Bitcoin Forum
December 11, 2016, 02:25:12 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 [9]  All
  Print  
Author Topic: MtGox account compromised  (Read 108241 times)
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
March 06, 2011, 09:39:25 PM
 #161

I generate passwords with:

Code:
dd bs=32 count=1 if=/dev/random | sha256sum

Cheesy

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481423112
Hero Member
*
Offline Offline

Posts: 1481423112

View Profile Personal Message (Offline)

Ignore
1481423112
Reply with quote  #2

1481423112
Report to moderator
1481423112
Hero Member
*
Offline Offline

Posts: 1481423112

View Profile Personal Message (Offline)

Ignore
1481423112
Reply with quote  #2

1481423112
Report to moderator
randomguy7
Hero Member
*****
Offline Offline

Activity: 528


View Profile
March 06, 2011, 10:23:53 PM
 #162

I prefer pwgen -s 60 (less to type) Smiley
we6jbo
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
March 07, 2011, 12:28:34 AM
 #163

This thread was quite an interesting read. One thing that seems to have become unnoticed is Liberty Reserve's part in the stolen Bitcoins. I think that in the case of large transactions like the ones that happened in this thread there really needs to be an obligation to check whether the Bitcoins are stolen or not. MtGox took the right approach to trace how the funds were stolen and where they went. In fact I think that if Liberty Reserve was not so quick to trade the Bitcoins into cash then there would have been a larger chance to catch the thief with the Bitcoins.

I think in the end all avenues need to be checked and not simply the ones that deal with password security or server security. Simply sweeping this problem under the rug isn't going to solve anything and when problems like these do happen they need to be documented in their fullest. This is the second time I've read a thread where a lot of money was stolen and I can only imagine this problem escalating as Bitcoin becomes more known to the general people and especially to those that do not take security seriously.

carp
Member
**
Offline Offline

Activity: 82


View Profile
March 07, 2011, 02:48:06 PM
 #164

I generate passwords with:

Code:
dd bs=32 count=1 if=/dev/random | sha256sum

Cheesy

I started using mnemonics for passwords years ago. Take some phrase from a song, movie, or anything you like.... then make a string out of it. Something like "I started using mnemonics years ago"

Can become a string like:
I<um4PYA

Reduces the time it takes before I can type them from memory, and makes it much easier to recall them later, sometimes even years later.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
March 07, 2011, 05:19:23 PM
 #165

Ah, but all of the password I generate are stored on my encrypted drive, and the drive password is, well, longer than my screen. That one I remember completely. Cheesy

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
bitcoincop
Newbie
*
Offline Offline

Activity: 1


View Profile
March 22, 2011, 04:06:19 AM
 #166

So this all makes me wonder if there is a way to create a central database about fraudulent transactions, and associated addresses. Someone would make an entry into such a database and provide contact information or other community based details, perhaps sign them with a key that they use as a part of transactions on bitcoin-otc/IRC.  Then, when someone else who cares and receives a payment with these bitcoins from someone else, they can contact the original person to get details and perhaps deny the sender the goods/services they're trying to purchase with the stolen bitcoins.

Yes, it would take an outside database, and yes it would take a strong community with reputation and social trust, but it could be helpful.

One example of such a database for Laptops/computers is: http://www.stolencomputers.org/home.html

Access to a database for bitcoins would come as a plugin or add on for a user to install on their bitcoin server.

mndrix
Michael Hendricks
VIP
Sr. Member
*
Offline Offline

Activity: 447


View Profile
March 22, 2011, 06:25:53 PM
 #167

So this all makes me wonder if there is a way to create a central database about fraudulent transactions, and associated addresses.

It's nearly impossible to mark certain Bitcoins as stolen or dirty because they can be so easily laundered.  For example, send the stolen coins to an account at MyBitcoin.com, withdraw the coins to a new Bitcoin address.  The withdrawn coins are completely clean and other MyBitcoin.com users end up with the "dirty" coins.
carp
Member
**
Offline Offline

Activity: 82


View Profile
March 22, 2011, 08:22:49 PM
 #168

So this all makes me wonder if there is a way to create a central database about fraudulent transactions, and associated addresses.

It's nearly impossible to mark certain Bitcoins as stolen or dirty because they can be so easily laundered.  For example, send the stolen coins to an account at MyBitcoin.com, withdraw the coins to a new Bitcoin address.  The withdrawn coins are completely clean and other MyBitcoin.com users end up with the "dirty" coins.

Though, realize if "bitcoincop" is a real "cop" then he may be thinking that is easy. Once you find one of those users, you question him, and when he tells you that he uses mybitcoin, then you go to mybitcoin and try to get them to release their records, afterall, they should be able to make the connection with the account that they were deposited into.

That said, if mybitcoin can be convinced (or compelled) to help, then this should be a trivial step. Of course, since you can access them as a location hidden service, and they require no real information to sign up, it could easily be a dead end too.... and that is before we even consider other possibilities.... like coin tumbler (or similar). Unless the thief was the only person using it at the time, and not particularly clever about it, simply going from one service like mybitcoin or mtgox to another, through coin tumbler with multiple addresses well... I hope you get the picture.

hell, I recall even seeing someone on Silk Road who was offering pre-laundered bitcoins for sale. They claim to do some sort of escrow, so its not even like that person could cheat and send back the same coins (not that it would be hard to determine, but as a scam, i bet would work most of the time) and wouldn't even know the buyers real name.... though, I guess if you were sure that he did it, again, its no better or worst than mybitcoin in terms of, you could at least ask him to help you pick the trail back up. (assuming that he keeps records)

Though, how you convince an anonymous people, running services intended to gaurd your anonymity, to voluntarily cooperate in compromising someones anonymity, even in an indeterminate way like this, is an open question. I guess its possible that accusations of thievery may sway them to help, but, they may want you to prove it before they are willing to help.

Afterall, its not like you can pull them into an interrogation room and get out the rubber hoses. That is, unless you can compromise their identities first.

eMansipater
Sr. Member
****
Offline Offline

Activity: 294



View Profile WWW
March 22, 2011, 09:28:37 PM
 #169

Tracing bitcoins is basically the same as tracing cash:  if you catch the original person spending the cash directly you have them, otherwise the bills will just show up at banks after having been passed through multiple organisations with no way to track them.  A smart enough criminal can keep from getting caught after a cash heist, and similarly a smart enough criminal can keep from getting caught after a bitcoin heist.  Fortunately, many criminals are stupid and get caught anyways through some small slip-up.  Gaining expertise in the entire system and how to catch those tiny slipups will give law enforcement the same edge with regards to bitcoin that they have with cash.  Some criminals will get away, and some will get caught; expertise on the part of law enforcement will increase the proportion caught.

If you found my post helpful, feel free to send a small tip to 1QGukeKbBQbXHtV6LgkQa977LJ3YHXXW8B
Visit the BitCoin Q&A Site to ask questions or share knowledge.
0.009 BTC too confusing?  Use mBTC instead!  Details at www.em-bit.org or visit the project thread to help make Bitcoin prices more human-friendly.
Xiong Zhuang
Member
**
Offline Offline

Activity: 102


View Profile
June 10, 2011, 11:08:15 AM
 #170

The same thing happened to me too. I login my account today and found I lost 42.9$ in my account, and I have no idea about the latest two trade in my trade history. I mean even my account is week, the hacker shouldn't know my username. Someone in the office must be leaking user's information.
mrb
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
June 20, 2011, 02:26:44 AM
 #171

Not a really good comparison since you'd have to have the hash of the password, and we could compile a rainbow table for almost anything. One way to defeat Rainbow tables is salting the password hashes (you are salting your passwords MtGox aren't you?) Cheesy

Now, we know that 1765 of the MtGox password hashes leaked today were not salted. :-(
Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile
June 20, 2011, 03:24:09 AM
 #172

well... my mtgox password was ªç!¼:Üý\†€BZ*Š”TbŠòê  unique for this site, moreover I never sent them a single penny, bit or fiat.

Learn from the pros, kids.

I am still pissed off by finding my email in that damn list.

This mtgox biz and many other things which we are witnessing with bitcoin will be in history books.




-
Coinbuck @ BTCLot
Hero Member
*****
Offline Offline

Activity: 541

The future begins today


View Profile WWW
June 20, 2011, 03:27:04 AM
 #173

well... my mtgox password was ªç!¼:Üý\†€BZ*Š”TbŠòê  unique for this site, moreover I never sent them a single penny, bit or fiat.

Learn from the pros, kids.

I am still pissed off by finding my email in that damn list.

This mtgox biz and many other things which we are witnessing with bitcoin will be in history books.





Same here, getting some really fucked up spam now.

Bitcoin is the future !
jatajuta
Sr. Member
****
Offline Offline

Activity: 365



View Profile
June 20, 2011, 03:28:25 AM
 #174

This mtgox biz and many other things which we are witnessing with bitcoin will be in history books.

So true.
iCEBREAKER
Legendary
*
Offline Offline

Activity: 1512


Crypto is the separation of Power and State.


View Profile WWW
June 20, 2011, 03:40:50 AM
 #175

This mtgox biz and many other things which we are witnessing with bitcoin will be in history books.

History books?  Hell, I feel like I've been living inside a Bruce Sterling sci-fi novel for the last month.

Today topped them all, as an especially Islands-In-The-Net kind of day.  Damn those data pirates!

/wants razorgirl bodyguard

The difference between bad and well-developed digital cash will determine whether we have a dictatorship or a real democracy.  David Chaum 1996
Fungibility provides privacy as a side effect.  Adam Back 2014
"Monero" : { Private - Auditable - 100% Fungible - Flexible Blocksize - Wild & Free® - Intro - Wallets - Podcats - Roadmap - Dice - Blackjack - Github - Android }


Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016
Blocks must necessarily be full for the Bitcoin network to be able to pay for its own security.  davout 2015
Blocksize is an intentionally limited resource, like the 21e6 BTC limit.  Changing it degrades the surrounding economics, creating negative incentives.  Jeff Garzik 2013


"I believed @Dashpay instamine was a bug & not a feature but then read: https://bitcointalk.org/index.php?topic=421615.msg13017231#msg13017231
I'm not against people making money, but can't support questionable origins."
https://twitter.com/Tone_LLT/status/717822927908024320


The raison d'être of bitcoin is trustlessness. - Eric Lombrozo 2015
It is an Engineering Requirement that Bitcoin be “Above the Law”  Paul Sztorc 2015
Resiliency, not efficiency, is the paramount goal of decentralized, non-state sanctioned currency -Jon Matonis 2015

Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016

Technology tends to move in the direction of making surveillance easier, and the ability of computers to track us doubles every eighteen months. - Phil Zimmerman 2013

The only way to make software secure, reliable, and fast is to make it small. Fight Features. - Andy Tanenbaum 2004

"Hard forks cannot be co
S3052
Legendary
*
Offline Offline

Activity: 1946


BTC Up or Down? go to www.bullbearanalytics.com


View Profile WWW
June 21, 2011, 04:52:45 PM
 #176

The same thing happened to me too. I login my account today and found I lost 42.9$ in my account, and I have no idea about the latest two trade in my trade history. I mean even my account is week, the hacker shouldn't know my username. Someone in the office must be leaking user's information.


How can you log into your MtGox account? I thought is is still closed?

>15years analysis experience

Always do your own due diligence & consult your financial advisor. Never invest unless you can afford to lose your entire investment.

http://twitter.com/BitcoinAnalyst

Subscribe here
imperi
Full Member
***
Offline Offline

Activity: 196


View Profile
June 21, 2011, 04:54:37 PM
 #177

The same thing happened to me too. I login my account today and found I lost 42.9$ in my account, and I have no idea about the latest two trade in my trade history. I mean even my account is week, the hacker shouldn't know my username. Someone in the office must be leaking user's information.


How can you log into your MtGox account? I thought is is still closed?

HIS POST IS FROM JUNE 10.

you fail.
S3052
Legendary
*
Offline Offline

Activity: 1946


BTC Up or Down? go to www.bullbearanalytics.com


View Profile WWW
June 21, 2011, 04:58:25 PM
 #178

mea culpa.

>15years analysis experience

Always do your own due diligence & consult your financial advisor. Never invest unless you can afford to lose your entire investment.

http://twitter.com/BitcoinAnalyst

Subscribe here
Pages: « 1 2 3 4 5 6 7 8 [9]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!