relative (OP)
Newbie
 Offline
Activity: 56
Merit: 0
|
 |
June 20, 2011, 12:30:51 PM |
|
I think you can confirm from blockexplorer that MtGox didn't loose a large amount of bitcoins. This seems to be their offline address: http://blockexplorer.com/address/1KLahQtqDNAXvrjNyfvgSBtAhwco5ZxLp4There was a transfer at 18:17, at the time MtGox noticed the attack according to this timeline: http://blog.zorinaq.com/?e=55There were no transactions in that address before that! Some on this board claim the hacker sold and bought a large amount of coins at 0.01 to be able to withdraw 1000$ worth of coins at 0.01. if any of these 400k were affected, this would show up on this address. of course, noone knows how many coins were at MtGox above that 400k, but these 400k seem to be safe. they were transferred to multiple other addresses at aprox 22:00 in 50k chunks and are now sitting there. unless the hacker got hold of the private key of MtGox's offline deposit address, the large recorded transactions were MtGox's. |
|
|
|
|
|
Epinnoia
|
|
June 20, 2011, 12:47:39 PM |
|
Some on this board claim the hacker sold and bought a large amount of coins at 0.01 to be able to withdraw 1000$ worth of coins at 0.01.
Based on the interview last night, I think MtGox claimed that the $1000 worth of bitcoins was based on them being in the neighborhood of $5-$10 each, rather than $0.01 each. I don't much care for the explanation given about the 'auditor' being hacked. They're citing privacy reasons for not giving out the name of the auditor, when in fact it is ridiculous to have any audit performed by unnamed entities. It's the name of the auditor, and their credibility therefrom, which gives credence to the audits they perform. Not naming the auditor is extremely suspicious, in my opinion. When asked why the auditor needed access to the live database, it was claimed that the audit being performed was to ensure that MtGox wasn't manipulating quoted prices to their own benefit. That's all great, but only if the auditor is legitimate. And we have no way of knowing that the auditor is legitimate if we don't know who the auditor is. What use is an audit performed by unnamed entities? It's worthless! |
|
|
|
|
relmeas
|
|
June 20, 2011, 12:53:43 PM |
|
how is it known that its that address?
i guess one could find out by making sure its the one used to transfer funds from the temporary addresses given out when adding funds to account...
|
|
|
|
|
relative (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 20, 2011, 12:57:09 PM |
|
how is it known that its that address?
1. there was only one large trade on this day. it originated from this address, which wasnt touched for a week before that. 2. apparently it was known before that day that this address belongs to MtGox, see for example: http://forum.bitcoin.org/index.php?topic=17897.0 |
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1026
|
|
June 20, 2011, 01:04:14 PM |
|
Some on this board claim the hacker sold and bought a large amount of coins at 0.01 to be able to withdraw 1000$ worth of coins at 0.01.
Based on the interview last night, I think MtGox claimed that the $1000 worth of bitcoins was based on them being in the neighborhood of $5-$10 each, rather than $0.01 each. I don't much care for the explanation given about the 'auditor' being hacked. They're citing privacy reasons for not giving out the name of the auditor, when in fact it is ridiculous to have any audit performed by unnamed entities. It's the name of the auditor, and their credibility therefrom, which gives credence to the audits they perform. Not naming the auditor is extremely suspicious, in my opinion. When asked why the auditor needed access to the live database, it was claimed that the audit being performed was to ensure that MtGox wasn't manipulating quoted prices to their own benefit. That's all great, but only if the auditor is legitimate. And we have no way of knowing that the auditor is legitimate if we don't know who the auditor is. What use is an audit performed by unnamed entities? It's worthless! I'm sure they would have been more than happy to name the auditor two days ago. But now, I can understand them keeping quiet. And at this point, do you really care what the financial auditor has to say, nameless or not? Sounds like they will be attempting to recover the losses from the auditor. Depending on how that goes, we'll probably find out their name when that is done. |
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
June 20, 2011, 01:31:17 PM |
|
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
relative (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 20, 2011, 01:33:37 PM |
|
that would be 500 mil. bitcoins. sensationalist? |
|
|
|
|
|
bitclown
|
|
June 20, 2011, 01:38:16 PM |
|
You better have your microphones sorted out today...  |
|
|
|
|
|
Clipse
|
|
June 20, 2011, 01:38:21 PM |
|
GOD could you please stop injecting your own "company" at the expense of every single thread ? Its really becoming spammy. |
...In the land of the stale, the man with one share is king... >> ClipseWe pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
|
|
|
|
just_someguy
|
|
June 20, 2011, 01:40:34 PM |
|
OMG Bruce, if this is true then my hat is off to you.
|
|
|
|
|
F104
Newbie
Offline
Activity: 26
Merit: 0
|
|
June 20, 2011, 01:43:54 PM |
|
It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked. No, you weren’t hacked, you employed people with as much responsibility, professionalism, and sense of duty as you: none. It makes it OK that it was "someone else" and not Gox? Earlier, Gox blamed each victimized user even as the complaints mounted. Gox' character seems at the level of a 12 year old. |
|
|
|
|
aral
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 20, 2011, 02:04:06 PM |
|
they should use some of these bitcoins to compensate the people whose money they lost through bad security
|
|
|
|
|
Rob Lister
Newbie
Offline
Activity: 54
Merit: 0
|
|
June 20, 2011, 02:10:34 PM |
|
I don't know how exchanges are regulated. I don't know what typical practices are. But this bothers me more than a little. I didn't have a gox account and I certainly don't intend to get one now.
Like I say, maybe their business practices are typical but...
1) why is the auditor unnamed? that should have been public information both before and after the incident.
2) why does an auditor have a copy of the exchange database (read-only or otherwise) on an unsecured machine?
3) why does the copy of the exchange database include the email and password columns?
these are just a few questions.
|
|
|
|
|
|
airdata
|
|
June 20, 2011, 02:13:45 PM |
|
clipse : if bruce is going to get more info on this... it's not spam. Had i not seen it in this thread, i wouldn't know about it.
So Bruce : Are you saying you're going to have the guy who hacked mtgox on?
|
|
|
|
|
piuk
|
|
June 20, 2011, 02:14:39 PM |
|
|
|
|
|
Rob Lister
Newbie
Offline
Activity: 54
Merit: 0
|
|
June 20, 2011, 05:55:49 PM |
|
I don't know how exchanges are regulated. I don't know what typical practices are. But this bothers me more than a little. I didn't have a gox account and I certainly don't intend to get one now.
Like I say, maybe their business practices are typical but...
1) why is the auditor unnamed? that should have been public information both before and after the incident.
2) why does an auditor have a copy of the exchange database (read-only or otherwise) on an unsecured machine?
3) why does the copy of the exchange database include the email and password columns?
these are just a few questions.
have any of these questions been answered in another thread? |
|
|
|
|
Chick
Member
Offline
Activity: 70
Merit: 10
|
|
June 20, 2011, 05:59:37 PM |
|
ON A SIDE NOTE: 20000th THREAD HERE!
|
|
|
|
|
Freakin
|
|
June 20, 2011, 06:00:43 PM |
|
I think the plan for teh hackers was to withdraw $1000 worth of BTC at $.01, but they likely expected the trade to be executed instantly.
Instead, the price steadily dropped for 10-15 minutes while everyone watched, then as soon as it was over tons of bids and asks were added and price immediately shot back up to $10-12.
Adam Barr yesterday confirmed that only about 100-200 bitcoins were transferred out around the $10 mark, not hte 100,000BTC that people are speculating on.
|
|
|
|
|
Batouzo
Member
Offline
Activity: 70
Merit: 10
|
|
June 20, 2011, 06:04:24 PM |
|
Hey I seen that link before. Must you spam your websites each 5 posts in each thread each minute of each hour? |
|
|
|
|
|
