Bitcoin Forum
December 10, 2016, 08:59:27 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: URGENT: What is next and legitimate on MtGox after the security issue?  (Read 7139 times)
unk
Member
**
Offline Offline

Activity: 84


View Profile
June 19, 2011, 09:17:48 PM
 #21

Yes, it's legitimate. If the exchange was compromised, as it was, then trading after that was revealed was "fruit of the poisoned tree."

the exchange as an exchange was not compromised. at most, mt. gox as a broker, or an individual user account, was compromised (putting aside the leak of information, which hasn't been cited as a reason for a 'rollback'). the analogies to the 'flash crash' in the us stock markets is inapposite.

indeed, there is no 'fruit of the poisoned tree' theory in currency or commodity exchange. if i innocently sell you something of value for currency that you've stolen, i cannot generally reverse the transaction, even in legal systems in which that would not be true for stolen consumer goods (versus stolen currency).
1481360367
Hero Member
*
Offline Offline

Posts: 1481360367

View Profile Personal Message (Offline)

Ignore
1481360367
Reply with quote  #2

1481360367
Report to moderator
The block chain is the main innovation of Bitcoin. It is the first distributed timestamping system.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481360367
Hero Member
*
Offline Offline

Posts: 1481360367

View Profile Personal Message (Offline)

Ignore
1481360367
Reply with quote  #2

1481360367
Report to moderator
1481360367
Hero Member
*
Offline Offline

Posts: 1481360367

View Profile Personal Message (Offline)

Ignore
1481360367
Reply with quote  #2

1481360367
Report to moderator
1481360367
Hero Member
*
Offline Offline

Posts: 1481360367

View Profile Personal Message (Offline)

Ignore
1481360367
Reply with quote  #2

1481360367
Report to moderator
royalecraig
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW
June 19, 2011, 09:23:30 PM
 #22

Maybe Bitcoin should Call in Greenspan, Bernanke and co to offer advice on setting up a fair market trading system, anyway, it's a currency trading system, shouldn't bitcoiners be investing in startup companies offering real goods and services.
All these exchanges are is Casinos, trying to profit from fluctuations in relative prices between currencies, Bitcoin will fail unless there is investment in real start up companies. 

Sign Up at TradeHill with code TH-R14804
S3052
Legendary
*
Offline Offline

Activity: 1946


BTC Up or Down? go to www.bullbearanalytics.com


View Profile WWW
June 19, 2011, 09:24:05 PM
 #23

Yes, it's legitimate. If the exchange was compromised, as it was, then trading after that was revealed was "fruit of the poisoned tree."

the exchange as an exchange was not compromised. at most, mt. gox as a broker, or an individual user account, was compromised (putting aside the leak of information, which hasn't been cited as a reason for a 'rollback'). the analogies to the 'flash crash' in the us stock markets is inapposite.

indeed, there is no 'fruit of the poisoned tree' theory in currency or commodity exchange. if i innocently sell you something of value for currency that you've stolen, i cannot generally reverse the transaction, even in legal systems in which that would not be true for stolen consumer goods (versus stolen currency).
Agree with you. The comparison to the flash crash is not making sense.

>15years analysis experience

Always do your own due diligence & consult your financial advisor. Never invest unless you can afford to lose your entire investment.

http://twitter.com/BitcoinAnalyst

Subscribe here
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
June 19, 2011, 09:24:38 PM
 #24

-GPG signatures must be added to all orders. Authentication is moved client side.
-If the market goes +-(plus or minus) 10% in a day it should be closed for 6 hours to allow orders to accumulate and prices to stabilize.
-Market must be closed on weekends; orders can still be put in without showing the market depth.
-Even if the API is removed bots would still be able to continue.
-Orders cannot go +- 20% of the 24 hour moving average.

This are just some ideas.

As far as other stuff goes:
-MtGox must cover the losses, they claim only 1K USD worth of coins were stolen, this is way beyond their daily earnings in fees
-Market must be closed for 6 hours. Orders must be allowed to accumulate.
-MtGox must additionally leave the site closed until all security issues are solved.

DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 19, 2011, 09:35:00 PM
 #25

The funds didnt come from one user, the hacker had access to the database hence the leaked passwords. He simply credited his mtgox account with bitcoins and sold them.

The bitcoins that sold didnt belong to one person they belonged to everybody that had BTC in mtgox, including YOU. Thats why it was so large, it was literally the whole wallet.dat belonging to mtgox.

On the bright side mtgox used multiple wallets to share the risk, or everything would have been sold.

I think you are wrong. The message at mt gox clearly states:

"One account with a lot of coins was compromised and whoever stole it (using a HK based IP to login) first sold all the coins in there"

One account, that's all. Not to mention, I was trading at the time of the crash. My coins and USD were not compromised.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
finack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 19, 2011, 10:19:02 PM
 #26

the exchange as an exchange was not compromised. at most, mt. gox as a broker, or an individual user account, was compromised (putting aside the leak of information, which hasn't been cited as a reason for a 'rollback'). the analogies to the 'flash crash' in the us stock markets is inapposite.

I normally respect your views on things quite a bit, so I'm willing to consider that I'm on the wrong side of this debate. Just to be clear, I don't have any trades that would be cancelled, I assume you don't either?

I have a more practical question. Is Mt. Gox likely to have the capital to eat the bad trades if they didn't do a rollback? I understand some ~260k were moved at $0.01 Beyond the trades on the compromised account that they'd have to eat, I assume everyone who sold into the market as it crashed would want a refund based on the idea that it was MG's negligence that caused the move. Let's make it overly simple and say they have to come up with 500,000 BTC (todays volume-avg. volume) to make good.

So simplistically 500,000*$17.50= $8.75MM. I've never paid too much attention to how much money they've been making on trading volume, but it'd surprise me if they have that kind of liquid assets. If they couldn't cover all of the wrong side of all of the trades it seems they'd end up insolvent and potentially be unable to pay out even some regular depositors. That hardly sounds like an optimal solution.


bitcoinaddict
Member
**
Offline Offline

Activity: 75


View Profile
June 19, 2011, 10:58:07 PM
 #27

I just want to know how they can handle a rollback when a lot of people transferred BTC out that bought at sub $10.

How can you roll back a btc transaction?  You can't.  How does one simply create BTC's?  You can't.

So now MtGox has a database with X number of bitcoins in it, when in reality it is actually X-y (y being the number that were successfully transferred out after the fraudulent sale)

Even if they do a roll back, their wallet will download the updated block chain and show that they have less BTC than what their user database shows they have.  They are short BTC of an unknown amount.  They can only roll back their database, not the block chain (that's what we love about bitcoins, isn't it?)

I think they should tell us how much they are short, and what they plan on doing about it.  Not that half of the people on MtGox ever plan on using them again anyway.

But if everyone on Mt.Gox tried to withdraw their BTC tomorrow, MtGox wouldn't have enough BTC to cover it.  BTC would be fine, but users at MtGox may get screwed.  We will find out tomorrow when everyone on MtGox tries to cash out.

I'm glad that they have horrible support and I pulled my BTC and USD out days ago.  Who would want to do business with such a basement operation?  I'm just going to keep mining and holding on to my BTC until a better exchange comes around.  (hint, there already is one, I'll omit the name for fear of being accused of advertising)

https://bitcoinmonkey.com/images/btcmonkey_ub.png
Join https://www.bitcoinmonkey.com mining pool!  0% Fees for life, LP, super low stales, API, SSL (with a real cert!), growing fast!
VPoro
Jr. Member
*
Offline Offline

Activity: 39


View Profile
June 19, 2011, 11:15:39 PM
 #28

The funds didnt come from one user, the hacker had access to the database hence the leaked passwords. He simply credited his mtgox account with bitcoins and sold them.

The bitcoins that sold didnt belong to one person they belonged to everybody that had BTC in mtgox, including YOU. Thats why it was so large, it was literally the whole wallet.dat belonging to mtgox.

On the bright side mtgox used multiple wallets to share the risk, or everything would have been sold.

If you have access to the database, you can change your account to read anything you wish - the BTC in MtGox aren't real before they are transferred to someone's wallet.dat. That's probably why MtGox is doing a rollback - the 'lost BTC' aren't from anyone, they are just virtual coins which were just added to his account. This is exactly like hacking a real-life bank -- you can change your account to read what ever you wish, but before you actually get your money out from a counter or spend it somewhere, it does you no good. Exactly in the same way, the hacker changed his account to read an arbitrary number of BTC (which do not really exist), sold them for the virtual USD, and when he tried to withdraw those, he couldn't get out more than 1k USD due to the MtGox limit.

That's why a rollback is needed and is justified: the people who bought the 'BTC' for 0.01$ didn't actually buy any real BTC, they just bought MtGox monopoly-money BTC's which do not really exist.

Just my .02 BTC.

Donations are always appreciated - 13skSo2Wes5PEdwCXkP5QZLUw5A7oNtrkQ
Justsomeforumuser
Member
**
Offline Offline

Activity: 84


View Profile
June 19, 2011, 11:15:41 PM
 #29

you have no legal recourse in an unregulated exchange.

I find it both ultra sad and ultra hilarious people still have not understood the implications of this very thing.

I have yet to understand how anyone, and I mean anyone, could have put in a lump sum over the price of maybe 2 xbox games and a bag of cheetohs into BTC.
(Mining I can understand - that's some cents and spare time, but investing tens of thousands of currency onto uninsured, unregulated accounts? Well done! Financial Darwinism, hooooo!)

Ho-Hum.
bitcoinaddict
Member
**
Offline Offline

Activity: 75


View Profile
June 19, 2011, 11:22:19 PM
 #30

The funds didnt come from one user, the hacker had access to the database hence the leaked passwords. He simply credited his mtgox account with bitcoins and sold them.

The bitcoins that sold didnt belong to one person they belonged to everybody that had BTC in mtgox, including YOU. Thats why it was so large, it was literally the whole wallet.dat belonging to mtgox.

On the bright side mtgox used multiple wallets to share the risk, or everything would have been sold.

If you have access to the database, you can change your account to read anything you wish - the BTC in MtGox aren't real before they are transferred to someone's wallet.dat. That's probably why MtGox is doing a rollback - the 'lost BTC' aren't from anyone, they are just virtual coins which were just added to his account. This is exactly like hacking a real-life bank -- you can change your account to read what ever you wish, but before you actually get your money out from a counter or spend it somewhere, it does you no good. Exactly in the same way, the hacker changed his account to read an arbitrary number of BTC (which do not really exist), sold them for the virtual USD, and when he tried to withdraw those, he couldn't get out more than 1k USD due to the MtGox limit.

That's why a rollback is needed and is justified: the people who bought the 'BTC' for 0.01$ didn't actually buy any real BTC, they just bought MtGox monopoly-money BTC's which do not really exist.

Just my .02 BTC.

Wrong.  This is more equivalent to a hacker gaining access and adding money to their account, and WITHDRAWING some of it before the bank finds out and corrects the error.  Too bad they already hit up the ATM machine for an undisclosed amount of BTC.

Will we ever know?  It wouldn't be hard to find out but I doubt if MtGox will ever say how much BTC was transferred out.

https://bitcoinmonkey.com/images/btcmonkey_ub.png
Join https://www.bitcoinmonkey.com mining pool!  0% Fees for life, LP, super low stales, API, SSL (with a real cert!), growing fast!
speeder
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 19, 2011, 11:28:09 PM
 #31

He is not wrong.

And whis is why mtgox HAVE to roll back.

They cannot "invent" bitcoins to cover the 550k bitcoins stolen.

The only thing they can do is roll back everything. It will make all lucky buyers sad, but it is the "less worse" thing that can be done.


Not rolling back, or mtgox will have to become fractional reserve (you want that, are you SURE of it?) or mtgox will become bankrupt, pay a fraction of what each person own and close doors.

Yes, they made a lot of money, but they do not made 500k bitcoin.

bitcoinaddict
Member
**
Offline Offline

Activity: 75


View Profile
June 19, 2011, 11:34:12 PM
 #32

He is not wrong.

And whis is why mtgox HAVE to roll back.

They cannot "invent" bitcoins to cover the 550k bitcoins stolen.

The only thing they can do is roll back everything. It will make all lucky buyers sad, but it is the "less worse" thing that can be done.


Not rolling back, or mtgox will have to become fractional reserve (you want that, are you SURE of it?) or mtgox will become bankrupt, pay a fraction of what each person own and close doors.

Yes, they made a lot of money, but they do not made 500k bitcoin.

Dude you have it backwards.  They can't invent bitcoins, you are right, so they CANNOT rollback!  You can't go backwards with bitcoins!  The BTC transferred out of MtGox that were purchased at $10, $1, and $0.01 are gone from MtGox.  GONE.  They are in someone elses wallet now.  MtGox doesn't have them.  Their database says they have x users with y bitcoins, and their database will be WRONG.  They DO NOT have enough BTC to cover everyone's accounts.

Lucky buyers who got their BTC out to their wallets DONT CARE IF THERES A ROLLBACK BECAUSE IT WONT EFFECT THEM!!!!!!  THEY ALREADY HAVE THE BTC!  YOU CANT REVERSE A BTC TRANSACTION!

What part of that doesn't everyone understand?  MtGox should NOT do a rollback, and they should be financially responsible to the user whose account was hacked.  I don't even have money in MtGox but this is BAD for the community, to do a roll back.  Their exchange cannot be trusted, they do not have enough BTC to cover their deposits.  Is it 1 BTC Short, 10BTC Short, or 10k BTC short?  They won't say.  I wonder WHY?

https://bitcoinmonkey.com/images/btcmonkey_ub.png
Join https://www.bitcoinmonkey.com mining pool!  0% Fees for life, LP, super low stales, API, SSL (with a real cert!), growing fast!
Veldy
Member
**
Offline Offline

Activity: 98



View Profile
June 20, 2011, 12:39:24 AM
 #33

What's your suggestion?

SELL

That's mine.
Don't sell, bitcoin wasn't compromised.

But bitcoin doesn't have to suffer from Mt Gox problems.

I've heard only good things of Trade Hill.

It's great time to close your Mt Gox account and move somewhere else to make it clear that such a poor-secured service is not acceptable.

You are correct.  However, this is a clear attempt by "Durr" to manipulate the market to his buying advantage ... even if it is a long shot, it didn't cost him much to do it.  It isn't so different than the issues with truth and lies going around Yahoo Groups to manipulate stock prices in the years leading up to the DOT COM collapse in 2000 [so many attribute it to 9/11/2011 as the needle that popped the bubble, but fundamentals of the entire market were clear to me, a total stock NEWBIE in 2000, that prices were way to high for my own company, which was PSINET at the time [so I didn't buy options like so many of my co-workers did], and the price fell from over $50 to less than $0.25 very quickly and was delisted BEFORE 9/11/2001.  It was over and people were just starting to see it like the coyote who runs off a cliff while by chased by the road runner and then just sort of hangs there in mid-air with a "GULP" and then drops. 

In the real world, MtGox would be done, dead done, nailed to the wall and executed [meaning criminal proceedings, senate hearings, prosecutions and convictions .. well, in the US anyway].  However, this isn't the real world, it is the virtual one and people act very irrationally here and the market is very small and there is no regulation or law broken [other than by the person/people that committed the crime].  So, I don't predict the demise of MtGox, but nor do I dismiss it.

People like Durr though, should take a leap.

If you have found my post helpful, please donate what you feel it is worth: 18vaZ4K62WiL6W2Qoj9AE1cerfCHRaUW4x
unk
Member
**
Offline Offline

Activity: 84


View Profile
June 20, 2011, 12:44:24 AM
 #34

the exchange as an exchange was not compromised. at most, mt. gox as a broker, or an individual user account, was compromised (putting aside the leak of information, which hasn't been cited as a reason for a 'rollback'). the analogies to the 'flash crash' in the us stock markets is inapposite.

I normally respect your views on things quite a bit, so I'm willing to consider that I'm on the wrong side of this debate. Just to be clear, I don't have any trades that would be cancelled, I assume you don't either?

thanks for the kind words. i agree it's a complicated question, and reflection is useful.

to answer your question, you're correct: i don't have any trades that would be canceled. indeed, i don't even have a mt. gox account, having not trusted them for a long time (though i don't mean that specifically to impugn anything about their service - i simply lack trust in it). as usual, i'm not writing to the forum out of a narrow financial self-interest.

the best way, in my view, to understand the problem is to recognise that the part of mt. gox that implements a currency or commodity exchange was apparently not hacked or compromised in any way. if it had been, then trying to break executed trades would clearly be appropriate. but all that's reportedly happened is that mt. gox has identified what it believes is a theft, or a collection of thefts. to identify, after the fact, a theft that moved a market provides little reason to break a trade. as analogies, consider: (1) if the stolen amount had been only 500 btc, you'd never consider taking the money back from someone on the other side of a trade from the thief, and (2) if someone had stolen us dollars and used them to buy bitcoins on mt. gox, aiming to transfer them out before being detected, similarly mt. gox would probably not have thought to break any trades merely because the price of bitcoins temporarily doubled.

thus, if what they propose is done only in response to events on one side of the market, and only in response to arbitrarily selected events, it appears unprincipled and of little value to anyone. that said, i don't personally have a strong opinion about it; largely it's a contractual matter between mt. gox and its customers, and it threatens bitcoin as a technology only to the extent it undermines confidence in what is unfortunately a very concentrated market for currency exchanges. i think that on balance it would be a bad idea, systemically speaking.

Quote
I have a more practical question. Is Mt. Gox likely to have the capital to eat the bad trades if they didn't do a rollback? I understand some ~260k were moved at $0.01 Beyond the trades on the compromised account that they'd have to eat, I assume everyone who sold into the market as it crashed would want a refund based on the idea that it was MG's negligence that caused the move. Let's make it overly simple and say they have to come up with 500,000 BTC (todays volume-avg. volume) to make good.

So simplistically 500,000*$17.50= $8.75MM. I've never paid too much attention to how much money they've been making on trading volume, but it'd surprise me if they have that kind of liquid assets. If they couldn't cover all of the wrong side of all of the trades it seems they'd end up insolvent and potentially be unable to pay out even some regular depositors. That hardly sounds like an optimal solution.

reports were that it was making $70,000 per day, but not presumably for very long. i doubt it would have the capacity to insure all user accounts or even this one large one, and it's not clear that it would have a responsibility to do so. but that's a separate question from whether they break trades made in good faith.
goldcd
Jr. Member
*
Offline Offline

Activity: 32


View Profile
June 20, 2011, 01:12:49 AM
 #35

First up, I use Mt Gox, but keep balances in BTC/dollars as low as makes no difference if it all vanished.

We all rushed into this happy anarchistic world of 'our money' without big brother looking over our shoulder with glee and excitment - the shackles falling from our feet.
The relished the startup trading sites and the idea of shadowy Keyser Soze masterminds lurking behind the scenes making out like bandits.

The moment something goes wrong, we all immediately start reaching for our pitch-forks, demanding regulation and over-sight and bleating about our consumer rights.
Nobody apart from me seeing any irony in this?

I assume the next step is that the exchanges will be stressing that they're based in the US, comply to all US laws, are audited by the banking authorities and withdrawals are only allowed upon the recipient faxing in a copy of their passport..

Either bitcoin is free-market-anarchy, Mt Gox can do what they want and we decide whether we want to use them, or another site, following this - we have the right to choose, but that's about it.
Or we regulate the arse out of it and make the entire thing pointless.

Possibly the (good) outcome is that it'll just fragment the trading market - you want to use the one that charges 1% on transactions and under-writes your cash, or the nice scuzzy one that runs in Belize.

My understanding of what happened at MtGox was that somebody hacked their way in, got a load of BTC, flogged them all trashing the market and then found out they could only pull out $1000 of their BTCs?
If this is the case, rolling back everything seems the only sensible thing to do - with MtGox covering any of the coins/cash that left their little ecosystem out of their own pocket.
Assuming the limit on withdrawal is $1000 with of BTC though, was that worked out on the average over the last 24/48 hours, or at the last traded price the market was pushed down to?
Anyway, I've wondered away off the topic now.
Veldy
Member
**
Offline Offline

Activity: 98



View Profile
June 20, 2011, 01:45:46 AM
 #36

They can't do a full rollback.  Anybody who has bitcoins in their wallet (withdrawn from Mtgox) from a trade during that timeframe has possession and is by no means responsible for reversing; by the very nature of bitcoin they are not responsible.  That means that money and bitcoins MUST come out of the Mtgox coffers to complement the half of the trade that they still have control of and want to reverse.  If they don't have the capital and coins to cover this, then they will have to announce that they cannot reverse transactions as announced and take true licks.  If they have the money, but not the bitcoins then they still have a problem as they would have to purchase the coins to cover the transactions reversed that would result in bitcoins.  They can't buy then on the open market as their exchange is down and volume definitely low (people would sell at a premium knowing that they must buy coins at any cost which would spike the price on low volume ... only real damage is to Mtgox).  So, if they have the money and not the coins then I expect they will either make a private trade with somebody with a large hoard, but more likely they will get a bitcoin loan ... and the first place that I would look to for that are the large pool operators.  It is in the interest if the pools to see trading resume and confidence renewed in trading (with our without Mtgox is irrelevant).  I think the likely case is that Mtgox is coin shy only or both coin shy and currency shy.  If the latter, I would expect an announcement soon about their inability to reverse and what they intend to do, if anything.  If they started rolling back transactions without doing the obvious accounting to cover the coin loss from trades that occurred and  bitcoins withdrawn and find out while doing this that they can't complete it, they may be in a mess that they can't get out of. We will know soon enough without a doubt.

If you have found my post helpful, please donate what you feel it is worth: 18vaZ4K62WiL6W2Qoj9AE1cerfCHRaUW4x
Veldy
Member
**
Offline Offline

Activity: 98



View Profile
June 20, 2011, 01:55:17 AM
 #37

First up, I use Mt Gox, but keep balances in BTC/dollars as low as makes no difference if it all vanished.

We all rushed into this happy anarchistic world of 'our money' without big brother looking over our shoulder with glee and excitment - the shackles falling from our feet.
The relished the startup trading sites and the idea of shadowy Keyser Soze masterminds lurking behind the scenes making out like bandits.

The moment something goes wrong, we all immediately start reaching for our pitch-forks, demanding regulation and over-sight and bleating about our consumer rights.
Nobody apart from me seeing any irony in this?

I assume the next step is that the exchanges will be stressing that they're based in the US, comply to all US laws, are audited by the banking authorities and withdrawals are only allowed upon the recipient faxing in a copy of their passport..

Either bitcoin is free-market-anarchy, Mt Gox can do what they want and we decide whether we want to use them, or another site, following this - we have the right to choose, but that's about it.
Or we regulate the arse out of it and make the entire thing pointless.

Possibly the (good) outcome is that it'll just fragment the trading market - you want to use the one that charges 1% on transactions and under-writes your cash, or the nice scuzzy one that runs in Belize.

My understanding of what happened at MtGox was that somebody hacked their way in, got a load of BTC, flogged them all trashing the market and then found out they could only pull out $1000 of their BTCs?
If this is the case, rolling back everything seems the only sensible thing to do - with MtGox covering any of the coins/cash that left their little ecosystem out of their own pocket.
Assuming the limit on withdrawal is $1000 with of BTC though, was that worked out on the average over the last 24/48 hours, or at the last traded price the market was pushed down to?
Anyway, I've wondered away off the topic now.

I think that it is safe to say that there is no limit on bitcoin withdrawals.  The limit is on USD withdrawal and that is almost certainly to satisfy the bank they use and the regulatory issues that do apply to banks and currency transactions.

If you have found my post helpful, please donate what you feel it is worth: 18vaZ4K62WiL6W2Qoj9AE1cerfCHRaUW4x
FooDSt4mP
Full Member
***
Offline Offline

Activity: 182


View Profile
June 20, 2011, 03:15:10 AM
 #38

There is a limit on BTC withdrawals of $1000 worth.... But if you dropthe price to 0.01 first, that's 100,000 BTC.

As we slide down the banister of life, this is just another splinter in our ass.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 20, 2011, 03:58:12 AM
 #39

...I'm just going to keep mining and holding on to my BTC until a better exchange comes around.  (hint, there already is one, I'll omit the name for fear of being accused of advertising)

Better how? A huge bid/ask spread and almost no trading is better? MtGox is still the leader.
FYI: Their latest update says the site was not even compromised; The stolen data come from the computer of an auditor who had read-only access.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 20, 2011, 04:02:07 AM
 #40

The funds didnt come from one user, the hacker had access to the database hence the leaked passwords. He simply credited his mtgox account with bitcoins and sold them.

The bitcoins that sold didnt belong to one person they belonged to everybody that had BTC in mtgox, including YOU. Thats why it was so large, it was literally the whole wallet.dat belonging to mtgox.

On the bright side mtgox used multiple wallets to share the risk, or everything would have been sold.

If you have access to the database, you can change your account to read anything you wish - the BTC in MtGox aren't real before they are transferred to someone's wallet.dat. That's probably why MtGox is doing a rollback - the 'lost BTC' aren't from anyone, they are just virtual coins which were just added to his account. This is exactly like hacking a real-life bank -- you can change your account to read what ever you wish, but before you actually get your money out from a counter or spend it somewhere, it does you no good. Exactly in the same way, the hacker changed his account to read an arbitrary number of BTC (which do not really exist), sold them for the virtual USD, and when he tried to withdraw those, he couldn't get out more than 1k USD due to the MtGox limit.

That's why a rollback is needed and is justified: the people who bought the 'BTC' for 0.01$ didn't actually buy any real BTC, they just bought MtGox monopoly-money BTC's which do not really exist.

Just my .02 BTC.

Perhaps you know by now your speculation was not correct.

It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.


https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!