Bitcoin Forum
May 27, 2016, 06:06:48 PM *
News: Latest stable version of Bitcoin Core: 0.12.1 [Torrent]
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 [14] 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 »
  Print  
Author Topic: bitfloor needs your help!  (Read 151515 times)
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
September 05, 2012, 01:52:35 AM
 #261

The only people profiting from bitcoin are hackers. Fuck this shit.

I haven't lost anything yet from bitcoin but it does seem like hackers are just having a field day with it.  As much as everyone hates Mt.Gox because of the cost to put money on there and the loss of anonymity, it seems like they have the best methods on there.  I feel like bit floor should have known better than to have all of their coins in a hot wallet after btc-e and other hacks.  

Exchanges are damned if they do and damned if they don't.  People want the convenience of being able to do instant withdrawals and transfers without any of the risk.

Small Bitcoin services which hold large amounts of other people's BTC are hacker magnets and intruders know that such services are often one or two man operations without capital reserves to invest in infrastructure.  They're soft targets.  Security needs to be baked in from the day a service is created but many Bitcoin services are more concerned about rushing to market than they are about security (they probably tell themselves they'll invest in "proper" security once the profits are rolling in, not realising that a rapidly expanding business often makes little or no profit).

Until Bitcoin service providers lift their game security-wise, people should severely limit the amount of BTC they store on such services.   Bitcoins stored on a service are always at risk.  You accept the risk of them being lost or stolen by leaving them on deposit with a service.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
YoBit.Net Exchange - Start trading LISK Now!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1464372408
Hero Member
*
Offline Offline

Posts: 1464372408

View Profile Personal Message (Offline)

Ignore
1464372408
Reply with quote  #2

1464372408
Report to moderator
1464372408
Hero Member
*
Offline Offline

Posts: 1464372408

View Profile Personal Message (Offline)

Ignore
1464372408
Reply with quote  #2

1464372408
Report to moderator
jwzguy
Hero Member
*****
Offline Offline

Activity: 868



View Profile
September 05, 2012, 01:53:06 AM
 #262

Quote
Roman is trying to do the right thing, with all the information he has available. You guys with USD on the site, please be patient. You can see he tried to let you withdraw, but probably thought it better to make sure he wasn't doing anything illegal as Stephen kept reiterating. There's nothing shady about that. Hopefully he will continue with that soon.

Well sadly Stephen was misinformed and likely turned a bad situation into a worse one.  His talk of injunctions and criminal activity were simply false.  I am just not certain if it was coming from a place of intentional malfeasance or simple ignorance.

I do agree with you jwzguy, that bitfloor has a lot going for it and the situation isn't intractable.
I completely agree, and I think you're correct. Of course I'm not a lawyer, and not responsible for all that money...I certainly don't blame him for wanting to check. I can only imagine the stress he's going through right now.

Icebreaker - please don't jump to conclusions just because someone here is being very opinionated. From his behavior, I think Roman must agree with you.


19wXnWTeGuraN9g5UsMAi119sWzDCQcr7S
Bitcoin Logo shirts!
Shadow383
Sr. Member
****
Offline Offline

Activity: 336


View Profile
September 05, 2012, 01:53:11 AM
 #263

Wow, somebody at Linode really is making a fortune from Bitcoin  Roll Eyes
Linode's stolen what? 80K BTC? About $800k?
Not bad.
fcmatt
Legendary
*
Offline Offline

Activity: 1078


View Profile
September 05, 2012, 02:04:42 AM
 #264

Wow, somebody at Linode really is making a fortune from Bitcoin  Roll Eyes
Linode's stolen what? 80K BTC? About $800k?
Not bad.

i am of the opinion the owner of bitfloor has very little idea what happened.

put it this way.. he put the site back online. does that sound like someone who knows security?

at the very least you nuke the install from orbit, reinstall a clean patched os, recover from backups,

AND fix the darn hole.

I do not think that happened. I would like to know how they got in.
giszmo
Legendary
*
Offline Offline

Activity: 1568


¡ɥɔʇɐʍ ʇsnɾ &#7


View Profile WWW
September 05, 2012, 02:15:14 AM
 #265

Maybe we should go for fractional reserve for security. Exchanges don't have to hold any bitcoins and instead of charging addresses, they show withdrawal addresses that were earlier posted to them by people wanting to withdraw. This would only imply a slight delay here and there but provide much more security.</irony>

blakdawg
Member
**
Offline Offline

Activity: 113


View Profile
September 05, 2012, 02:19:06 AM
 #266

Maybe we should go for fractional reserve for security. Exchanges don't have to hold any bitcoins and instead of charging addresses, they show withdrawal addresses that were earlier posted to them by people wanting to withdraw. This would only imply a slight delay here and there but provide much more security.</irony>


It would be a lot easier if the hackers would accept USD, then we wouldn't have to go to the trouble of converting to BTC so it can be stolen.

Or we could just put the account records on a wiki, and we can just update the wiki when we make deposits and withdrawls. Then the exchange operators wouldn't even need to log in to their own site.

whitslack
Member
**
Offline Offline

Activity: 118



View Profile
September 05, 2012, 02:28:02 AM
 #267

It would be a lot easier if the hackers would accept USD, then we wouldn't have to go to the trouble of converting to BTC so it can be stolen.
LoL! They do. Those hackers are known as "banksters."
stoppots
Sr. Member
****
Offline Offline

Activity: 271


View Profile
September 05, 2012, 02:47:48 AM
 #268


Sounds like the cold storage was deposited with pirate.
 
bitcorn
Newbie
*
Offline Offline

Activity: 19



View Profile
September 05, 2012, 02:48:20 AM
 #269

I go to the site and it reads this (which it still reads)

Bitfloor Website
Is currently offline.
It will be back shortly.
I check back later and its up. So I sent 136 coin to my deposit address.
Anyone else think the message on the site should read
DO NOT SEND ANY COIN TO US WE HAVE BEEN HACKED!!!!!
or something of that nature. I only keep my money in coin for less than 24 hours before converting it and got screwed. Guess I stop taking bitcoin cause its too risky.

Speaking like a true Junior.

Imagine how Bitfloor feels right now.

Speaking of Junior League: looking through Google's cache of bitfloor, and maybe I'm just missing something obvious here, but I don't see TOS at all. Did bitfloor users agree to a specific TOS via email, or some form of messaging, or… what?

Ƀ ⇢ 1MmEUyo8NAifNN3avQtrFDjPQzhPMMgB36
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
September 05, 2012, 02:57:56 AM
 #270

Wow, somebody at Linode really is making a fortune from Bitcoin  Roll Eyes
Linode's stolen what? 80K BTC? About $800k?
Not bad.

i am of the opinion the owner of bitfloor has very little idea what happened.

put it this way.. he put the site back online. does that sound like someone who knows security?

at the very least you nuke the install from orbit, reinstall a clean patched os, recover from backups,

AND fix the darn hole.

I do not think that happened. I would like to know how they got in.

Especially on a supposed semi-airgapped machine.  My theory:  roman allowed access from his machine for connivence and they compromised THAT which allowed them to pivot into the cold storage server.

Also as to the backun on an unencrypted portion of the disk:  this would make no difference if they were logged into the running server, unless the encrypted volume was usually unmounted (which does not sound like it was).  It sounds like the machine used encryption, but that only really defeats cold attacks on the disk.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
IveBeenBit
Sr. Member
****
Offline Offline

Activity: 444



View Profile
September 05, 2012, 03:10:47 AM
 #271

Speaking of Junior League: looking through Google's cache of bitfloor, and maybe I'm just missing something obvious here, but I don't see TOS at all. Did bitfloor users agree to a specific TOS via email, or some form of messaging, or… what?

I actually don't remember seeing one, either, and at one point, I DID go looking for one to clarify one of their policies, but wound up just emailing support instead.
thebaron
Sr. Member
****
Offline Offline

Activity: 406


wat


View Profile
September 05, 2012, 03:16:49 AM
 #272

In b4 pirateat40 ran bitfloor.

I run http://mail-to-jail.com. I am "thebaron-btc" on Bitcoin-OTC.
fcmatt
Legendary
*
Offline Offline

Activity: 1078


View Profile
September 05, 2012, 03:23:16 AM
 #273

Wow, somebody at Linode really is making a fortune from Bitcoin  Roll Eyes
Linode's stolen what? 80K BTC? About $800k?
Not bad.

i am of the opinion the owner of bitfloor has very little idea what happened.

put it this way.. he put the site back online. does that sound like someone who knows security?

at the very least you nuke the install from orbit, reinstall a clean patched os, recover from backups,

AND fix the darn hole.

I do not think that happened. I would like to know how they got in.

Especially on a supposed semi-airgapped machine.  My theory:  roman allowed access from his machine for connivence and they compromised THAT which allowed them to pivot into the cold storage server.

Also as to the backun on an unencrypted portion of the disk:  this would make no difference if they were logged into the running server, unless the encrypted volume was usually unmounted (which does not sound like it was).  It sounds like the machine used encryption, but that only really defeats cold attacks on the disk.

I dunno. He used linode and i would guess to save money it was vps. Not a few dedicated machines.
dust
Hero Member
*****
Offline Offline

Activity: 840



View Profile WWW
September 05, 2012, 03:27:21 AM
 #274

I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.

Cryptocoin Mining Info | OTC | PGP | Twitter | freenode: dust-otc | BTC: 1F6fV4U2xnpAuKtmQD6BWpK3EuRosKzF8U
fcmatt
Legendary
*
Offline Offline

Activity: 1078


View Profile
September 05, 2012, 03:30:05 AM
 #275

I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.

It is cheap, advertised, and maybe OP did not read the threads about it.

I am going to guess mysql inject, found a crypt pass or plain text pass of OP, then logged in via ssh or web which had no acls.
Shadow383
Sr. Member
****
Offline Offline

Activity: 336


View Profile
September 05, 2012, 03:42:42 AM
 #276

I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.

It is cheap, advertised, and maybe OP did not read the threads about it.

I am going to guess mysql inject, found a crypt pass or plain text pass of OP, then logged in via ssh or web which had no acls.
I'm going to guess someone at linode has a car that seems very expensive for their salary.
Domrada
Full Member
***
Offline Offline

Activity: 197



View Profile
September 05, 2012, 03:45:27 AM
 #277

Roman:

If you decide to raise money from investors, please send me a pm.
lomax
Member
**
Offline Offline

Activity: 75


View Profile
September 05, 2012, 04:33:01 AM
 #278

it seems likely that BTC sent in AFTER the hack announcement may be set aside in an eventual settlement

What about the people who don't go here. Shouldn't the site have a warning or an e-mail blast? This is kinda like lets post on bitcointalk and hope everyone knows to go read there before sending or god forbid an automated system since they advertized having api for that very reason.

You are 100% correct, there is still nothing on the website to indicate that it is down for anything other than some trivial maintenance. Relying on your customers to read this thread is insane.
Maria
Sr. Member
****
Offline Offline

Activity: 454



View Profile
September 05, 2012, 04:44:16 AM
 #279

I had 4,231 BTC in Bitfloor. I want my money NOW!


Just kidding, lol! Thank God a few months ago I was going to make a HUGE deposit to bitfloor but a very Wise Man told me.."Stay away from that dude, hes a fucking idiot, he uses his personal bank account for deposits and withdrawals.."

I Thank You Sir You Know Who You Are!!

MultiCoin Maria.

Dont hate
jwzguy
Hero Member
*****
Offline Offline

Activity: 868



View Profile
September 05, 2012, 04:48:56 AM
 #280

I had 4,231 BTC in Bitfloor. I want my money NOW!


Just kidding, lol! Thank God a few months ago I was going to make a HUGE deposit to bitfloor but a very Wise Man told me.."Stay away from that dude, hes a fucking idiot, he uses his personal bank account for deposits and withdrawals.."

I Thank You Sir You Know Who You Are!!

MultiCoin Maria.

Dont hate
Oh look, the forex scammer! And another lie. How predictable.
Glad to see that so many people have you on ignore, Leo.

19wXnWTeGuraN9g5UsMAi119sWzDCQcr7S
Bitcoin Logo shirts!
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 [14] 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!