't use for financial transactions, and/or to use the simplest tools possible to do the job.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: coinage on March 10, 2014, 08:56:24 AM
Quote from: usabitcoinbuyer on March 10, 2014, 07:43:27 AM
... here's a CDF of the BTC balances:

Code:
Total = 88267 
Accounts greater than or equal to (BTC/satoshi)

10000    B = 5 (0.006%)
 1000    B = 101 (0.114%)
  100    B = 1367 (1.549%)
   10    B = 8658 (9.809%)
    1    B = 26470 (29.99%)
    0.1  B = 42766 (48.45%)
    0.01 B = 55324 (62.68%)
    0.001B = 69266 (78.47%)
10000    s = 79420 (89.98%)
 1000    s = 84957 (96.25%)
  100    s = 86350 (97.83%)
   10    s = 87069 (98.64%)
    1    s = 88251 (99.98%)

Thanks for tallying that. It won't help users who were tragically harmed, but it's reassuring to see that only a small number still held large balances at gox, and hopefully most of them were also diversified into other investments or exchanges as well.

The site's mismanager claimed (in IRC as usual) that he kept all his own btcs on it. While few of us would ever believe that, it would account for many of the largest accounts, further reducing the apparent damage to customers.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: andy10000 on March 10, 2014, 10:54:22 AM
Rookie question: Am I reading this right? The accounts with a BTC balance total up to a liability of 950k BTC

Whereas what's at the bottom is a transaction balance sheet of actual transactions in and out of Gox wallets, which implies an actual balance of 500k BTC. That's if there were no btc in the wallets at the start of the relevant time period. Is that total referring to year zero?


Currency: BTC     Balance:     951,116.21905382     <--- What they owe to their 80k+ customers

Total BTC Deposits:  19,065,241.307202    <--- since what date?
Total BTC Withdrawl: 18,563,466.149383   <--- since what date?
------------------------------------
BTC Difference:         501,775.157819      <--- So is this what they have in their wallets? Or is this based on their off-blockchain accounting system. (in which case they knew they were running a fractional reserve!)


Gox also claimed in it's bankruptcy protection that it has about half the fiat it owes. So if it went to liquidation we'd all get roughly half our corn back?

I'm unable to download the zip as I'm on a 3rd world internet connection.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: sgravina on March 10, 2014, 12:00:44 PM
I add up all those bitcoin balances in MtGox_Balances.txt and get: 997698.67233458 Bitcoins

If this database is old then customers withdrew 247,000 bitcoins between this database dump and when withdrawals were shutoff, leaving customers short the 750,000 bitcoins claimed in bankruptcy.  This large withdrawal is probably what caused the revelation of their insolvency.



Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: nmtrader100 on March 10, 2014, 03:12:31 PM
There is more and more mounting evidence that there was substantial BTC withdrawals after the hack was discovered and after Mark disabled withdrawals for everyone else.  This includes the accusation of withdrawals for some members of the bitcoin foundation.  Are we really supposed to believe that Mark allowed all of these withdrawals to these "insiders" but didn't get any of his own coins out???  No, they got out and left everyone else holding the bag, and again, this is criminal and it will have to be explained in the bankruptcy proceedings, unless no one shows up to dispute anything and it all gets rubber-stamped through- which is highly unlikely.  Anyone who lost a substantial amount of coins better have their lawyers present at those hearings.  It will be interesting to see what bank transfers occurred after the hack also.  Mark is going to jail.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: DeathAndTaxes on March 10, 2014, 03:16:15 PM
Quote from: usabitcoinbuyer on March 10, 2014, 07:43:27 AM
Most of the 16 accounts with negative BTC balances have no corresponding BTC deposit/withdrawal history.  I was hoping to find some evidence of the transaction malleability exploit there. 

There are no transaction logs after Nov 2013.  It is possible the transactions you are looking for are the redacted ones.


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: okashira on March 10, 2014, 03:22:52 PM
Mark may not have stolen 750000 coins, but I am quite confident that he took advantage of the system to make a profit for himself.
Given his selfish nature, it's almost guaranteed.

Let's say that continuing to allow deposits while knowingly insolvent, and still continuing deposits and trading while locking withdrawals, is ILLEGAL, and CLASSIC PONZI.

People who lost their coins need to get off their ass and contact authorities. Contact the suing law firms, the DOJ, FBI, Japanese police, or somewhere in their court system.

People think that because bitcoin is not regulated, they won't see anything again.
So if gold coins weren't regulated, it's ok to steal $50,000,000 of gold from someone? "lol it's not regulated"
bitcoin has a well-defined value.



He has a history of jail time for financial crimes when he was younger:

http://johnbercow.tumblr.com/post/78352765925/mt-gox-guy-mark-karpeles-went-to-jail-before-for


He also scammed a French out of $30,000, which he used to purchase MtGox.
(the scammee took years to track him down and sue him in Japanese Court, which he won...)

" A €5,000 ($6,870 USD) down payment is placed.  Mr. Karpelès returns several months later with bad news.  His hired graphics artist failed to complete a subcontract on time, so the first stage of the three-step development process was stall...."
 
 "That was a complete lie.  According to court records, Mr. Karpelès could never provide any evidence that there was a subcontractor.  By all appearances he had simply taken Mr. Dubois' money, done no work, and then invented a fantasy to cover himself."


http://www.dailytech.com/Bitcoin+King+Mt+Gox+CEO+Mark+Karpels+History+of+Arrests+Firings/article34442.htm
http://www.dailytech.com/Bitcoin+King+Pt+II+Mt+Goxs+Dictator+Karpels+Proves+Tragically+Flawed/article34452.htm

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: nmtrader100 on March 10, 2014, 03:56:13 PM
http://www.foxnews.com/tech/2014/03/10/does-mt-gox-ceo-still-control-stolen-bitcoins/?intcmp=features

Anonymous hackers claim to have published evidence that Mt. Gox CEO Mark Karpeles lied about the theft of more than $500 millionworth of bitcoin.

According to the hackers, Karpeles still controls all of the cryptocurrency he says was stolen recently in the biggest heist of bitcoin’s brief history. Mt. Gox was the world’s largest bitcoin exchange until about 850,000 bitcoin were allegedly stolen during a breach, forcing the exchange to shut down and file for bankruptcy protection.

According to new claims from anonymous hackers, however, the heist never occurred and Karpeles still controls nearly 1 million bitcoin worth approximately $596 million at Monday’s exchange rate.

According to a report from Forbes, the anonymous hackers took over Karpeles’s blog and published a post supposedly exposing fraud committed by the CEO. The post was also published on Pastebin.

“It’s time that MTGOX got the bitcoin communities wrath instead of [the] bitcoin community getting Goxed,” the hackers wrote. “This release would have been sooner, but in spirit of responsible disclosure and making sure all of [our] ducks were in a row, it took a few days longer than [we] would have liked to verify the data.”

The hackers’ note was accompanied by a file containing what they claim to be evidence of fraud. They say that they have managed to obtain various personal data belonging to Karpeles, including what they claim to be evidence that Mt. Gox’s current bitcoin balance is in fact 951,116, which would mean that the 850,000 bitcoin the exchange claimed was stolen is still in its control.

As Forbes noted, however, the evidence may in fact simply reveal remarkably poor accounting practices at Mt. Gox, a former hub for trading “Magic: The Gathering” cards, rather than fraud.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: chrisLG on March 10, 2014, 04:12:38 PM
For what it's worth: I compared some of my trades with the leaked data. I found my transactions that I searched (although I just looked at a few transactions from october 2011).

Will try to import it to a db to get a better overview.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: usabitcoinbuyer on March 10, 2014, 04:38:44 PM
Quote from: DeathAndTaxes on March 10, 2014, 03:16:15 PM
Quote from: usabitcoinbuyer on March 10, 2014, 07:43:27 AM
Most of the 16 accounts with negative BTC balances have no corresponding BTC deposit/withdrawal history.  I was hoping to find some evidence of the transaction malleability exploit there.  

There are no transaction logs after Nov 2013.  It is possible the transactions you are looking for are the redacted ones.

I was looking at the btc_xfer_report, which as I previously mentioned, has transactions dating all the way up to Feb 19.

Quote from: usabitcoinbuyer on March 10, 2014, 05:39:16 AM
The btc_xfer_report shows withdrawals occurring well after the Feb 7 BTC withdrawal suspension.  There are 1360 withdrawals dated Feb 10 or later, involving 315 wallet ids, totaling 15541 BTC.

Many of these are paired with deposits to other wallet ids, so this suggests that the xfers document internal non-blockchain transfers as well.  

I pursued this line of investigation a bit further: All withdrawals after Feb 8 are paired with a deposit to another wallet id, so they all appear to be internal transfers.  In other words, if there were external BTC withdrawals allowed for "special" users, they aren't in the btc_xfer_report list.

There were a net 1295 BTC deposited on or after Feb 8, in 2666 transactions.  Most were for fractional amounts, but as an example, there were 32 1 BTC deposits, and 3 10 BTC deposits... and the largest was a deposit of 420.  :(

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: nagnagnag2 on March 10, 2014, 06:59:49 PM
Those with disabled limits:

Code:
| 25e8721e-7ba2-495b-9174-171c521ae05e | e630f502-9f4a-4c23-b9a4-146a70840a23 | USD        |   62000969211 |           0 |   33119 | coinlab |          10000000000 |            50000000000 | Y              | 2014-01-05 16:50:51 |
| 8f06ca2a-4aab-4e36-81df-b456578d7848 | e630f502-9f4a-4c23-b9a4-146a70840a23 | BTC        |            11 |           0 |   48924 | virtual |        1000000000000 |                   NULL | N              | 2014-01-05 16:54:06 |
| 8f54e463-dc24-4941-a4f9-62e64bc92929 | 273f856d-1adc-4e8b-922e-198920a6c16b | BTC        |   57746164220 |           0 |   10060 | virtual |        4000000000000 |                   NULL | N              | 2014-02-07 01:10:07 |
| b5609f69-9560-44a9-81db-b0fab19ff107 | 273f856d-1adc-4e8b-922e-198920a6c16b | JPY        |      77851204 |           0 |    1874 | virtual |                 NULL |              100000000 | Y              | 2014-02-04 13:10:47 |
| 9309545d-f475-4c5a-83ea-a098bf75012e | 273f856d-1adc-4e8b-922e-198920a6c16b | USD        |        132850 |           0 |    3950 | virtual |           5000000000 |            50000000000 | N              | 2013-01-15 06:58:05 |
| 75dfd36c-fec5-4eae-a543-cef4b43fbf7f | 273f856d-1adc-4e8b-922e-198920a6c16b | CNY        |             3 |           0 |       7 | virtual |                 NULL |             1000000000 | N              | 2013-12-15 21:08:54 |
| 9c14d4c3-9fd7-4bea-9527-fdc7acc294d6 | ab5a061c-4067-467d-8cd7-81f96f03dba2 | USD        |          2117 |           0 |   15454 | virtual |          10000000000 |            50000000000 | Y              | 2013-08-16 01:42:03 |
| 1cda0dfd-77bf-4f1f-83d9-b273fd1b5b37 | fb38cb4b-5235-4b74-abdf-9e3559953d1b | BTC        |  105671423118 |           0 |    8954 | virtual |         100000000000 |                   NULL | N              | 2014-02-07 14:40:08 |
| c862c988-9305-445a-bd38-6506ffd5cb98 | fb38cb4b-5235-4b74-abdf-9e3559953d1b | JPY        |           539 |           0 |   13613 | virtual |          10000000000 |            50000000000 | Y              | 2014-02-07 03:39:22 |
| dfffcefd-be1f-4c8d-bfe0-bbb590fb0a27 | fb38cb4b-5235-4b74-abdf-9e3559953d1b | USD        |           328 |           0 |    1096 | virtual |                 NULL |                   NULL | N              | 2014-02-01 08:42:46 |


Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: nagnagnag2 on March 10, 2014, 07:05:58 PM
In mtgox_balances there are 128 166 unique user ids.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: ShroomsKit_Disgrace on March 11, 2014, 03:04:27 PM
Is this credible??:

http://pastebin.com/u5N0W9nH

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Joshuar on March 11, 2014, 03:05:15 PM
Quote from: ShroomsKit_Disgrace on March 11, 2014, 03:04:27 PM
Is this credible??:

http://pastebin.com/u5N0W9nH


who knows.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Phinnaeus Gage on March 11, 2014, 08:29:04 PM
Quote from: usabitcoinbuyer on March 10, 2014, 04:24:06 AM
I'm trying to do some datamining on the files.  Here are some interesting initial observations:

- There are 88267 accounts with BTC balances; I was under the impression there should be more than that.
- There appear to be wallet ids in the transaction history that aren't in the mtgox_balances file.  This would explain the above.
- Some accounts have negative BTC balances (-85 BTC!).  Oops!

Edit: it looks like 0 balance accounts aren't in mtgox_balances, so you can't xref user ids with wallet ids for those.

Edit2: There are 39905 accounts with only fiat balances, for a total of 128172 unique user accounts in the mtgox_balances file.  The btc_xfer_report has 147079 unique wallet ids that have either deposited or withdrawn bitcoin.  That implies at least 18907 users who have shown BTC deposit/withdrawal activity got all their funds out.  I haven't yet gone through the trade history logs, so this is just a lower bound.

88,267 accounts now, but at the time of the last Mt Gox dump there were 61,020 accounts. You telling me that only 27,247 new accounts were created over the course of approximately two years, in spite of Mt Gox proclaiming that they've had reached 1M customers back in December, 2013?

I see a major Ripple (pun intended) effect in the works here, guys, stemming all the way laterally to the TBF. This saddens me.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: DeathAndTaxes on March 11, 2014, 08:40:40 PM
Quote from: Phinnaeus Gage on March 11, 2014, 08:29:04 PM
88,267 accounts now, but at the time of the last Mt Gox dump there were 61,020 accounts. You telling me that only 27,247 new accounts were created over the course of approximately two years, in spite of Mt Gox proclaiming that they've had reached 1M customers back in December, 2013?

The 88,267 is accounts which still have a balance with MtGox.  Someone who created an account, got verified, deposited funds, traded them, and withdrew them from the site would not show up in the list.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: Lauda on March 11, 2014, 08:47:03 PM
Quote from: DeathAndTaxes on March 11, 2014, 08:40:40 PM
Quote from: Phinnaeus Gage on March 11, 2014, 08:29:04 PM
88,267 accounts now, but at the time of the last Mt Gox dump there were 61,020 accounts. You telling me that only 27,247 new accounts were created over the course of approximately two years, in spite of Mt Gox proclaiming that they've had reached 1M customers back in December, 2013?

The 88,267 is accounts which still have a balance with MtGox.  Someone who created an account, got verified, deposited funds, traded them, and withdrew them from the site would not show up in the list.
Then this is possibly correct.
We shouldn't believe anything that MtGox proclaimed.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: darkmule on March 11, 2014, 09:29:41 PM
Quote from: yumei on March 11, 2014, 08:38:40 PM
Its not legit, this guy is scamming. I sent him bitcoins and did not received anything. Most likely he even DO NOT have any passport scans. Please don´t send him any more bitcoins.

You got what you had coming.

Title: Re: Hackers steal data from MtGox server and release it with Mark's reddit account.
Post by: sobriket on March 11, 2014, 09:35:51 PM
Quote from: Phinnaeus Gage on March 11, 2014, 08:29:04 PM
Quote from: usabitcoinbuyer on March 10, 2014, 04:24:06 AM
I'm trying to do some datamining on the files.  Here are some interesting initial observations:

- There are 88267 accounts with BTC balances; I was under the impression there should be more than that.
- There appear to be wallet ids in the transaction history that aren't in the mtgox_balances file.  This would explain the above.
- Some accounts have negative BTC balances (-85 BTC!).  Oops!

Edit: it looks like 0 balance accounts aren't in mtgox_balances, so you can't xref user ids with wallet ids for those.

Edit2: There are 39905 accounts with only fiat balances, for a total of 128172 unique user accounts in the mtgox_balances file.  The btc_xfer_report has 147079 unique wallet ids that have either deposited or withdrawn bitcoin.  That implies at least 18907 users who have shown BTC deposit/withdrawal activity got all their funds out.  I haven't yet gone through the trade history logs, so this is just a lower bound.

88,267 accounts now, but at the time of the last Mt Gox dump there were 61,020 accounts. You telling me that only 27,247 new accounts were created over the course of approximately two years, in spite of Mt Gox proclaiming that they've had reached 1M customers back in December, 2013?

I see a major Ripple (pun intended) effect in the works here, guys, stemming all the way laterally to the TBF. This saddens me.
The dump only lists accounts with a non-null balance


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines