Lotuss (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
April 23, 2013, 11:04:36 AM Last edit: April 23, 2013, 11:36:51 AM by Lotuss |
|
Hello! I first wanted to take this post in the Ozcoin thread, but maybe its best to give it an own thread. Not that I have a choice since I am newly registered So I have been following the latest weeks post in Ozcoin thread, where owner Graet got hacked and lost 923 BitCoins. It was posted to me by a friend that wanted to point out to me how there is much unsafty with bitcoins. I told him that the problem was not with BitCoins as a system, but Graets lack in security and drew a parallel to people getting their cards skimmed or computers infected with a virus. Since then People have "chased" the money, and debated about a system to catch stolen money. Graets money seems to have ended up in a Strongcoin online Wallet according to this post https://bitcointalk.org/index.php?topic=14085.msg1910151#msg1910151 . As I understand it owner of Strongcoin dogisland then stole this money from the alligated thief and returned it to Graet. To be honest, I think this is a bigger issue then Graets first loss of money. I am sorry for your loss Graet but as you said it was your own fault, leaving your system open to such a exploit. But here dogisland, a "Bank" of bitcoins, took the matter in his own hand as #1 world police and hijacked one of his customers money and gave them to his friend (?) Graet. What if dogisland one day decides to hijack all his customers money? First I quote strongcoin.com's firstpage: What is a hybrid wallet ? A hybrid wallet allows you to send and receive Bitcoins just like any other wallet. However, the Bitcoin private key which is required to send money is encrypted in your browser before it reaches our servers.
Therefore our servers only hold encrypted private keys and neither we nor anyone else can spend your Bitcoins. Only you. Only you. OR, well, dogisland also. And who know who else...? I hope I have missed something essential here, does anyone care to explain..? Edit: As a newbie I am not allowed to send messages. I hope someone that can would send them a PM asking them to answer here. Edit2: Nametypo. Best of wishes, Lotus
|
|
|
|
simonk83
|
|
April 23, 2013, 11:09:11 AM |
|
I hope I have missed something essential here
Graet, not Garet
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
April 23, 2013, 11:13:38 AM |
|
Well, you got a point there actually. What happened to this? : What is a hybrid wallet ? A hybrid wallet allows you to send and receive Bitcoins just like any other wallet. However, the Bitcoin private key which is required to send money is encrypted in your browser before it reaches our servers.
Therefore our servers only hold encrypted private keys and neither we nor anyone else can spend your Bitcoins. Only you.
Please do not use any online wallets if you value your coins. If strong coin.com was rooted, funds would be stolen easily from users despite that statement above.
|
|
|
|
Lotuss (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
April 23, 2013, 11:37:03 AM |
|
I hope I have missed something essential here
Graet, not Garet heh Fixed! Sorry Graet!
|
|
|
|
Lotuss (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
April 23, 2013, 12:47:35 PM |
|
"but Graets lack in security and drew a parallel to people getting their cards skimmed or computers infected with a virus." I'm sorry, but WHAT? What does this have anything to do with card skimming and viruses? I drew the parallel between real life where people lose real money to skimming and viruses. and that tts not the bitcoins faults that graet got hacked. its due to careless, its not the goverment or the bitcoins fault. It's well known that online wallets are always vulnerable to hackings, and can be used to steal your bitcoins. Just because the Private key is encrypted in your browser means nothing. You can add one line of code to log the Private key. A sort of.. phisher, per-se. To do this, the hacker would have to have enough time to gain knowledge on how the system works, which usually takes a while.
The statement "However, the Bitcoin private key which is required to send money is encrypted in your browser before it reaches our servers." means it's encrypted through HTTPS(SSL), so that anybody snooping on your network cannot steal your money. Ok, its' only https? Then the quote "neither we nor anyone else can spend your Bitcoins. Only you." from the homepage is a complete lie.
|
|
|
|
Badabing
Member
Offline
Activity: 75
Merit: 10
|
|
April 23, 2013, 12:57:56 PM |
|
I am sorry for your loss Graet but as you said it was your own fault, leaving your system open to such a exploit. But here dogisland, a "Bank" of bitcoins, took the matter in his own hand as #1 world police and hijacked one of his customers money and gave them to his friend (?) Graet.
What if dogisland one day decides to hijack all his customers money?
You raise a valid question with regards to how the funds were transferred from your account, however, the lack of empathy and holier-than-thou tone of your post makes it sound more like "I hacked a website and stole funds. Then, someone sole them back and gave them to their original owner." I'd be interested to see how external law enforcement would react to this sort of claim - especially considering the lack of recognition of BTC as currency, as far as I am aware. This is of course assuming that you are going to contact someone regarding this 'theft'; I assume you will, considering you lost close to USD$60K? Let us know how you go.
|
|
|
|
QuiveringGibbage
|
|
April 23, 2013, 02:35:38 PM |
|
I just signed up for an account with StrongCoin.com. It's pretty neat.
1aQGjTHindCLvophoeu4kNsZMm7XzHgca
QG
|
Bitcoin is at the tippity top of the mountain...but it's really only half way up..
|
|
|
Lotuss (OP)
Newbie
Offline
Activity: 4
Merit: 0
|
|
April 23, 2013, 02:43:08 PM |
|
I am sorry for your loss Graet but as you said it was your own fault, leaving your system open to such a exploit. But here dogisland, a "Bank" of bitcoins, took the matter in his own hand as #1 world police and hijacked one of his customers money and gave them to his friend (?) Graet.
What if dogisland one day decides to hijack all his customers money?
You raise a valid question with regards to how the funds were transferred from your account, however, the lack of empathy and holier-than-thou tone of your post makes it sound more like "I hacked a website and stole funds. Then, someone sole them back and gave them to their original owner." I'd be interested to see how external law enforcement would react to this sort of claim - especially considering the lack of recognition of BTC as currency, as far as I am aware. This is of course assuming that you are going to contact someone regarding this 'theft'; I assume you will, considering you lost close to USD$60K? Let us know how you go. I am sorry to say I am only a observer, taking interest in BTCs lately, that tries to shine light on this situation from another perspective. Probably since I am new to the scene I saw strongcoin.com with its professional website as a serious player, and I did not think such serious players would take law in their own hand and compromise its customers integrity and money so easily, without publishing any real proof. I hope you can see how this endanger the reputation of bitcoin as a serious currency.
|
|
|
|
knedle
Member
Offline
Activity: 99
Merit: 10
|
|
April 23, 2013, 04:55:46 PM |
|
But what is the problem?
You were contacted by owner of StrongCoin and asked where did you get that money and to explain on the forums your involvement, which you didn't do. I think that right now best option is to contact Graet and talk with him, even meet somewhere IRL and show him the proof you are telling truth. That is of course if you have proof.
|
|
|
|
itsgoldbaby
Full Member
Offline
Activity: 157
Merit: 100
Hello!
|
|
April 23, 2013, 05:07:23 PM |
|
If he just started stealing coins then I would think differently, but in this scenario he just saved a percentage of a fairly popular pools bitcoins. So I guess if you are going to steal bitcoins from people, don't trust sending them to this service after you do it. He will stop you from profiting from being a piece of shit.
|
|
|
|
Arvicco
|
|
April 23, 2013, 05:17:04 PM |
|
I am sorry to say I am only a observer, taking interest in BTCs lately, that tries to shine light on this situation from another perspective.
Sure, sure, this is totally believable. Someone just signs up out of nowhere, and their very first post on Bitcointalk is regarding this situation which in no way concerns them personally. No, it does not look like a disgruntled thief created a sock puppet account to vent their frustration about the lost spoils. Not at all.
|
|
|
|
binaryFate
Legendary
Offline
Activity: 1512
Merit: 1012
Still wild and free
|
|
April 23, 2013, 05:38:54 PM |
|
Maybe it would be more valuable to forget wondering who is he and focus on what he says? Even if he is the thief, I've never heard of this story before and I'm concerned about the home-made justice made to this case, so somehow, I don't care from whom is the story coming from.
|
Monero's privacy and therefore fungibility are MUCH stronger than Bitcoin's. This makes Monero a better candidate to deserve the term "digital cash".
|
|
|
JohnsonX
Member
Offline
Activity: 120
Merit: 10
|
|
April 23, 2013, 05:46:20 PM |
|
900 bitcoins is a fortune I would never trust the online wallets.
|
|
|
|
muggerbee
Newbie
Offline
Activity: 1
Merit: 0
|
|
April 23, 2013, 06:21:14 PM |
|
I am sorry to say I am only a observer, taking interest in BTCs lately, that tries to shine light on this situation from another perspective.
Sure, sure, this is totally believable. Someone just signs up out of nowhere, and their very first post on Bitcointalk is regarding this situation which in no way concerns them personally. No, it does not look like a disgruntled thief created a sock puppet account to vent their frustration about the lost spoils. Not at all. I just started mining a week ago with Oz and so i've followed this very closely and all I can say is Lotuss P@wned lmao
|
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
April 23, 2013, 06:26:11 PM |
|
Well, you got a point there actually. What happened to this? : What is a hybrid wallet ? A hybrid wallet allows you to send and receive Bitcoins just like any other wallet. However, the Bitcoin private key which is required to send money is encrypted in your browser before it reaches our servers.
Therefore our servers only hold encrypted private keys and neither we nor anyone else can spend your Bitcoins. Only you.
Please do not use any online wallets if you value your coins. If strong coin.com was rooted, funds would be stolen easily from users despite that statement above. That's a blatant lie from Strongcoin then, unless not all of their wallets are hybrid wallets.
|
|
|
|
haveagr8day
Member
Offline
Activity: 112
Merit: 10
|
|
April 23, 2013, 06:49:38 PM |
|
They could have done all of that with a JS change even without knowing the private keys.
|
|
|
|
FireBlazzer
Member
Offline
Activity: 70
Merit: 10
|
|
April 23, 2013, 07:37:58 PM |
|
I hope I have missed something essential here
Graet, not Garet o.0 did you say garet??? (hides valuables)
|
|
|
|
Rampion
Legendary
Offline
Activity: 1148
Merit: 1018
|
|
April 28, 2013, 10:32:37 PM |
|
Well, what happened to this? What is a hybrid wallet ? A hybrid wallet allows you to send and receive Bitcoins just like any other wallet. However, the Bitcoin private key which is required to send money is encrypted in your browser before it reaches our servers.
Therefore our servers only hold encrypted private keys and neither we nor anyone else can spend your Bitcoins. Only you. How was dogisland able to "seize" those funds to return them back to Graet? Maybe he modified the site, so all the transaction originated by the thief went to an address controlled by him? IMO this confirms again that shared wallet/third party services are insecure by nature and thus should be avoided, regardless of super strong passwords, encryption, 2 factor authorization, etc. etc. etc. It's a pity because really secure third party services are need for BTC (for example for trading)
|
|
|
|
Rampion
Legendary
Offline
Activity: 1148
Merit: 1018
|
|
May 07, 2013, 06:14:42 PM |
|
So, no answer on this. Admin was able to "intercept" the funds as easily as stealing a candy to a baby. I really don't know how they can then write things like this: Therefore our servers only hold encrypted private keys and neither we nor anyone else can spend your Bitcoins. Only you.Utter bullshit. They can do whatever they want with your funds
|
|
|
|
cp1
|
|
May 07, 2013, 06:17:55 PM |
|
It's pretty close to true. The hacker did spend them -- he was just tricked into sending them to the strongcoin operator.
No online wallet is 100% safe.
|
|
|
|
|