Bitcoin is a magnet for hackers and crooks

[xcooling]

edit:

Yeah its easy atm for them, but there is still far more money in stealing credit card numbers and personal identities.

[1713514440]

1713514440

[foggyb]

Hacking / Scamming has held bitcoin down and stunted it's growth.

Scamming bitcoins could be cool and all... but not when your activities drive their prices from 25-30 each to 13-14 each.

Scamming/hacking did not drive the price to 13$. The free market has decided 13-15$ is a fair price for a bitcoin. Wild speculation drove it to $30.

[willphase]

Scamming/hacking did not drive the price to 13$. The free market has decided 13-15$ is a fair price for a bitcoin. Wild speculation drove it to $30.

Greed drove the price to $30.

Will

[Indemnified]

My main email address has been out there in the public eye for close to a dozen years now.  It has been posted on forums, websites, mailing lists, and even, God help me, USENET.

The throwaway address that leaked out of mtgox gets VASTLY more spam.

This^

[Tasty Champa]

OP, I'm glad you brought this to our attention.
Means we can get free or cheap penetration testing.


just post your URL in the forum or your sig,
and state there is a wallet with 0.1BTC in it, if you can get it, it's yours!
I wouldn't lie about it though, they will be sneaky bastards.

could even set up a site directory with bounties in BTC.

It's like an anti-sec dream, super cheap pen testing, thwarting the expensive job seeking vanity driven  hats.

creation and destruction.

May as well make the destroyers skwirm. xD

[smoothie]

"Bitcoin is a magnet for hackers and crooks" .... AND BEER AND HOOKERS!!
 

[bitrebel]

The problem boils down to this:

Victim: Officer, I want to report a theft.

Officer: What happened?

Victim: Someone stole my bitcoins!

Officer: Your what?

Victim: My BITCOINS!!!!

Officer: Did you have them in your bank account or in your credit card?

Victim: They are not stored in banks or credit cards.

Officer: Then we don't give a rat's ass. Sorry.

Victim: Why won't you do anything?

Officer: We work for Bankers, not you, Fuck Off common Pleb!

[bitrebel]

There is also the WAR ON BITCOINS, you are not considering. It's not just greedy hackers, it's people who want to intentionally destroy bitcoin because they work for the bankers. ALL media, politicians, police, and governments are beholden to the central bankers, so bitcoin does not have many friends in the concrete jungle. Bitcoin is popular among people who value freedom and self responsibility and used by those without fear of computers or immediate persecution. Bitcoin is up again enormous odds and powers in the world. It will only succeed if people can endure the early hardships. Even then, we will continue to be fought against by the system. Bitcoins will NEVER be embraced by the real mainstream, paypal, ebay, bank of america, chase, and safeway or walmart. And maybe those are it's best features yet. One thing is for sure, bitcoin will probably never be for the masses until things change, and maybe bitcoin is supposed to be a large part of that change.

[qwk]

Victim: Someone stole my bitcoins!

(...)

Officer: Then we don't give a rat's ass. Sorry.

Just because your regular police officer won't know what a bitcoin is, doesn't mean it's not a criminal offence to steal them and that i can't be prosecuted. You may have a hard time explaining, sure.

[brandon@sourcewerks]

Feel like some of the replies in this thread couple programmers with hackers...

Not all programmers need to exploit systems to feel complete.

[RSantana]

It will be interesting to see if the hacking attempts slow down at a parallel rate to the value of the bitcoin.

[NothinG]

It will be interesting to see if the hacking attempts slow down at a parallel rate to the value of the bitcoin.

or...hackers go further underground and release scripts to the public.

[RSantana]

Just wanted to report for documentation sake that I'm still getting hit with hack attempts. The latest attempt was yesterday someone who speaks good English using a server (118.192.35.57) from China tried over 1,500 various methods to hack into my server.

It's hard to stay ahead of these guys, if they are persistent, they will eventually get in (as evident with the other already hacked bitcoin services).

Here are some of the methods he tried:

• Tried to access boot information
• Tried to access file system (ie /etc/passwd)
• Various SQL injection techniques
• javascript injection
• Tried executing system commands with buffer over-runs

It's kinda funny that they never tried to find my wallet.dat file :-)

[kjj]

Just wanted to report for documentation sake that I'm still getting hit with hack attempts. The latest attempt was yesterday someone who speaks good English using a server (118.192.35.57) from China tried over 1,500 various methods to hack into my server.

It's hard to stay ahead of these guys, if they are persistent, they will eventually get in (as evident with the other already hacked bitcoin services).

Here are some of the methods he tried:

• Tried to access boot information
• Tried to access file system (ie /etc/passwd)
• Various SQL injection techniques
• javascript injection
• Tried executing system commands with buffer over-runs

It's kinda funny that they never tried to find my wallet.dat file :-)

What types of attacks were they using?  Just web requests?

I've found that a well configured fail2ban setup has made my logs vastly less annoying to read.

[RSantana]

What types of attacks were they using?  Just web requests?
I've found that a well configured fail2ban setup has made my logs vastly less annoying to read.

Yes, all attacks were using HTTP. fail2ban looks pretty good. Thanks.

[RSantana]

One other interesting thing. It looks like he is on a Windows NT machine using IE 6!

I guess he could be spoofing the agent string.

[payb.tc]

I guess he could be spoofing the agent string.

i was going to say '118' looks like Australia. which service told you it was China? (other than the IE6 usage )

[RSantana]

i was going to say '118' looks like Australia. which service told you it was China? (other than the IE6 usage )

You gotta use the Asia Pacific Network whois search to lookup the IP address

http://www.apnic.net/apnic-info/whois_search

[RSantana]

For anyone who cares or is keeping track. Yesterday I got another 2000 hack attempts. It was mostly injecting harmful scripts into my forms, and random endpoint guessing looking for login pages.

These attempts all came from the Netherlands.

[Timo Y]

For anyone who cares or is keeping track. Yesterday I got another 2000 hack attempts. It was mostly injecting harmful scripts into my forms, and random endpoint guessing looking for login pages.

These attempts all came from the Netherlands.

The Netherlands was probably just the last link in a proxy chain.

We shouldn't be surprised by this. Bitcoin wallets are perceived as an easy target, and there is no shortage of desperate people in the world with basic hacking skills.

Have you thought about storing your wallets offline and advertising this fact on your site?