Bitcoin Forum
December 09, 2016, 01:53:22 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Mtgox's official story could be wrong. The BTC of many accounts was sold.  (Read 11155 times)
ahtremblay
Jr. Member
*
Offline Offline

Activity: 50


View Profile
June 19, 2011, 09:47:02 PM
 #1

I believe a hacker got hold of everyone's account at mtgox. This hacker then executed a looping script that logged into a number of accounts one by one and issued a sales order for the full BTC balance in these select accounts. After 2 minutes, the loop was completed and all BTC held of the mtgox's clients accounts were offered for sale on the mtgox market.

This drove the price of BTC down to almost nothing. mtgox as a withdrawal limit of 1000$ equivalent BTC per 24 hour period. With the price to almost nothing, the hacker could withdraw almost any amount of BTC he wished from different accounts. I think in a few days or weeks some people will learn they have lost a fortune in this attack.

We must face the reality that mtgox is short on BTC. They do not have the BTC they claim they have.


This is just a warning. I am not saying it is the case that this happened. Just that it is a possibility.





Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481291602
Hero Member
*
Offline Offline

Posts: 1481291602

View Profile Personal Message (Offline)

Ignore
1481291602
Reply with quote  #2

1481291602
Report to moderator
1481291602
Hero Member
*
Offline Offline

Posts: 1481291602

View Profile Personal Message (Offline)

Ignore
1481291602
Reply with quote  #2

1481291602
Report to moderator
1481291602
Hero Member
*
Offline Offline

Posts: 1481291602

View Profile Personal Message (Offline)

Ignore
1481291602
Reply with quote  #2

1481291602
Report to moderator
padrino
Legendary
*
Offline Offline

Activity: 1260



View Profile
June 19, 2011, 09:51:14 PM
 #2

I was watching my account until after this happened and nothing was missing, what you saw is every buy order being executed as a large sell order was filled.

1CPi7VRihoF396gyYYcs2AdTEF8KQG2BCR
ahtremblay
Jr. Member
*
Offline Offline

Activity: 50


View Profile
June 19, 2011, 09:52:55 PM
 #3

I am stating that a script was run to offer for sale every BTC in every mtgox account.

I am not staying the BTC left mtgox. Mtgox might have been able to shut it down before the person could withdraw sufficient amount.
Keenan79
Newbie
*
Offline Offline

Activity: 18


View Profile
June 19, 2011, 09:53:40 PM
 #4

and you can't have script selling many small amounts only from 1 account?
ahtremblay
Jr. Member
*
Offline Offline

Activity: 50


View Profile
June 19, 2011, 09:55:26 PM
 #5

and you can't have script selling many small amounts only from 1 account?

You have to think here. The passwords/accounts of every account is out! Then you get thousands of micro sales with a bunch of big sales moments before. For a total sum larger than any account in the blockexplorer. Look at the evidence!
speeder
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 19, 2011, 10:01:44 PM
 #6

You are talking BS, because I was there when it happened, logged on mtgox, and when it was over, my account was untouched.

What you see on that list, is individual bids being supplied by a single sell order.

SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
June 19, 2011, 10:02:18 PM
 #7

You wouldn't see one big sell order because there isn't one big buy order.  In order to sell that much BTC, you have to make a transaction for every single buy order that is out there, one at a time.

Sorry OP, but you're wrong.
ahtremblay
Jr. Member
*
Offline Offline

Activity: 50


View Profile
June 19, 2011, 10:03:49 PM
 #8

You are talking BS, because I was there when it happened, logged on mtgox, and when it was over, my account was untouched.

What you see on that list, is individual bids being supplied by a single sell order.

Not every account would be compromised. Some accounts have stronger passwords and have a salt, making them harder to brute force. But the majority does not.
ahtremblay
Jr. Member
*
Offline Offline

Activity: 50


View Profile
June 19, 2011, 10:04:44 PM
 #9

You wouldn't see one big sell order because there isn't one big buy order.  In order to sell that much BTC, you have to make a transaction for every single buy order that is out there, one at a time.

Sorry OP, but you're wrong.

If that is the case, I am perfectly able to accept it. If fact I hope that is the case.
Philj
Sr. Member
****
Offline Offline

Activity: 386



View Profile
June 19, 2011, 10:05:28 PM
 #10

if someone put in a single order to sell 50,000 BTC at $.01 then however many small buy orders were out there would have all been executed as different transactions, and there would now be thousands of people that bought BTC at prices all the way down to $.01. It is more likely that a single large account created those transactions rather than a lot of individuals accounts.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 19, 2011, 10:08:17 PM
 #11

I was watching my account until after this happened and nothing was missing, what you saw is every buy order being executed as a large sell order was filled.

+1
Everyone be careful about believing these BS threads, the trolls are here again today.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
icaci
Newbie
*
Offline Offline

Activity: 26


View Profile
June 19, 2011, 10:10:08 PM
 #12

All leaked passwords are either MD5 hashes or FreeBSD MD5 crypt() hashes. The attacked must have changed all hashes to a known one in order to be able to log into each other users' account. It's not impossible to execute a simple UPDATE query given the fact that the entire passwords database was dumped. Then it would be impossible for you to log into your MtGox account unless the hacker has restored the original hashes.

1KaohAcY7Zjq7eVa8WvVGrVnry3CqgkcmH
dutt
Member
**
Offline Offline

Activity: 111



View Profile
June 19, 2011, 10:14:22 PM
 #13

OP you are totally wrong.
Those small orders represent the OTHER SIDE OF THE TRADE. The one big sell order was chewing through the open book.

kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 19, 2011, 10:34:22 PM
 #14

Most people have never tried to code a big exchange market, so they have no idea how they work, or what they look like in action.  Those of us who have aren't fooled.

The exchange has two lists, one for buy orders, one for sell orders.  The order matcher finds the buy order with the highest amount, and the sell order with the lowest amount.  If there is a tie in either of these, it will go to the oldest one.  If there is an overlap, a sale is recorded, balances are updated, the smaller order is closed, the larger order is decremented by the size of the smaller order (or if they were the exact same size, they both close).  Rinse, repeat.

A large order, like selling 500,000 coins for not less than 0.01 $ each, will hit thousands of buy orders, one by one as it chews through the order book.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 19, 2011, 11:12:10 PM
 #15

I don't want to be guy carrying the bad news. Don't shoot me! I'm just the messenger! But I also believe MtGox's coins had been depleted.
MtGox has a 1000 USD limit or equivalent BTC, at 0.01 this means 100,000 btc can be withdraw at once.
By seeing the users file, I come to a conclusion that the attackers could use any number of those accounts, if not all, to trade and withdraw.

This is a snap of bitcoinmonitor during the attack, notice the last transactions leading to the 500K. Looks like the robber getting away with his heist.



Just hope I'm wrong...
TurboK
Full Member
***
Offline Offline

Activity: 137



View Profile
June 19, 2011, 11:20:40 PM
 #16

... I'm a little bit confused. It is obvious that the stolen database wasn't used to mass sell on every account. Does that mean that the 400k btc withdraw was unrelated? Or it was related in that the owner of that wallet had his password stolen from the mtgox database?

Who made the database public to begin with?

12zJNWtM2HknS2EPLkT9QPSuSq1576aKx7

Tradehill viral bullshit code: TH-R114411
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 19, 2011, 11:24:54 PM
 #17

Someone was offering it for sale 17 hours ago here:

http://apps.ycombinator.com/item?id=2670302

and here:

http://pastebin.com/ui0nusuZ

So I think they're well related. Somebody may had buy or the seller himself decided to go for it.
ahtremblay
Jr. Member
*
Offline Offline

Activity: 50


View Profile
June 19, 2011, 11:26:34 PM
 #18

I don't want to be guy carrying the bad news. Don't shoot me! I'm just the messenger! But I also believe MtGox's coins had been depleted.
MtGox has a 1000 USD limit or equivalent BTC, at 0.01 this means 100,000 btc can be withdraw at once.
By seeing the users file, I come to a conclusion that the attackers could use any number of those accounts, if not all, to trade and withdraw.

This is a snap of bitcoinmonitor during the attack, notice the last transactions leading to the 500K. Looks like the robber getting away with his heist.



Just hope I'm wrong...

Things are getting clearer.

The hacker has access to many accounts with high BTC. He cannot withdraw because of the limit of 1000$ equivalent BTC. What does he do? He sells offs tons of BTC to drive the price down to almost nothing. Then he empties any number of BTC he wishes. The coins are depleted, many people lost a fortune.
dinzy
Member
**
Offline Offline

Activity: 98


Fuck Intel!


View Profile
June 19, 2011, 11:30:52 PM
 #19

Well I doubt they could get all accounts and know for a fact that mine did not sell any coins, but I also doubt that any one person would have such a huge amount of coins stashed on Mt Gox.  

I am betting either it was one person trying to dump stolen coins or that they hacked a significant number of accounts to accumulate the coins for the mass sell off.  

And what is the 400k withdrawal all about?  
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
June 19, 2011, 11:37:15 PM
 #20

It was a 500K movement, maybe the attacker merging the coins to his main wallet. Even @0.01 he couldn't withdraw that many.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!