Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: aq on July 19, 2012, 05:14:47 PM



Title: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 05:14:47 PM
Bitcoin is really a hackers dream.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker.
This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.
Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...


Title: Re: Bitcoin is a hackers dream
Post by: error on July 19, 2012, 05:19:17 PM
And your point is?

If you are stupid and leave a briefcase full of cash out in the public square, you SHOULD be blamed when it gets stolen.


Title: Re: Bitcoin is a hackers dream
Post by: dree12 on July 19, 2012, 05:20:56 PM
This has happened with Mt. Gox last year (Gox was blamed) as well. The issue is not so much blaming the victim, as blaming the only identificable source of error (try tracking down these hackers...).


Title: Re: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 05:24:27 PM
This has happened with Mt. Gox last year (Gox was blamed) as well. The issue is not so much blaming the victim, as blaming the only identificable source of error (try tracking down these hackers...).
This time MtGox even knows who has stolen the funds. Does that change anything? Apparently not!


Title: Re: Bitcoin is a hackers dream
Post by: mufa23 on July 19, 2012, 05:25:56 PM
Psychologically, they already know they lost their money to the hacker and know they aren't getting it back. They feel better about blaming someone else (the operator) so they don't feel as stupid about it. The more they whine about the operator not doing a good enough job, the better they will feel, and start to forget about their own stupidity. Even though it's the hackers fault for all of this, everyone knows catching them and getting their BTC back is never going to realistically happen.

Tell yourself a lie long enough, and even you will start to believe it.


Title: Re: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 05:28:02 PM
And your point is?

If you are stupid and leave a briefcase full of cash out in the public square, you SHOULD be blamed when it gets stolen.
It was more like this: a burglar breaks into your hours, and you call the police, they will not investigate but tell you: "you should have had 10 foot concrete walls around your house, but your where only 3 foot, so it your fault. now go to jail".


Title: Re: Bitcoin is a hackers dream
Post by: SpontaneousDisorder on July 19, 2012, 05:29:06 PM
This has happened with Mt. Gox last year (Gox was blamed) as well. The issue is not so much blaming the victim, as blaming the only identificable source of error (try tracking down these hackers...).
This time MtGox even knows who has stolen the funds. Does that change anything? Apparently not!


Where have they said that?


Title: Re: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 05:31:19 PM
Psychologically, they already know they lost their money to the hacker and know they aren't getting it back. They feel better about blaming someone else (the operator) so they don't feel as stupid about it. The more they whine about the operator not doing a good enough job, the better they will feel, and start to forget about their own stupidity. Even though it's the hackers fault for all of this, everyone knows catching them and getting their BTC back is never going to realistically happen.

Tell yourself a lie long enough, and even you will start to believe it.
First I thought like you. But this time the hacker is known, according to MtGox. But still they blame and try to sue the operator, and don't care about the actual thief. So I think it is more symptomatic than it is self-deception.


Title: Re: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 05:37:44 PM
This has happened with Mt. Gox last year (Gox was blamed) as well. The issue is not so much blaming the victim, as blaming the only identificable source of error (try tracking down these hackers...).
This time MtGox even knows who has stolen the funds. Does that change anything? Apparently not!


Where have they said that?
Regular customers have to wait weeks to get their funds out, but the hacker managed do withdraw this in an instant. So of course, MtGox knows them. And so eventually somewhere in this MtGox account thread they stated that they do, but don't share this information publicly.


Title: Re: Bitcoin is a hackers dream
Post by: bulanula on July 19, 2012, 05:41:10 PM
Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Well done cpt. Obvious !

Until BTC is legal tender or recognised by the law / state as property nobody can do a damn thing about them getting stolen / hacked.

Try and tell the police somebody stole your WOW gold or monopoly money = BS.

The funny thing with Bitcoinica is : why no USD returned yet ? why no police report as hacking into computer systems is illegal ?

Smells funny to me.


Title: Re: Bitcoin is a hackers dream
Post by: Come-from-Beyond on July 19, 2012, 05:44:13 PM
Bitcoin is really a hackers dream.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker.
This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.
Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Welcome to crypto-anarchy! The future is already here.


Title: Re: Bitcoin is a hackers dream
Post by: SkRRJyTC on July 19, 2012, 05:48:25 PM
Bitcoin is really a hackers dream.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker.
This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.
Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Welcome to crypto-anarchy! The future is already here.

A. If you go after the hacker... there will be 10 more in line behind him.

A. Going after the hackers protects a bad service.

B. If you go after the service provider... the next 10 hackers will be unsuccessful.

B. Going after the service provider ensures a better service is provided in the future.


Title: Re: Bitcoin is a hackers dream
Post by: Timo Y on July 19, 2012, 06:43:01 PM
So are credit cards.

What fraction of carders actually get caught?

Even if the credit card customer is negligent, it's usually the bank that takes the hit, and then socializes the cost among all customers. Very rarely the it's the scammer.

With bitcoin, at least I don't have to pay for other people's negligence. And yes, if you entrust tens of thousands of dollars to an alpha-web app run by an one-man enterprise then that is also a form of negligence.


Title: Re: Bitcoin is a hackers dream
Post by: foggyb on July 19, 2012, 07:01:51 PM

Until BTC is legal tender or recognised by the law / state as property nobody can do a damn thing about them getting stolen / hacked.


This only serves to highlight the corruption of the state. They serve only their own interests while ignoring legitimate property right claims.

This isn't a bitcoin problem, OP.


Title: Re: Bitcoin is a hackers dream
Post by: DannyHamilton on July 19, 2012, 07:02:21 PM
Regular customers have to wait weeks to get their funds out, but the hacker managed do withdraw this in an instant. So of course, MtGox knows them. And so eventually somewhere in this MtGox account thread they stated that they do, but don't share this information publicly.
I don't follow your logic.  The hacker logged into MtGox as Bitcoinica.  MtGox allowed the instant transfer because they know who Bitcoinica is.  This doesn't mean they know who the hacker is.  I have not seen anywhere that MtGox said that they can identify the hacker.


Title: Re: Bitcoin is a hackers dream
Post by: repentance on July 19, 2012, 07:02:50 PM
And so eventually somewhere in this MtGox account thread they stated that they do, but don't share this information publicly.

They said they were filing a report with the police and could not publicly discuss the information they had while the matter was being investigated.  They did not say that they knew who the hacker was.  They said they knew where the transactions went.  That information may allow the hacker to be traced but it doesn't mean that MtGox is aware of their identity.


Title: Re: Bitcoin is a hackers dream
Post by: DannyHamilton on July 19, 2012, 07:11:40 PM
It was more like this: a burglar breaks into your hours, and you call the police, they will not investigate but tell you: "you should have had 10 foot concrete walls around your house, but your where only 3 foot, so it your fault. now go to jail".
Perhaps more like this:
You use a bank that is not insured to deposit your money.  You believe that the bank is taking reasonable security precautions. They store all deposits in a vault that requires a key that is only held by the bank owner.  The bank owner then gets careless and makes multiple copies of the key to the vault.  The bank announces that it will be closing its doors and sends all its employees home.  Then the bank owner leaves the copies of the vault key in public places all over town attached to a note that says "bank vault key" and has the address of the bank.  A criminal who knows that there is no security guarding the bank finds one of the copies of the key.  He walks in the unlocked front door when nobody is looking. He uses the key, takes the money out of the vault, and leaves. He leaves behind no evidence.

Obviously you are upset that a criminal took your money from the vault before the bank managed to return your deposit to you, but why wouldn't you blame the bank owner for leaving the key all over town and the money unsecured?


Title: Re: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 07:14:26 PM
And so eventually somewhere in this MtGox account thread they stated that they do, but don't share this information publicly.

They said they were filing a report with the police and could not publicly discuss the information they had while the matter was being investigated.  They did not say that they knew who the hacker was.  They said they knew where the transactions went.  That information may allow the hacker to be traced but it doesn't mean that MtGox is aware of their identity.
Wow, I wasn't aware that you can withdraw 40kBTC and 40kUSD while having an anonymous account at MtGox. The same MtGox that is known for their extensively KYC and AML... Maybe you know something that we dont?


Title: Re: Bitcoin is a hackers dream
Post by: rjk on July 19, 2012, 07:20:13 PM
And so eventually somewhere in this MtGox account thread they stated that they do, but don't share this information publicly.

They said they were filing a report with the police and could not publicly discuss the information they had while the matter was being investigated.  They did not say that they knew who the hacker was.  They said they knew where the transactions went.  That information may allow the hacker to be traced but it doesn't mean that MtGox is aware of their identity.
Wow, I wasn't aware that you can withdraw 40kBTC and 40kUSD while having an anonymous account at MtGox. The same MtGox that is known for their extensively KYC and AML... Maybe you know something that we dont?
Read DannyHamilton's comment 3 or 4 posts above yours. Obviously Bitcoinica's account was AML verified/trusted, so withdrawals of huge amounts would be possible. How it happened instantly, I don't know.


Title: Re: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 07:31:44 PM
...

As I said we know how and where the USD moved, so yes.

And about the Bitcoins, it would have been easy for MtGox to tell us the transaction ID, but they choose to astonish some Japanese police officer with such information, IF they even filed that report.


Title: Re: Bitcoin is a hackers dream
Post by: repentance on July 19, 2012, 07:56:47 PM
Wow, I wasn't aware that you can withdraw 40kBTC and 40kUSD while having an anonymous account at MtGox. The same MtGox that is known for their extensively KYC and AML... Maybe you know something that we dont?

It wasn't an anonymous account which withdrew the money.  It was the Bitcoinica account which had trusted status - at one point the limits for trusted status were $100,000 and BTC 40,000 daily.  They've been revised since then and yet again after the hack.  you need to remember that as far as MtGox's computer was concerned it was Bitoinica making the withdrawals and Bitcoinica had a history of moving large amounts on and off MtGox.  It's possible that there even more funds in the Bitcoinica account but the hacker was unable to access them because of the daily limits.


Title: Re: Bitcoin is a hackers dream
Post by: repentance on July 19, 2012, 08:00:02 PM

And about the Bitcoins, it would have been easy for MtGox to tell us the transaction ID, but they choose to astonish some Japanese police officer with such information, IF they even filed that report.

Whoever took the funds is laundering money.  There are massive penalties for disclosing information related to money laundering investigations.


Title: Re: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 08:01:14 PM
Wow, I wasn't aware that you can withdraw 40kBTC and 40kUSD while having an anonymous account at MtGox. The same MtGox that is known for their extensively KYC and AML... Maybe you know something that we dont?

It wasn't an anonymous account which withdrew the money.  It was the Bitcoinica account which had trusted status - at one point the limits for trusted status were $100,000 and BTC 40,000 daily.  They've been revised since then and yet again after the hack.  you need to remember that as far as MtGox's computer was concerned it was Bitoinica making the withdrawals and Bitcoinica had a history of moving large amounts on and off MtGox.  It's possible that there even more funds in the Bitcoinica account but the hacker was unable to access them because of the daily limits.

I think you missed this:

As I said we know how and where the USD moved, so yes.

They know to whom the funds have been transferred.


Title: Re: Bitcoin is a hackers dream
Post by: repentance on July 19, 2012, 08:06:30 PM

I think you missed this:

As I said we know how and where the USD moved, so yes.

They know to whom the funds have been transferred.

Where does not equal whom.  We have no idea what method of withdrawal was used for the USD, but it';s unlikely that the hacker tried to get it payed into their bank account.


Title: Re: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 08:27:00 PM

I think you missed this:

As I said we know how and where the USD moved, so yes.

They know to whom the funds have been transferred.

Where does not equal whom.  We have no idea what method of withdrawal was used for the USD, but it';s unlikely that the hacker tried to get it payed into their bank account.
While unlikely, we don't know it. Keep in mind, that all those more or less anonymous withdraws take weeks, so either MtGox helped to speed this up, in which case they very much know with whom they dealt, or yes it was redrawn to some bank account.


Title: Re: Bitcoin is a hackers dream
Post by: DeathAndTaxes on July 19, 2012, 08:30:23 PM

I think you missed this:

As I said we know how and where the USD moved, so yes.

They know to whom the funds have been transferred.

Where does not equal whom.  We have no idea what method of withdrawal was used for the USD, but it';s unlikely that the hacker tried to get it payed into their bank account.
While unlikely, we don't know it. Keep in mind, that all those more or less anonymous withdraws take weeks, so either MtGox helped to speed this up, in which case they very much know with whom they dealt, or yes it was redrawn to some bank account.


Or it was transferred to a handful of throw away account w/ fake info and used to buy BTC and removed from the site.
Or it was transferred to Accrum Exchange and used to buy Liberty Reserve.

Lots of methods to get USD off MtGox nearly instantly.  Not all of them are low cost but I doubt any thief was worried about that.

The idea that the thief did a wire transfer to their personal bank account is just stupid.


Title: Re: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 08:56:14 PM
Or it was transferred to Accrum Exchange and used to buy Liberty Reserve.
I think Aurum Exchange is not that anonymously. If this was the case, they could probably identify the hacker, once given some information. But because all information that could lead to the hacker is classified by MtGox we will never know.

The idea that the thief did a wire transfer to their personal bank account is just stupid.
I agree, but even then, have you ever seen single police investigation in Bitcoin land? There have been a number of heists and not a single one. So why now? Why  do you believe, that it will be different this time?

BTW, it is still be possible that one of the involved parties (Consultancy,Zhou,Tihan,...) was withdrawing.
The community could recognize some account number or anything. I doubt that some complete Bitcoin-virgin that did steal this.
I give you an example: someone recognized Zhou exchanging some 40k$ LR to RMB for some bad rate in a hurry a day after the theft. Zhou said it was unrelated, but this shows that a community can recognize way more than some astonished local Japanese police officer.


Title: Re: Bitcoin is a hackers dream
Post by: Matthew N. Wright on July 19, 2012, 09:07:23 PM
Even though aq is making glaring assumptions and seems to be hell bent on ignoring reason, I think the gist of the message is 100% true. Never before has it been so profitable (and risk-free) to hack.

We are only seeing the beginning people. Bitcoin will push hackers and technology through greed alone. SHA256 could be cracked/exploited.


Title: Re: Bitcoin is a hackers dream
Post by: niko on July 19, 2012, 09:30:39 PM
Bitcoin is really a hackers dream.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker.
This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.
Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Welcome to crypto-anarchy! The future is already here.

A. If you go after the hacker... there will be 10 more in line behind him.

A. Going after the hackers protects a bad service.

B. If you go after the service provider... the next 10 hackers will be unsuccessful.

B. Going after the service provider ensures a better service is provided in the future.

A. If you go after the thief, he will be ultimately unsuccessful in his plan, and others will think twice if theft is worth the consequences. Going after thieves protects honest people from becoming victims.

B. If you go after service provider (assuming no criminal negligence or insider jobs, in which case A applies), you will punish the victim - and we are talking potentially devastating consequences for their careers, families, and health. Other service providers will boost up security out of fear, and outsource the cost to third parties or to customers. Thieves will have nothing to fear, and will now have to either step up their efforts or find another victim. Either way, more shitty situations which could have been avoided with option A.

I tend to agree with OP.


Title: Re: Bitcoin is a hackers dream
Post by: Matthew N. Wright on July 19, 2012, 09:53:15 PM
Bitcoin is really a hackers dream.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker.
This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.
Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

And how is that different from cash, exactly ?


Hack a USD bank, lose your life.
Hack a BTC bank, lose your OTC reputation lol


Title: Re: Bitcoin is a hackers dream
Post by: aq on July 19, 2012, 10:00:53 PM
Bitcoin is really a hackers dream.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker.
This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.
Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

And how is that different from cash, exactly ?


Hack a USD bank, lose your life.
Hack a BTC bank, lose your OTC reputation lol
Now that would be a great development, because currently we have it this way:
Hack a USD bank, lose your life.
Hack a BTC bank, be completely ignored and happily spend the coins.


Title: Re: Bitcoin is a hackers dream
Post by: MagicalTux on July 20, 2012, 12:32:09 AM
As I said we know how and where the USD moved, so yes.

And about the Bitcoins, it would have been easy for MtGox to tell us the transaction ID, but they choose to astonish some Japanese police officer with such information, IF they even filed that report.

Some Japanese police officiers, our lawyers, and the people at Bitcoinica, plus the people who have helped during the investigation.

About the Bitcoins, we could share the transaction IDs, but I'm pretty sure everyone already got them (a 40k BTC tx is easy to locate)


Title: Re: Bitcoin is a hackers dream
Post by: Transisto on July 20, 2012, 08:03:58 AM
Hopefully Bitcoin teaches people personal responsibility. I doubt it, but one can dream.

It's so ridiculously easy to secure your own coins, if yours are stolen, you've made a mistake. This isn't blaming the victim, it's stating a fact.

The world is a harsh place full of people who will do whatever they can to get an advantage. This probably isn't going to change anytime in the near future, so the answer is to protect yourself.

Personally, I feel it's far easier and far cheaper to secure Bitcoins than any other asset I can think of. With some minimal effort you can raise the bar for wallet theft so high that it is practically impossible to have your coins stolen. I'm speaking of encrypted wallet fragments located in different physical locations under lock and key. I'd like to see someone hack that.

TL;DR: The Bitcoin user has the option to make his coins impossible to hack, for all practical purposes. A hacker's dream, I think not. A fool and his money are soon parted.

Sorry I don't buy the bolded parts.
The software part I agree can make it "virtually" impossible to steal, but there always is a physical and mental part that is near impossible to secure without high costs and high inconveniences.

A good way to make your coins practically impossible to steal is to send them to a random address...


Title: Re: Bitcoin is a hackers dream
Post by: zhoutong on July 20, 2012, 10:03:19 AM
I give you an example: someone recognized Zhou exchanging some 40k$ LR to RMB for some bad rate in a hurry a day after the theft. Zhou said it was unrelated, but this shows that a community can recognize way more than some astonished local Japanese police officer.

Since my name has been mentioned I would just reply in this thread anyway. I'll explain this, for once and for all.

As I explained in the QQ Group where the trades happened, I was cashing out for a Singaporean friend who has $100K in total in several LR accounts. I was able to get much better USD/SGD exchange rates than any bank customers. (I was able to get "interbank" rates: https://bitcointalk.org/index.php?topic=76156.0 (https://bitcointalk.org/index.php?topic=76156.0))

I was not "in a hurry". Even on today I have done a deal with someone. (7 days is not "hurry".)

The rate was not bad. Most e-currency exchanges charge 1.5%-2% plus wire fees (about $50 per transaction including routing fees). USD/CNY exchange rate is highly stable and I can access to discounted exchange rate through my Chinese bank as well. I actually got a better deal.

And it's definitely not $40K (which is the stolen USD amount that Bitcoinica claims). I have also placed a single $40K AurumXchange order during the same period.

I still have an operating business in Singapore (http://www.sgitcoin.com/ (http://www.sgitcoin.com/)) and this service is actually quite popular (top Google result for "buy bitcoin in singapore"). Therefore I regularly deal with foreign exchange, money transfers and e-currencies.

This kind of transactions are very common to me. It happens all the time before the hack. (For example, trading over $20K with UserXXX: https://bitcointalk.org/index.php?topic=93109.msg1039996#msg1039996 (https://bitcointalk.org/index.php?topic=93109.msg1039996#msg1039996))


Title: Re: Bitcoin is a hackers dream
Post by: Gabi on July 20, 2012, 10:41:14 AM
Lol this thread is so fail. Let's speak about the hundreds or thousands of billions of dollars and euro scammed and hacked every year?


Title: Re: Bitcoin is a hackers dream
Post by: Kluge on July 20, 2012, 11:09:59 AM
Hopefully Bitcoin teaches people personal responsibility. I doubt it, but one can dream.

It's so ridiculously easy to secure your own coins, if yours are stolen, you've made a mistake. This isn't blaming the victim, it's stating a fact.

The world is a harsh place full of people who will do whatever they can to get an advantage. This probably isn't going to change anytime in the near future, so the answer is to protect yourself.

Personally, I feel it's far easier and far cheaper to secure Bitcoins than any other asset I can think of. With some minimal effort you can raise the bar for wallet theft so high that it is practically impossible to have your coins stolen. I'm speaking of encrypted wallet fragments located in different physical locations under lock and key. I'd like to see someone hack that.

TL;DR: The Bitcoin user has the option to make his coins impossible to hack, for all practical purposes. A hacker's dream, I think not. A fool and his money are soon parted.
Worth noting in Bitcoinland, there just isn't much money floating around. The current BTC market cap could not even purchase the world's 15th most expensive yacht. Much (if not most) business is done between people with little to no experience in the sector they're trading in. Security is surprisingly lacking when you assume everyone is a well-read nerd with plenty of time and money, but much more expected thinking most Bitcoin-related businesses are 3 years old or newer, start with the standard start-up budget of near-nothing, do not have profits able to justify hiring serious, experienced security experts, and having business operators with as much experience in their sector as their business has existed.

Hard to imagine this problem not getting better, even without shifting responsibility onto governments instead of those who permitted victimization. Even if Bitcoinica ops do not learn from mistakes, other ops will. MtGox did not need two more tens-of-thousands-worth-of-USD hacks to realize they needed to beef up security in a dramatic fashion, and they did  not need the government tracking down a cyber-criminal in Moldova to do so, nor to repay customers.


Title: Re: Bitcoin is a hackers dream
Post by: Nekrobios on July 20, 2012, 11:26:10 AM
Bitcoin so far has been a great distributory tool in moving value from honest people to hackers, thiefs, and scammers. You could say it's a way to destroy wealth. ;D


Title: Re: Bitcoin is a hackers dream
Post by: niko on July 20, 2012, 03:20:41 PM
I think OP was referring to the mindset of certain Bitcoin users, not criticizing btc itself. Apparently many think that it's perfectly ok to steal, and to let thieves operate without any consequences.


Title: Re: Bitcoin is a hackers dream
Post by: phungus on July 20, 2012, 03:32:47 PM

This is definitely a big, huge learning experience for all of us, for sure. :-)


-p


Title: Re: Bitcoin is a hackers dream
Post by: niko on July 20, 2012, 04:31:57 PM
I think OP was referring to the mindset of certain Bitcoin users, not criticizing btc itself. Apparently many think that it's perfectly ok to steal, and to let thieves operate without any consequences.

Then the thread should be titled: "A few individuals are a hackers dream".

If there was a poll thread asking if the Bitcoinica thieves should be punished if caught, I'm sure the overwhelming majority would vote yes.
And yet most of time and resources seem to be dedicated to bashing the victims.


Title: Re: Bitcoin is a hackers dream
Post by: caveden on July 20, 2012, 04:43:30 PM
A. If you go after the thief, he will be ultimately unsuccessful in his plan, and others will think twice if theft is worth the consequences. Going after thieves protects honest people from becoming victims.

B. If you go after service provider (assuming no criminal negligence or insider jobs, in which case A applies), you will punish the victim - and we are talking potentially devastating consequences for their careers, families, and health. Other service providers will boost up security out of fear, and outsource the cost to third parties or to customers[/u]. Thieves will have nothing to fear, and will now have to either step up their efforts or find another victim. Either way, more shitty situations which could have been avoided with option A.

Good points. I highlighted an important part of your post.

If criminals are never punished, innocents will always pay for it one way or another. Security is not free. If we didn't have to worry much about criminals, we could use these resources in better ways. And I know no better way to create a counter-incentive to crime then to punish those who commit it.

I tend to agree with OP.

Me too, except that I don't think this problem is exclusive to bitcoin. It's a "cyberspace problem". Hackers are almost never punished, and the costs of their actions fall over everybody else. Actually, as Timo Y quoted below notes, it's a little better in BTC-world than in CC-word as here the costs of a hack are not totally diluted. (I wouldn't be so harsh on all those who put their money on Bitcoinica though...)

So are credit cards.

What fraction of carders actually get caught?

Even if the credit card customer is negligent, it's usually the bank that takes the hit, and then socializes the cost among all customers. Very rarely the it's the scammer.

With bitcoin, at least I don't have to pay for other people's negligence. And yes, if you entrust tens of thousands of dollars to an alpha-web app run by an one-man enterprise then that is also a form of negligence.



Title: Re: Bitcoin is a hackers dream
Post by: Transisto on July 20, 2012, 04:48:35 PM
...
The software part I agree can make it "virtually" impossible to steal, but there always is a physical and mental part that is near impossible to secure without high costs and high inconveniences.
...
Perhaps you could elaborate on the "physical and mental part" and explain what they have to do with Bitcoin and not any other asset.
You understand having a paper wallet in a vault is not convenient for spending it ?
You understand this vault has a cost right ?
You understand someone know how to open than vault right ? (without force)

You may not know, but there are ways and drugs that will make you do anything even against your will.


Title: Re: Bitcoin is a hackers dream
Post by: Transisto on July 20, 2012, 05:18:49 PM
...
The software part I agree can make it "virtually" impossible to steal, but there always is a physical and mental part that is near impossible to secure without high costs and high inconveniences.
...
Perhaps you could elaborate on the "physical and mental part" and explain what they have to do with Bitcoin and not any other asset.
You understand having a paper wallet in a vault is not convenient for spending it ?
You understand this vault has a cost right ?
You understand someone know how to open than vault right ? (without force)

You may be unaware of it, but there are ways and drugs that will make you do anything even against your will.

Who said anything about a paper wallet? Who said anything about a vault? And your examples go far beyond "hacking".

You can have convenience or you can have security. With clients like Armory you can even have both.

For the price of a cheap laptop and a few thumb drives you can have security that is practically impossible to break. When individually inaccessible pieces of your wallet are spread around in different physical locations, it's going to be pretty hard to "hack". If you fear drugs or torture, and would prefer death over having your Bitcoins stolen, give pieces of your wallet to random family members and tell them to keep secure regardless of any kidnapping ransoms.

I stand by my statement, "I feel it's far easier and far cheaper to secure Bitcoins than any other asset I can think of." I can split the wallet to make it worthless without obtaining each piece. With physical assets, even if they are stored in a vault, once that is breached, you've lost your asset.

I think I've already agreed on the secure part of software (armory), but software run on hardware and are used by brains.

Anyway how convenient is it to have to remember where and recover all the piece of paper wallet are stored before spending it.

That make me think, do we want people to sit on their paper wallet forever or actually use Ƀ for commerce ?


Title: Re: Bitcoin is a hackers dream
Post by: Transisto on July 20, 2012, 06:31:37 PM
...
Well, maybe you didn't realize that you aren't required to keep ALL your Bitcoins on ONE wallet? ;)

You can have a myriad of security measures for as many wallets as you desire. No one in their right mind would make an offline fragmented wallet for 1 Bitcoin.

One of the more amazing features of Bitcoin is, once you have created the deep savings wallet, you can safely SEND as many coins as you wish from anywhere in the world.
What is the deep in "deep saving wallet" ?
Do you mean "safely SEND as many coins as you wish" to it ? The opposite is not true.


Title: Re: Bitcoin is a hackers dream
Post by: on9isrock on July 21, 2012, 03:00:16 PM
we have to admit that is nothing 100% safe/secure
believe me this word come from old folks


Title: Re: Bitcoin is a hackers dream
Post by: bigasic on July 21, 2012, 05:19:19 PM
The only place where I have coins that are not encrypted on my HDD or USB is with an exchanger that uses the yubikey with 2 factor authentication.. The only downside is is that if I were to lose my key, I would be sol for about 2 weeks...

Thats another question.. Is the yubikey is as secure as they make it?


Title: Re: Bitcoin is a hackers dream
Post by: Tril on July 21, 2012, 07:39:08 PM
From the title, I thought this thread was about the other kind of hackers and would have some cool ideas about multisignatures, or verifying receipt of coins without having to have the private key online, or hackerspaces, or other great ideas.  Oh well.  I'll address this:

I think OP was referring to the mindset of certain Bitcoin users, not criticizing btc itself. Apparently many think that it's perfectly ok to steal, and to let thieves operate without any consequences.

It's not OK to steal, and it's wrong for the thief to do so.  It's also wrong to harm innocents or destroy bitcoin entirely in the quest to punish thieves.

Bitcoin provides Internet cash, which does have the weakness of being stealable.  While no one wants to encourage theft, it's a difficult problem, because the initial proposed solution to stop thieves just makes things worse.  Tainting coins makes it too easy for thieves to cause trouble for innocent recipients of stolen coins and adds very little to stop the thief, so it's been rejected as unacceptable by most.  What else can be done?  Convincing merchants and service providers to demand their customers prove the origin of all their coins?  The blockchain can't offer proof, as it's easy to trade private keys outside the blockchain.  Verifying identity?  Adds very little protection (thieves also routinely steal identities) while defeating one of the main reasons to use bitcoin, pseudonymity.  And any intentional collaboration of major mining pools to reverse selected transactions would strike fear into the heart of every Bitcoin user.  Even if improved versions of all of those solutions were adopted by honest merchants, you still have plenty of unscrupulous sellers willing to accept known stolen bitcoins; after all they are "cold", "hard", verifiable bitcoins.

It's easy to pass blame, but everything has tradeoffs.  Yes, bitcoin holders can increase wallet security, at a cost.  Yes, MtGox can make withdrawals more difficult, which they have been doing, but customers have been complaining.  Governments can collaborate internationally to allow stronger investigation and enforcement of computer crime across borders, but this reduces everyone's freedom.  As Internet cash, bitcoin enforces the idea of "trust no one, but yourself" and the wallet holder is ultimately responsible for his or her own security.  And anyone who trusts someone else with their coins is also indirectly responsible for that security.  I knew Bitcoinica had a large hot wallet based on how fast withdrawals were occurring, so I withdrew all my funds.  I have no coins or funds in MtGox or GLBSE because they're huge targets.  I could be making more money if I took these risks but it's up to me.  Security is a trade-off and has a cost.  With Bitcoin, everyone has the freedom to decide who to trust and how much to invest in security.

OP, I understand your disappointment at the state of things.  It's best not to complain about the state of Bitcoin but instead treat the weakness as opportunity.  Go ahead, come up with an amazing new way to stop thefts.  And yes, demand more security from those who hold your coins.  I expect it will be needed, as stealing bitcoins need not be the only incentive for the thieves; they're also paid in fiat, created out of nothing by those who stand to profit from Bitcoin's demise.   Increasing amounts of resources will be spent on attacking bitcoin sites as Bitcoin grows, so at each price jump, spend some bitcoins on as much security as the value of those coins demand, and it will likely pay off.


Title: Re: Bitcoin is a hackers dream
Post by: niko on July 21, 2012, 09:06:41 PM


Tril, thanks for the great analysis. You make some very good points.