Wall Observer BTC/USD - Bitcoin price movement tracking & discussion

[adamstgBit]

anyone know the address of where all the bitfinex coins got move to offhand? it would be fun to look at that TX 

https://blockchain.info/address/35emx395afKAKAr72VoePVbu3FJvxLPVny

no the hacked coins

[adamstgBit]

ON FIRE ! 73K COINS so far  

https://blockchain.info/address/35emx395afKAKAr72VoePVbu3FJvxLPVny?offset=650&filter=0

Who's address is this and what is happening?

It looks like an address that was just created today, and there are a lots of coins going into it from a variety of addresses... What does it mean?

this is a whale finally deciding NOT to keep 1000's of bitcoin on different exchanges?

oh the my bullishness is coming back on full force!

.. whats the price at? better double it!

It's Bitfinex moving the coins it has left to one address according to Zane Tackett on reddit. He says they are moving the coins to their control, which makes me think they have all the keys to that address and have abandoned the shared key model.

https://www.reddit.com/r/btc/comments/4wiw3q/bitfinex_has_725k_btc_left_or_someone_just_stole/

their implementation of "shared key model." is obviously not good enough.

its really TO BAD, that bitgo didnt have some stupid logic saying if bitfinex asks for >1000Coins to be moved reject it.

i dont understand why they used multi sig if bitgo would simply go ahead and auto sign off any/everything.

F i dont understand wtf this "shared key model." ment. oh well...

seems obvious.. it meant that if BFX was hacked, that everyone shares in the losses .

I mean i dont understand the mutil sigs detials

like

to move coins required BFX key and bitgo keys
but if bitgo auto signs every time BFX signs.... then all you really need is BFX keys and you can move the coins.

is this infact the reality of what was going on with this "shared key model." ? idk.. idk shit...

[Holliday]

but if bitgo auto signs every time BFX signs.... then all you really need is BFX keys and you can move the coins.

is this infact the reality of what was going on with this "shared key model." ? idk.. idk shit...

From everything I've read, that seems to be the case Adam. BitGo and BitFinex are both very keen to point out that none of the blame lies with BitGo. Finex apparently had a custom setup with BitGo, unlike any other BitGo customer.

Either BitGo simply signed everything requested by Finex, or the hackers were able to bypass/avoid any kind of security precautions that BitGo had in place.

In either case, it looks to me like BitGo is shit when it comes to security, which is supposed to be their job. They provided Finex with a system that had no security or their system was easily bypassed. Fail or fail.

Perhaps there is something else going on and I haven't read about it or it isn't public knowledge?

[BlindMayorBitcorn]

anyone know the address of where all the bitfinex coins got move to offhand? it would be fun to look at that TX 

https://blockchain.info/address/35emx395afKAKAr72VoePVbu3FJvxLPVny

no the hacked coins

Spokesman Zane posted a pastebin on Reddit. But it's a lot of addresses.

[yefi]

its really TO BAD, that bitgo didnt have some stupid logic saying if bitfinex asks for >1000Coins to be moved reject it.

It seems like a very obvious thing to do. Suspicious activity should trigger a lockdown and require manual intervention to OK it. The system shouldn't just go "yeah, no problem" when somebody asks to empty out half the Bitcoin vault.

[BlindMayorBitcorn]

its really TO BAD, that bitgo didnt have some stupid logic saying if bitfinex asks for >1000Coins to be moved reject it.

It seems like a very obvious thing to do. Suspicious activity should trigger a lockdown and require manual intervention to OK it. The system shouldn't just go "yeah, no problem" when somebody asks to empty out half the Bitcoin vault.

But the vault contained separate lockboxes. They were cleaned out one after another after another.

[DaRude]

its really TO BAD, that bitgo didnt have some stupid logic saying if bitfinex asks for >1000Coins to be moved reject it.

It seems like a very obvious thing to do. Suspicious activity should trigger a lockdown and require manual intervention to OK it. The system shouldn't just go "yeah, no problem" when somebody asks to empty out half the Bitcoin vault.

But the vault contained separate lockboxes. They were cleaned out one after another after another.

All lock boxes "belong" to single entity, the if >X% accounts get emptied and if overall > X% gets taken out go into lock down mode should be the basic thing for any kind of security company 

[adamstgBit]

shes growing

https://blockchain.info/address/35emx395afKAKAr72VoePVbu3FJvxLPVny

there is somthing strangely satisfying about watching unconfirmed TX accumulate

[DaRude]

but if bitgo auto signs every time BFX signs.... then all you really need is BFX keys and you can move the coins.

is this infact the reality of what was going on with this "shared key model." ? idk.. idk shit...

From everything I've read, that seems to be the case Adam. BitGo and BitFinex are both very keen to point out that none of the blame lies with BitGo. Finex apparently had a custom setup with BitGo, unlike any other BitGo customer.

Either BitGo simply signed everything requested by Finex, or the hackers were able to bypass/avoid any kind of security precautions that BitGo had in place.

In either case, it looks to me like BitGo is shit when it comes to security, which is supposed to be their job. They provided Finex with a system that had no security or their system was easily bypassed. Fail or fail.

Perhaps there is something else going on and I haven't read about it or it isn't public knowledge?

So far sounds to me like it's an implementation error. BFX forgot to check the "Limit maximum daily withdrawals to 5%" checkbox during account set up with BitGone 

[aztecminer]

but if bitgo auto signs every time BFX signs.... then all you really need is BFX keys and you can move the coins.

is this infact the reality of what was going on with this "shared key model." ? idk.. idk shit...

From everything I've read, that seems to be the case Adam. BitGo and BitFinex are both very keen to point out that none of the blame lies with BitGo. Finex apparently had a custom setup with BitGo, unlike any other BitGo customer.

Either BitGo simply signed everything requested by Finex, or the hackers were able to bypass/avoid any kind of security precautions that BitGo had in place.

In either case, it looks to me like BitGo is shit when it comes to security, which is supposed to be their job. They provided Finex with a system that had no security or their system was easily bypassed. Fail or fail.

Perhaps there is something else going on and I haven't read about it or it isn't public knowledge?

So far sounds to me like it's an implementation error. BFX forgot to check the "Limit maximum daily withdrawals to 5%" checkbox during account set up with BitGone  

that was a feature ... so was BFX holding one key and the auto-sign api key at the same time . if they did way adam was thinking, obviously would defeat the entire purpose of the features of using bitgo for security of bitcoins .. they wouldn't be able to do bail-ins either . the hack was actually good for BFX and bitcoin . just think, now have BFXtokens .

[BlindMayorBitcorn]

but if bitgo auto signs every time BFX signs.... then all you really need is BFX keys and you can move the coins.

is this infact the reality of what was going on with this "shared key model." ? idk.. idk shit...

From everything I've read, that seems to be the case Adam. BitGo and BitFinex are both very keen to point out that none of the blame lies with BitGo. Finex apparently had a custom setup with BitGo, unlike any other BitGo customer.

Either BitGo simply signed everything requested by Finex, or the hackers were able to bypass/avoid any kind of security precautions that BitGo had in place.

In either case, it looks to me like BitGo is shit when it comes to security, which is supposed to be their job. They provided Finex with a system that had no security or their system was easily bypassed. Fail or fail.

Perhaps there is something else going on and I haven't read about it or it isn't public knowledge?

So far sounds to me like it's an implementation error. BFX forgot to check the "Limit maximum daily withdrawals to 5%" checkbox during account set up with BitGone 

It's because I was under the impression the boxes (addresses) were all drained individually. What kind of daily withdrawal limit woulda prevented that?

[Holliday]

So far sounds to me like it's an implementation error. BFX forgot to check the "Limit maximum daily withdrawals to 5%" checkbox during account set up with BitGone 

Well, BitGo's website states that they are "The leader in blockchain security" along with "100% secure". If their job is to secure bitcoins, it shouldn't matter how badly the customer tries to screw up, they should still secure the coins!

If I take my car to a garage and tell them to replace the brake pads with eight blocks of sharp cheddar cheese, they had better talk me out of it or refuse entirely. Especially if they are "The leader in automotive safety" and "100% safe".

Why would BitGo, a company which prides itself on securing bitcoins, let one of their customers choose a solution with no security at all? They should have either had precautions in place or, if they couldn't provide the kind of service that Finex desired, they should have turned them away as a customer explaining that their proposed solution is insecure.

It's because I was under the impression the boxes (addresses) were all drained individually. What kind of daily withdrawal limit woulda prevented that?

The one where one customer isn't allowed to withdraw 1%ish of all the bitcoins in existence without some kind of flag going up. LOL!

Even if they were individual addresses, they all belonged to the same customer: Finex.

[DaRude]

but if bitgo auto signs every time BFX signs.... then all you really need is BFX keys and you can move the coins.

is this infact the reality of what was going on with this "shared key model." ? idk.. idk shit...

From everything I've read, that seems to be the case Adam. BitGo and BitFinex are both very keen to point out that none of the blame lies with BitGo. Finex apparently had a custom setup with BitGo, unlike any other BitGo customer.

Either BitGo simply signed everything requested by Finex, or the hackers were able to bypass/avoid any kind of security precautions that BitGo had in place.

In either case, it looks to me like BitGo is shit when it comes to security, which is supposed to be their job. They provided Finex with a system that had no security or their system was easily bypassed. Fail or fail.

Perhaps there is something else going on and I haven't read about it or it isn't public knowledge?

So far sounds to me like it's an implementation error. BFX forgot to check the "Limit maximum daily withdrawals to 5%" checkbox during account set up with BitGone 

It's because I was under the impression the boxes (addresses) were all drained individually. What kind of daily withdrawal limit woulda prevented that?

The addresses were all in 2/3 multisig. Hacker got BFX's key, signed the transaction (got 1/3), and then forwarded it to BitGone, and then BitGone said yep transaction looks valid i'll sign for this so you got your (2/3). In essence Bitgone signed off on BTC120k of BTC withdrawals from BFXs controlled accounts in 3hrs and didn't see anything wrong with it to stop it.
Or at least how i understand it.

[Andre#]

Good to see that at Kraken, we are again above the price when the BFX hack surfaced (€532). So far only at Kraken, because for some odd reason it was Kraken where apparently the most shorting took place between 31 July 4:00 CET and 2 August 20:00. The price was more than 2% lower than the Chinese exchanges, BFX, and Stamp. And even lower than BTC-e, usually the bottom of the barrel.

At the time, I pointed out this very odd situation in /r/bitcoinmarkets, which I had never seen before in the past 2.5 years.

Could it be that the hacker used Kraken the most for his pre-hack shorting? (EDIT: relatively, that is. So that it had more impact than on OKcoin)

[DaRude]

So far sounds to me like it's an implementation error. BFX forgot to check the "Limit maximum daily withdrawals to 5%" checkbox during account set up with BitGone 

Well, BitGo's website states that they are "The leader in blockchain security" along with "100% secure". If their job is to secure bitcoins, it shouldn't matter how badly the customer tries to screw up, they should still secure the coins!

If I take my car to a garage and tell them to replace the brake pads with eight blocks of sharp cheddar cheese, they had better talk me out of it or refuse entirely. Especially if they are "The leader in automotive safety" and "100% safe".

Why would BitGo, a company which prides itself on securing bitcoins, let one of their customers choose a solution with no security at all? They should have either had precautions in place or, if they couldn't provide the kind of service that Finex desired, they should have turned them away as a customer explaining that their proposed solution is insecure.

It's because I was under the impression the boxes (addresses) were all drained individually. What kind of daily withdrawal limit woulda prevented that?

The one where one customer isn't allowed to withdraw 1%ish of all the bitcoins in existence without some kind of flag going up. LOL!

Even if they were individual addresses, they all belonged to the same customer: Finex.

Agree, there should have been some baseline security implementation which cannot be overridden before they slap their name on it. And the maximum daily % should be on the top of that list

[BlindMayorBitcorn]

Do we know if the process was totally automated? Was no one looking at a screen at BitGawn?

[DaRude]

Do we know if the process was totally automated? Was no one looking at a screen at BitGawn?

No official word, but looks like it was totally automated and they were just rubber stamping everything that they got from finex.

Wounder if hax0r knew that ahead or was surprised as everyone else when BitGone just kept signing off on everything s/he threw at it and no withdrawal limits kicked in 

2% of BTC gone oh they probably have it set at 5
5% huh high withdrawal limit
10% are you kidding me BitGone is still signing transactions
25%  i must be on testnet 
50% LOLs
60% That's just sad, it's like kicking a person on the floor, i'm just gonna stop here.

[Karartma1]

Hey Jimbo,
Don't you saw a small nice spike up?
I'm currently seeing  $ 585.80  on Coinbase

Looking good. It seems the bitfinex nightmare is withering away

Yes. The spike was starting as I was typing. When I started to type my post it was about $580 on Bitstamp and $586 on Bitcoinaverage.

I had a flurry of phone calls and visitors and then I check back and they're both up $5.

Yes I think the Finex panic is done. I'm waiting to see what happens when the banks open after the weekend. I'm guessing an influx of fiat at the exchanges and a spike upward.

I agree. I think tomorrow we'll see another nice trend. We're set to go up. Even though Bitfinex story might not seem finished.
Anyway, we're on the way up

[LogHangingConsortium]

BitGo and BitFinex are both very keen to point out that none of the blame lies with BitGo. Finex apparently had a custom setup with BitGo, unlike any other BitGo customer. [...]
Perhaps there is something else going on and I haven't read about it or it isn't public knowledge?

Jeesh, for people who seem to value outside-the-box thinking, you guys are thinking smack-dab inside the box.
BitGo implementation was used so that BFX could continue p2p lending (needed for leverage trading), without having to commingle the customer funds in a wallet it controlled (reason for the CFTC fine they paid).

So BitGo did exactly what was asked of it, allowing BFX to keep doing what it was already doing, without the need to become a licensed futures exchange.

[Andre#]

Choo Choo?

No?