Bitcoin Forum
November 19, 2024, 06:55:25 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Time-line of the MtGox attack  (Read 4766 times)
mrb (OP)
Legendary
*
Offline Offline

Activity: 1512
Merit: 1028


View Profile WWW
June 20, 2011, 02:32:08 AM
 #1

http://blog.zorinaq.com/?e=55

There is a massive amount of information on IRC and the forum threads. Hopefully I have done an okay job at summarizing the attack..
stillfire
Full Member
***
Offline Offline

Activity: 124
Merit: 101


View Profile
June 20, 2011, 02:43:44 AM
 #2

Nice timeline. I hadn't read about that big BTC transaction minutes before the MtGox shutdown yet.

Lost your wallet password? Try Stillfire's Password Recovery Service.
unk
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
June 20, 2011, 02:58:33 AM
 #3

just for argument's sake, what evidence does the public (anyone outside of mt. gox) have that there even was an attack? how would anyone know that it wasn't a large holder of bitcoins who was trying to sell, hoping to get a decent price from large dark pools he or she suspected existed? then, unhappy with the total price received from the bulk sale, this large holder could have then asked or paid mt. gox to roll things back.

i'm not suggesting that happened, but how would anyone know? many following the live data as it was happening assumed that it was simply a large holder of bitcoins selling, and that's not an unreasonable assumption.

the reason i ask is that people who did act on the data were not unreasonable to do so; a rollback for them is a presumably an odd surprise.
AbeSkray
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
June 20, 2011, 03:04:04 AM
 #4

Nice timeline. I hadn't read about that big BTC transaction minutes before the MtGox shutdown yet.
I agree! I was also unaware of the 432077.76654321 BTC transaction. Kinda strange that if you read the digits backwards you get a '12345667' sequence. Could that just be a fluke?

mrb: I'm curious about this:
Quote from: mrb
Many of these hashes, even those that appear to be strong passwords, show up on various websites about password brute-forcing. Notably, 2 days ago, a user named georgeclooney posted requests to crack some of these hashes on the InsidePro password recovery forums. He is almost certainly the same person who attacked MtGox.
Emphasis yours. Can you elaborate on why you think georgeclooney is the attacker? Is that based solely on the fact that he posted some of the hashes before they were publicly leaked?
stillfire
Full Member
***
Offline Offline

Activity: 124
Merit: 101


View Profile
June 20, 2011, 03:08:32 AM
 #5

just for argument's sake, what evidence does the public (anyone outside of mt. gox) have that there even was an attack? how would anyone know that it wasn't a large holder of bitcoins who was trying to sell, hoping to get a decent price from large dark pools he or she suspected existed? then, unhappy with the total price received from the bulk sale, this large holder could have then asked or paid mt. gox to roll things back.

That's certainly a thought that could be valid to play with but it seems unlikely.

The hacker explanation sounds plausible given the prior reports of accounts being hacked, and the subsequent release of password hashes. If there really was a large seller who legitimately wanted to 'try the waters' and sell off massive amounts of coins at once just to see how much he or she could get, and then somehow could convince MtGox to destroy their own reputation to roll back the transaction - and this sounds implausible already - how likely is it that that would happen at the same time as a massive security breach? Would that be staged too?

Lost your wallet password? Try Stillfire's Password Recovery Service.
Chick
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 20, 2011, 03:10:56 AM
 #6

Quote
Note to self: add support for Unix MD5-based crypt() hashes to whitepixel  )

Hahaha.

mrb (OP)
Legendary
*
Offline Offline

Activity: 1512
Merit: 1028


View Profile WWW
June 20, 2011, 03:13:32 AM
 #7

Quote from: mrb
Many of these hashes, even those that appear to be strong passwords, show up on various websites about password brute-forcing. Notably, 2 days ago, a user named georgeclooney posted requests to crack some of these hashes on the InsidePro password recovery forums. He is almost certainly the same person who attacked MtGox.
Emphasis yours. Can you elaborate on why you think georgeclooney is the attacker? Is that based solely on the fact that he posted some of the hashes before they were publicly leaked?

Yes, it is based on this fact.
nomnomnom
Sr. Member
****
Offline Offline

Activity: 313
Merit: 250



View Profile
June 20, 2011, 03:20:17 AM
 #8

Nice timeline. I hadn't read about that big BTC transaction minutes before the MtGox shutdown yet.
I agree! I was also unaware of the 432077.76654321 BTC transaction. Kinda strange that if you read the digits backwards you get a '12345667' sequence. Could that just be a fluke?

On this show which just ended from onlyonetv, the MT Gox guy said they did this transaction
to move the bitcoins to a secure wallet, and that only maybe something like 200 coins got lost.

Lets hope this is true...
stillfire
Full Member
***
Offline Offline

Activity: 124
Merit: 101


View Profile
June 20, 2011, 03:22:31 AM
 #9

On this show which just ended from onlyonetv, the MT Gox guy said they did this transaction
to move the bitcoins to a secure wallet, and that only maybe something like 200 coins got lost.

Lets hope this is true...

If so the timeline is off by a little since it says Mark Karpeles was only woken up after that transaction had occurred. I do hope it's true.

Lost your wallet password? Try Stillfire's Password Recovery Service.
bittrader
Jr. Member
*
Offline Offline

Activity: 42
Merit: 1



View Profile
June 20, 2011, 03:34:42 AM
 #10

FYI, on The Bitcoin Show tonight, one of the Mt. Gox guys said that the ~400k transfer was them taking security measures by moving their BTC to a different wallet.
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
June 20, 2011, 03:58:26 AM
 #11

http://blog.zorinaq.com/?e=55

There is a massive amount of information on IRC and the forum threads. Hopefully I have done an okay job at summarizing the attack..
Pretty good timeline! As for when the database was leaked, it was at least 5 minutes before you show it at. theymos can look up the exact time, since the post wasn't actually deleted.

GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
June 20, 2011, 04:03:27 AM
 #12


Be humble!
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
June 20, 2011, 04:14:34 AM
 #13

Quote from: mrb
Many of these hashes, even those that appear to be strong passwords, show up on various websites about password brute-forcing. Notably, 2 days ago, a user named georgeclooney posted requests to crack some of these hashes on the InsidePro password recovery forums. He is almost certainly the same person who attacked MtGox.
Emphasis yours. Can you elaborate on why you think georgeclooney is the attacker? Is that based solely on the fact that he posted some of the hashes before they were publicly leaked?

Yes, it is based on this fact.



HAHAHAHAHA. DUDE IS HILARIOUS. CALLED HIMSELF GEORGE CLOONEY BECAUSE OF OCEANS 11.


Definitely suave.

Be humble!
mrb (OP)
Legendary
*
Offline Offline

Activity: 1512
Merit: 1028


View Profile WWW
June 20, 2011, 04:24:02 AM
 #14

FYI, on The Bitcoin Show tonight, one of the Mt. Gox guys said that the ~400k transfer was them taking security measures by moving their BTC to a different wallet.

Someone else said it was a certain "Adam" on the show who said the 432k BTC txfer was MtGox transferring as a security precaution. "Adam" is not related to MtGox.

(Sorry I forget where I heard about this Adam. I'll try to get clarification about this transfer.)

But regardless, it worries that it was made (a minute) before MagicalTux appeard on IRC, where he was clearly just discovering the selloff, and hadn't started his investigation yet. Also it doesn't make sense that a "single account" was compromised and had hundreds of thousands of BTC in it. No one in his right mind keeps this amount of coins on MtGox (other than MagicalTux himself?), ask knightmb how he secures his 370k BTC Smiley
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
June 20, 2011, 04:28:17 AM
 #15

FYI, on The Bitcoin Show tonight, one of the Mt. Gox guys said that the ~400k transfer was them taking security measures by moving their BTC to a different wallet.

Someone else said it was a certain "Adam" on the show who said the 432k BTC txfer was MtGox transferring as a security precaution. "Adam" is not related to MtGox.

(Sorry I forget where I heard about this Adam. I'll try to get clarification about this transfer.)

But regardless, it worries that it was made (a minute) before MagicalTux appeard on IRC, where he was clearly just discovering the selloff, and hadn't started his investigation yet. Also it doesn't make sense that a "single account" was compromised and had hundreds of thousands of BTC in it. No one in his right mind keeps this amount of coins on MtGox (other than MagicalTux himself?), ask knightmb how he secures his 370k BTC Smiley
Adam works at MtGox. I think he's fairly new.

jibjabz
Newbie
*
Offline Offline

Activity: 59
Merit: 0


View Profile
June 20, 2011, 04:28:43 AM
 #16

What's the exact amount of the large transaction? Is this article accurate on that part? If so then that's not an internal Mt. Gox transaction making it even more likely than it already is that they're lying about the extent of this.
dana.powers
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
June 20, 2011, 04:40:00 AM
 #17

the input to the large transaction came entirely from the other large mtgox transaction of June 12th, which Tux explained at the time as being a security move to put majority of mtgox BTCs offline.  So we can be fairly confident the transfer was from MtGox offline storage.  Also, based on the numbers the full offline balance was moved.  So that makes sense.  I don't believe those BTC were available for withdrawal from mtgox.  For example, when I withdrew from mtgox a few days ago (spooked about increasing account compromise reports), the trx inputs were from 5 separate addresses.  I assume those are the online accounts and are the ones available for withdrawal, subject to daily limit.  I think it actually makes a lot of sense that he would re-secure the 400,000 offline BTC storage first thing when he woke up - before logging into IRC - even if he wasn't yet sure if an attack was in progress.
broker11
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
June 20, 2011, 04:54:29 AM
 #18

You should also consider including in the timeline the Mt. Gox passwords purportedly for sale on Friday

http://securityforthemasses.blogspot.com/2011/06/mt-gox-db-purportedly-for-sale.html

and people reporting coins stolen from Mt. Gox accounts over the weekend:

http://forum.bitcoin.org/index.php?topic=18858.0
mrb (OP)
Legendary
*
Offline Offline

Activity: 1512
Merit: 1028


View Profile WWW
June 20, 2011, 06:39:02 AM
 #19

Thanks, I did add the info.

I got confirmation from MagicalTux that the 432k BTC transfer was MtGox moving coins to a safer location.
bitrebel
Sr. Member
****
Offline Offline

Activity: 364
Merit: 251


View Profile
June 20, 2011, 07:01:50 AM
 #20

FYI, on The Bitcoin Show tonight, one of the Mt. Gox guys said that the ~400k transfer was them taking security measures by moving their BTC to a different wallet.

Only problem is, just previously he stated they had their bitcoins spread out into different accounts. Contradictions

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!