|
Title: Bter Feb 14th hack. Blockchain analysis. Post by: stdset on February 16, 2015, 08:45:26 AM There are already several threads about the hack. I suggest to post here info backed by something more than pure speculation, conclusions which could be made from blockchain analysis, your constructive thoughts.
Here is what I posted in another thread: Looking at Bter's 'cold wallet' address: https://blockchain.info/address/1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e we see two outgoing transactions 8 minutes before the hack. Funds were sent to 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 which probably is one of Bter's hot wallet addresses, because there were more outgoing transactions from 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e to that address before, and 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 has huge turnover. Before Feb 14th, the most recent outgoing transaction from 1M2bv occured on Feb 2nd, again funds were sent to 17o5z. And before Feb 2nd the last outgoing transaction from 1M2bv happened on Jan 27th, i.e. outgoing transactions were quite rare, what makes me believe, they indeed were using that address for cold storage. If their cold wallet wasn't very cold, and they were infected with a trojan, that likely happened between Feb 2nd and Feb 14th. If it indeed was cold, the funds were stolen by somebody who had access to the wallet, especially during last several days before the hack. Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: moug on February 17, 2015, 01:45:27 AM 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9
yes it is a Bter address It has been collecting a lot of little funds from change address's Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: stdset on February 18, 2015, 09:40:43 AM Soon after the hack, the thief (or somebody who received coins from him) distributed the smallest (170 BTC) of chunks he created, to several addresses in an interesting transaction: https://blockchain.info/address/1812GWjALf17QPvn4pRRkpSJ3Qt6kx7w2e
Most of the addresses where the coins were sent to were used again and again either before or after the transaction from the thief. I think it's hardly a mixer, since a good mixer absolutely should not reuse addresses. It could be e.g. another exchange (for example BTC-e, because they have plenty of fiat withdrawal options and they don't ask lots of questions like some other exchanges where fiat is present), anyway it could be helpful in chasing the thief. Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: jtalk on February 18, 2015, 12:00:50 PM There is no doubt that this was an insider who had access to the cold storage wallet . This is hard to define that if he did it by his own or many people were involved in this act.
Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: stdset on February 18, 2015, 12:14:57 PM There is no doubt that this was an insider who had access to the cold storage wallet. Why are you so sure?Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: verdun2003 on February 18, 2015, 02:51:00 PM I asked BTER to provide proof they went to the police to file a complaint but my mails went unanswered, I suggest we all send them tweets (https://twitter.com/btercom) or write them e-mails to provide such information (support@mail.bter.com).
Suspecting fool play as it was an alleged "cold wallet hack". Wouldn't be the first exchange to do so... Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: moug on February 20, 2015, 12:09:16 AM Soon after the hack, the thief (or somebody who received coins from him) distributed the smallest (170 BTC) of chunks he created, to several addresses in an interesting transaction: https://blockchain.info/address/1812GWjALf17QPvn4pRRkpSJ3Qt6kx7w2e Most of the addresses where the coins were sent to were used again and again either before or after the transaction from the thief. I think it's hardly a mixer, since a good mixer absolutely should not reuse addresses. It could be e.g. another exchange (for example BTC-e, because they have plenty of fiat withdrawal options and they don't ask lots of questions like some other exchanges where fiat is present), anyway it could be helpful in chasing the thief. To the mixer: http://www.walletexplorer.com/wallet/fea18c17bd397803?from_address=1812GWjALf17QPvn4pRRkpSJ3Qt6kx7w2e Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: stdset on February 20, 2015, 06:56:38 AM To the mixer: http://www.walletexplorer.com/wallet/fea18c17bd397803?from_address=1812GWjALf17QPvn4pRRkpSJ3Qt6kx7w2e It's a useful block explorer, thanks.Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: cazkooo on February 20, 2015, 01:27:08 PM I asked BTER to provide proof they went to the police to file a complaint but my mails went unanswered, I suggest we all send them tweets (https://twitter.com/btercom) or write them e-mails to provide such information (support@mail.bter.com). Suspecting fool play as it was an alleged "cold wallet hack". Wouldn't be the first exchange to do so... yeah right, cold wallet hacked is really an old fashion way of saying we are shutting down, but taken by their action to refund their customer, it could be really hacked, but we dont know for sure until full report shown Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: scott btc on February 23, 2015, 04:38:23 AM It is so fucking sad to see people involve themselves with problem like this.
Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: mishax1 on February 23, 2015, 08:24:40 AM If he used fog, then it might say 2 things:
1. He won't get his stoled btc back. 2. He is bitcoinfogs' operator. lol !! SCAM !! 10 days passed, more than 1000 confirmations, more than 25 BTC.. they are selective scammers, definetely. when i try to withdraw small sums like 0.1-0.2 BTC it's ok, but the real big money didn't even shown on my dep. BITCOIN FOG = SCAMMERS, they only let small balances out, but don't even try to send'em more than 5-10 BTC.. Am I the only one who waits so long time?.. Also, it should be easy to get the stolen BTER bitcoins new addresses Quote Do you keep logs? We keep logs for 1 week for debugging and troubleshooting purposes. After that they are automatically deleted. ALL logs are taken care of. Even the bitcoin client we use is purged every week, starting with a fresh installation of only the block chain, and importing all the addresses we need at that point automatically. That way, if you have received a payment from us a month ago, not even the address will be left on our server. If any service tells you that they don't keep any logs at all, they are most probably lying, becauase when clients come asking for funds they think are missing, not having any history is like turning our backs on them and not being able to provide any support. Bitcoin Fog: the service will from now on have a new url: http://foggeddriztrcar2.onion Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: tee-rex on February 23, 2015, 11:51:23 AM If he used fog, then it might say 2 things: 1. He won't get his stoled btc back. 2. He is bitcoinfogs' operator. lol !! SCAM !! 10 days passed, more than 1000 confirmations, more than 25 BTC.. they are selective scammers, definetely. when i try to withdraw small sums like 0.1-0.2 BTC it's ok, but the real big money didn't even shown on my dep. BITCOIN FOG = SCAMMERS, they only let small balances out, but don't even try to send'em more than 5-10 BTC.. Am I the only one who waits so long time?.. Also, it should be easy to get the stolen BTER bitcoins new addresses Quote Do you keep logs? We keep logs for 1 week for debugging and troubleshooting purposes. After that they are automatically deleted. ALL logs are taken care of. Even the bitcoin client we use is purged every week, starting with a fresh installation of only the block chain, and importing all the addresses we need at that point automatically. That way, if you have received a payment from us a month ago, not even the address will be left on our server. If any service tells you that they don't keep any logs at all, they are most probably lying, becauase when clients come asking for funds they think are missing, not having any history is like turning our backs on them and not being able to provide any support. Bitcoin Fog: the service will from now on have a new url: http://foggeddriztrcar2.onion Very strange name for a public service indeed. Also, I don't believe that all the logs are automatically deleted after one week (whatever they might try to persuade you in). Most obviously they are archived and written to some storage media like CDs or whatever. Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: BitcoinDistributor on February 23, 2015, 11:57:10 AM Personally I don't know why you wouldn't just do the following if you were the hacker:
Split up the 7000 into 100 or 200 increments of BTC in each address. Send to bitmixer.io and do a selective, different fee each time. Do one address (of 100-200 BTC) every couple of days, in no predictable fashion. Set a random time delay on each mix to also prevent time delay. And boom. Coins mixed. Now sell them. Title: Re: Bter Feb 14th hack. Blockchain analysis. Post by: stdset on February 23, 2015, 12:09:14 PM This address: https://blockchain.info/address/1J4TJQKgh1phPMcsV8cbRkAhV2Q6V8wW25
also seems to be related to BitcoinFog, although this connection isn't as obvious and straightforward as in the case of 1812GWjALf17QPvn4pRRkpSJ3Qt6kx7w2e Update: as well as https://blockchain.info/address/1Foex8UKai3FMqXzNaQj28MBVmksZ7eJRK https://blockchain.info/address/1GFX81qZpYNg1m3KxqyUDD4pBT5w8uiMvg - very closely related to BitcoinFog, probaly is one of their addresses too. |