Bitcoin Forum
December 05, 2016, 12:58:07 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Hacked Account Owner: is a Buddhist Monk  (Read 5237 times)
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 616


Preaching the gospel of Satoshi


View Profile
June 21, 2011, 03:56:53 AM
 #1

I seriously believe that the only account being compromised is Mt.Gox's.

See the psychological side here:
ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.
Anyone would be twitting about it, shouting about it, ranting about it, talking to the press, talking shit about Mt.Gox, and cursing God, the Devil, the Archangels and his own mother.

This is the critical factor I consider since I am a psychology major I am way more attentive on behavioral cues.
It is totally abnormal this silence from the account owner.
Either this user doesn't exist or he is a Buddhist monk with the lowest neuroticism level in the history of mankind.

According to Mt.Gox 500,000 BTC were stolen from ONE account, and that not only that such accumulation of wealth in a eWallet account is highly implausible, but observing the calmness of that supposed owner I am inclined to believe that that owner is non-existent.
The only one going bananas is Mt.Gox. Obviously you can claim Mt. Gox is simply protecting the credibility of his exchange site, but what is really interesting is that he insists on reverting back when actually there are other options.

Why would an exchange protect the interests of only ONE user? When accounts got hacked in the past, MtGox took the bullet and reimbursed partially to the hacked user, but never reverted back a whole history of transactions.
Also why is MtGox so adamant in defending this single affected user?

If that doesn't make sense then, we have three options left:
1) The REAL Account Owner: The hacked account "single user" account are Mt.Gox's or it belongs to someone closely related to Mt.Gox.
2) The PWNAGE Cover Up:The "single user account" is a cover story to hide the fact that actually the site got compromised much deeper than they are willing to admit. (loss of credibility would be the death of Mt.Gox)
If the auditor/attacker got access to the passwd file, he could have cracked hundred of accounts in hours.
I am currently testing that idea out, I've been trying to crack the hashes for 3 hours and I neared 600 accounts cracked, all of them from salted hashes and weak passwords. A simple script could have siphoned all the bitcoins out when the attack wasn't yet detected (maybe salami sliced, that's why nobody really noticed any thievery).
The worst case scenario is that the attacker has been in control of the site from a long time and he actually didn't need to crack any password, he simply got them all in plaintext.
3) The STOOPID Cover Up: We can never leave out the most stupid causes, since stupid mistakes happens everytime, maybe it was a typing mistake, a new employee, a girlfriend playing with the admin panel, etc...

These three possibilities makes Mt.Gox's claims understandable, it would be humilliating and his credibility would be completely stained forever. He wouldn't be able to admit such stupid mistakes.

But one thing is definitive: The argument about a single user being hacked makes NO SENSE AT ALL.
1480942687
Hero Member
*
Offline Offline

Posts: 1480942687

View Profile Personal Message (Offline)

Ignore
1480942687
Reply with quote  #2

1480942687
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480942687
Hero Member
*
Offline Offline

Posts: 1480942687

View Profile Personal Message (Offline)

Ignore
1480942687
Reply with quote  #2

1480942687
Report to moderator
1480942687
Hero Member
*
Offline Offline

Posts: 1480942687

View Profile Personal Message (Offline)

Ignore
1480942687
Reply with quote  #2

1480942687
Report to moderator
Oldminer
Legendary
*
Offline Offline

Activity: 1022



View Profile
June 21, 2011, 03:59:15 AM
 #2

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

If you like my post please feel free to give me some positive rep https://bitcointalk.org/index.php?action=trust;u=18639
Tip me BTC: 1FBmoYijXVizfYk25CpiN8Eds9J6YiRDaX
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 616


Preaching the gospel of Satoshi


View Profile
June 21, 2011, 04:03:00 AM
 #3

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

The point is Mt.Gox reputation is on the line.
If it is lying, as he probably is, then it is not reliable anymore.
We can't tell the real story behind it, we can't make a damage assessment from it.
We can't rely on Mt. Gox.

Neither the best case scenario (they are trying to save face) nor the worst (they got fucked very deep up to the colon) are really comforting.
Mt Gox CAN'T be trusted.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 21, 2011, 04:03:39 AM
 #4

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

Often I agree with you Oldminer, and I'm not looking to pick a fight.

1) Despite the huge overload of Gox threads, this one has a new twist. The Monk idea is clever, IMO.
2) This is also pretty valid, "The single hacked user account makes NO SENSE AT ALL.". I'm OK with the idea of a single account doing the damage, but there is no way any "Old Miner" or big investor would have ever placed that much into a single account, unleass they intended to crash the market, IMO.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
Hook^
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 21, 2011, 04:03:52 AM
 #5

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..
Because if it is Elmer Fudd, then Bugs Bunny will be getting the bitcoins vewy vewy soon.
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 616


Preaching the gospel of Satoshi


View Profile
June 21, 2011, 04:04:45 AM
 #6

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

Often I agree with you Oldminer, and I'm not looking to pick a fight.

1) Despite the huge overload of Gox threads, this one has a new twist. The Monk idea is clever, IMO.
2) This is also pretty valid, "The single hacked user account makes NO SENSE AT ALL.". I'm OK with the idea of a single account doing the damage, but there is no way any "Old Miner" or big investor would have ever placed that much into a single account, unleass they intended to crash the market, IMO.

Uhm, that is a possibility I haven't considered.
But who would be willing to lose 8 Millions? What is their gain by crashing the market?
nhodges
Sr. Member
****
Offline Offline

Activity: 308


View Profile
June 21, 2011, 04:10:24 AM
 #7

passwd file != exchange user database

riddle me this

Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 21, 2011, 04:12:54 AM
 #8

And your point is?

What difference does it make whether the account belongs to MtGox or Elmer Fudd..

Often I agree with you Oldminer, and I'm not looking to pick a fight.

1) Despite the huge overload of Gox threads, this one has a new twist. The Monk idea is clever, IMO.
2) This is also pretty valid, "The single hacked user account makes NO SENSE AT ALL.". I'm OK with the idea of a single account doing the damage, but there is no way any "Old Miner" or big investor would have ever placed that much into a single account, unleass they intended to crash the market, IMO.

Uhm, that is a possibility I haven't considered.
But who would be willing to lose 8 Millions? What is their gain by crashing the market?

What is that old Latin phrase for "who benefits?"

What is their gain by crashing the market?
I try not to be a conspiracy kook

CIA/NSA
If you are a Government who is threatened by BTC, and can print unlimited supplies of USD, would you have been a bug buyer either early on or the night it jumped from 14 to 19, then 19 to 24 in huge buy moves?


Much of this daily BTC drama is really being written in a Gov office somewhere, and then presented to us*?  

*HI, I'm Kevin Your New Guest Star In The Bitcoin Wars!   Cheesy

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
dana.powers
Newbie
*
Offline Offline

Activity: 21


View Profile
June 21, 2011, 04:15:11 AM
 #9

perhaps the 500,000 BTC were transferred in from the stolen wallet files obtained via the trojan that's been circulating?  Not sure that makes total sense, but it might explain why someone with 500,000 BTC would have them all in mtgox.
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 616


Preaching the gospel of Satoshi


View Profile
June 21, 2011, 04:16:26 AM
 #10

passwd file != exchange user database

riddle me this

Don't be such a nerd, don't troll about terminologies, you know what I meant.
I am cracking the FreeBSD MD5 hashes of the leaked userbase from MtGox. Happy now?
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
June 21, 2011, 04:18:03 AM
 #11

ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.

Why do you assume that it is someone that knows they lost a bunch of bitcoins?

Why can't it be some dude that gathered up a shitload of coins when they were worth less than belly button lint, and has long since forgotten about the whole project?

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 21, 2011, 04:21:23 AM
 #12

ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.

Why do you assume that it is someone that knows they lost a bunch of bitcoins?

Why can't it be some dude that gathered up a shitload of coins when they were worth less than belly button lint, and has long since forgotten about the whole project?

I'm almost certain MtGox did not exist during the days of the 20,000BTC pizza, so the funds could not have been transferred then.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 21, 2011, 04:26:30 AM
 #13

What if...



just...

WHAT IF....



the account was owned by the hacker!!! oMG revelation!!


hack account -> withdraw -> add fund to hacker's own account
hack account -> withdraw -> add fund to hacker's own account
hack account -> withdraw -> add fund to hacker's own account
hack account -> withdraw -> add fund to hacker's own account
.
.
.
profit
Hook^
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 21, 2011, 04:30:19 AM
 #14

I'm almost certain MtGox did not exist during the days of the 20,000BTC pizza, so the funds could not have been transferred then.
They didn't.  It was only BitcoinMarket back then.
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 616


Preaching the gospel of Satoshi


View Profile
June 21, 2011, 04:35:41 AM
 #15

ANYONE LOSING 500,000 BTC (more or less worth $8,500,000 USD) WOULD BE GOING APESHIT INSANE.

Why do you assume that it is someone that knows they lost a bunch of bitcoins?

Why can't it be some dude that gathered up a shitload of coins when they were worth less than belly button lint, and has long since forgotten about the whole project?
Do you think that 500,000 BTC can be obtained from thin air?
Under the assumption that it really belongs to a single user:

  • If they were acquired when Bitcoins where worth 0.01, it would still had been a significant investment: $5000 USD
  • If he didn't buy it and farmed it, the farming of 500,000 BTC signifies that he knows the intrinsic value of it, so he was quite dedicated on the project.

Both scenarios make very implausible that the owner would suddenly forget about their generated/purchased bitcoins, it shows interest, dedication, appreciation and/or faith for the bitcoin economy.
In the event of forgetting about it for a while, that hypothetical person wouldn't neglect that the prices increased more than 200,000% from the time he acquired/generated them.
And certainly everyone who is marginally related to bitcoins must have heard about jumping to $30 USD = 1 BTC. IF he had forgotten, that news might have reminded him that he was awesomly rich. Such news sparks interest again towards the bitcoins.

Who ever was/is the hypothetical owner, MUST HAVE KNOWN about his WEALTH.
Considering all above, the "Ignored and abandoned" argument is highly, very highly implausible.

Now, who would put more than 500,000 BTC in one exchange? That really escapes me.
Anyone who has that much in one site must have close relationships with the owner, otherwise I don't see how you would trust such amount in one place.
On the other hand, it would also make sense that it is a government conspiration, but considering that the bitcoin economy is still experimental I wonder if they would take such preventive measures to try to destroy it.

Personally I rather the explanation of the cleaning lady cleaning the keyboard and pressing "Sell 0.01"... would you admit such error if this were true and you were MtGox? LOL
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 21, 2011, 04:41:23 AM
 #16

I'm almost certain MtGox did not exist during the days of the 20,000BTC pizza, so the funds could not have been transferred then.
They didn't.  It was only BitcoinMarket back then.

I wish I'd been here then, you folks had a great little group.   Smiley

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
niemivh
Full Member
***
Offline Offline

Activity: 196



View Profile
June 21, 2011, 05:18:43 AM
 #17

If that doesn't make sense then, we have three options left:
1) The REAL Account Owner: The hacked account "single user" account are Mt.Gox's or it belongs to someone closely related to Mt.Gox.
2) The PWNAGE Cover Up:The "single user account" is a cover story to hide the fact that actually the site got compromised much deeper than they are willing to admit. (loss of credibility would be the death of Mt.Gox)[/size]

Bingo.

My guess is that it was their 'bank' account or something to that effect which actually contained the total funds in BTC of the entire exchange or a sizable portion of it.  I'm about 90% certain that they are insolvent and probably shitting bricks right now trying to determine what to do about it.  It might not be up for quite a while.  If they are insolvent that raises an interesting question:

1) Is it a 'bank run' as soon as the exchange opens?  (expect X lawsuits)
2) Do all MtGox assets get triaged and we get a portion of what we held there?  (expect 10x lawsuits)
3) Does and can MtGox "eat" the loses and then pays to make everyone whole (definitely the best long term solution for them),but do they have the assets?
        a.  If they don't can they raise money to buy BTC over-the-counter to become re-solvent?  Or do they come clean about insolvency and not allow people to withdraw until they gain enough money in fees to make everyone whole.  (this would crush the price of BTC into the ground but probably have the least legal implications).
        b.  Remain insolvent, don't tell this and hope that there isn't a 'bank run' (hopefully nobody over there at MtGox is proposing this, this is a BAD idea)

On a side note should the Exchanges prevent this type of 'dumping'?  I would definitely say yes that a certain account can only sell so much at least making the user have to have multiple accounts in order to dump more, therefore lowering the security risk by having a single user with 500k BTC, if you buy that story.

Lol, I bet the 'free market' fanatics here are starting to see how regulation comes into existence. 

I'll keep my politics out of your economics if you keep your economics out of my politics.

16LdMA6pCgq9ULrstHmiwwwbGe1BJQyDqr
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 21, 2011, 05:21:44 AM
 #18

...
        b.  Remain insolvent, don't tell this and hope that there isn't a 'bank run' (hopefully nobody over there at MtGox is proposing this, this is a BAD idea)
...

Depending on the actual loses: The $1000/day limit will stop a bank run, or at least slow it down, while people get to trade.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
sortedmush
Full Member
***
Offline Offline

Activity: 126


The geek shall inherit the earth.


View Profile
June 21, 2011, 05:23:30 AM
 #19

I'm OK with the idea of a single account doing the damage, but there is no way any "Old Miner" or big investor would have ever placed that much into a single account, unleass they intended to crash the market, IMO.

+1
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 21, 2011, 05:42:29 AM
 #20

I'm OK with the idea of a single account doing the damage, but there is no way any "Old Miner" or big investor would have ever placed that much into a single account, unleass they intended to crash the market, IMO.

+1

Thanks, I'm tired of all this, and just want a secure MtGox to open soon.


New API @Gox
Changes to the API

Since we will migrate to a new system, I'll announce a few changes to the API so people can be ready. It shouldn't cause any compatibility problem for most people.

    It will be possible to issue API keys for your account, with limited or full access, and revoke those keys. You can however still use the API for full access with login and password
    Trade IDs will be much larger, and no longer in sequence. Old trades will keep their old IDs. New trades will have an ID which correspond to the trade execution time in microseconds, for example: 1308609708628581
    Order IDs will become UUIDs. Old orders will have an UUID assigned to them. An UUID is a 36 characters long string made of hexadecimal characters separated by a dash. Example: 1f0b3734-ddf3-47e8-badb-a85a700c61d9

It should also be noted that the way the whole system works will be a bit different. When an order is placed, it may have a delay before being executed, if the engine is busy. The trade will be put into queue. Additional API parameters will exist to allow trades to be non queued (return failure if engine is busy), have an expiration in queue, do not cause creation of an actual order after being executed if full execution was not possible, or have an expiration as an open order.

Other changes will also be made in the future, however they should be compatible with existing implementations.
https://support.mtgox.com/entries/20208658-changes-to-the-api

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!