crypsty hacked over 1.5 yrs ago. 13000 BTCs and 300,000 ltc

[hotsurfing]

I'm so glad i switched from Crpsty to Nxt MultiGateway

[adhitthana]

This should have been the final warning http://www.asx.com.au/asxpdf/20151007/pdf/431x6f9txp36pj.pdf

[BSdetector]

I smell it...

BS

[e-coinomist]

cryptsy hacked themselfs over 1.5 yrs ago,  ••• missing 10M $

  talented 

[Spoetnik]

Cryptsy topic in my SIG has 200+ pages of info..

A LOT has happened along the way last 4 months.

And this topic may get moved to service discussion guys..

[Piston Honda]

fuck that site and fuck most of alt/behind closed doors BS.
wow.  the shit never stops with the scammers/greed. wtf.

[sidhujag]

The claimed way the attack was supposedly done makes no sense, even without using virtual machines no coin daemon running as one user would be able to access another running as another user unless someone deliberately forced passwords into the ps or top type readouts by putting them on commandlines, so even incompetents could hardly be expected to make the proposed attack method workable unless they really went out of their way to ensure such an attack would work, such as by running untrustable shitcoins as the same user as a real valuable coin, and on the same machine, or by deliberately passing passwords on the commandline so other users could see them on top and ps and such.

Basically you'd have to deliberately go out of your way to circumvent all the usual procedures everyone is always instructed to use even for just small personal wallets.

Such deliberate setting up of a situation intended to enable some pathetic excuse like "oh one daemon had a trojan in it" is surely at best criminal negligence and far more likely conspiracy to defraud and steal?

It is a pity really that there are so many regulations around this kind of app because all the perceived/expected additional expense imposed by red tape kind of makes the whole idea of running an exchange at all look way too expensive to the kinds of folks who might be competent to run one, whereas script-kiddies just wanting to set up a nice hackable environment so they can claim they were hacked can do so much cheaper / easier...

...Also come to think of it an IRC command-and-control on a cold-wallet machine would never be able to be commanded and controlled because cold means not on the net, right? Hmm...

-MarkM-

Only way is if root was running the wallet and other wallets were in the same machine.

[markm]

Only way is if root was running the wallet and other wallets were in the same machine.

There is no way any ordinary/available/typical kind of machine, even high powered ones, could run all the coins Cryptsy was running.

Try it!

So it makes even less sense that some pathetic scamcoin would even be on the same physical machine as top of the line actually-valuable well-established coins, let alone on the same username in the same virtual machine.

For a newly-remade trojan without a large team of well known developers with expensive reputations on the line all using verifiable compile processes to sign releases and so on to manage to get run on the same machine as e.g. bitcoin itself would pretty much require a deliberate intent to expose a specific, known number of bitcoins to attack by that new potential-trojan.

In other words, when you choose which physical machine to run a coin on, and which virtual machine on that machine, and which username on that virtual machine, you are specifically deciding how many of which other coins you want to give that new program the opportunity to "attack if it is going to", so you know how many of which coin you want to put at risk and why, such as for example to decide how much temptation you want to expose that program's developer to in order to test his or her integrity and the integrity of the code they have provided.

It is thus pretty much unbelievable that some scamcoin such as lucky7 would ever even be on the same hardware machine, let alone virtual machine, let alone username, as bitcoin...

...Unless you chose for example to test the integrity by putting a half a bitcoin, or a bitcoin, or whatever your chosen bounty is for discovering a trojan, into its reach to test whether despite all your efforts to inspect it it might still harbour some nastiness...

-MarkM-

[vlom]

Cryptsy has failed to explain why they aren't returning the millions of alts still stored in its cold-storage coffers.

Why not return those coins to the rightful owners?

thats exactly what i was thing about after i read the blogpost.

maybe they are selling this coins somewhere else because they never will come back live again. so nobody will ever have the possibility to withdraw these coins. they need money to start a new life. and by selling the rest they can make some money.

[smoothie]

cryptsy hacked themselfs over 1.5 yrs ago,  ••• missing 10M $

lol you should add GOXED in there somewhere too

[smoothie]

This is a poor move by cryptsy. For over 1.5 years, they have kept it secretly. They would have suspended their operations immediately once they realize the missing coins from their wallets. They wouldn't have lost when they did it like that. Silence is the killing factor for cryptsy for now. If they did suspended their operations earlier, many people would have got the original value of the coins back. For the past months, people tried to convert btc to other altcoins for much loss to withdraw. This is isn't acceptable.

Not just that...

People who were DEPOSITING BTC and alts into crypsty for the 1.5 years....is essentially a huge liability on cryptsy's part.

As they were operating essentially a PONZI scheme by robbing PETER (depositor) to pay PAUL (withdrawer).

[smoothie]

Guys, just let's be honest.
If Cryptsy was your exchange and you got hacked and lost a lot of coins.
If you were struggling to keep the exchange open and notice a lot of traders are leaving the exchange.
Would you start a Prepaid Debit Card Program?
Personally I can't believe this. Even if you know it's a sinking ship, keeping the exchange open isn't a criminal offense. It could be seen as damage control.
But actually selling a product of which you know you can't deliver... IMO that's a crime. Why would they risk this?
Hence, I personally doubt about their explaination (and ofcourse added the fact they say they didn't inform the authorities).
Let's see where it ends.  

Leaving the exchange open for people to deposit money to TRADE/EXCHANGE....is technically a product they were selling. Okay more like a service...but apples and oranges...its the same thing just looked at differently a bit in the eyes of "the law".

[smoothie]

The claimed way the attack was supposedly done makes no sense, even without using virtual machines no coin daemon running as one user would be able to access another running as another user unless someone deliberately forced passwords into the ps or top type readouts by putting them on commandlines, so even incompetents could hardly be expected to make the proposed attack method workable unless they really went out of their way to ensure such an attack would work, such as by running untrustable shitcoins as the same user as a real valuable coin, and on the same machine, or by deliberately passing passwords on the commandline so other users could see them on top and ps and such.

Basically you'd have to deliberately go out of your way to circumvent all the usual procedures everyone is always instructed to use even for just small personal wallets.

Such deliberate setting up of a situation intended to enable some pathetic excuse like "oh one daemon had a trojan in it" is surely at best criminal negligence and far more likely conspiracy to defraud and steal?

It is a pity really that there are so many regulations around this kind of app because all the perceived/expected additional expense imposed by red tape kind of makes the whole idea of running an exchange at all look way too expensive to the kinds of folks who might be competent to run one, whereas script-kiddies just wanting to set up a nice hackable environment so they can claim they were hacked can do so much cheaper / easier...

...Also come to think of it an IRC command-and-control on a cold-wallet machine would never be able to be commanded and controlled because cold means not on the net, right? Hmm...

-MarkM-

Only way is if root was running the wallet and other wallets were in the same machine.

Yup amateur hour when it comes to security. They didn't even have the foresight to think perhaps something like this could happen and say split their pot of funds up into multiple wallets in different locations with multi-sig etc.

"no let's put it all in one place and then install random releases of new crapcoins on the same machine"...

wow just wow ^

[MisO69]

..and another one bites the dust.

Decentralized exchanges need to happen.  Instantdex or Etherex, whoever, hurry up

Bitshares and Next are working. The problem is how to trade our beloved altcoins on those exchanges?? I don't think anyone has figured that out yet. Even then there would have to be some sort of centralization for fiat on and off ramps.

[tittiecoiner]

The sad point is:

Looking at all the scams in this lovely crypto world, we need to state: If people would put all their efforts and phantasy in useful tasks instead of ripping other users off, at least Bitcoin would meanwhile have reached mainstream...

[adhitthana]

Were Dash stolen too?

https://dashtalk.org/threads/supposed-450-000-dash-embezzled-from-cryptsy.7649/

[Zer0Sum]

Surely the limited liability shield is void in the face of so much totally criminal activity, lying etc?

This talk of a company going bankrupt seems off the mark, since a company is just a fiction that counts for nothing against criminal negligence malfeasance fraud theft and so on?

-MarkM-

This is definitely in criminal territory.

Calling Cryptsy a "fractional reserve" is lazy and apologia... since that's a legal way money is created by banks.

In contrast, Cryptsy was running a crude PONZI SCHEME and COMINGLING CUSTOMER FUNDS and 100 other offenses...
They kept running and lying for 2 years by using new deposits to pay off withdrawals = random delays.

Big Bern and the principals will definitely face Florida criminal justice. No place to hide now, baby.

[Arrakeen]

Florida

That explains everything.  Florida really needs to be either nuked, cut into an island and detached from the united states, or walled off.  It's like a completely different country down there; either something in the water or heat stroke is really messing with those folks.  Haven't met one person from florida (while living there) that I could trust; met many that resulted in personal losses of all sorts - just like people losing money to craptsy. 

What is it with people down there?  Runaway convicts hiding as south as possible? Results on a social level from Florida's pill mills (the source of the country's oxycontin problem & resulting heroin epidemic)?  There are so many reasons why they're fucked in the head, it's hard to choose one

[hanzac]

This large woodworm is harmful to these alt coins affected.

[BitcoinEXpress]

So I guess it's true after all.

Cryptsy really does suck


~BCX~