Bitcoin Forum
November 15, 2024, 01:01:57 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Is Bitcoin/Mt.gox under an orchestrated attack to destroy confidence?  (Read 6803 times)
Macho (OP)
Full Member
***
Offline Offline

Activity: 124
Merit: 100



View Profile
June 14, 2011, 04:34:28 PM
 #1

This got me thinking ... a bunch of interesting events happened recently:

1) first there was a panic sell off which was further fueled on these forums by a group of trolls until measures were taken to get it under control
2) Mt.Gox got crashed what was a middle of the night in Japan where it is located
3) DDoS on Bitcoin website along with Mt.Gox again in the middle of the night and previously other sites
4) mounting suspicious cases of reported "hacked accounts" on Mt.Gox

Any one of these events alone would be non-conclusive and probably coincidence or true incident but taken all together it may appear there is a group that is trying to ruin confidence in Bitcoin. Motives to do so may be numerous ... the simplest one is profit, make people sell and then buy cheap, wait for the price to go up again - profit!

Has any of the "hacking incidents" got confirmed or acknowledged by by Mt.Gox? I'm not aware of such a confirmation ... I would push for an official statement to make sure this is not a FUD campaign by some people ... I do not want to accuse anyone of anything but this is the Internet - it generally isn't a good idea to take a word of some anonymous pseudonym on a forum seriously especially in cases where money is involved.

In one instance the "victim" claimed to have $7,000 withdrawn even that only $1,000 is possible a day, something doesn't smell right here.

So be careful people and do not panic, it's possible that's exactly the goal of such campaign. Every time someone alleges his funds got stolen demand official statement from Mt'Gox whether they can confirm or deny such claims.
Drifter
Sr. Member
****
Offline Offline

Activity: 364
Merit: 252


View Profile
June 14, 2011, 04:40:41 PM
 #2

http://securityforthemasses.blogspot.com/2011/06/bitcoin-exchanges-hacked-by-buttsec.html

Looks like Mt Gox has been compromised, but more to prove lack of security and less to do with destroying bitcoin confidence.

Macho (OP)
Full Member
***
Offline Offline

Activity: 124
Merit: 100



View Profile
June 14, 2011, 06:01:31 PM
 #3

http://securityforthemasses.blogspot.com/2011/06/bitcoin-exchanges-hacked-by-buttsec.html

Looks like Mt Gox has been compromised, but more to prove lack of security and less to do with destroying bitcoin confidence.

Well, the statement implies that Mt.Gox is down because it was "compromised", as far as I understand it is actually under DDoS attack ... if it's "compromised" what is the need for a DDoS to take it down? I don't know ... by whatever the case, it seems "Buttsec" doesn't have evil intentions Wink

Quote
"ButtSec

Oh hai. We've gained access to some Bitcoin exchange sites. Obviously this includes Mt Gox, which is currently down. Hm wonder why?

Here at Buttsec we're fans of Bitcoin, but we must get the message out there that security is sorely lacking on many of the exchange sites! We will speak with some of these sites in the coming days. If your users aren't given answers, expect some information to make it to the public! ;-)

Yours truly, Buttsec

Bitcoin donations: 15gvHsFAq5RQaFSzUFQUCTCqAjrVoMjv2P
Twitter: @buttsecurity"
finnthecelt
Full Member
***
Offline Offline

Activity: 140
Merit: 101


View Profile
June 14, 2011, 06:38:27 PM
 #4

http://securityforthemasses.blogspot.com/2011/06/bitcoin-exchanges-hacked-by-buttsec.html

Looks like Mt Gox has been compromised, but more to prove lack of security and less to do with destroying bitcoin confidence.

Well, the statement implies that Mt.Gox is down because it was "compromised", as far as I understand it is actually under DDoS attack ... if it's "compromised" what is the need for a DDoS to take it down? I don't know ... by whatever the case, it seems "Buttsec" doesn't have evil intentions Wink

Quote
"ButtSec

Oh hai. We've gained access to some Bitcoin exchange sites. Obviously this includes Mt Gox, which is currently down. Hm wonder why?

Here at Buttsec we're fans of Bitcoin, but we must get the message out there that security is sorely lacking on many of the exchange sites! We will speak with some of these sites in the coming days. If your users aren't given answers, expect some information to make it to the public! ;-)

Yours truly, Buttsec

Bitcoin donations: 15gvHsFAq5RQaFSzUFQUCTCqAjrVoMjv2P
Twitter: @buttsecurity"

That's interesting. After explaining to my fiance what a DDOS was she asked why anyone would do that. I said one reason (among many) would be supporters who would try and point out obvious security flaws.....

Seems everyone is starting to see the potential for much money to be made here and are putting the cart before the horse at the expense of security. Everyone needs to breathe deeply as this evolves....   Cool
S3052
Legendary
*
Offline Offline

Activity: 2100
Merit: 1000


View Profile
June 14, 2011, 06:51:22 PM
 #5

The security status of the exchanges is not helpful to build the needed confidence for bitcoin.
This is nothing against MtGox specifically, but to me all exchanges lack the minimum security measures that typical exchanges have.
Unless this is improved significantly, why would someone take the risk to invest significant funds? If at the same time he reads the DDOS attacks, password stalling, fund stealing... Strong efforts need to be made to provide at least standard security: I.e. transaction number verificaton per each trade, etc.

jbmiller10
Full Member
***
Offline Offline

Activity: 134
Merit: 100



View Profile
June 14, 2011, 06:53:30 PM
 #6

Has any of the "hacking incidents" got confirmed or acknowledged by by Mt.Gox? I'm not aware of such a confirmation ... I would push for an official statement to make sure this is not a FUD campaign by some people ... I do not want to accuse anyone of anything but this is the Internet - it generally isn't a good idea to take a word of some anonymous pseudonym on a forum seriously especially in cases where money is involved.

In one instance the "victim" claimed to have $7,000 withdrawn even that only $1,000 is possible a day, something doesn't smell right here.


Oh, hey, I'm pretty sure that's me.

I can't vouch for the other claims, but I really was. I talked to MagicalTux about it, and he can verify my claims. This is not to say this isn't part of an orchestrated attack, as it would seem that someone is brute forcing passwords, which plays into the greater narrative of something fishy going on. I know I'll never convince everyone that I'm being honest as this is the internet and all, but whatever. All I was ever saying is that people need to make sure to not be naive about their password security, not that Mt. Gox shouldn't be trusted (though they do need some sort of secondary to password account confirmation!!).

I go by threestar most places.
Join us in the Digitalcoin Chatroom!
finnthecelt
Full Member
***
Offline Offline

Activity: 140
Merit: 101


View Profile
June 14, 2011, 07:02:32 PM
 #7

The security status of the exchanges is not helpful to build the needed confidence for bitcoin.
This is nothing against MtGox specifically, but to me all exchanges lack the minimum security measures that typical exchanges have.
Unless this is improved significantly, why would someone take the risk to invest significant funds? If at the same time he reads the DDOS attacks, password stalling, fund stealing... Strong efforts need to be made to provide at least standard security: I.e. transaction number verificaton per each trade, etc.


Sounds like Craigslist would be safer...... "Pay cash in person, bring laptop".
Grant
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
June 14, 2011, 07:32:55 PM
 #8

The security status of the exchanges is not helpful to build the needed confidence for bitcoin.
This is nothing against MtGox specifically, but to me all exchanges lack the minimum security measures that typical exchanges have.
Unless this is improved significantly, why would someone take the risk to invest significant funds? If at the same time he reads the DDOS attacks, password stalling, fund stealing... Strong efforts need to be made to provide at least standard security: I.e. transaction number verificaton per each trade, etc.


Sounds like Craigslist would be safer...... "Pay cash in person, bring laptop".

Not very efficient.

Well, on the positive side at least we can expect great volatility in the markets for the next couple of days. But i do hope they put together something more solid, and at least halt trading/transactions until this is fixed, this is embarrassing to say the least.
kicir
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile WWW
June 14, 2011, 07:35:14 PM
 #9

seems like TradeHill is now under attack Sad
Macho (OP)
Full Member
***
Offline Offline

Activity: 124
Merit: 100



View Profile
June 14, 2011, 09:10:01 PM
 #10

seems like TradeHill is now under attack Sad
Hm, in what way? Works for me it seems ...
finnthecelt
Full Member
***
Offline Offline

Activity: 140
Merit: 101


View Profile
June 15, 2011, 07:24:53 PM
 #11

seems like TradeHill is now under attack Sad

They've been under routine maintenance. Did I miss something?
YoYa
Hero Member
*****
Offline Offline

Activity: 809
Merit: 501


Always verify deals with me through my public key!


View Profile WWW
June 15, 2011, 10:32:31 PM
 #12

Check out the decreasing volumes after each attack. People are backing off for the moment. Good news for the other exchanges and something to be watched.
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 608
Merit: 501


-


View Profile
June 15, 2011, 11:35:04 PM
 #13

http://securityforthemasses.blogspot.com/2011/06/bitcoin-exchanges-hacked-by-buttsec.html

Looks like Mt Gox has been compromised, but more to prove lack of security and less to do with destroying bitcoin confidence.

We are not compromised, however our current ISP has troubles coping with the DDoS.

Note that a DDoS has nothing to do with security. Security usually involves getting inside the site to steal stuff (for example) while DDoS just means sending a lot of legitimate-looking traffic to make the site go down.

Anyway we'll be moving to a much stronger solution soon (contract already signed, waiting for setup).
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251



View Profile
June 15, 2011, 11:49:13 PM
 #14

http://securityforthemasses.blogspot.com/2011/06/bitcoin-exchanges-hacked-by-buttsec.html

Looks like Mt Gox has been compromised, but more to prove lack of security and less to do with destroying bitcoin confidence.

We are not compromised, however our current ISP has troubles coping with the DDoS.

Note that a DDoS has nothing to do with security. Security usually involves getting inside the site to steal stuff (for example) while DDoS just means sending a lot of legitimate-looking traffic to make the site go down.

Anyway we'll be moving to a much stronger solution soon (contract already signed, waiting for setup).

The site has been slow for what, a week (or more)?

Even if the site wasn't compromised, someone must benefit from it; Even a 100mbit/s downlink DDoS costs about $500 per day on russian forums by western union.
Utilizing a big botnet is not free at all.

I still fail to see the motive though. Driving people to other exchanges? Undermining bitcoin? Seems pretty expensive.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
Macho (OP)
Full Member
***
Offline Offline

Activity: 124
Merit: 100



View Profile
June 16, 2011, 12:14:33 AM
 #15

Even a 100mbit/s downlink DDoS costs about $500 per day on russian forums by western union.
Utilizing a big botnet is not free at all.
Not if you own the botnet and do it "for the lulz" which may be the case ...
backopy
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
June 16, 2011, 01:07:55 AM
 #16

Sorry to carry the bad news, but if this news checks out:

http://www.bighaber.com/haber/bitcoin-exchanges-offer-anti--money-laundering-aid-929817.html

Rather start to redesign exchanges, Mt.Gox is pretty much dead. This got to be a hard blow in the trust, the "aid offer" will be taken not only for bust drug dealers but to let the government stuck its nose on all BTC economy, from drugs and guns up to undeclared T-Shirt sales, making bitcoin the unsafer currency around.
padrino
Legendary
*
Offline Offline

Activity: 1428
Merit: 1000


https://www.bitworks.io


View Profile WWW
June 16, 2011, 01:18:35 AM
 #17

Sorry to carry the bad news, but if this news checks out:

http://www.bighaber.com/haber/bitcoin-exchanges-offer-anti--money-laundering-aid-929817.html

Rather start to redesign exchanges, Mt.Gox is pretty much dead. This got to be a hard blow in the trust, the "aid offer" will be taken not only for bust drug dealers but to let the government stuck its nose on all BTC economy, from drugs and guns up to undeclared T-Shirt sales, making bitcoin the unsafer currency around.

So you expect an exchange that wants to be legitimate to not cooporate with authorities, no matter how "right" you may think it is as long as it is legal. Please explain how you expect it to work in the real world.

1CPi7VRihoF396gyYYcs2AdTEF8KQG2BCR
https://www.bitworks.io
backopy
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
June 16, 2011, 01:49:45 AM
 #18

Banks do that, yet they don't it random and voluntarily, they've rules. It's not like you've 100 US, they can't figure out where you got it, on your account and they go on report it to IRS.
One thing is to co-op on demand and within the boundaries of law, other to go on secret co-op arrangements with foreigner authorities. Basically a Japanese and a British are just declaring they will rat their transaction log to the American DEA.
anewbie
Newbie
*
Offline Offline

Activity: 52
Merit: 0


View Profile
June 16, 2011, 04:04:03 AM
 #19


Quote
"ButtSec

Oh hai. We've gained access to some Bitcoin exchange sites. Obviously this includes Mt Gox, which is currently down. Hm wonder why?

Here at Buttsec we're fans of Bitcoin, but we must get the message out there that security is sorely lacking on many of the exchange sites! We will speak with some of these sites in the coming days. If your users aren't given answers, expect some information to make it to the public! ;-)

Yours truly, Buttsec

Bitcoin donations: 15gvHsFAq5RQaFSzUFQUCTCqAjrVoMjv2P
Twitter: @buttsecurity"

I love that somebody donated 0.00000001 to that address.  Even at the highest bitcoins have ever traded, that is still measured in one-hundred thousandths of a cent!
finnthecelt
Full Member
***
Offline Offline

Activity: 140
Merit: 101


View Profile
June 16, 2011, 04:55:17 PM
 #20

Sorry to carry the bad news, but if this news checks out:

http://www.bighaber.com/haber/bitcoin-exchanges-offer-anti--money-laundering-aid-929817.html

Rather start to redesign exchanges, Mt.Gox is pretty much dead. This got to be a hard blow in the trust, the "aid offer" will be taken not only for bust drug dealers but to let the government stuck its nose on all BTC economy, from drugs and guns up to undeclared T-Shirt sales, making bitcoin the unsafer currency around.

So you expect an exchange that wants to be legitimate to not cooporate with authorities, no matter how "right" you may think it is as long as it is legal. Please explain how you expect it to work in the real world.

I'm with padrino on this one. It's not reasonable to think BTC is going to operate without any government intervention at all. Most people just really aren't thinking this through.

If I buy a shirt from padrino and send him BTC and he mails me a shirt, I have a shirt and no one's the wiser.

If I send Mt. Gox 1,000 BTC and sell them on the market and the gov gets involved well now what?

If I go to Forex.com and trade currency I'm expected to pay capital gains on my profit. No one likes taxes but it's the way it is. If you're hoping BTC is going to provide you a life of no taxes and freedom from from gov you are in the wrong century.

If BTC is going to be legitimate it needs to operate the same way a currency does and the community needs to grow up about this. No one likes to hear about any form of criminal activity but on what grounds can they "ban" BTC because someone wants to launder cash? You would have to ban cash itself!!! Gov may want to regulate it but criminalising BTC could be very dangerous for them.

It wouldn't go away for one. It would heighten people's awareness of it. And it would crystalize the black market and force the participants to refine and advance their methodologies. BTC is here to stay so "they" have to deal with it just as we have to deal with "them".

Like it or not.

What we need to put thought to as a community is: is BTC a commodity or currency? What's the cost basis for profit determination?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!