Macho (OP)
|
|
June 14, 2011, 04:34:28 PM |
|
This got me thinking ... a bunch of interesting events happened recently:
1) first there was a panic sell off which was further fueled on these forums by a group of trolls until measures were taken to get it under control 2) Mt.Gox got crashed what was a middle of the night in Japan where it is located 3) DDoS on Bitcoin website along with Mt.Gox again in the middle of the night and previously other sites 4) mounting suspicious cases of reported "hacked accounts" on Mt.Gox
Any one of these events alone would be non-conclusive and probably coincidence or true incident but taken all together it may appear there is a group that is trying to ruin confidence in Bitcoin. Motives to do so may be numerous ... the simplest one is profit, make people sell and then buy cheap, wait for the price to go up again - profit!
Has any of the "hacking incidents" got confirmed or acknowledged by by Mt.Gox? I'm not aware of such a confirmation ... I would push for an official statement to make sure this is not a FUD campaign by some people ... I do not want to accuse anyone of anything but this is the Internet - it generally isn't a good idea to take a word of some anonymous pseudonym on a forum seriously especially in cases where money is involved.
In one instance the "victim" claimed to have $7,000 withdrawn even that only $1,000 is possible a day, something doesn't smell right here.
So be careful people and do not panic, it's possible that's exactly the goal of such campaign. Every time someone alleges his funds got stolen demand official statement from Mt'Gox whether they can confirm or deny such claims.
|
|
|
|
|
Macho (OP)
|
|
June 14, 2011, 06:01:31 PM |
|
Well, the statement implies that Mt.Gox is down because it was "compromised", as far as I understand it is actually under DDoS attack ... if it's "compromised" what is the need for a DDoS to take it down? I don't know ... by whatever the case, it seems "Buttsec" doesn't have evil intentions "ButtSec
Oh hai. We've gained access to some Bitcoin exchange sites. Obviously this includes Mt Gox, which is currently down. Hm wonder why?
Here at Buttsec we're fans of Bitcoin, but we must get the message out there that security is sorely lacking on many of the exchange sites! We will speak with some of these sites in the coming days. If your users aren't given answers, expect some information to make it to the public! ;-)
Yours truly, Buttsec
Bitcoin donations: 15gvHsFAq5RQaFSzUFQUCTCqAjrVoMjv2P Twitter: @buttsecurity"
|
|
|
|
finnthecelt
|
|
June 14, 2011, 06:38:27 PM |
|
Well, the statement implies that Mt.Gox is down because it was "compromised", as far as I understand it is actually under DDoS attack ... if it's "compromised" what is the need for a DDoS to take it down? I don't know ... by whatever the case, it seems "Buttsec" doesn't have evil intentions "ButtSec
Oh hai. We've gained access to some Bitcoin exchange sites. Obviously this includes Mt Gox, which is currently down. Hm wonder why?
Here at Buttsec we're fans of Bitcoin, but we must get the message out there that security is sorely lacking on many of the exchange sites! We will speak with some of these sites in the coming days. If your users aren't given answers, expect some information to make it to the public! ;-)
Yours truly, Buttsec
Bitcoin donations: 15gvHsFAq5RQaFSzUFQUCTCqAjrVoMjv2P Twitter: @buttsecurity"
That's interesting. After explaining to my fiance what a DDOS was she asked why anyone would do that. I said one reason (among many) would be supporters who would try and point out obvious security flaws..... Seems everyone is starting to see the potential for much money to be made here and are putting the cart before the horse at the expense of security. Everyone needs to breathe deeply as this evolves....
|
|
|
|
S3052
Legendary
Offline
Activity: 2100
Merit: 1000
|
|
June 14, 2011, 06:51:22 PM |
|
The security status of the exchanges is not helpful to build the needed confidence for bitcoin. This is nothing against MtGox specifically, but to me all exchanges lack the minimum security measures that typical exchanges have. Unless this is improved significantly, why would someone take the risk to invest significant funds? If at the same time he reads the DDOS attacks, password stalling, fund stealing... Strong efforts need to be made to provide at least standard security: I.e. transaction number verificaton per each trade, etc.
|
|
|
|
jbmiller10
|
|
June 14, 2011, 06:53:30 PM |
|
Has any of the "hacking incidents" got confirmed or acknowledged by by Mt.Gox? I'm not aware of such a confirmation ... I would push for an official statement to make sure this is not a FUD campaign by some people ... I do not want to accuse anyone of anything but this is the Internet - it generally isn't a good idea to take a word of some anonymous pseudonym on a forum seriously especially in cases where money is involved.
In one instance the "victim" claimed to have $7,000 withdrawn even that only $1,000 is possible a day, something doesn't smell right here.
Oh, hey, I'm pretty sure that's me. I can't vouch for the other claims, but I really was. I talked to MagicalTux about it, and he can verify my claims. This is not to say this isn't part of an orchestrated attack, as it would seem that someone is brute forcing passwords, which plays into the greater narrative of something fishy going on. I know I'll never convince everyone that I'm being honest as this is the internet and all, but whatever. All I was ever saying is that people need to make sure to not be naive about their password security, not that Mt. Gox shouldn't be trusted (though they do need some sort of secondary to password account confirmation!!).
|
|
|
|
finnthecelt
|
|
June 14, 2011, 07:02:32 PM |
|
The security status of the exchanges is not helpful to build the needed confidence for bitcoin. This is nothing against MtGox specifically, but to me all exchanges lack the minimum security measures that typical exchanges have. Unless this is improved significantly, why would someone take the risk to invest significant funds? If at the same time he reads the DDOS attacks, password stalling, fund stealing... Strong efforts need to be made to provide at least standard security: I.e. transaction number verificaton per each trade, etc.
Sounds like Craigslist would be safer...... "Pay cash in person, bring laptop".
|
|
|
|
Grant
|
|
June 14, 2011, 07:32:55 PM |
|
The security status of the exchanges is not helpful to build the needed confidence for bitcoin. This is nothing against MtGox specifically, but to me all exchanges lack the minimum security measures that typical exchanges have. Unless this is improved significantly, why would someone take the risk to invest significant funds? If at the same time he reads the DDOS attacks, password stalling, fund stealing... Strong efforts need to be made to provide at least standard security: I.e. transaction number verificaton per each trade, etc.
Sounds like Craigslist would be safer...... "Pay cash in person, bring laptop". Not very efficient. Well, on the positive side at least we can expect great volatility in the markets for the next couple of days. But i do hope they put together something more solid, and at least halt trading/transactions until this is fixed, this is embarrassing to say the least.
|
|
|
|
kicir
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 14, 2011, 07:35:14 PM |
|
seems like TradeHill is now under attack
|
|
|
|
Macho (OP)
|
|
June 14, 2011, 09:10:01 PM |
|
seems like TradeHill is now under attack Hm, in what way? Works for me it seems ...
|
|
|
|
finnthecelt
|
|
June 15, 2011, 07:24:53 PM |
|
seems like TradeHill is now under attack They've been under routine maintenance. Did I miss something?
|
|
|
|
YoYa
|
|
June 15, 2011, 10:32:31 PM |
|
Check out the decreasing volumes after each attack. People are backing off for the moment. Good news for the other exchanges and something to be watched.
|
|
|
|
MagicalTux
VIP
Hero Member
Offline
Activity: 608
Merit: 501
-
|
|
June 15, 2011, 11:35:04 PM |
|
We are not compromised, however our current ISP has troubles coping with the DDoS. Note that a DDoS has nothing to do with security. Security usually involves getting inside the site to steal stuff (for example) while DDoS just means sending a lot of legitimate-looking traffic to make the site go down. Anyway we'll be moving to a much stronger solution soon (contract already signed, waiting for setup).
|
|
|
|
Jack of Diamonds
|
|
June 15, 2011, 11:49:13 PM |
|
We are not compromised, however our current ISP has troubles coping with the DDoS. Note that a DDoS has nothing to do with security. Security usually involves getting inside the site to steal stuff (for example) while DDoS just means sending a lot of legitimate-looking traffic to make the site go down. Anyway we'll be moving to a much stronger solution soon (contract already signed, waiting for setup). The site has been slow for what, a week (or more)? Even if the site wasn't compromised, someone must benefit from it; Even a 100mbit/s downlink DDoS costs about $500 per day on russian forums by western union. Utilizing a big botnet is not free at all. I still fail to see the motive though. Driving people to other exchanges? Undermining bitcoin? Seems pretty expensive.
|
1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
|
|
|
Macho (OP)
|
|
June 16, 2011, 12:14:33 AM |
|
Even a 100mbit/s downlink DDoS costs about $500 per day on russian forums by western union. Utilizing a big botnet is not free at all.
Not if you own the botnet and do it "for the lulz" which may be the case ...
|
|
|
|
backopy
Newbie
Offline
Activity: 24
Merit: 0
|
|
June 16, 2011, 01:07:55 AM |
|
Sorry to carry the bad news, but if this news checks out: http://www.bighaber.com/haber/bitcoin-exchanges-offer-anti--money-laundering-aid-929817.htmlRather start to redesign exchanges, Mt.Gox is pretty much dead. This got to be a hard blow in the trust, the "aid offer" will be taken not only for bust drug dealers but to let the government stuck its nose on all BTC economy, from drugs and guns up to undeclared T-Shirt sales, making bitcoin the unsafer currency around.
|
|
|
|
padrino
Legendary
Offline
Activity: 1428
Merit: 1000
https://www.bitworks.io
|
|
June 16, 2011, 01:18:35 AM |
|
Sorry to carry the bad news, but if this news checks out: http://www.bighaber.com/haber/bitcoin-exchanges-offer-anti--money-laundering-aid-929817.htmlRather start to redesign exchanges, Mt.Gox is pretty much dead. This got to be a hard blow in the trust, the "aid offer" will be taken not only for bust drug dealers but to let the government stuck its nose on all BTC economy, from drugs and guns up to undeclared T-Shirt sales, making bitcoin the unsafer currency around. So you expect an exchange that wants to be legitimate to not cooporate with authorities, no matter how "right" you may think it is as long as it is legal. Please explain how you expect it to work in the real world.
|
|
|
|
backopy
Newbie
Offline
Activity: 24
Merit: 0
|
|
June 16, 2011, 01:49:45 AM |
|
Banks do that, yet they don't it random and voluntarily, they've rules. It's not like you've 100 US, they can't figure out where you got it, on your account and they go on report it to IRS. One thing is to co-op on demand and within the boundaries of law, other to go on secret co-op arrangements with foreigner authorities. Basically a Japanese and a British are just declaring they will rat their transaction log to the American DEA.
|
|
|
|
anewbie
Newbie
Offline
Activity: 52
Merit: 0
|
|
June 16, 2011, 04:04:03 AM |
|
"ButtSec
Oh hai. We've gained access to some Bitcoin exchange sites. Obviously this includes Mt Gox, which is currently down. Hm wonder why?
Here at Buttsec we're fans of Bitcoin, but we must get the message out there that security is sorely lacking on many of the exchange sites! We will speak with some of these sites in the coming days. If your users aren't given answers, expect some information to make it to the public! ;-)
Yours truly, Buttsec
Bitcoin donations: 15gvHsFAq5RQaFSzUFQUCTCqAjrVoMjv2P Twitter: @buttsecurity"
I love that somebody donated 0.00000001 to that address. Even at the highest bitcoins have ever traded, that is still measured in one-hundred thousandths of a cent!
|
|
|
|
finnthecelt
|
|
June 16, 2011, 04:55:17 PM |
|
Sorry to carry the bad news, but if this news checks out: http://www.bighaber.com/haber/bitcoin-exchanges-offer-anti--money-laundering-aid-929817.htmlRather start to redesign exchanges, Mt.Gox is pretty much dead. This got to be a hard blow in the trust, the "aid offer" will be taken not only for bust drug dealers but to let the government stuck its nose on all BTC economy, from drugs and guns up to undeclared T-Shirt sales, making bitcoin the unsafer currency around. So you expect an exchange that wants to be legitimate to not cooporate with authorities, no matter how "right" you may think it is as long as it is legal. Please explain how you expect it to work in the real world. I'm with padrino on this one. It's not reasonable to think BTC is going to operate without any government intervention at all. Most people just really aren't thinking this through. If I buy a shirt from padrino and send him BTC and he mails me a shirt, I have a shirt and no one's the wiser. If I send Mt. Gox 1,000 BTC and sell them on the market and the gov gets involved well now what? If I go to Forex.com and trade currency I'm expected to pay capital gains on my profit. No one likes taxes but it's the way it is. If you're hoping BTC is going to provide you a life of no taxes and freedom from from gov you are in the wrong century. If BTC is going to be legitimate it needs to operate the same way a currency does and the community needs to grow up about this. No one likes to hear about any form of criminal activity but on what grounds can they "ban" BTC because someone wants to launder cash? You would have to ban cash itself!!! Gov may want to regulate it but criminalising BTC could be very dangerous for them. It wouldn't go away for one. It would heighten people's awareness of it. And it would crystalize the black market and force the participants to refine and advance their methodologies. BTC is here to stay so "they" have to deal with it just as we have to deal with "them". Like it or not. What we need to put thought to as a community is: is BTC a commodity or currency? What's the cost basis for profit determination?
|
|
|
|
|