Moebius327
|
|
March 09, 2014, 06:31:27 PM |
|
Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?
My guess is the db was stolen from a business associate/employee. left from the leaker: <!-- I hated working with you. You deserve everything you get for what you did. -->
|
|
|
|
WindMaster
|
|
March 09, 2014, 06:31:34 PM |
|
Top 10 (apparent) account balances in the leaked database dump:
711a4e9d-e183-... 44547.7 BTC 34fcda44-5832-... 43768.2 BTC c0b24126-f199-... 19985.0 BTC 92d047e9-9f2b-... 11500.6 BTC ff84fc35-b22a-... 11007.8 BTC 0afba433-817e-... 9819.2 BTC 19b38844-b58b-... 8752.6 BTC 945e5a15-4100-... 8000.0 BTC 4339257e-4b12-... 6051.3 BTC 0766852e-9187-... 5199.9 BTC
Ouch, I don't feel too bad now about losing single-digit quantities of BTC. I'd assume that at least some of these accounts are Mark however (depending whether or not one believes he took the BTC himself).
|
|
|
|
Patel
Legendary
Offline
Activity: 1321
Merit: 1007
|
|
March 09, 2014, 06:36:03 PM |
|
Is there any proof in these documents if these coins were stolen by Gox, or stolen by hackers?
|
|
|
|
Hawkix
|
|
March 09, 2014, 06:36:26 PM |
|
I found some 100k BTC *deposits* into MtGox in 2012-05 .. nice.
|
|
|
|
Moebius327
|
|
March 09, 2014, 06:40:51 PM |
|
Is there any proof in these documents if these coins were stolen by Gox, or stolen by hackers?
Some accounts have negative balances. Not that this proves anything.
|
|
|
|
Loozik
Sr. Member
Offline
Activity: 378
Merit: 250
Born to chew bubble gum and kick ass
|
|
March 09, 2014, 06:49:02 PM |
|
the hackers removed december, january and february, but the user endbalances are right.
December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder
|
|
|
|
Patel
Legendary
Offline
Activity: 1321
Merit: 1007
|
|
March 09, 2014, 06:49:50 PM |
|
My theory is that Mark Karpeles himself leaked this documents and is pretending his website and reddit got hacked, to strengthen his argument that the coins got hacked.
There isn't really any way to prove if he did or not.
|
|
|
|
Timo Y
Legendary
Offline
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
|
|
March 09, 2014, 06:50:45 PM |
|
I can confirm that this leak is legit!
I checked the leak against some of my known trades and they match. I never disclosed this information to anyone.
|
|
|
|
jbrnt
|
|
March 09, 2014, 06:54:49 PM |
|
Are there any email and passwords in the leaked data? Cos I had an account there and am worried about the leak.
|
|
|
|
rocks
Legendary
Offline
Activity: 1153
Merit: 1000
|
|
March 09, 2014, 07:03:28 PM |
|
Is there any proof in these documents if these coins were stolen by Gox, or stolen by hackers?
Some accounts have negative balances. Not that this proves anything. Maybe those are the accounts that used transaction malleability to withdraw the same funds several times over? No that would assume Mark had some level of competency required to get his customer service and accounts in order.
|
|
|
|
Moebius327
|
|
March 09, 2014, 07:05:20 PM |
|
the hackers removed december, january and february, but the user endbalances are right.
December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder because there are no hackers and mark made the leak himself?
|
|
|
|
The Bitcoin Foundation
Newbie
Offline
Activity: 42
Merit: 0
|
|
March 09, 2014, 07:12:40 PM |
|
Wheres our 11,000BTC Mark!-
|
|
|
|
mrdavis
|
|
March 09, 2014, 07:13:32 PM |
|
Are there any email and passwords in the leaked data? Cos I had an account there and am worried about the leak.
You should assume nefarious people have all your personal data you gave Gox, even if not included here. the hackers removed december, january and february, but the user endbalances are right.
December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder This and the data nanashi____ leaked were both old, I think I even remember it being pointed out that the source code leaked was probably old. Seems that another possible explanation (which still implies Karpeles' incompetence) is this hack happened earlier or the hack involved an old server image.
|
|
|
|
mrdavis
|
|
March 09, 2014, 07:26:02 PM |
|
Since the data seems to have been stolen around the time MtGox shutdown or later the question would be ... why would you keep this information on a webserver if you aren't actively using it anymore?
Is there data that suggest this? I'm not yet on a machine with an environment I can open it, so I'm only going off the reports of the last few months missing from the CSV. or is that just based on when the rumors of this started. Until I see data that proves the hack happened after the shutdown I'm going to assume they don't have it because it happened before or only involved a backup. I mean, at this point it wouldn't surprise me in the least if Mark still had it facing the web, but I'm not about to trust the word of the hackers without evidence. EDIT: Ah, user end balances are supposedly correct, that would be evidence supporting the word of the hackers.
|
|
|
|
WindMaster
|
|
March 09, 2014, 07:30:57 PM |
|
EDIT: Ah, user end balances are supposedly correct, that would be evidence supporting the word of the hackers.
My last trade was on 2014-01-23, and the balance in the leaked data is correct for what my BTC balance was at that point. So, apparently it happened on or after that date. If enough people post after checking their accounts in the leaked data, we can determine the earliest date the leak could have occurred by consensus. At least for the final user balance dump.
|
|
|
|
Loozik
Sr. Member
Offline
Activity: 378
Merit: 250
Born to chew bubble gum and kick ass
|
|
March 09, 2014, 07:35:45 PM Last edit: March 09, 2014, 07:52:51 PM by Loozik |
|
the hackers removed december, january and february, but the user endbalances are right.
December, january and february are the most crucial ones (to know who withdrew massive amounts of coins prior to Gox's collapse due to potential insider knowledge). Why would hackers remove these months I wonder because there are no hackers and mark made the leak himself? Maybe. I have three four explanations (including yours): 1. There are no hackers and Mark made the leak himself (and did not reveal december, january and february in order to protect the ''thieves'') 2. Hackers are connected to the ''thieves'' (and did not reveal december, january and february in order to protect the ''thieves'') 3. Hackers are neither connected to Mark nor ''thieves'' (and did not reveal december, january and february in order to run their own investigation on who withdrew easily large amount of coins and fiat - when all other people had problems with withdrawals - in december, january, february thus causing Gox to collapse). 4. Hackers need time to alter december, january, february data for reasons we can't yet understand. Dear hackers, if option 3 is the correct one, please give us unaltered december, january and february data, so that we could investigate too
|
|
|
|
WindMaster
|
|
March 09, 2014, 07:40:46 PM |
|
1. There are no hackers and Mark made the leak himself (and did not reveal december, january and february in order to protect the ''thieves'')
On a closely related note to option #1, note that the original post and data dump is still posted on Mark's personal blog, several hours later. I do find that somewhat suspicious. It shouldn't have taken particularly long for Mark to notice, and to take corrective action to remove the post and data (assuming he is able). http://blog.magicaltux.net/
|
|
|
|
BrewCrewFan
|
|
March 09, 2014, 07:42:56 PM |
|
1. There are no hackers and Mark made the leak himself (and did not reveal december, january and february in order to protect the ''thieves'')
On a closely related note to option #1, note that the original post and data dump is still posted on Mark's personal blog, several hours later. I do find that somewhat suspicious. It shouldn't have taken particularly long for Mark to notice, and to take corrective action to remove the post and data (assuming he is able). http://blog.magicaltux.net/Coulda been sleeping... its like the middle of the night over there.
|
|
|
|
Alonzo Ewing
Legendary
Offline
Activity: 1040
Merit: 1001
|
|
March 09, 2014, 07:48:47 PM |
|
I haven't downloaded anything due to fear of malware, but would I be able to get my trade data off this? I need it to do my taxes.
|
|
|
|
V4Vendettas
|
|
March 09, 2014, 07:49:55 PM |
|
Great a life time of goxxing inbound. What a massive clusterfuck.
So identity theft aside its kind of funny you have more chance getting you account information from hackers than Gox themselves.
I honestly think Mark has effected my life in a bad way more than any other human being.
|
|
|
|
|