Bitcoin Forum
April 16, 2014, 10:12:36 AM *
News: ♦♦ A bug in OpenSSL, used by Bitcoin-Qt/Bitcoin Core, could allow your bitcoins to be stolen. Immediately updating Bitcoin Core to 0.9.1 is required in some cases, especially if you're using 0.9.0. Download. More info.
The same bug also affected the forum. Changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2  All
  Print  
Author Topic: bitfloor coin theft details  (Read 12939 times)
shtylman
Sr. Member
****
Offline Offline

Activity: 243



View Profile

Ignore
September 04, 2012, 05:12:00 PM
 #1

This thread is the sister thread to the "bitfloor needs your help" thread here https://bitcointalk.org/index.php?topic=105818.0

It is meant for the tracking and discussion of the stolen coins from BitFloor.com

The attack came from the following IP:
178.176.218.157

And the coins were withdrawn with the following transactions:
83f3c30dc4fa25afe57b85651b9bbc372e8789d81b08d6966ea81f524e0a02be
d5d23a05858236c379d2aa30886b97600506933bc46c6f2aab2e05da85e61ad2
f9d55dc4b8af65e15f856496335a29e2be40f128a7374c75b75529e864579f93
42ea472060118ee5aee801cdedbc4a3403f3708a87340660f766e2669f0afeb0
358c873892016649ace8e9db4c59f98a6ca8165287ac80e80c52e621f5a26e46

Obviously it is high hopes to have the coins returned, but I do feel that the community can always benefit from more knowledge about high profile thefts and the aftermath.
      0.0065 BTC / GHs for 5 years. NO FEES!    PB Mining
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397643156
Hero Member
*
Offline Offline

Posts: 1397643156

View Profile Personal Message (Offline)

Ignore
1397643156
Reply with quote  #2

1397643156
Report to moderator
1397643156
Hero Member
*
Offline Offline

Posts: 1397643156

View Profile Personal Message (Offline)

Ignore
1397643156
Reply with quote  #2

1397643156
Report to moderator
1397643156
Hero Member
*
Offline Offline

Posts: 1397643156

View Profile Personal Message (Offline)

Ignore
1397643156
Reply with quote  #2

1397643156
Report to moderator
nimda
Hero Member
*****
Offline Offline

Activity: 700


1Nimda | FB0D8D1534241423


View Profile WWW

Ignore
September 04, 2012, 05:24:59 PM
 #2

That IP address is almost certainly one of multiple proxies, but it's in Russia. No help there.

BTC.sx - Leveraged Bitcoin Trading. Simply use Bitcoin to take advantage of a rising or falling Bitcoin price.
I recommend asking me for a signature from my firstbits or GPG key before doing a trade. I will NEVER deny such a request.
1nject0r
Newbie
*
Offline Offline

Activity: 28


View Profile WWW

Ignore
September 04, 2012, 05:28:49 PM
 #3

This thread is the sister thread to the "bitfloor needs your help" thread here https://bitcointalk.org/index.php?topic=105818.0

It is meant for the tracking and discussion of the stolen coins from BitFloor.com

The attack came from the following IP:
178.176.218.157

And the coins were withdrawn with the following transactions:
83f3c30dc4fa25afe57b85651b9bbc372e8789d81b08d6966ea81f524e0a02be
d5d23a05858236c379d2aa30886b97600506933bc46c6f2aab2e05da85e61ad2
f9d55dc4b8af65e15f856496335a29e2be40f128a7374c75b75529e864579f93
42ea472060118ee5aee801cdedbc4a3403f3708a87340660f766e2669f0afeb0
358c873892016649ace8e9db4c59f98a6ca8165287ac80e80c52e621f5a26e46

Obviously it is high hopes to have the coins returned, but I do feel that the community can always benefit from more knowledge about high profile thefts and the aftermath.


wait letme trace

Buy premium script shopping item and much more via LR AND BITCOIN http://searchnow.pro Donate Us via Liberty reserve account U5110163 Or Bitcoin 1NecBPZ7mvJ37bJLFSpWf9pNezpcQQU6NU If u wanna donate Us via Western Union contact Us on lovecreatmafia@gmail.com
1nject0r
Newbie
*
Offline Offline

Activity: 28


View Profile WWW

Ignore
September 04, 2012, 05:43:22 PM
 #4

your server were not hacked i didnot see any defacing issue some account were compromised only but your server are not hacked those were not a russian hacker's they were some other countries hacker

Buy premium script shopping item and much more via LR AND BITCOIN http://searchnow.pro Donate Us via Liberty reserve account U5110163 Or Bitcoin 1NecBPZ7mvJ37bJLFSpWf9pNezpcQQU6NU If u wanna donate Us via Western Union contact Us on lovecreatmafia@gmail.com
epetroel
Sr. Member
****
Offline Offline

Activity: 428


View Profile

Ignore
September 04, 2012, 06:01:49 PM
 #5

your server were not hacked i didnot see any defacing issue some account were compromised only but your server are not hacked those were not a russian hacker's they were some other countries hacker

This makes absolutely no sense...
1nject0r
Newbie
*
Offline Offline

Activity: 28


View Profile WWW

Ignore
September 04, 2012, 06:07:16 PM
 #6

your server were not hacked i didnot see any defacing issue some account were compromised only but your server are not hacked those were not a russian hacker's they were some other countries hacker

This makes absolutely no sense...

i have the proof that server were not hacked even no hacker did that maybe inside employ did this but

if u know how to check defacing site cache google it Tongue

no hackers record on zone-h.org

Buy premium script shopping item and much more via LR AND BITCOIN http://searchnow.pro Donate Us via Liberty reserve account U5110163 Or Bitcoin 1NecBPZ7mvJ37bJLFSpWf9pNezpcQQU6NU If u wanna donate Us via Western Union contact Us on lovecreatmafia@gmail.com
coga
Full Member
***
Offline Offline

Activity: 226


www.btcbuy.info


View Profile WWW

Ignore
September 04, 2012, 06:43:31 PM
 #7

i have the proof that server were not hacked even no hacker did that maybe inside employ did this but

if u know how to check defacing site cache google it Tongue

no hackers record on zone-h.org

dude, the situation is already irritating enough as-is. May we focus on something constructive here?

GPG key: 6F8E305690A05365B58C50A
Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile

Ignore
September 04, 2012, 06:53:14 PM
 #8

I somehow lack compassion today and for that I do apologize.

Having said the above I must say that you kids with all those fat wallet.dat's sitting on your laughable amateurish servers do deserve to be hacked and will continue to be hacked. Right until you come up with some money to pay pros to help you out with information security.

Once you have some money to spend on security conscious hosting and consulting do let me know. A few kBTC/year on proper hosting/security is by far better than 30k loss per year on top of all the reputational problems and likely biz failure.




-
ribuck
Donator
Hero Member
*
Offline Offline

Activity: 1204


View Profile

Ignore
September 04, 2012, 07:00:50 PM
 #9

A few kBTC/year on proper hosting/security is by far better than 30k loss per year on top of all the reputational problems and likely biz failure.

What kind of security guarantee does one get for a few kBTC/year?
vampire
Hero Member
*****
Offline Offline

Activity: 574



View Profile

Ignore
September 04, 2012, 07:01:28 PM
 #10

A few kBTC/year on proper hosting/security is by far better than 30k loss per year on top of all the reputational problems and likely biz failure.

What kind of security guarantee does one get for a few kBTC/year?

Zero
Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile

Ignore
September 04, 2012, 07:02:53 PM
 #11

A few kBTC/year on proper hosting/security is by far better than 30k loss per year on top of all the reputational problems and likely biz failure.

What kind of security guarantee does one get for a few kBTC/year?

Zero

true

but most risks would be reduced dramatically.

Silensec Labs Ltd. (a joint venture of myself and Silensec http://silensec.com/ ) would be happy to discuss what a few kBTC can do for one's information security. But we are going offtopic here, 2 posts full of shameless plugs is too much already.

-
iron77
Member
**
Offline Offline

Activity: 79


View Profile

Ignore
September 04, 2012, 07:12:55 PM
 #12

What would now happen with USD balances?
DeathAndTaxes
Donator
Hero Member
*
Offline Offline

Activity: 952



View Profile WWW

Ignore
September 04, 2012, 07:15:21 PM
 #13

What would now happen with USD balances?

They should be returned as even if bitfloor opens it obviously will be at some point in the future.  Client funds should be escrowed from company funds.  Clients shouldn't be turned into unwilling "investors" simply because they had funds on the wrong site at the wrong time.

I am still confident that shtylman will do the right thing.

Gerald Davis  CEO, Tangible Cryptography Inc.
BitSimple. A simpler way to buy and sell bitcoins
shtylman
Sr. Member
****
Offline Offline

Activity: 243



View Profile

Ignore
September 04, 2012, 07:21:11 PM
 #14

What would now happen with USD balances?
I am still confident that shtylman will do the right thing.

I am working on that right now. I will post to the other thread (https://bitcointalk.org/index.php?topic=105818.0) in a few minutes.
notme
Hero Member
*****
Offline Offline

Activity: 924


View Profile

Ignore
September 04, 2012, 07:41:10 PM
 #15

What would now happen with USD balances?

They should be returned as even if bitfloor opens it obviously will be at some point in the future.  Client funds should be escrowed from company funds.  Clients shouldn't be turned into unwilling "investors" simply because they had funds on the wrong site at the wrong time.

I am still confident that shtylman will do the right thing.

You mean like what is happening to those of us who had mostly bitcoin in their accounts?

While no idea is perfect, some ideas are useful.
Programmer/Math Nerd
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
casascius
Mike Caldwell
VIP
Hero Member
*
Offline Offline

Activity: 1204


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW

Ignore
September 04, 2012, 08:01:25 PM
 #16

With all due respect to the victims in this hacking, whoever they'll end up being, I am suspicious of hacking claims where the announcement of the hack includes a factual assertion of how the hack took place, e.g. "we used encryption but they found our forgotten unencrypted backup".  How does one come to know with certainty that this is actually what happened?  Seriously, I'd expect to see "we don't know how they got our funds, but clearly they did, we can think of n possible ways they did it so far, including this forgotten backup, and we'll let you know more when we find out".

When Bitcoinica announced "funds got stolen, they broke into our MtGox by getting our password from LastPass" I questioned this much the same way - this seems unknowable if you're not the hacker.  If I ever get hacked, I'll probably the first to say "I don't know how they got in, but I'm reformatting things as I speak!  (And your coin balances are safe, because I didn't forget anything anywhere that would put them at risk!)"

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
shtylman
Sr. Member
****
Offline Offline

Activity: 243



View Profile

Ignore
September 04, 2012, 08:04:11 PM
 #17

With all due respect to the victims in this hacking, whoever they'll end up being, I am suspicious of hacking claims where the announcement of the hack includes a factual assertion of how the hack took place, e.g. "we used encryption but they found our forgotten unencrypted backup".  How does one come to know with certainty that this is actually what happened?  Seriously, I'd expect to see "we don't know how they got our funds, but clearly they did, we can think of n possible ways they did it so far, including this forgotten backup, and we'll let you know more when we find out".

This is the most information I have at the moment. There are only a number of places/files on the disk that would have provided the attacker the keys so narrowing this down to a few possibilities was not impractical.
ErebusBat
Hero Member
*****
Offline Offline

Activity: 546

I am the one who knocks


View Profile

Ignore
September 04, 2012, 08:25:32 PM
 #18

With all due respect to the victims in this hacking, whoever they'll end up being, I am suspicious of hacking claims where the announcement of the hack includes a factual assertion of how the hack took place, e.g. "we used encryption but they found our forgotten unencrypted backup".  How does one come to know with certainty that this is actually what happened?  Seriously, I'd expect to see "we don't know how they got our funds, but clearly they did, we can think of n possible ways they did it so far, including this forgotten backup, and we'll let you know more when we find out".

This is the most information I have at the moment. There are only a number of places/files on the disk that would have provided the attacker the keys so narrowing this down to a few possibilities was not impractical.
Not knowing your current security procedures how can you rule out a compromise of your personal PCs? 

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
deus-ex-machina
Full Member
***
Offline Offline

Activity: 162



View Profile

Ignore
September 04, 2012, 08:33:21 PM
 #19

I'm going to try looking into the transaction details. I'll see what I can find. The sooner we get this solved, the better. Even if I find nothing, the least I can do is try to help everyone.
foo
Sr. Member
****
Offline Offline

Activity: 408



View Profile

Ignore
September 04, 2012, 09:13:58 PM
 #20

Here are clickable links to the transactions, to save everyone a lot of cutting and pasting...

http://blockchain.info/tx/83f3c30dc4fa25afe57b85651b9bbc372e8789d81b08d6966ea81f524e0a02be - 16,120 BTC
http://blockchain.info/tx/d5d23a05858236c379d2aa30886b97600506933bc46c6f2aab2e05da85e61ad2 - 1,000 BTC
http://blockchain.info/tx/f9d55dc4b8af65e15f856496335a29e2be40f128a7374c75b75529e864579f93 - 6,400 BTC
http://blockchain.info/tx/42ea472060118ee5aee801cdedbc4a3403f3708a87340660f766e2669f0afeb0 - 60 BTC
http://blockchain.info/tx/358c873892016649ace8e9db4c59f98a6ca8165287ac80e80c52e621f5a26e46 - 498.39 BTC

EDIT: Added the amounts.

I know this because Tyler knows this.
Pages: [1] 2  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!