Bitcoin Forum
April 25, 2014, 03:51:46 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3  All
  Print  
Author Topic: Here we go again: BTCServ hacked, BTC gone  (Read 4498 times)
zefir
Donator
Hero Member
*
Offline Offline

Activity: 826



View Profile

Ignore
February 03, 2012, 08:04:08 AM
 #1

From http://btcserv.net/:
Quote
Dear BTCServ users,

we are afraid to tell you that some hacker gained access to our server and was able to empty out the wallet containing all our Bitcoins.

Please understand that this website will not be available for an indefinite period.

We are deeply sorry for that incident. :[


Still available in #btcserv irc.freenode.net and in the forums.

Transaction: http://blockchain.info/tx/e266dd4a5aba8c848c2d66016c3716f2e08e8939e605edc4c80cf7643e95c3d3

Another week's mining reward gone  Cry

I followed the recent discussion on why mining at the major pools is bad and clearly agree on the ideological issues. But as a miner, one kind of is constrained to, as they seem to be more secure. No idea how vulnerable P2Pool is, but for sure people will try as soon as it grows and becomes a valuable prey. Sad.

1398397906
Hero Member
*
Offline Offline

Posts: 1398397906

View Profile Personal Message (Offline)

Ignore
1398397906
Reply with quote  #2

1398397906
Report to moderator
1398397906
Hero Member
*
Offline Offline

Posts: 1398397906

View Profile Personal Message (Offline)

Ignore
1398397906
Reply with quote  #2

1398397906
Report to moderator

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398397906
Hero Member
*
Offline Offline

Posts: 1398397906

View Profile Personal Message (Offline)

Ignore
1398397906
Reply with quote  #2

1398397906
Report to moderator
1398397906
Hero Member
*
Offline Offline

Posts: 1398397906

View Profile Personal Message (Offline)

Ignore
1398397906
Reply with quote  #2

1398397906
Report to moderator
1398397906
Hero Member
*
Offline Offline

Posts: 1398397906

View Profile Personal Message (Offline)

Ignore
1398397906
Reply with quote  #2

1398397906
Report to moderator
hazek
Moderator
Hero Member
*
Offline Offline

Activity: 980



View Profile

Ignore
February 03, 2012, 11:32:35 AM
 #2

Quote
Dear BTCServ users,

we are afraid to tell you that some hacker gained access to our server and was able to empty out the wallet containing all our Bitcoins.

Please understand that this website will not be available for an indefinite period.

We are deeply sorry for that incident. :[


Still available in #btcserv irc.freenode.net and in the forums.

Transaction: http://blockchain.info/tx/e266dd4a5aba8c848c2d66016c3716f2e08e8939e605edc4c80cf7643e95c3d3

Hmmm maybe I should start a pool and then after a while of mining pretend my pool got jacked by a hacker  Roll Eyes

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile

Ignore
February 03, 2012, 12:42:01 PM
 #3

Quote
Dear BTCServ users,

we are afraid to tell you that some hacker gained access to our server and was able to empty out the wallet containing all our Bitcoins.

Please understand that this website will not be available for an indefinite period.

We are deeply sorry for that incident. :[


Still available in #btcserv irc.freenode.net and in the forums.

Transaction: http://blockchain.info/tx/e266dd4a5aba8c848c2d66016c3716f2e08e8939e605edc4c80cf7643e95c3d3

Hmmm maybe I should start a pool and then after a while of mining pretend my pool got jacked by a hacker  Roll Eyes

this. This all just sounds so far fetched...
Phinnaeus Gage
Hero Member
*****
Online Online

Activity: 1050


Bitcoin: An Idea Worth Spending


View Profile WWW

Ignore
February 03, 2012, 01:57:30 PM
 #4

Quote
Please understand that this website will not be available for an indefinite period.

My guess is that this will no longer be available after June.

Domain: btcserv.net
Quote
Creation Date: 20-JUN-2011
Updated Date: 20-JUN-2011
Expiration Date: 20-JUN-2012

Gabi
Hero Member
*****
Offline Offline

Activity: 1050


View Profile

Ignore
February 03, 2012, 04:37:30 PM
 #5

Another scam  Roll Eyes
Nicolai Larsen
Sr. Member
****
Offline Offline

Activity: 318


I'm awesome!


View Profile WWW

Ignore
February 03, 2012, 04:43:06 PM
 #6

Sorry to hear :/

Bitmit - Doom of eBay!

1NCVe3agQmbvSqDHX9MjnpcPryoPRBAMCU
Gabi
Hero Member
*****
Offline Offline

Activity: 1050


View Profile

Ignore
February 03, 2012, 04:46:00 PM
 #7

How many btc did he steal?
muyuu
Donator
Hero Member
*
Offline Offline

Activity: 770



View Profile

Ignore
February 03, 2012, 04:53:38 PM
 #8

How many btc did he steal?

http://blockchain.info/tx/e266dd4a5aba8c848c2d66016c3716f2e08e8939e605edc4c80cf7643e95c3d3

419BTC

Received Time   2012-02-02 20:49:54 (GMT I assume)

So valuation around US$ 6.1 * 419 =~ US$ 2,556 at the moment. But the coins remain there so far.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
zefir
Donator
Hero Member
*
Offline Offline

Activity: 826



View Profile

Ignore
February 03, 2012, 06:29:46 PM
 #9

Another week's mining reward gone  Cry

I followed the recent discussion on why mining at the major pools is bad and clearly agree on the ideological issues. But as a miner, one kind of is constrained to, as they seem to be more secure. No idea how vulnerable P2Pool is, but for sure people will try as soon as it grows and becomes a valuable prey. Sad.

P2Pool is as vulnerable as your computer is. There is no central point of failure. It's a peer to peer pool.

Ummm, a p2p-overlay network over another p2p-overlay network - sounds easy.

I understand that p2p has no single point of failure and is therefore DoS resistant, but is the P2Pool protocol itself secure? Realistically speaking, we all hope that the Bitcoin protocol is simple enough to be invulnerable - but we do not know for sure (and never will). And now after one just starts to scratch the surface on how the blockchain works, he must start learning about 'sharechain' to just mine...

I like the idea of P2Pool and therefore tried to get some insight on how it works, but to have a clear idea on how reliable it might be, one needs to read the code. Sadly, I'm otherwise busy this weekend, but alone from reading the official P2Pool thread it appears that it is far from being stable (split chains, etc.).

That said, I'll for sure switch to P2Pool as soon as I have a better understanding.

QuantumFoam
Full Member
***
Offline Offline

Activity: 130


View Profile

Ignore
February 03, 2012, 09:07:30 PM
 #10

At this point I'd be surprised if the miners get their earnings back. This is why I always withdraw from manual payout pools on a regular basis, though lately this pool was a backup one for me, so I wasn't checking it as often, and lost about half a BTC (which still isn't too bad).
Gabi
Hero Member
*****
Offline Offline

Activity: 1050


View Profile

Ignore
February 03, 2012, 09:11:35 PM
 #11

Oh i missed the question about security of p2pool

Excuse me but where is the problem about p2pool is? Everytime a block is found, you receive the payment on your address, everything is p2p and it's opensource...
zefir
Donator
Hero Member
*
Offline Offline

Activity: 826



View Profile

Ignore
February 03, 2012, 09:24:38 PM
 #12

How secure does the pool have to be? You are paid out as generation when a block is found by the pool, so as long as your bitcoin address is secure, you won't be in a situation where your coins can be stolen. The address doesn't even need to be in the wallet of the bitcoin client that is running on your computer to mine with P2Pool. It can be an address in an offline wallet! You can check the balance via block explorer.

I'm no coder, so I have to trust coders, but reading the old P2Pool thread shows the software has been audited by several people who I consider trustworthy (it's been around for a while now). I don't need to know how it works just to mine, although I do have a general idea. Besides, you were content to mine with a traditional pool where you have to trust the operator. Did you read the code for poolserverj (or whatever the pool was using)? How do you know the operator didn't modify it in some way? Wouldn't it be better to need to place less trust in others?
Valid points, indeed. I always mine PPS to have some means to check the shares submitted against  accepted ones. But honestly, after switching to a pool I usually checked for only the first days to get some confidence. I am credulous (spell: naive) enough to trust the operators for one reason: with the fees they are making, in the long run it does not pay off to cheat, since credibility is their most important stake (and reliability of course).

After reading a little bit more about P2Pool, I understand that the maximum loss one can take are rewards mined since the last found block (which as of today is at ~26h). That is far less risky then what I lost to BTCServ.

Quote
Yes, it's still being improved, and there was a share chain split. It was patched and fixed. I've been mining for close to a year now, and since switching to P2Pool I am very happy with the stability. The only time I've needed to stop mining was to restart the software to update to the newest version. About one minute downtime total in the past month. That's stable enough for me considering the other advantages of P2Pool.

I'm interested and confident enough in the idea to jump in. I'll soon put some GH into P2Pool, as soon as my BitForces arrive (no kidding).

wtfman
Member
**
Offline Offline

Activity: 118

BTCServ Operator


View Profile WWW

Ignore
February 04, 2012, 12:33:13 AM
 #13

whoever says this was a scam should think about if he maybe have the least reason to do this. it's easy to blame the pool operators, but those who made such comments probably have never had to do with us, so just shut the fuck up.

i understand doubts but amateur sherlocks that make that stretch from an expiring domain name in 6 months to a scam just make me wanna puke.

# BTCServ - EU based Mining Pool
# 0% PPS - 0.0000399757 - Hopping Proof
# Official Thread
adamstgBit
Hero Member
*****
Offline Offline

Activity: 1064


Trusted Bitcoiner


View Profile WWW

Ignore
February 04, 2012, 04:01:15 AM
 #14

How many btc did he steal?

http://blockchain.info/tx/e266dd4a5aba8c848c2d66016c3716f2e08e8939e605edc4c80cf7643e95c3d3

419BTC

Received Time   2012-02-02 20:49:54 (GMT I assume)

So valuation around US$ 6.1 * 419 =~ US$ 2,556 at the moment. But the coins remain there so far.

cant we just sit wait for the coins to move and follow them everywhere they go?

if the go and pay for goods ... ask the merchant where he shipped to.

compile some evidence, and then egg his house.. or something

BTC.sx - Leveraged Bitcoin Trading. Simply use Bitcoin to take advantage of a rising or falling Bitcoin price.
BTC.sx - Leveraged Bitcoin Trading. Profit from a rising or falling Bitcoin price.
Littleshop
Hero Member
*****
Offline Offline

Activity: 1148



View Profile WWW

Ignore
February 04, 2012, 04:46:11 AM
 #15

How many btc did he steal?

http://blockchain.info/tx/e266dd4a5aba8c848c2d66016c3716f2e08e8939e605edc4c80cf7643e95c3d3

419BTC

Received Time   2012-02-02 20:49:54 (GMT I assume)

So valuation around US$ 6.1 * 419 =~ US$ 2,556 at the moment. But the coins remain there so far.

cant we just sit wait for the coins to move and follow them everywhere they go?

if the go and pay for goods ... ask the merchant where he shipped to.

compile some evidence, and then egg his house.. or something

How would you know an address was a merchants if they used unique addresses?

If you knew that it was a specific merchant, how would you know the ship to was not a diversion like a public member of the community?

zefir
Donator
Hero Member
*
Offline Offline

Activity: 826



View Profile

Ignore
February 04, 2012, 09:06:59 AM
 #16

whoever says this was a scam should think about if he maybe have the least reason to do this. it's easy to blame the pool operators, but those who made such comments probably have never had to do with us, so just shut the fuck up.

i understand doubts but amateur sherlocks that make that stretch from an expiring domain name in 6 months to a scam just make me wanna puke.
wtfman, I'm sorry if I sounded like accusing you being a scammer. Pretty sure you are not, since loosing credibility for less than 2.5k$ is a bad deal. But no matter what, miners lost their BTC, and this adds up to the line of bad things that periodically happen to Bitcoin. Just because some idiots don't see that (in the long run) they can make more money using it for what it was designated instead of misusing it.

That said, I assume operating a pool needs a very long time horizon to get profitable. Even operating deepbit hardly can make [Tycho]'s a living, if my math is not fully wrong: currently it generates 100 BTC per hour; with ~3% fees thats less than 13k$ per month. Minus operational expenses, still a good salary - but for the price of carrying responsibility for a third of miners worldwide? No, thanks.

I'm not expecting you will get the lost BTC back or reimburse them from your pocket. I'll take it and wish the best if you decide to try again.

zefir
Donator
Hero Member
*
Offline Offline

Activity: 826



View Profile

Ignore
February 04, 2012, 09:23:21 AM
 #17


cant we just sit wait for the coins to move and follow them everywhere they go?

if the go and pay for goods ... ask the merchant where he shipped to.

compile some evidence, and then egg his house.. or something

How would you know an address was a merchants if they used unique addresses?

If you knew that it was a specific merchant, how would you know the ship to was not a diversion like a public member of the community?
Verification must be done at receive time. Ideally there should be a public black-list of addresses to be checked against before a transaction is confirmed.

I remember such ideas popped up when allinvain got his 25k BTCs stolen, but didn't follow.

BitcoinBug
Full Member
***
Offline Offline

Activity: 195


View Profile

Ignore
February 04, 2012, 10:38:02 AM
 #18

Verification must be done at receive time. Ideally there should be a public black-list of addresses to be checked against before a transaction is confirmed.

I remember such ideas popped up when allinvain got his 25k BTCs stolen, but didn't follow.

I believe MtGox already does that. MtGox followed the stolen funds and locked an account (about a month ago), when it looked like bitcoins came from allinvain's stolen bitcoins. But it was a false alarm, account holder proved he got the money from Tradehill.
muyuu
Donator
Hero Member
*
Offline Offline

Activity: 770



View Profile

Ignore
February 04, 2012, 01:02:02 PM
 #19

Verification must be done at receive time. Ideally there should be a public black-list of addresses to be checked against before a transaction is confirmed.

I remember such ideas popped up when allinvain got his 25k BTCs stolen, but didn't follow.

I believe MtGox already does that. MtGox followed the stolen funds and locked an account (about a month ago), when it looked like bitcoins came from allinvain's stolen bitcoins. But it was a false alarm, account holder proved he got the money from Tradehill.


This is really interesting. Where can I read more about this?

Another interesting front is law enforcement. Bitcoins are not legal tender, here in the UK I sincerely doubt it would even be a prosecutable crime to transfer to yourself somebody else's bitcoins, even ownership would be challengeable as in virtual game's pretend money, anyone who has the key can claim legitimate ownership.

In short, f*cking protect your private keys, lads! there is no other real protection for bitcoins at the moment. Less so internationally.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
BitcoinBug
Full Member
***
Offline Offline

Activity: 195


View Profile

Ignore
February 04, 2012, 02:11:15 PM
 #20

Can't find it Sad
It was an irc conversation with MagicalTux pasted here on forums, if anyone recalls it, please confirm.
Pages: [1] 2 3  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!