Bitcoin Forum
April 25, 2014, 07:03:47 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 [14] 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
  Print  
Author Topic: bitfloor needs your help!  (Read 93036 times)
whitslack
Member
**
Offline Offline

Activity: 112



View Profile

Ignore
September 05, 2012, 01:38:49 AM
 #261

It's also perfectly possible that other exchanges are being hacked in "lifestyle change" amounts but they continue to operate in a combination Ponzi/Flying Dutchman mode, accepting deposits and cheerfully reporting "balances" that are pure fiction, hoping that someday they'll make enough "profit" to earn their way back to solvency, or just because they can't bring themselves to admit that things are broken. The deeper the lies go, the harder it is to come clean.

If an exchange was doing that, some people would probably hold them up as a shining example of a well-run exchange that was impervious to hacks.
I'll point out that Mt.Gox is a Japanese company. The culture over there is even less inclined to admit fiduciary mistakes than it is in the Western world. Look at TEPCO for a prime example. If the underbelly of Mt.Gox were being eroded away by security breaches, they might not say a word.
1398409427
Hero Member
*
Offline Offline

Posts: 1398409427

View Profile Personal Message (Offline)

Ignore
1398409427
Reply with quote  #2

1398409427
Report to moderator
Private Internet Access™ - No logs, Unlimited Bandwidth, PC Magazine's Editor's Choice
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398409427
Hero Member
*
Offline Offline

Posts: 1398409427

View Profile Personal Message (Offline)

Ignore
1398409427
Reply with quote  #2

1398409427
Report to moderator
1398409427
Hero Member
*
Offline Offline

Posts: 1398409427

View Profile Personal Message (Offline)

Ignore
1398409427
Reply with quote  #2

1398409427
Report to moderator
1398409427
Hero Member
*
Offline Offline

Posts: 1398409427

View Profile Personal Message (Offline)

Ignore
1398409427
Reply with quote  #2

1398409427
Report to moderator
repentance
Hero Member
*****
Offline Offline

Activity: 770


View Profile

Ignore
September 05, 2012, 01:52:35 AM
 #262

The only people profiting from bitcoin are hackers. Fuck this shit.

I haven't lost anything yet from bitcoin but it does seem like hackers are just having a field day with it.  As much as everyone hates Mt.Gox because of the cost to put money on there and the loss of anonymity, it seems like they have the best methods on there.  I feel like bit floor should have known better than to have all of their coins in a hot wallet after btc-e and other hacks.  

Exchanges are damned if they do and damned if they don't.  People want the convenience of being able to do instant withdrawals and transfers without any of the risk.

Small Bitcoin services which hold large amounts of other people's BTC are hacker magnets and intruders know that such services are often one or two man operations without capital reserves to invest in infrastructure.  They're soft targets.  Security needs to be baked in from the day a service is created but many Bitcoin services are more concerned about rushing to market than they are about security (they probably tell themselves they'll invest in "proper" security once the profits are rolling in, not realising that a rapidly expanding business often makes little or no profit).

Until Bitcoin service providers lift their game security-wise, people should severely limit the amount of BTC they store on such services.   Bitcoins stored on a service are always at risk.  You accept the risk of them being lost or stolen by leaving them on deposit with a service.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
jwzguy
Hero Member
*****
Offline Offline

Activity: 868



View Profile

Ignore
September 05, 2012, 01:53:06 AM
 #263

Quote
Roman is trying to do the right thing, with all the information he has available. You guys with USD on the site, please be patient. You can see he tried to let you withdraw, but probably thought it better to make sure he wasn't doing anything illegal as Stephen kept reiterating. There's nothing shady about that. Hopefully he will continue with that soon.

Well sadly Stephen was misinformed and likely turned a bad situation into a worse one.  His talk of injunctions and criminal activity were simply false.  I am just not certain if it was coming from a place of intentional malfeasance or simple ignorance.

I do agree with you jwzguy, that bitfloor has a lot going for it and the situation isn't intractable.
I completely agree, and I think you're correct. Of course I'm not a lawyer, and not responsible for all that money...I certainly don't blame him for wanting to check. I can only imagine the stress he's going through right now.

Icebreaker - please don't jump to conclusions just because someone here is being very opinionated. From his behavior, I think Roman must agree with you.


19wXnWTeGuraN9g5UsMAi119sWzDCQcr7S
Bitcoin Logo shirts!
Shadow383
Sr. Member
****
Offline Offline

Activity: 336


View Profile

Ignore
September 05, 2012, 01:53:11 AM
 #264

Wow, somebody at Linode really is making a fortune from Bitcoin  Roll Eyes
Linode's stolen what? 80K BTC? About $800k?
Not bad.
fcmatt
Hero Member
*****
Offline Offline

Activity: 882


View Profile

Ignore
September 05, 2012, 02:04:42 AM
 #265

Wow, somebody at Linode really is making a fortune from Bitcoin  Roll Eyes
Linode's stolen what? 80K BTC? About $800k?
Not bad.

i am of the opinion the owner of bitfloor has very little idea what happened.

put it this way.. he put the site back online. does that sound like someone who knows security?

at the very least you nuke the install from orbit, reinstall a clean patched os, recover from backups,

AND fix the darn hole.

I do not think that happened. I would like to know how they got in.
giszmo
Hero Member
*****
Offline Offline

Activity: 1064


¡ɥɔʇɐʍ ʇsnɾ ˙ǝƃuɐɥɔ ɐuuoƃ s,ןɐǝɹ


View Profile WWW

Ignore
September 05, 2012, 02:15:14 AM
 #266

Maybe we should go for fractional reserve for security. Exchanges don't have to hold any bitcoins and instead of charging addresses, they show withdrawal addresses that were earlier posted to them by people wanting to withdraw. This would only imply a slight delay here and there but provide much more security.</irony>

blakdawg
Member
**
Offline Offline

Activity: 112


View Profile

Ignore
September 05, 2012, 02:19:06 AM
 #267

Maybe we should go for fractional reserve for security. Exchanges don't have to hold any bitcoins and instead of charging addresses, they show withdrawal addresses that were earlier posted to them by people wanting to withdraw. This would only imply a slight delay here and there but provide much more security.</irony>


It would be a lot easier if the hackers would accept USD, then we wouldn't have to go to the trouble of converting to BTC so it can be stolen.

Or we could just put the account records on a wiki, and we can just update the wiki when we make deposits and withdrawls. Then the exchange operators wouldn't even need to log in to their own site.

whitslack
Member
**
Offline Offline

Activity: 112



View Profile

Ignore
September 05, 2012, 02:28:02 AM
 #268

It would be a lot easier if the hackers would accept USD, then we wouldn't have to go to the trouble of converting to BTC so it can be stolen.
LoL! They do. Those hackers are known as "banksters."
stoppots
Sr. Member
****
Offline Offline

Activity: 271


View Profile

Ignore
September 05, 2012, 02:47:48 AM
 #269


Sounds like the cold storage was deposited with pirate.
 
bitcorn
Newbie
*
Offline Offline

Activity: 19



View Profile

Ignore
September 05, 2012, 02:48:20 AM
 #270

I go to the site and it reads this (which it still reads)

Bitfloor Website
Is currently offline.
It will be back shortly.
I check back later and its up. So I sent 136 coin to my deposit address.
Anyone else think the message on the site should read
DO NOT SEND ANY COIN TO US WE HAVE BEEN HACKED!!!!!
or something of that nature. I only keep my money in coin for less than 24 hours before converting it and got screwed. Guess I stop taking bitcoin cause its too risky.

Speaking like a true Junior.

Imagine how Bitfloor feels right now.

Speaking of Junior League: looking through Google's cache of bitfloor, and maybe I'm just missing something obvious here, but I don't see TOS at all. Did bitfloor users agree to a specific TOS via email, or some form of messaging, or… what?

Ƀ ⇢ 1MmEUyo8NAifNN3avQtrFDjPQzhPMMgB36
ErebusBat
Hero Member
*****
Offline Offline

Activity: 546

I am the one who knocks


View Profile

Ignore
September 05, 2012, 02:57:56 AM
 #271

Wow, somebody at Linode really is making a fortune from Bitcoin  Roll Eyes
Linode's stolen what? 80K BTC? About $800k?
Not bad.

i am of the opinion the owner of bitfloor has very little idea what happened.

put it this way.. he put the site back online. does that sound like someone who knows security?

at the very least you nuke the install from orbit, reinstall a clean patched os, recover from backups,

AND fix the darn hole.

I do not think that happened. I would like to know how they got in.

Especially on a supposed semi-airgapped machine.  My theory:  roman allowed access from his machine for connivence and they compromised THAT which allowed them to pivot into the cold storage server.

Also as to the backun on an unencrypted portion of the disk:  this would make no difference if they were logged into the running server, unless the encrypted volume was usually unmounted (which does not sound like it was).  It sounds like the machine used encryption, but that only really defeats cold attacks on the disk.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
IveBeenBit
Sr. Member
****
Offline Offline

Activity: 444



View Profile

Ignore
September 05, 2012, 03:10:47 AM
 #272

Speaking of Junior League: looking through Google's cache of bitfloor, and maybe I'm just missing something obvious here, but I don't see TOS at all. Did bitfloor users agree to a specific TOS via email, or some form of messaging, or… what?

I actually don't remember seeing one, either, and at one point, I DID go looking for one to clarify one of their policies, but wound up just emailing support instead.
thebaron
Sr. Member
****
Offline Offline

Activity: 406


wat


View Profile

Ignore
September 05, 2012, 03:16:49 AM
 #273

In b4 pirateat40 ran bitfloor.

I run http://mail-to-jail.com. I am "thebaron-btc" on Bitcoin-OTC.
fcmatt
Hero Member
*****
Offline Offline

Activity: 882


View Profile

Ignore
September 05, 2012, 03:23:16 AM
 #274

Wow, somebody at Linode really is making a fortune from Bitcoin  Roll Eyes
Linode's stolen what? 80K BTC? About $800k?
Not bad.

i am of the opinion the owner of bitfloor has very little idea what happened.

put it this way.. he put the site back online. does that sound like someone who knows security?

at the very least you nuke the install from orbit, reinstall a clean patched os, recover from backups,

AND fix the darn hole.

I do not think that happened. I would like to know how they got in.

Especially on a supposed semi-airgapped machine.  My theory:  roman allowed access from his machine for connivence and they compromised THAT which allowed them to pivot into the cold storage server.

Also as to the backun on an unencrypted portion of the disk:  this would make no difference if they were logged into the running server, unless the encrypted volume was usually unmounted (which does not sound like it was).  It sounds like the machine used encryption, but that only really defeats cold attacks on the disk.

I dunno. He used linode and i would guess to save money it was vps. Not a few dedicated machines.
dust
Hero Member
*****
Offline Offline

Activity: 840



View Profile WWW

Ignore
September 05, 2012, 03:27:21 AM
 #275

I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.

Cryptocoin Mining Info | OTC | PGP | Twitter | freenode: dust-otc | BTC: 1F6fV4U2xnpAuKtmQD6BWpK3EuRosKzF8U
fcmatt
Hero Member
*****
Offline Offline

Activity: 882


View Profile

Ignore
September 05, 2012, 03:30:05 AM
 #276

I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.

It is cheap, advertised, and maybe OP did not read the threads about it.

I am going to guess mysql inject, found a crypt pass or plain text pass of OP, then logged in via ssh or web which had no acls.
Shadow383
Sr. Member
****
Offline Offline

Activity: 336


View Profile

Ignore
September 05, 2012, 03:42:42 AM
 #277

I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.

It is cheap, advertised, and maybe OP did not read the threads about it.

I am going to guess mysql inject, found a crypt pass or plain text pass of OP, then logged in via ssh or web which had no acls.
I'm going to guess someone at linode has a car that seems very expensive for their salary.
Domrada
Full Member
***
Offline Offline

Activity: 186



View Profile

Ignore
September 05, 2012, 03:45:27 AM
 #278

Roman:

If you decide to raise money from investors, please send me a pm.
lomax
Member
**
Offline Offline

Activity: 75


View Profile

Ignore
September 05, 2012, 04:33:01 AM
 #279

it seems likely that BTC sent in AFTER the hack announcement may be set aside in an eventual settlement

What about the people who don't go here. Shouldn't the site have a warning or an e-mail blast? This is kinda like lets post on bitcointalk and hope everyone knows to go read there before sending or god forbid an automated system since they advertized having api for that very reason.

You are 100% correct, there is still nothing on the website to indicate that it is down for anything other than some trivial maintenance. Relying on your customers to read this thread is insane.
Maria
Sr. Member
****
Offline Offline

Activity: 441



View Profile

Ignore
September 05, 2012, 04:44:16 AM
 #280

I had 4,231 BTC in Bitfloor. I want my money NOW!


Just kidding, lol! Thank God a few months ago I was going to make a HUGE deposit to bitfloor but a very Wise Man told me.."Stay away from that dude, hes a fucking idiot, he uses his personal bank account for deposits and withdrawals.."

I Thank You Sir You Know Who You Are!!

MultiCoin Maria.

Dont hate
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 [14] 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!