Bitcoin Forum
January 22, 2018, 02:41:58 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [All]
  Print  
Author Topic: Hacked Linode & coins stolen to 1NRy8GbX56MymBhDYM...  (Read 61631 times)
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 01, 2012, 07:37:35 PM
 #1

Short story:

Somebody hacked my backup machine with pool data hosted on Linode and steal 3094 BTC ("hot" coins ready for payouts). Cold backup was not affected in any way by this hack.

It looks that also user database has been compromised. Although passwords are stored in SHA1 with salt, I strongly recommend to change your password on the pool immediately.

Robery of Bitcoins has no impact to pool users, I'm covering the loss from my own income (although it means that many months of my work is wasted  Roll Eyes ).

Long story + evidence:

This morning I received SMS from pool monitoring that BTC balance went under expected amount, so I started investigating what happen. I saw that there was transaction moving 3094 BTC out of the pool wallet (http://blockexplorer.com/tx/34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb) few minutes ago. I watched the logs and it didn't look like server has been compromised in any way.

Then I found that two of my Linode machines has been restarted half a hour ago, too, and root passwords has been changed. I changed passwords to new one and found that there was malicious activity on the machines. Then I discover that passwords were changed over Linode Manager (Linode web management), because there was record about password change in Host Job queue (last activity done over Manager). This also explains why attacker restarted machines, because it's necessary to apply this change from Manager.

I reported accident to Linode staff and asked for log of recent logins to Manager. To my surprise, there were only my own log attempts and last login before the attack was on 08/02/2012! I reported to Linode that something is going wrong, because I has been using strong password for my Linode Manager (because I know it's basically backdoor to my machines) and I didn't use this password on different places.

Full log of support ticket is here.

I'm still waiting what they'll find, but expect they'll try to hide any issue on their side and they will definitely reject to pay 3000 BTC for this attack :-/.

Plus
Few hours ago another guy contacted me that his Linode machine has been attacked and his coins was moved to the same wallet, asking me if I know what happen (because he found that 1Mining2 address is mine). We found that our issues are the same - changed password in Manager, stolen coins & Linode staff is telling they have no security issue on their side. Heh.

It looks like attackers found some vulnerability of Linode Manager and used it to infiltrate Linodes with running bitcoind (we both had bitcoind running on the machine), to gain maximum profit for the less rush (it does not look that so much machines has been hacked, at least I didn't find anything on twitter etc). It looks like attackers were interested only in Bitcoins, because they leave Namecoins untouched, although they have the same chance to steal them.

From the attacker's wallet it looks there were more people affected by this Linode hack, maybe they'll know anything more?

Conclusion

There's no reason to think that pool itself was hacked. I changed all passwords everywhere (mainly to database), moved coins to new wallet and everything is working fine. Backup machine didn't contain keys for accessing pool server, so there's no need to reinstall pool to another machine. I'm covering all financial loss from my own money, to keep pool users out of this stupid issue.

1516588918
Hero Member
*
Offline Offline

Posts: 1516588918

View Profile Personal Message (Offline)

Ignore
1516588918
Reply with quote  #2

1516588918
Report to moderator
1516588918
Hero Member
*
Offline Offline

Posts: 1516588918

View Profile Personal Message (Offline)

Ignore
1516588918
Reply with quote  #2

1516588918
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1516588918
Hero Member
*
Offline Offline

Posts: 1516588918

View Profile Personal Message (Offline)

Ignore
1516588918
Reply with quote  #2

1516588918
Report to moderator
1516588918
Hero Member
*
Offline Offline

Posts: 1516588918

View Profile Personal Message (Offline)

Ignore
1516588918
Reply with quote  #2

1516588918
Report to moderator
1516588918
Hero Member
*
Offline Offline

Posts: 1516588918

View Profile Personal Message (Offline)

Ignore
1516588918
Reply with quote  #2

1516588918
Report to moderator
OgNasty
Donator
Legendary
*
Offline Offline

Activity: 2436


Fear


View Profile WWW
March 01, 2012, 07:50:48 PM
 #2

Wow.  I'm sorry to read about this slush.  

I'm covering all financial loss from my own money, to keep pool users out of this stupid issue.

I applaud you for covering this out of pocket.  Another demonstration of why I'm glad to be mining in your pool.

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
digital
Hero Member
*****
Offline Offline

Activity: 490


View Profile
March 01, 2012, 07:51:56 PM
 #3

Hopefully Linode comes clean...

Man, that's a huge loss.  Thanks again Slush for everything you do, you have a donation coming your way from me.  It wont be much, but I'll do what I can at least to help out...

If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20  50051.100  53668.0  53788.0  53571.0  53571.0  52212.0  50729.0  114804.0  115468  78106  69061  58572  54747
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
March 01, 2012, 07:53:37 PM
 #4

Three things for everyone to learn from this:

#1, use cold storage as preemptive damage control.  Congratulations on being the first high-profile case to get this right.  Smiley

#2, don't store high value wallets on a public-facing server.  It's much better to keep your wallet on a machine in another secure location, poll for any required sends, sanity check them, and then send them to the network.

#3, Slush just earned 3094 honor points.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 01, 2012, 07:57:40 PM
 #5

Is it positively confirmed that it is a linode issue and not an exploit for bitcoind?
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 01, 2012, 07:58:50 PM
 #6

Is it positively confirmed that it is a linode issue and not an exploit for bitcoind?

There's no way how to "learn" linode's username and password to login into Linode Manager from machine itself. And attacker obviously used Linode Manager to change root password. So - yes, it isn't bitcoind issue.

The most interesting point of the whole hack is that Linode don't have any log about login to Manager by the attacker, which indicate that they used some vulnerability of Manager itself.

Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
March 01, 2012, 08:00:17 PM
 #7

FYI:

The Bitcoin Faucet bitcoind's are both running on a Linode VPS, which was mysteriously restarted 14 hours ago.  The 5 bitcoins in the main-net Faucet's wallet were stolen, also; I'll shutdown the Faucet website, do NOT donate any coins to the Faucet donation address, it is controlled by the thief.

Transaction ID:  14350f6f2bda8f4220f5b5e11022ab126a4b178e5c4fca38c6e0deb242c40c5f
... if you want to start watching where the coins end up.

How often do you get the chance to work on a potentially world-changing project?
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218


Michael, send me some coins before I hitman you


View Profile
March 01, 2012, 08:02:10 PM
 #8


Following the dendrogram on blockchain.info, it looks like the money went
to a pool of bitcoin worth around 25000 ... not the first malfeasance then.

Also, seems like the thief is in the process of laundering the whole thing.


FYI:

The Bitcoin Faucet bitcoind's are both running on a Linode VPS, which was mysteriously restarted 14 hours ago.  The ~4 bitcoins in the main-net Faucet's wallet were stolen, also; I'll shutdown the Faucet website, do NOT donate any coins to the Faucet donation address, it is controlled by the thief.

This is extremely disturbing. Wonder who else was stolen from. Sounds like it was well-planned.

Don't mix your coins someone said isn't legal
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 01, 2012, 08:02:40 PM
 #9

Is it positively confirmed that it is a linode issue and not an exploit for bitcoind?

There's no way how to "learn" linode's username and password to login into Linode Manager from machine itself. And attacker obviously used Linode Manager to change root password. So - yes, it isn't bitcoind issue.

The most interesting point of the whole hack is that Linode don't have any log about login to Manager by the attacker, which indicate that they used some vulnerability of Manager itself.

Wow, thats going to be an interesting one to figure out ...
proudhon
Legendary
*
Offline Offline

Activity: 1274



View Profile
March 01, 2012, 08:02:49 PM
 #10

I can't remember, does MtGox block stolen coins from deposit?
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 01, 2012, 08:03:26 PM
 #11

The Bitcoin Faucet bitcoind's are both running on a Linode VPS, which was mysteriously restarted 14 hours ago.

Gavin, thank you for info. It's the same time when my linodes were restarted (it was around 7 am UTC). Did you contacted Linode about this issue? Looks like they're still rejecting any problems on their side...

tritium
Member
**
Offline Offline

Activity: 86


View Profile
March 01, 2012, 08:04:02 PM
 #12

just changed my password, thanks for the heads up.

do you have a donation address?

1FCzN34C1xCLsDaLxfY7yB5CQKN74ruGHV
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 01, 2012, 08:06:20 PM
 #13

just changed my password, thanks for the heads up.

do you have a donation address?

You can donate to 18pmHDP5fx4A9Tpo69V1KEXWUQyK7EvT9C . Thank you for your support!

digital: thank you, too :-)

digital
Hero Member
*****
Offline Offline

Activity: 490


View Profile
March 01, 2012, 08:06:50 PM
 #14

His full address from the firstbits is:

Edit: nevermind, see above post

I've already sent along what I could spare...

If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20  50051.100  53668.0  53788.0  53571.0  53571.0  52212.0  50729.0  114804.0  115468  78106  69061  58572  54747
digital
Hero Member
*****
Offline Offline

Activity: 490


View Profile
March 01, 2012, 08:07:58 PM
 #15

Woops, guess I was a little late on that one...

If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20  50051.100  53668.0  53788.0  53571.0  53571.0  52212.0  50729.0  114804.0  115468  78106  69061  58572  54747
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 01, 2012, 08:09:43 PM
 #16

digital, you're correct, it's my general "donation" address, but I created the new one to track donations to pool funds...

Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
March 01, 2012, 08:14:02 PM
 #17

It exists now at an informal level, but I expect the "tainted coins" stigma will decrease over time.  Right now we have a high percentage of relatively fresh coins, but just like fiat, after they've been in circulation for some time it will be taken for granted that some percentage of it has been involved in some kind of scam.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
Cryptoman
Hero Member
*****
Offline Offline

Activity: 728



View Profile
March 01, 2012, 08:21:32 PM
 #18

If you trace the coins forward, it looks like they are going through some sort of laundering/mixing process as we speak.

"A small body of determined spirits fired by an unquenchable faith in their mission can alter the course of history." --Gandhi
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
March 01, 2012, 08:22:09 PM
 #19

The downside is this would destroy fungibility.  I'm not eager to see that happen.

The idea of reputation is intriguing, but realistically that will just mean people will pay for premium laundry services that can provide freshly-mined coins.  Mining could become unusually profitable for a while.  Smiley


      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 01, 2012, 08:22:56 PM
 #20

I am against anything that could potentially put coins into limbo and add even a hint of centralization to the mix.

plus, there is no way I would trust any organization to decide how "tainted" my coins were ... it sounds like it could be ripe for abuse


Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
March 01, 2012, 08:23:02 PM
 #21

Not to throw petrol on this absolute fkup(and it does seem linode is to blame), isnt there a way to manage autopayouts with encrypted wallets so that if your wallet gets accessed its still highly encrypted and unspendable(atleast within the next couple of billion years before its cracked)

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
tritium
Member
**
Offline Offline

Activity: 86


View Profile
March 01, 2012, 08:27:43 PM
 #22

isn't this something the new bips can help with

1FCzN34C1xCLsDaLxfY7yB5CQKN74ruGHV
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
March 01, 2012, 08:30:03 PM
 #23

isnt there a way to manage autopayouts with encrypted wallets so that if your wallet gets accessed its still highly encrypted and unspendable


Your software has to know the encryption key in order to make the payouts.

In this particular case it may have helped - if the key was stored only RAM (Slush would have had to type it in every reboot) it would have been wiped when the server was rebooted.  On the other hand, if the attackers get access without rebooting they can grab the key out of RAM and decrypt the wallet.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 01, 2012, 08:30:25 PM
 #24

I am against anything that could potentially put coins into limbo and add even a hint of centralization to the mix.

plus, there is no way I would trust any organization to decide how "tainted" my coins were ... it sounds like it could be ripe for abuse


Agreed on both count, but ... read my previous post: there nothing
you can do to prevent this from being built by someone at some point.

Oh yeah, no doubt about that Smiley

I'm curious, How is this handled in the "real world" now with currency?
malevolent
can into space
Staff
Legendary
*
Online Online

Activity: 1904



View Profile
March 01, 2012, 08:32:17 PM
 #25


I'm under impression, you are the first (or one of the very few) people who were hacked and decide to cover the loss from their own pocket. Now I'm happy we have at least the 2%.

So we can see that all linode bitcoin users were affected - if I were you I would contact everyone else affected and send a letter to the company demanding to cover the losses or have a class action lawsuit. At least that's what I would do but I am not a lawyer/what's their ToS/on what terms you were using their service,etc, but I wish you good luck.

bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 01, 2012, 08:33:00 PM
 #26

isnt there a way to manage autopayouts with encrypted wallets so that if your wallet gets accessed its still highly encrypted and unspendable


Your software has to know the encryption key in order to make the payouts.

In this particular case it may have helped - if the key was stored only RAM (Slush would have had to type it in every reboot) it would have been wiped when the server was rebooted.  On the other hand, if the attackers get access without rebooting they can grab the key out of RAM and decrypt the wallet.

The reboot is what's throwing me on this whole thing ... I've got to go read the timeline again, it wouldn't make sense to me to reboot the machine (potentially alerting the server admin ) if you were able to comprise a linode node at the level that has been suggested.

edit: nvm, its clearly explained in the OP. though why a node would need a reboot after a password change is beyond me
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
March 01, 2012, 08:39:35 PM
 #27

Getting access to the Linode admin UI doesn't give access to the server itself.  You can view the console, but you just get the login prompt.  You still need the server's password to log in.

To reset the password the server has to be shut down so that /etc/shadow can be modified.  At that point they could just go in and grab the data, but they most likely used Linode's password changer to minimize the downtime to a few seconds to help prevent getting caught.

A reboot wouldn't be required if they got access to the Linode hosts, but it doesn't sound like that was the case here.  I'm guessing the exploit is in their web-based server management.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
March 01, 2012, 08:43:09 PM
 #28

The downside is this would destroy fungibility.  I'm not eager to see that happen.


Agreed.
This is why I said many people would dislike this idea.

However, there is nothing anyone can do to prevent it from happening
at some point: all the data to do this is right there, in the block chain.


No one needs to prevent it, and the data is not all right there in the chain, the most relevant piece in this case is in this thread.

Thefts are not usually known in the first minutes after they happen. It will be trivial to switch the coins before they get the taint. Someone else will hold the bag (and they'll be kindly informed after it is too late by your spiffy taint client).

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
eleuthria
Legendary
*
Offline Offline

Activity: 1750



View Profile
March 01, 2012, 08:44:48 PM
 #29

Getting access to the Linode admin UI doesn't give access to the server itself.  You can view the console, but you just get the login prompt.  You still need the server's password to log in.

To reset the password the server has to be shut down so that /etc/shadow can be modified.  At that point they could just go in and grab the data, but they most likely used Linode's password changer to minimize the downtime to a few seconds to help prevent getting caught.

A reboot wouldn't be required if they got access to the Linode hosts, but it doesn't sound like that was the case here.  I'm guessing the exploit is in their web-based server management.

This is by far one of the scariest things about the process.  Considering Slush and the Faucet were compromised at roughly the same time, it points to the flaw being in Linode's administrative control panel.  A -very- scary situation, considering Linode is one of the largest VPS providers around.

RIP BTC Guild, April 2011 - June 2015
paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
March 01, 2012, 08:54:32 PM
 #30

Sorry to hear that guys. I only hope Gavin manages to achieve consensus and use his available resources to have that multisig feature implemented.

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
March 01, 2012, 08:57:06 PM
 #31


Yes, but if the bagholder isn't happy about the "quality" of the coins,
the person who committed the theft is now known.


This is not the right thread for this, we should move.

The person is not known unless 100% of bitcoin services ID customers.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 01, 2012, 09:04:32 PM
 #32

Linode confirmed that it was their fault, see bottom of pastebin.

So far it looks like superadmin account of Linode Manager leaked, which also explains why there was no login attempt to my account, although there was job for restart & password change.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 01, 2012, 09:13:49 PM
 #33

Sorry to hear that guys. I only hope Gavin manages to achieve consensus and use his available resources to have that multisig feature implemented.

A classic example of why we need ps2h

With p2sh Slush could have had one key on the server and a second key on an independent device (with third key kept always offline on paper as failsafe).  If he makes payments in batches he could even keep the second device offline outside payment windows and route signing through vpn or tor to provide further hardening.

ps2h is needed to provide not just "stupid user protection" but enterprise grade security solutions.
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
March 01, 2012, 09:14:47 PM
 #34

Wow, quite the attack.  I'd go straight after Linode with a lawsuit.  
bitlane
Internet detective
Sr. Member
****
Offline Offline

Activity: 462


I heart thebaron


View Profile
March 01, 2012, 09:14:55 PM
 #35

Linode confirmed that it was their fault, see bottom of pastebin.

So far it looks like superadmin account of Linode Manager leaked, which also explains why there was no login attempt to my account, although there was job for restart & password change.

Are they going to cover your losses ? This is a substantial amount of money involved.

glitch003
Full Member
***
Offline Offline

Activity: 216


View Profile
March 01, 2012, 09:16:05 PM
 #36

Wow, quite the attack.  I'd go straight after Linode with a lawsuit. 

There may be something in their EULA to protect them against this type of lawsuit
blueadept
Full Member
***
Offline Offline

Activity: 225


View Profile
March 01, 2012, 09:17:08 PM
 #37

Quote
We appreciate your business and certainly want to keep you as a happy and satisfied customer. If there is anything we can do to make this up to you, certainly let us know.

Ask them to cover your losses.

Like my posts?  Connect with me on LinkedIn and endorse my "Bitcoin" skill.
Decentralized, instant off-chain payments.
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
March 01, 2012, 09:22:22 PM
 #38

Wow, quite the attack.  I'd go straight after Linode with a lawsuit. 

There may be something in their EULA to protect them against this type of lawsuit
EULA's aren't the end-all that companies make them out to be though.  Even if they say "we will not be held liable for blah blah blah", doesn't mean that a court won't hold them liable.
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
March 01, 2012, 09:26:26 PM
 #39

Quote
Subscriber further acknowledges that Linode.com's liability for its own negligence may not in any event exceed an amount equivalent to charges payable by subscriber for services during the period damages occurred. In no event shall Linode.com be liable for any special or consequential damages, loss or injury. Linode.com is not responsible for any damages your business may suffer.
https://www.linode.com/tos.cfm

I wouldn't expect any different from inexpensive hosting.  No one would take on that kind of liability without a large markup.

It might be in their interests to take responsibility for damages for PR reasons, but I don't think they have a mandate (ethically or legally) to cover $15k of consequential damages for a customer using a $50-100/month service.

I also would not jump on them for admitting fault.  There are way too many companies out there that try to cover everything up when they screw up.  Linode should be commended for providing a prompt and honest answer right from the top brass.

I suggest asking nicely, not with a lawyer's letterhead.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
Wandering Albatross
Member
**
Offline Offline

Activity: 70



View Profile
March 01, 2012, 09:26:53 PM
 #40

Shows a major weakness in linode I'd say. Other linodes were hit as well.  I would be saying goodbye to linode. Since they seem to be short on details we can't conclude anything, except that they're system is flawed. They need to have failsafes in place.

What could you have done to prevent this?  Would an encrypted wallet prevented this?  Multiple wallets?  It may help a lot of people to discuss how to make it harder at least.

Stealing BTC might become more profitable than mining or maybe it already is, the crook had to give up an 0day possibly?

Would be nice to see linode present an in-depth analysis if they can't cover any of your losses.

BTC: 1JgPAC8RVeh7RXqzmeL8xt3fvYahRXL3fP
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
March 01, 2012, 09:28:00 PM
 #41

It all depends on how slush manages this ordeal, worst case I would atleast want to get partial damages reimbursed.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 01, 2012, 09:29:20 PM
 #42

the joys of having a superadmin account
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
March 01, 2012, 09:32:11 PM
 #43

It all depends on how slush manages this ordeal, worst case I would atleast want to get partial damages reimbursed.
Slush already said he'd cover it from his own pocket.  No loss to anyone mining with him.
proudhon
Legendary
*
Offline Offline

Activity: 1274



View Profile
March 01, 2012, 09:34:36 PM
 #44

the joys of having a superadmin account

So how about not having those. 
eleuthria
Legendary
*
Offline Offline

Activity: 1750



View Profile
March 01, 2012, 09:35:44 PM
 #45

The fact that they have a super admin account that isn't restricted to whitelisted IPs is amazing.  Even my small startup (not even public outside of bitcoin forums/BTC Guild) doesn't allow administrator logins from anywhere other than my office and my home.

RIP BTC Guild, April 2011 - June 2015
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 01, 2012, 09:35:56 PM
 #46

the joys of having a superadmin account

So how about not having those. 

This.

Superadmin account + sa in hands of 3rd party who accepts no liability = Sad
proudhon
Legendary
*
Offline Offline

Activity: 1274



View Profile
March 01, 2012, 09:46:58 PM
 #47

A nice gesture on their part, in addition to fixing the vulnerability and explaining exactly how they've done so, would be to accept bitcoin as payment for their service.   
Technomage
Legendary
*
Offline Offline

Activity: 1876


Affordable Physical Bitcoins - Denarium.com


View Profile WWW
March 01, 2012, 09:49:06 PM
 #48

Well, either Linode compensates adequately for this or they will have a serious boycott campaign on their hands. If they compensate and promise to fix their systems their reputation might be saved, otherwise it will go down the drain.

Check out the special auction for the NEW Denarium 1/2 BTC 1/2 Oz Gold Coin from here!
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 01, 2012, 09:49:25 PM
 #49

I'll be surprised if they offer to cover any losses ... imaginary money and all that hooey
btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW
March 01, 2012, 09:53:40 PM
 #50

Wow. Watching this.

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 01, 2012, 09:54:31 PM
 #51

I'll be surprised if they offer to cover any losses ... imaginary money and all that hooey

oh yeah, and eric schmidt thinks p2p currency is illegal too!
marked
Full Member
***
Offline Offline

Activity: 168



View Profile
March 01, 2012, 09:58:49 PM
 #52

It's a bit disturbing that bitcoinica was also down at this time

3 high profile bitcoin sites all down at the same time. (19:00 UTC) - -- EDIT Ignore: I misread the 07:00 UTC in OP)

[2nd EDIT: 020212-03:12 UTC right sentiment, wrong reason.]


marked
kano
Legendary
*
Offline Offline

Activity: 2338


Linux since 1997 RedHat 4


View Profile
March 01, 2012, 10:04:05 PM
 #53

I'll be surprised if they offer to cover any losses ... imaginary money and all that hooey
Well that's easy to resolve.
Give them a new slush address and tell them transfer in the same imaginary money that was lost.

Pool: https://kano.is Here on Bitcointalk: Forum BTC: 1KanoPb8cKYqNrswjaA8cRDk4FAS9eDMLU
FreeNode IRC: irc.freenode.net channel #kano.is Majority developer of the ckpool code
Help keep Bitcoin secure by mining on pools with full block verification on all blocks - and NO empty blocks!
malevolent
can into space
Staff
Legendary
*
Online Online

Activity: 1904



View Profile
March 01, 2012, 10:19:17 PM
 #54


EULA's aren't the end-all that companies make them out to be though.  Even if they say "we will not be held liable for blah blah blah", doesn't mean that a court won't hold them liable.

+1
hashcoin
Full Member
***
Offline Offline

Activity: 141


View Profile
March 01, 2012, 10:22:07 PM
 #55

Wow, I was actually just looking into moving some of my hosting and linode was where I had chosen.  I guess I will have to rethink that.  I'll probably go with EC2 since it seems Amazon takes security quite seriously, but EC2 is noticably more expensive.
kano
Legendary
*
Offline Offline

Activity: 2338


Linux since 1997 RedHat 4


View Profile
March 01, 2012, 10:23:32 PM
 #56

I am against anything that could potentially put coins into limbo and add even a hint of centralization to the mix.

plus, there is no way I would trust any organization to decide how "tainted" my coins were ... it sounds like it could be ripe for abuse


Agreed on both count, but ... read my previous post: there nothing
you can do to prevent this from being built by someone at some point.
Actually, the concept being described is completely against the Bitcoin design.

The design is of course that when a transaction occurs, it cannot be reversed.
End of story.

As soon as that is no longer true you have destroyed the Bitcoin design.
It is no longer decentralised - someone now has power over it.

If 'some' central authority has the power to deem coins good or bad, then you may as well just dump Bitcoin.

Unfortunately sometimes people hack into other people's access security information and are able to steal what is protected by that information.
That certainly does not mean we should consider giving power of Bitcoin to anyone in any manner whatsoever.
That is purely a knee-jerk reaction to the problem - and should never be done.

Of course everyone has the ability to track down the path of the coins and then possibly confront the perpetrator and request them to return the coins.
However, giving that power to any particular person or group to decide is ludicrous.

If that is what you want - then go visit SolidCoin2.0 and stay away from Bitcoin.

Pool: https://kano.is Here on Bitcointalk: Forum BTC: 1KanoPb8cKYqNrswjaA8cRDk4FAS9eDMLU
FreeNode IRC: irc.freenode.net channel #kano.is Majority developer of the ckpool code
Help keep Bitcoin secure by mining on pools with full block verification on all blocks - and NO empty blocks!
glitch003
Full Member
***
Offline Offline

Activity: 216


View Profile
March 01, 2012, 10:29:06 PM
 #57

It's a bit disturbing that bitcoinica was also down at this time

3 high profile bitcoin sites all down at the same time. (19:00 UTC) - -- EDIT Ignore: I misread the 07:00 UTC in OP)



marked

also it appears that bitcoinica is hosted at rackspace:

http://whois.domaintools.com/50.56.4.62
dooglus
Legendary
*
Offline Offline

Activity: 2408



View Profile
March 01, 2012, 10:30:54 PM
 #58

Of course everyone has the ability to track down the path of the coins and then possibly confront the perpetrator and request them to return the coins.

A while ago I decided to track down the 'allinvain' stolen coins and see where they ended up.  It turned out that by mid February they were distributed to over 100,000 different addresses, including 8 of my own addresses.  I'm guessing somebody did a very good job of laundering them.  Either that, or this is just the natural way that bitcoins are passed around.

http://bitcoin.stackexchange.com/a/2900/659 is where I posted my findings.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 01, 2012, 10:33:28 PM
 #59

Of course everyone has the ability to track down the path of the coins and then possibly confront the perpetrator and request them to return the coins.

A while ago I decided to track down the 'allinvain' stolen coins and see where they ended up.  It turned out that by mid February they were distributed to over 100,000 different addresses, including 8 of my own addresses.  I'm guessing somebody did a very good job of laundering them.  Either that, or this is just the natural way that bitcoins are passed around.

http://bitcoin.stackexchange.com/a/2900/659 is where I posted my findings.

I love that post, thanks for taking the time to do that
DBordello
Sr. Member
****
Offline Offline

Activity: 328


BTCPak.com - Exchange your Bitcoins for MP!


View Profile WWW
March 01, 2012, 10:33:41 PM
 #60

Of course everyone has the ability to track down the path of the coins and then possibly confront the perpetrator and request them to return the coins.

A while ago I decided to track down the 'allinvain' stolen coins and see where they ended up.  It turned out that by mid February they were distributed to over 100,000 different addresses, including 8 of my own addresses.  I'm guessing somebody did a very good job of laundering them.  Either that, or this is just the natural way that bitcoins are passed around.

http://bitcoin.stackexchange.com/a/2900/659 is where I posted my findings.

Great analysis.  A good example of why we can't blacklist coins.

Dan

www.BTCPak.com - Exchange your bitcoins for MP: Secure, Anonymous and Easy!
kano
Legendary
*
Offline Offline

Activity: 2338


Linux since 1997 RedHat 4


View Profile
March 01, 2012, 10:39:22 PM
 #61

Wow, I was actually just looking into moving some of my hosting and linode was where I had chosen.  I guess I will have to rethink that.  I'll probably go with EC2 since it seems Amazon takes security quite seriously, but EC2 is noticably more expensive.
The security of EC2 is dependent on what applications you install on it.
If you install an application that has a security vulnerability that gives access to the wrong information then you are no better off.

However, the fact that Linode has an administrative "backdoor" into their system that they put in place with crap level security, certainly suggests anyone would be a fool to EVER use them again.
I'd probably even say that just having an administrative "backdoor" into their system that they put in place means you should not trust them.

Hopefully comments similar to that will spread across the internet and that will be the end of Linode.

Pool: https://kano.is Here on Bitcointalk: Forum BTC: 1KanoPb8cKYqNrswjaA8cRDk4FAS9eDMLU
FreeNode IRC: irc.freenode.net channel #kano.is Majority developer of the ckpool code
Help keep Bitcoin secure by mining on pools with full block verification on all blocks - and NO empty blocks!
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
March 01, 2012, 10:46:31 PM
 #62

I'd probably even say that just having an administrative "backdoor" into their system that they put in place means you should not trust them.
QFT

slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 01, 2012, 10:50:30 PM
 #63

Big irony is that my previous login into Linode Manager (those on 08/02/12) was because I created backup machine and moved pool backup here from my home server. I had some connectivity issues at home and sometimes backup didn't finished properly, so I decided to move backup to standalone machine to make it "safer".

kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
March 01, 2012, 10:51:50 PM
 #64

Wow, I was actually just looking into moving some of my hosting and linode was where I had chosen.  I guess I will have to rethink that.  I'll probably go with EC2 since it seems Amazon takes security quite seriously, but EC2 is noticably more expensive.

I heard a polish exchange lost their money there because they didn't backup the wallet somewhere else.

rjk
Sr. Member
****
Offline Offline

Activity: 448


1ngldh


View Profile
March 01, 2012, 10:52:36 PM
 #65

I'd probably even say that just having an administrative "backdoor" into their system that they put in place means you should not trust them.
QFT
It isn't possible to design large automated systems with no kind of management built in. It just can't be done. Certainly it would be possible for Amazon or any other provider to do something similar - shut down the VPS, modify /etc/shadow, and boot up again having given themselves access.

The question is whether they can keep it secure. Good passwords, token based authentication, minimal number of users with access, fine-grained permissions properly applied, etc. Not to mention blatantly obvious things like only allowing access from certain IP addresses. Not doing so is inviting disaster, as per Linode.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
kano
Legendary
*
Offline Offline

Activity: 2338


Linux since 1997 RedHat 4


View Profile
March 01, 2012, 10:57:36 PM
 #66

...
No central authority whatsoever. I mentioned competing external entities
that record and make public thefts and the addresses the coins end up at.

Whether you choose to trust and use what they'd publish is your choice.
i.e. trust a "central authority".
As soon as a large % of Bitcoin people trusted such a central authority I would sell my bitcoins and go find a true decentralised secure currency.
Bitcoin would no longer be that.

Quote
Let me explain what I have in mind with an example:

Right now, we know with a certain amount certainty (based on slush's rep)
that the coins in this transaction http://blockexplorer.com/tx/34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb
were stolen.
...
And right there you have pointed out the obvious flaw in the whole idea.

Pool: https://kano.is Here on Bitcointalk: Forum BTC: 1KanoPb8cKYqNrswjaA8cRDk4FAS9eDMLU
FreeNode IRC: irc.freenode.net channel #kano.is Majority developer of the ckpool code
Help keep Bitcoin secure by mining on pools with full block verification on all blocks - and NO empty blocks!
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
March 01, 2012, 11:06:54 PM
 #67

I'd probably even say that just having an administrative "backdoor" into their system that they put in place means you should not trust them.
QFT
It isn't possible to design large automated systems with no kind of management built in. It just can't be done. Certainly it would be possible for Amazon or any other provider to do something similar - shut down the VPS, modify /etc/shadow, and boot up again having given themselves access.

The question is whether they can keep it secure. Good passwords, token based authentication, minimal number of users with access, fine-grained permissions properly applied, etc. Not to mention blatantly obvious things like only allowing access from certain IP addresses. Not doing so is inviting disaster, as per Linode.
It is possible to keep your wallet outside of those large automated systems though.  I don't put my wallet on a system that anyone but me has a access to. Problem solved.

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 01, 2012, 11:10:08 PM
 #68

Can you say "Linode employee"?

That's your perp...

kano
Legendary
*
Offline Offline

Activity: 2338


Linux since 1997 RedHat 4


View Profile
March 01, 2012, 11:18:21 PM
 #69

...
No central authority whatsoever. I mentioned competing external entities
that record and make public thefts and the addresses the coins end up at.

Whether you choose to trust and use what they'd publish is your choice.
i.e. trust a "central authority".
As soon as a large % of Bitcoin people trusted such a central authority I would sell my bitcoins and go find a true decentralised secure currency.
Bitcoin would no longer be that.



You're fairly thick aren't you ?

Which part of "this will happen whether you like it or not" didn't you hear ?

As a matter of fact, it's already been pulled off - see the stackexchange post.
It is now just a matter of making it available through a website.
I'm glad you've decided that your predictions are infallible.

As I said:
Quote
As soon as a large % of Bitcoin people trusted such a central authority I would sell my bitcoins and go find a true decentralised secure currency.
Bitcoin would no longer be that.


Quote
Quote
Quote
Let me explain what I have in mind with an example:

Right now, we know with a certain amount certainty (based on slush's rep)
that the coins in this transaction http://blockexplorer.com/tx/34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb
were stolen.
...
And right there you have pointed out the obvious flaw in the whole idea.

The fact that Slush is trustworthy and not feeding everyone here BS
about having been robbed? I would suggest you go get an education
on the notion of prior probability.
Just coz you have an idea - doesn't mean is isn't flawed - step back and read it again.
I'll explain it if you really can't see it.

Pool: https://kano.is Here on Bitcointalk: Forum BTC: 1KanoPb8cKYqNrswjaA8cRDk4FAS9eDMLU
FreeNode IRC: irc.freenode.net channel #kano.is Majority developer of the ckpool code
Help keep Bitcoin secure by mining on pools with full block verification on all blocks - and NO empty blocks!
fergalr
Newbie
*
Offline Offline

Activity: 15


View Profile
March 01, 2012, 11:21:07 PM
 #70

Of course everyone has the ability to track down the path of the coins and then possibly confront the perpetrator and request them to return the coins.

A while ago I decided to track down the 'allinvain' stolen coins and see where they ended up.  It turned out that by mid February they were distributed to over 100,000 different addresses, including 8 of my own addresses.  I'm guessing somebody did a very good job of laundering them.  Either that, or this is just the natural way that bitcoins are passed around.

http://bitcoin.stackexchange.com/a/2900/659 is where I posted my findings.

Did some work on this before:
http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html


Have you seen this SVG we made, linked to from that page?  
https://sites.google.com/site/btcanalysis/AllegedTheftBlogVersion.svg?attredirects=0&d=1

You'll need to open it in something that renders SVGs well - I use Google Chrome.

If you mouse over the graphics, you can see the addresses.

The node: 104741, as we number them (this corresponds to http://blockexplorer.com/address/12RyZB4odBmdenN6TPukb1ZR29DHKgMHuJ - the nodes in the SVG have clickable links to blockexplorer) (the node is in the top-middle of our diagram; but chrome etc will let you search the SVG to find it, by the number 104741), is where those coins you found, break off the main flow of funds, which we continued to track.  We only rendered the principal flow of coins; our code follows the 2K of coins, and ignores the flow of ~20coins that break off, that you mention; 10 or so hops later, that small flow arrives at the address you mention.

If you are interested in this sort of thing, check that diagram out.
I'm biased, but I think it does a pretty good job of allowing us to unravel bitcoin flows.
Krakonos
Member
**
Offline Offline

Activity: 60


View Profile
March 01, 2012, 11:22:21 PM
 #71

Hey slush, I'm sorry this happened. I'm sending a few coins to you, for your hard work and the decision to cover the losses!

Tip jar: 1MWj8Etpt3ayLG5AvXwhtEU42szJD2m97z
dooglus
Legendary
*
Offline Offline

Activity: 2408



View Profile
March 01, 2012, 11:23:44 PM
 #72

What that means is the amount that is currently stashed on 1NRy8GbX56MymBhDYMyqsNKwW9VupqKVG7
is stained with a weight = amountStolen/(amountStolen + amountStoredThereBefore)

Once some coins on that address get spent, they will go and taint the amount stored
on the address they land on, using the same formula.

Just a small detail, but:

If I send tainted coins to an address which is already holding clean coins, the two transaction outputs don't "mix".  They stay separate - some tainted, some clean.  The mixing only happens when I combine several outputs to make a new transaction, then each of the outputs is tainted with:

output_taint = sum(input_n * input_n_taint) / sum(input_n)

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
kronosvl
Full Member
***
Offline Offline

Activity: 134


View Profile
March 01, 2012, 11:26:34 PM
 #73

Is just an idea but maybe offering to the miners the option to donate a percent of their choice from their earnings for the next x days/weeks to help the pool recover would also help

Donations are accepted @: 19Uk8zVhdgfrRo5Z6wH9yghWxZUtdiNtX9
OTC: http://bitcoin-otc.com/viewgpg.php?nick=kronosvl
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
March 01, 2012, 11:35:57 PM
 #74

Linode knows about bitcoin because we spoke to an employee from there about witcoin  months ago. They had asked us to take down a particular post about their policy of shutting down a site for content they didnt agree with. They are fully aware of it. I hate to say it but "rogue employee" comes to mind. Boycott unless they fix it.

stick_theman
Sr. Member
****
Offline Offline

Activity: 372


View Profile
March 01, 2012, 11:56:56 PM
 #75

Thank you Slush for being so man-up about the situation.  Also, I think Linode should be responsible for a portion of the lost.  We should send Linode this thread.   Definitely "Rogue Employee" come to mind at Linode.
kano
Legendary
*
Offline Offline

Activity: 2338


Linux since 1997 RedHat 4


View Profile
March 02, 2012, 12:23:43 AM
 #76

I'd probably even say that just having an administrative "backdoor" into their system that they put in place means you should not trust them.
QFT
It isn't possible to design large automated systems with no kind of management built in. It just can't be done. Certainly it would be possible for Amazon or any other provider to do something similar - shut down the VPS, modify /etc/shadow, and boot up again having given themselves access.

The question is whether they can keep it secure. Good passwords, token based authentication, minimal number of users with access, fine-grained permissions properly applied, etc. Not to mention blatantly obvious things like only allowing access from certain IP addresses. Not doing so is inviting disaster, as per Linode.
No, I did use the term "backdoor" for a reason Smiley

They didn't acknowledge the access that had been through their "backdoor" until later.
It didn't show up in the logs or slush's information he had.
The first reply from Linode, didn't acknowledge the "administrative" access at all. (re: slush's pastebin)
i.e. they hide the access ...

That's why
I'd probably even say that just having an administrative "backdoor" into their system that they put in place means you should not trust them.

Pool: https://kano.is Here on Bitcointalk: Forum BTC: 1KanoPb8cKYqNrswjaA8cRDk4FAS9eDMLU
FreeNode IRC: irc.freenode.net channel #kano.is Majority developer of the ckpool code
Help keep Bitcoin secure by mining on pools with full block verification on all blocks - and NO empty blocks!
fergalr
Newbie
*
Offline Offline

Activity: 15


View Profile
March 02, 2012, 12:27:54 AM
 #77

Don't bother -- your site can't even exist, Kano has decreed that the whole thing wasn't possible.

Seriously though, if the thief is willing to go through enough trouble, he can launder the coins, but
that suggests a certain amount of understanding and sophistication on the part of the thief, and it's
quite possible they won't bother, which makes the tracking efforts worth a try IMO.

I agree that if a thief is willing to go through the trouble, they could launder bitcoins, so as to make them very hard to track; possibly even impractically hard to track.


I don't have a strong opinion on whether 'marking' coins - basically, trying to keep some record of which 'coins' were stolen (or rather, which fraction of the balance at a particular address was 'stolen') would have the effect of reducing the incentive to steal bitcoins.


I do like the idea that even if a small fraction of bitcoin users will refuse to accept 'marked' bitcoins, then this instantly decreases the value of 'marked' bitcoins; and this can possibly have a knock on effect; so that 'marking' doesn't have to be total, or centralised, for it to have an impact.

But I also see the argument that it would be very difficult to know who to trust to maintain lists of marked bitcoins; there seems to be some centralization inherent in the idea of lists of bad coins.

And there would be conflicts of interest; the more bitcoins that get marked as 'stolen', the more valuable non-stolen bitcoins become; anyone with a lot of bitcoins would be incentivised to have other bitcoins 'marked'.

There is also the fundamental difficulty of establishing whether bitcoins that are alleged to be stolen, were actually stolen, or not.  I'm not talking about any specific case here.
If its possible to pay for goods, with Bitcoins, and then later declare the bitcoins used in the payment to be stolen, and hence marked, you mess with the way bitcoin handles non-repudiation.
It would also totally change the setup of services, which have user accounts layered on top of the bitcoin protocol - they don't have a direct mapping from individual users, to bitcoin addresses - while they can be considered to be outside the bitcoin system, in some sense, 'marking' would not work well with them, in practice.

Like all these economic things, it's very hard to reason about the effects of such a system, so I've no strong opinion on it.

The fact that the complete history of a balance is stored, and publicly available, allows you to think about doing interesting things like this, in a way thats hard in other setups.
It might be interesting, if, instead of balances, there were specific 'coins' in the protocol (at the moment, balances lose their individual identities, when they pass through a transaction) - that would allow 'marking' to be done properly - maybe such a system could support 'marking' in some decentralised fashion, and be more resistant to theft.  I don't know, but interesting to think about.
bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 02, 2012, 12:39:21 AM
 #78

While I think that a marked coin or tainted coin might be harder to spend with some users, there is still a whole segment of users that don't care either way, so the spice will still flow.

muyuu
Donator
Legendary
*
Offline Offline

Activity: 966



View Profile
March 02, 2012, 12:55:35 AM
 #79

Just sad that some criminal made 10k quid from your honest work just like that.

By the looks of it the attack was directed. A random hacker who happens to run into a wallet most probably wouldn't have known what to do about it immediately.

It was very likely a Linode employee who knew about your operation...

I'd look into running servers with hot wallets to .onion sites so hackers don't even know where and how is it stored at all. When I was looking into the betting business I was told of colocation services with flat insurance for intrusion... but it was a nightmare of regulations and very limiting, and expensive as well. Running a server from home with a good redundant connection would probably be a sensible solution considering the amount of money at stake. At worst... well your hot wallet is offline for a while.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
March 02, 2012, 12:56:49 AM
 #80

Another takeaway is that bitcoin services hosted remotely should keep their on-line wallets encrypted.  Then they can't be stolen after a reboot because the server will require manual entry of encryption password.

College of Bucking Bulls Knowledge
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
March 02, 2012, 01:17:22 AM
 #81

It might be interesting, if, instead of balances, there were specific 'coins' in the protocol (at the moment, balances lose their individual identities, when they pass through a transaction)

Not true.  Each transaction into an address is a separate coin, and they are redeemed separately when you spend them.  They only mix when multiple coins are redeemed at the same time.

If you mean completely individual, non-mixing coins, I don't think there's a practical way to do it with a Bitcoin-like cryptocurrency.  The blockchain would become huge.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
m3ta
Sr. Member
****
Offline Offline

Activity: 422



View Profile WWW
March 02, 2012, 01:19:38 AM
 #82

Boycott unless they fix it.

How will you be sure they "fixed it" unless they disclose the full vulnerability?
So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it.

Why the frell so many retards spell "ect" as an abbreviation of "Et Cetera"? "ETC", DAMMIT! http://en.wikipedia.org/wiki/Et_cetera

Host:/# rm -rf /var/forum/trolls
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 01:22:19 AM
 #83

Linode does not owe you anything, especially an 'estimated value' of your Bitcoins.

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 01:26:00 AM
 #84

Boycott unless they fix it.

How will you be sure they "fixed it" unless they disclose the full vulnerability?
So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it.


They already disclosed that it was a support login that did it. What else do they need to disclose?

@JeffK just crawl back under the rock you were since Jan 9, 2012.
Interesting that you came back just to say that...

dooglus
Legendary
*
Offline Offline

Activity: 2408



View Profile
March 02, 2012, 01:26:48 AM
 #85

Have a more secure system in place next time.

The attacker went outside his secure system and gained root access.  There's not much you can do about that except for not using a hosting service which allows attackers root access to your files.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 01:28:03 AM
 #86

Have a more secure system in place next time.

The attacker went outside his secure system and gained root access.  There's not much you can do about that except for not using a hosting service which allows attackers root access to your files.

How about encrypting the wallet ?
Thralen
Full Member
***
Offline Offline

Activity: 123


View Profile
March 02, 2012, 01:28:07 AM
 #87

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.

Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them..

Please read the thread before commenting, otherwise you make yourself look foolish.

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
glitch003
Full Member
***
Offline Offline

Activity: 216


View Profile
March 02, 2012, 01:29:16 AM
 #88

Linode does not owe you anything, especially an 'estimated value' of your Bitcoins.

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.

Linode already acknowledged that it's their fault.  BTW I have a mat I'd love to sell you. It has conclusions on it and you can jump to them.
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 01:29:41 AM
 #89

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.

Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them..

Please read the thread before commenting, otherwise you make yourself look foolish.

Thralen


Ah yes, a goddamn pastebin surely is proof
glitch003
Full Member
***
Offline Offline

Activity: 216


View Profile
March 02, 2012, 01:31:02 AM
 #90

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.

Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them..

Please read the thread before commenting, otherwise you make yourself look foolish.

Thralen


Ah yes, a goddamn pastebin surely is proof

Some people on this forum trust slush quite a bit.  What is his motivation to lie about this?
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 02, 2012, 01:32:08 AM
 #91

Another 10k+ BTC from Bitcoinica :-/.
https://bitcointalk.org/index.php?topic=66961

m3ta
Sr. Member
****
Offline Offline

Activity: 422



View Profile WWW
March 02, 2012, 01:32:35 AM
 #92

Boycott unless they fix it.

How will you be sure they "fixed it" unless they disclose the full vulnerability?
So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it.


They already disclosed that it was a support login that did it. What else do they need to disclose?


The proof that if it happens again, criminal charges will be taken against the offender, and the victim will be compensated - basically, a secure SLA.
For example. Was that too hard?

Cause if you don't need anything else and are satisfied with their reply as it is, then you have very minimal requirements with people who have responsibilities over your assets and it's people like you who endanger everyone else.

Dasse....

Why the frell so many retards spell "ect" as an abbreviation of "Et Cetera"? "ETC", DAMMIT! http://en.wikipedia.org/wiki/Et_cetera

Host:/# rm -rf /var/forum/trolls
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 01:33:33 AM
 #93

Terms of Service exist for a reason, even if it was their fault (which I somehow doubt, given their track record)

Have a more secure system in place next time.

Their track record? This last statement tells me you didn't read the thread. The access was from one of Linode's administrative accounts. Therefore the track record is not good... A more secure system would involve not using linode since the access came from them..

Please read the thread before commenting, otherwise you make yourself look foolish.

Thralen


Ah yes, a goddamn pastebin surely is proof

Some people on this forum trust slush quite a bit.  What is his motivation to lie about this?


Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
March 02, 2012, 01:34:44 AM
 #94

Boycott unless they fix it.

How will you be sure they "fixed it" unless they disclose the full vulnerability?
So, as you can never be sure, I say "boycott unless they greatly compensate Slush for the loss" - "I'm sorry" just doesn't cut it.


Bitcoin raises web hosting to a new level.  Yes, there are juicy non-bitcoin targets out there such as credit cards and personal data.  But there is nothing like bitcoin for a hacker thief.  Once you steal them, you can wait to use them, something that does not work as well with credit cards.  You can mix them, something you can not do with credit cards.  You can even lay down false tracks by sending them to peoples public addresses.  

Now you have 'data' that is pretty much worth a years (or more) salary for a typical sysadmin.  An employee of a webhost can take it and if they know what they are doing, they can be much 'safer' then stealing credit card information.  Right now the only crime is unauthorized access and data theft, not all of the other crimes that go along with credit card fraud that could involve massive jail time.  I am not saying if caught they would not go to jail, but laws have not caught up to bitcoin.  

I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000.  The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind.  No 'control panel" based hosting.  

Thralen
Full Member
***
Offline Offline

Activity: 123


View Profile
March 02, 2012, 01:36:13 AM
 #95


Ah yes, a goddamn pastebin surely is proof

Do you see any other proof for the opposition posted, in addition there are corroborating reports from others as to the same thing occurring to them nearly simultaneously. Therefore the concept of admin access used for the crime is far more feasible. So we have proof of a sort vs. your opinion. Exactly why would be believe your opinion over even the slightest shred of proof?

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
Thralen
Full Member
***
Offline Offline

Activity: 123


View Profile
March 02, 2012, 01:38:26 AM
 #96


Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.

Here is some more 'proof' for you. Although you're liable to dismiss this in the same manner as the other:

https://bitcointalk.org/index.php?topic=66961

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
March 02, 2012, 01:42:09 AM
 #97

do these incidents not bode well for online clients like Electrum or Blockchain.info?

even with encrypted user generated private keys, they can be stolen by the server when opened to sign tx's.
notme
Legendary
*
Offline Offline

Activity: 1890


View Profile
March 02, 2012, 01:42:51 AM
 #98


Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.

Here is some more 'proof' for you. Although you're liable to dismiss this in the same manner as the other:

https://bitcointalk.org/index.php?topic=66961

Thralen

That corroborates the current theory (Linode admin leak).

What are you trying to prove with that link that is contrary to a Linode admin leak?

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 01:44:32 AM
 #99


Hell if I know, I'm just saying that the proof is very shaky, I'll wait for a statement from Linode before I think they actually screwed up, but given this community's history for having 'trusted people' disappear with funds, I don't know how much the opinion of 'some people on this forum' matters.

Here is some more 'proof' for you. Although you're liable to dismiss this in the same manner as the other:

https://bitcointalk.org/index.php?topic=66961

Thralen

That corroborates the current theory (Linode admin leak).

What are you trying to prove with that link that is contrary to a Linode admin leak?

I think he may be trying to "set JeffK straight" as they say...
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 02, 2012, 01:49:43 AM
 #100

I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000.  The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind.

Unfortunately this is very hard to achieve in real world. For example, I cannot use any housing here in Prague because of stupidly poor connectivity to abroad. Then it really don't matter if the provider is VPS or not, because technically there must be somebody who have physical access to the server instead of me. I'm hosting the pool in France - it's standalone server, but there is still software KVM (because *I* need to reach the server anytime) and there are probably tens of sysadmins with physical access to server.

So it happen today in Linode, but it can happen everywhere else tomorrow. So choosing server provider for services where you don't have thousands of dollars monthly to protect your own server room is like playing russian roulette.

slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 02, 2012, 01:55:27 AM
 #101

WHY DA FUCK DO YOU USE VPS's TO HOST IMPORTANT STUFF?

Hm, please read my previous post. I don't think that VPS containers itself are huge security risk. As you see now, virtualization wasn't the reason for the hack, but it was supporting tool which is in some form in every hosting company, even for unmanaged servers (yes, I'm even paying extra fee for software KVM).

Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
March 02, 2012, 01:56:18 AM
 #102

I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000.  The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind.

Unfortunately this is very hard to achieve in real world. For example, I cannot use any housing here in Prague because of stupidly poor connectivity to abroad. Then it really don't matter if the provider is VPS or not, because technically there must be somebody who have physical access to the server instead of me. I'm hosting the pool in France - it's standalone server, but there is still software KVM (because *I* need to reach the server anytime) and there are probably tens of sysadmins with physical access to server.

So it happen today in Linode, but it can happen everywhere else tomorrow. So choosing server provider for services where you don't have thousands of dollars monthly to protect your own server room is like playing russian roulette.

I do agree that it is hard to find options in some areas.  In Baltimore we have a few 'rack space' rental places that will allow you to drop in a server that you have physically set up and nobody has access to online.  Sure, they could get to it physically but that kind of attack is quite different if disks are encrypted.  (and yes, I know it is POSSIBLE to break into those as well but you do need to take the machine offline to do it)

slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 02, 2012, 01:56:31 AM
 #103

Lol, psy deleted his post immediately Wink

muyuu
Donator
Legendary
*
Offline Offline

Activity: 966



View Profile
March 02, 2012, 01:58:05 AM
 #104

Another 10k+ BTC from Bitcoinica :-/.
https://bitcointalk.org/index.php?topic=66961

In the transaction related to your incident, one of the destination addresses had 25k BTC or so... by the looks of it the perp has amassed a lot of bitcoins and I bet there were many legit wallets in Linode with legit transactions so he can also use these to launder his money.

It's a lot of money to launder, though. We're talking about 1/4 million US$ or so.

Beware of big mining contract purchases in ferroh or GPUMax (or others) during the next few days.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 01:58:51 AM
 #105

Since they are a company with real money on the line, they are probably doing an investigation before they make any statement, period.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 01:59:06 AM
 #106

Yeah, I deleted it because I wasn't even trying to attack you nor did I wished to derail the thread.

Was just replying to you now to say: colocation with encrypted disks?

I understand if you tell me it's expensive, but the alternative is worse, as we all see now.

PS: I don't have any bitcoind facing the web so it's easy for me to stay safe.
Those guides about setting up hidden services are really helpful when one wants to setup a secure server.

Sorry Slush, hope you didn't got mad with me. I'm really in pain with this situation. I was already in pain when it was only you and Gavin, much more now that Bitcoinica even lost more than both of you together.

Thralen
Full Member
***
Offline Offline

Activity: 123


View Profile
March 02, 2012, 02:03:40 AM
 #107


I think he may be trying to "set JeffK straight" as they say...

Yes, I have issues with people that I've never seen contribute meaningfully to something trying to tear apart people that I know have contributed to that thing. In this case, Bitcoin being the thing and Slush (as someone with major contributions to it) being 'attacked' and being, in essence, called a liar. I tend to jump to the defense of what I believe in at those points. Therefore I posted the link to the other major breach that was only tangentially mentioned and linked to in this thread as additional proof, seeing if he'd decide to call Zhou (as well as Slush) a liar by continuing his current stand.

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
dunand
Hero Member
*****
Offline Offline

Activity: 637



View Profile
March 02, 2012, 02:07:42 AM
 #108

Can someone explain how the encrypted wallet was compromised? The attacker found the wallet's password in the source code / config file somewhere?
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 02:09:10 AM
 #109

Can someone explain how the encrypted wallet was compromised? The attacker found the wallet's password in the source code / config file somewhere?

Maybe because it wasn't encrypted?
I don't remember any of them saying the wallets were encrypted.
Maybe I'll need to re-read the thread(s)...

JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 02:09:24 AM
 #110


I think he may be trying to "set JeffK straight" as they say...

Yes, I have issues with people that I've never seen contribute meaningfully to something trying to tear apart people that I know have contributed to that thing. In this case, Bitcoin being the thing and Slush (as someone with major contributions to it) being 'attacked' and being, in essence, called a liar. I tend to jump to the defense of what I believe in at those points. Therefore I posted the link to the other major breach that was only tangentially mentioned and linked to in this thread as additional proof, seeing if he'd decide to call Zhou (as well as Slush) a liar by continuing his current stand.

Thralen

It's also terribly unfair to attack one of the longest standing most reputable providers without any real statement on their part, and it's doubly unfair to demand they pay back what was allegedly "lost" on the service, since they aren't required by law or their TOS to hold backups of your data for you.
paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
March 02, 2012, 02:15:46 AM
 #111

Another 10k+ BTC from Bitcoinica :-/.
https://bitcointalk.org/index.php?topic=66961

In the transaction related to your incident, one of the destination addresses had 25k BTC or so... by the looks of it the perp has amassed a lot of bitcoins and I bet there were many legit wallets in Linode with legit transactions so he can also use these to launder his money.

It's a lot of money to launder, though. We're talking about 1/4 million US$ or so.

Beware of big mining contract purchases in ferroh or GPUMax (or others) during the next few days.

zhoutong didn't provide transaction id of the robbery like slush did

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
copumpkin
Donator
Sr. Member
*
Offline Offline

Activity: 266


I'm actually a pineapple


View Profile
March 02, 2012, 02:18:06 AM
 #112


I think he may be trying to "set JeffK straight" as they say...

Yes, I have issues with people that I've never seen contribute meaningfully to something trying to tear apart people that I know have contributed to that thing. In this case, Bitcoin being the thing and Slush (as someone with major contributions to it) being 'attacked' and being, in essence, called a liar. I tend to jump to the defense of what I believe in at those points. Therefore I posted the link to the other major breach that was only tangentially mentioned and linked to in this thread as additional proof, seeing if he'd decide to call Zhou (as well as Slush) a liar by continuing his current stand.

Thralen

It's also terribly unfair to attack one of the longest standing most reputable providers without any real statement on their part, and it's doubly unfair to demand they pay back what was allegedly "lost" on the service, since they aren't required by law or their TOS to hold backups of your data for you.

Backups are not really the issue here.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 02:19:54 AM
 #113

@JeffK Full disclosure request:

What is your relationship with Linode?

JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 02:20:06 AM
 #114


I think he may be trying to "set JeffK straight" as they say...

Yes, I have issues with people that I've never seen contribute meaningfully to something trying to tear apart people that I know have contributed to that thing. In this case, Bitcoin being the thing and Slush (as someone with major contributions to it) being 'attacked' and being, in essence, called a liar. I tend to jump to the defense of what I believe in at those points. Therefore I posted the link to the other major breach that was only tangentially mentioned and linked to in this thread as additional proof, seeing if he'd decide to call Zhou (as well as Slush) a liar by continuing his current stand.

Thralen

It's also terribly unfair to attack one of the longest standing most reputable providers without any real statement on their part, and it's doubly unfair to demand they pay back what was allegedly "lost" on the service, since they aren't required by law or their TOS to hold backups of your data for you.

Backups are not really the issue here.

It is "hosting something of value on an unencrypted server that is irreplaceable" then?
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 02:20:18 AM
 #115

Another 10k+ BTC from Bitcoinica :-/.
https://bitcointalk.org/index.php?topic=66961

In the transaction related to your incident, one of the destination addresses had 25k BTC or so... by the looks of it the perp has amassed a lot of bitcoins and I bet there were many legit wallets in Linode with legit transactions so he can also use these to launder his money.

It's a lot of money to launder, though. We're talking about 1/4 million US$ or so.

Beware of big mining contract purchases in ferroh or GPUMax (or others) during the next few days.

zhoutong didn't provide transaction id of the robbery like slush did

http://blockchain.info/tx-index/2873808/0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0 -- may be it.
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
March 02, 2012, 02:20:27 AM
 #116


I think he may be trying to "set JeffK straight" as they say...

Yes, I have issues with people that I've never seen contribute meaningfully to something trying to tear apart people that I know have contributed to that thing. In this case, Bitcoin being the thing and Slush (as someone with major contributions to it) being 'attacked' and being, in essence, called a liar. I tend to jump to the defense of what I believe in at those points. Therefore I posted the link to the other major breach that was only tangentially mentioned and linked to in this thread as additional proof, seeing if he'd decide to call Zhou (as well as Slush) a liar by continuing his current stand.

Thralen

It's also terribly unfair to attack one of the longest standing most reputable providers without any real statement on their part, and it's doubly unfair to demand they pay back what was allegedly "lost" on the service, since they aren't required by law or their TOS to hold backups of your data for you.

Backups are not really the issue here.

Not saying that the host did anything wrong....  but the problem is not the lack of backups....

It is one backup too many.


JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 02:21:26 AM
 #117

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
March 02, 2012, 02:22:33 AM
 #118

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

Ok, you're going to be suspicious of Gavin, the bitcoinica guy, and Slush?

malevolent
can into space
Staff
Legendary
*
Online Online

Activity: 1904



View Profile
March 02, 2012, 02:23:17 AM
 #119

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

Normally I would agree with you but in this case Slush (and Zhoutong who's btc also were stolen) said they will cover the losses out of their own pocket.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 02:24:24 AM
 #120

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

And I find suspicious that after being inactive since Jan 9th 2012 you came back today...

Micon
Legendary
*
Offline Offline

Activity: 1232


FPV Drone Pilot


View Profile WWW
March 02, 2012, 02:24:59 AM
 #121

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

I'm flying FPV race drones these days. Check out my YouTube channel: https://www.youtube.com/c/MiconFPV
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
March 02, 2012, 02:27:00 AM
 #122

Aside from covering the losses themselves, both Slush and Zhoutong have been operating honorably and openly for some time.  This is not at all like MyBitcoin which was red flagged by plenty of people as a likely scam long before it went down.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
March 02, 2012, 02:27:14 AM
 #123

Another 10k+ BTC from Bitcoinica :-/.
https://bitcointalk.org/index.php?topic=66961

In the transaction related to your incident, one of the destination addresses had 25k BTC or so... by the looks of it the perp has amassed a lot of bitcoins and I bet there were many legit wallets in Linode with legit transactions so he can also use these to launder his money.

It's a lot of money to launder, though. We're talking about 1/4 million US$ or so.

Beware of big mining contract purchases in ferroh or GPUMax (or others) during the next few days.

zhoutong didn't provide transaction id of the robbery like slush did

http://blockchain.info/tx-index/2873808/0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0 -- may be it.

could be, if it's the only 10 grand that moved lately, will wait for zt confirm

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
bbit
Legendary
*
Offline Offline

Activity: 1330


Bitcoin


View Profile
March 02, 2012, 02:27:19 AM
 #124

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄           
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █               
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
adamstgBit
Legendary
*
Offline Offline

Activity: 1904


Trusted Bitcoiner


View Profile WWW
March 02, 2012, 02:27:52 AM
 #125

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

Ok, you're going to be suspicious of Gavin, the bitcoinica guy, and Slush?

he is suspicious of Linode itself.

JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 02:28:46 AM
 #126

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

And I find suspicious that after being inactive since Jan 9th 2012 you came back today...

I'm just a big Linode fan and I don't think it's fair that people are posting shit on reddit and hacker news calling them insecure before we have any statement from them, and when they have a good history of being one of the longest providers of VPSs I've known of, and has always goven me good customer service and free upgrades.


I think it's only fair to give them a chance to respond first. If I was actually a Linode employee, I'd probably be working on that response instead of posting here.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 02:29:37 AM
 #127

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

Silk Road has the best laundry and you sure ain't gonna get their help, much less you'll get help from the drug dealers to whom those coins will be delivered ultimately.

JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 02:30:28 AM
 #128

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

Ok, you're going to be suspicious of Gavin, the bitcoinica guy, and Slush?

he is suspicious of Linode itself.

Partially this too, I'd rather hear their word on it, than some guys who are posting negative things all over before Linode posts their "Yup, it was our fauly" or "That never happened" response
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 02:32:33 AM
 #129

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

And I find suspicious that after being inactive since Jan 9th 2012 you came back today...

I'm just a big Linode fan and I don't think it's fair that people are posting shit on reddit and hacker news calling them insecure before we have any statement from them, and when they have a good history of being one of the longest providers of VPSs I've known of, and has always goven me good customer service and free upgrades.


I think it's only fair to give them a chance to respond first. If I was actually a Linode employee, I'd probably be working on that response instead of posting here.

So you prefer for all other business that host with them to stay relaxed and wait for their turn to be majorly ass-pounded while Linode crafts a response? Is that it?








...moron...

JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 02:34:25 AM
 #130

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

And I find suspicious that after being inactive since Jan 9th 2012 you came back today...

I'm just a big Linode fan and I don't think it's fair that people are posting shit on reddit and hacker news calling them insecure before we have any statement from them, and when they have a good history of being one of the longest providers of VPSs I've known of, and has always goven me good customer service and free upgrades.


I think it's only fair to give them a chance to respond first. If I was actually a Linode employee, I'd probably be working on that response instead of posting here.

So you prefer for all other business that host with them to stay relaxed and wait for their turn to be majorly ass-pounded while Linode crafts a response? Is that it?








...moron...

So the moment you move to your next host, and some customer posts something about them being insecure with very flaky 'proof', you will jump ship to another provider immediately?





...moron...
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 02, 2012, 02:39:06 AM
 #131

I think it's only fair to give them a chance to respond first.

But Linode's vice president already confirmed it was security issue of Linode. He even posted the same explanation to me and Gavin. I cannot say for myself, but I think Gavin is one of most honest people around.

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 02:39:42 AM
 #132

Yes I would. Better safe than sorry!

rjk
Sr. Member
****
Offline Offline

Activity: 448


1ngldh


View Profile
March 02, 2012, 02:41:30 AM
 #133

Better to have to re-enter the encryption password any time the server goes down, than to have no encryption at all. Linux servers never crash of their own accord anyway, unless there is something major wrong.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bbit
Legendary
*
Offline Offline

Activity: 1330


Bitcoin


View Profile
March 02, 2012, 02:42:04 AM
 #134

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

Silk Road has the best laundry and you sure ain't gonna get their help, much less you'll get help from the drug dealers to whom those coins will be delivered ultimately.

ah got it you mean the jack-ass's that do this actually spend the bitcoins ? LOL   still even silkroad should be like oh look at that guy buying $1,000 $5,000 worth of ecstasy gee ..


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄           
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █               
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 02:43:51 AM
 #135

I think it's only fair to give them a chance to respond first.

But Linode's vice president already confirmed it was security issue of Linode. He even posted the same explanation to me and Gavin. I cannot say for myself, but I think Gavin is one of most honest people around.

Well then I'm overly shocked the rest of us haven't gotten some kind of notification.

Regardless, I find it hard to believe that a hacker who supposedly has access to all of the Linodes uses that ability to hijack a few bitcoins. i also don't believe there is any legal precedent at all that would require them to cover the Bitcoins in question.
muyuu
Donator
Legendary
*
Offline Offline

Activity: 966



View Profile
March 02, 2012, 02:44:41 AM
 #136

I think it's only fair to give them a chance to respond first.

But Linode's vice president already confirmed it was security issue of Linode. He even posted the same explanation to me and Gavin. I cannot say for myself, but I think Gavin is one of most honest people around.

Don't bother replying to JeffK. He already implied you are a liar by questioning your paste of that conversation.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 02, 2012, 02:45:33 AM
 #137

do these incidents not bode well for online clients like Electrum or Blockchain.info?

even with encrypted user generated private keys, they can be stolen by the server when opened to sign tx's.

Server never "opens" the key.  The signing is done client side.  While you could have funds stolen it would be because of malware on your computer.  There is nothing on the server to steal.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 02:46:27 AM
 #138

JeffK, ain't it incredible how some people can value things you deem worthless?

x1010101x
Newbie
*
Offline Offline

Activity: 20



View Profile
March 02, 2012, 02:47:35 AM
 #139

Looks like Linode has issued a status update:

Quote
Manager Security Incident

Ensuring the security of our platform is our top priority. We maintain a strong security policy and aim to communicate openly should it ever be compromised. Thus, we are posting to describe a recent incident affecting the Linode Manager.

Here are the facts:

This morning, an intruder accessed a web-based Linode customer service portal. Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted.  All activity via the web portal is logged, and an exhaustive audit has provided the following:

All activity by the intruder was limited to a total of eight customers, all of which had references to "bitcoin".  The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins.  Those customers affected have been notified.  If you have not received a notification then your account is unaffected.  Again, only eight accounts were affected.

The portal does not have access to credit card information or Linode Manager user passwords.  Only those eight accounts were viewed or manipulated -- no other accounts were viewed or accessed.

Security is our number one priority and has been for over eight years. We depend on and value the trust our customers have placed in us. Now, more than ever, we remain committed to ensuring the safety and security of our customers' accounts, and will be reviewing our policies and procedures to prevent this from ever recurring.
slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 02, 2012, 02:47:50 AM
 #140

Regardless, I find it hard to believe that a hacker who supposedly has access to all of the Linodes uses that ability to hijack a few bitcoins.

If you call 13000+ BTC a "few coins", then please send me few coins back. I bet that bitcoins are the most valuable information across Linode servers at all.

Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
March 02, 2012, 02:48:11 AM
 #141

Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 02, 2012, 02:48:58 AM
 #142

Regardless, I find it hard to believe that a hacker who supposedly has access to all of the Linodes uses that ability to hijack a few bitcoins.

A "few" bitcoins? troll much?  Looks like at least 4 major bitcoin sites/wallets were hit.  There may be dozens more.  At least 12K BTC were taken in a few minutes.  Could easily be double that.   We are talking six figures in USD, better than most armed bank robberies and a lot safer. You find it "hard to believe" a hacker or dishonest employee would use a foolishly unprotected super admin account to acquire $100K in irrevocable funds for a few minutes of "work"?

bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
March 02, 2012, 02:50:05 AM
 #143

I think an additional measure would be for services to broadcast transactions from their hot wallets strictly behind proxies (as simple as connecting it to a single, separate bitcoind without a wallet hosted somewhere else?), wherever they are hosted.  That way attackers can't figure out the ip address of your hot wallet just by lurking in #bitcoin.

College of Bucking Bulls Knowledge
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 02:50:56 AM
 #144

Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.

What's that transaction? Who got jacked out of 25k BTC?

slush
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 02, 2012, 02:52:26 AM
 #145

Looks like Linode has issued a status update:

Interesting. There's remaining question - how attacker found that exactly those eight accounts are running bitcoin services without scanning whole database? It just confirms my opinion that they compared linode database with list of IPs with running bitcoind, but technically they had access to all linode boxes, if they wanted.

paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
March 02, 2012, 02:52:38 AM
 #146

Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.

What's that transaction? Who got jacked out of 25k BTC?

that would be the thief counting his coins in a single stash, seen live as it happened...

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 02:54:03 AM
 #147

Looks like Linode has issued a status update:

Interesting. There's remaining question - how attacker found that exactly those eight accounts are running bitcoin services without scanning whole database? It just confirms my opinion that they compared linode database with list of IPs with running bitcoind, but technically they had access to all linode boxes, if they wanted.

It uses the terms "credentials" and mentions that he had to gain individual access to eacher account, so it wasn't a superuser account
adamstgBit
Legendary
*
Offline Offline

Activity: 1904


Trusted Bitcoiner


View Profile WWW
March 02, 2012, 02:54:26 AM
 #148

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

nebulus
Hero Member
*****
Offline Offline

Activity: 490


... it only gets better...


View Profile
March 02, 2012, 02:55:10 AM
 #149

Blackmail linode... Get money for yourself plus publicity for bitcoin...

bbit
Legendary
*
Offline Offline

Activity: 1330


Bitcoin


View Profile
March 02, 2012, 02:57:40 AM
 #150

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333

Help?


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄           
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █               
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
onesalt
Hero Member
*****
Offline Offline

Activity: 560


Renewable Energy Cryptocurrency


View Profile
March 02, 2012, 03:01:27 AM
 #151

Remind me why linode should pay you back for your own fuck up? If you're too lazy to search around and to then use a respectable host with reasonable security measures then its your own problem if you lose your own money. It's no different to if I change my gold into fiat dollars, put it into a government backed bank who then goes bust.

▄▄▄████████▄▄▄
▄▄██████████████████▄▄
▄███████▄▄▄▄▄▄▄▄▄▄███████▄
▄█████▀▄██████████████▄▀█████▄
█████▀████▀▀        ▀▀████▀█████
████████▀    ▄           ▀████████
████████     ███    ███     ████████
███████      ███   ███       ███████
███████       ███  ███         ███████
███████       ███▄███          ███████
███████       ███▀███          ███████
███████       ███  ███         ███████
███████      ███   ███       ███████
████████     ███    ███     ████████
████████▄               ▄████████
█████▄████▄▄        ▄▄████▄█████
▀█████▄▀██████████████▀▄█████▀
▀███████▀▀▀▀▀▀▀▀▀▀███████▀
▀▀██████████████████▀▀
▀▀▀████████▀▀▀
.KWHCoin.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
.RENEWABLE ENERGY CRYPTOCURRENCY.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄█████▀▀        ▀▀█████▄
████▀                ▀████
███▀          ▄▄▄▄      ▀███
███          ▄█████        ███
██▀          ███           ▀██
███         ▄▄███▄▄          ███
███         ███████          ███
███           ███            ███
██▄          ███           ▄██
███          ███           ███
███▄        ███         ▄███
████▄                ▄████
▀█████▄▄        ▄▄█████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀

▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄█████▀▀        ▀▀█████▄
████▀                ▀████
███▀    ▄▄▄▄▄▄▄▄▄       ▀███
███      █   ▄▄ █▀▄        ███
██▀      █  ███ █  ▀▄      ▀██
███       █   ▀▀ ▀▀▀▀█       ███
███       █  ▄▄▄▄▄▄  █       ███
███       █  ▄▄▄▄▄▄  █       ███
██▄      █  ▄▄▄▄▄▄  █      ▄██
███      █          █      ███
███▄    ▀▀▀▀▀▀▀▀▀▀▀▀    ▄███
████▄                ▄████
▀█████▄▄        ▄▄█████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀

▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄█████▀▀        ▀▀█████▄
████▀                ▀████
███▀           ▄▄▄     ▀███
███     █▄      █████▄▀    ███
██▀     ███▄▄ ▄▄██████▀    ▀██
███      ▀█████████████      ███
███       █████████████      ███
███        ▀██████████       ███
██▄        ▄████████       ▄██
███    ▄▄████████▀▀        ███
███▄                    ▄███
████▄                ▄████
▀█████▄▄        ▄▄█████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 03:02:17 AM
 #152

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333

Help?

WTF http://blockchain.info/address/0c767fd66d57a601838213fe5da3b20681a85db4

99K Bitcoins?Huh 1 hop away from the 25k transaction? holly SH************************

Or is that a Bitcoinica or Slushs' address? I can't get my head to understand all those inputs and outputs.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 02, 2012, 03:02:56 AM
 #153

Remind me why linode should pay you back for your own fuck up? If you're too lazy to search around and to then use a respectable host with reasonable security measures then its your own problem if you lose your own money. It's no different to if I change my gold into fiat dollars, put it into a government backed bank who then goes bust.

Slush never asked or demanded that Linode pay him back so how about you just fuck off for a while?

Eveofwar
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 03:03:22 AM
 #154

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333

Help?

WTF http://blockchain.info/address/0c767fd66d57a601838213fe5da3b20681a85db4

99K Bitcoins?Huh 1 hoop away from the 25k transaction? holly SH************************

You obviously missed the part about the coins leaving and coming back to the same address.

BTC received != BTC total
markm
Legendary
*
Offline Offline

Activity: 2030



View Profile WWW
March 02, 2012, 03:04:43 AM
 #155

It is sad that you have no option of hosting at home, Slush. I always figured it would be stupid to think private keys hosted anywhere else are not compromised and thus as long as they have not yet been stolen to assume it is mostly because there is not yet enough value in them to bother stealing them yet.

I have never considered hosting my private keys anywhere other than a site I physically control and know who else (if anyone) has physical access to. Hence, at home or in some kind of locked bunker no-one else has keys to.

Is there really no way you can get your own home hooked up to the net?

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
onesalt
Hero Member
*****
Offline Offline

Activity: 560


Renewable Energy Cryptocurrency


View Profile
March 02, 2012, 03:05:06 AM
 #156

I'm still waiting what they'll find, but expect they'll try to hide any issue on their side and they will definitely reject to pay 3000 BTC for this attack :-/.


Dude even says he doesn't expect the company to cover this which kinda implied he hoped they would in the first place.

▄▄▄████████▄▄▄
▄▄██████████████████▄▄
▄███████▄▄▄▄▄▄▄▄▄▄███████▄
▄█████▀▄██████████████▄▀█████▄
█████▀████▀▀        ▀▀████▀█████
████████▀    ▄           ▀████████
████████     ███    ███     ████████
███████      ███   ███       ███████
███████       ███  ███         ███████
███████       ███▄███          ███████
███████       ███▀███          ███████
███████       ███  ███         ███████
███████      ███   ███       ███████
████████     ███    ███     ████████
████████▄               ▄████████
█████▄████▄▄        ▄▄████▄█████
▀█████▄▀██████████████▀▄█████▀
▀███████▀▀▀▀▀▀▀▀▀▀███████▀
▀▀██████████████████▀▀
▀▀▀████████▀▀▀
.KWHCoin.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
.RENEWABLE ENERGY CRYPTOCURRENCY.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄█████▀▀        ▀▀█████▄
████▀                ▀████
███▀          ▄▄▄▄      ▀███
███          ▄█████        ███
██▀          ███           ▀██
███         ▄▄███▄▄          ███
███         ███████          ███
███           ███            ███
██▄          ███           ▄██
███          ███           ███
███▄        ███         ▄███
████▄                ▄████
▀█████▄▄        ▄▄█████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀

▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄█████▀▀        ▀▀█████▄
████▀                ▀████
███▀    ▄▄▄▄▄▄▄▄▄       ▀███
███      █   ▄▄ █▀▄        ███
██▀      █  ███ █  ▀▄      ▀██
███       █   ▀▀ ▀▀▀▀█       ███
███       █  ▄▄▄▄▄▄  █       ███
███       █  ▄▄▄▄▄▄  █       ███
██▄      █  ▄▄▄▄▄▄  █      ▄██
███      █          █      ███
███▄    ▀▀▀▀▀▀▀▀▀▀▀▀    ▄███
████▄                ▄████
▀█████▄▄        ▄▄█████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀

▄▄▄██████▄▄▄
▄▄████████████████▄▄
▄█████▀▀        ▀▀█████▄
████▀                ▀████
███▀           ▄▄▄     ▀███
███     █▄      █████▄▀    ███
██▀     ███▄▄ ▄▄██████▀    ▀██
███      ▀█████████████      ███
███       █████████████      ███
███        ▀██████████       ███
██▄        ▄████████       ▄██
███    ▄▄████████▀▀        ███
███▄                    ▄███
████▄                ▄████
▀█████▄▄        ▄▄█████▀
▀▀████████████████▀▀
▀▀▀██████▀▀▀
trentzb
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 03:07:59 AM
 #157

Getting access to the Linode admin UI doesn't give access to the server itself.  You can view the console, but you just get the login prompt.  You still need the server's password to log in.

To reset the password the server has to be shut down so that /etc/shadow can be modified.  At that point they could just go in and grab the data, but they most likely used Linode's password changer to minimize the downtime to a few seconds to help prevent getting caught.

A reboot wouldn't be required if they got access to the Linode hosts, but it doesn't sound like that was the case here.  I'm guessing the exploit is in their web-based server management.

This is by far one of the scariest things about the process.  Considering Slush and the Faucet were compromised at roughly the same time, it points to the flaw being in Linode's administrative control panel.  A -very- scary situation, considering Linode is one of the largest VPS providers around.

I'm late to the party. None of my bitcoind Linodes have been compromised...yet. Come and get 'em...all my coins are hot now.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
March 02, 2012, 03:09:30 AM
 #158

I obviously get lost whenever I see more than 2k Bitcoins /me drools

JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 03:11:35 AM
 #159

Also, JeffK, your Ron Paul sig quote irritates me.

Is quoting Paul not alloed here? I thought everyone was pretty libertarian? or was it that I had a Carl Marks quote next to it.
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 03:13:32 AM
 #160

Getting access to the Linode admin UI doesn't give access to the server itself.  You can view the console, but you just get the login prompt.  You still need the server's password to log in.

To reset the password the server has to be shut down so that /etc/shadow can be modified.  At that point they could just go in and grab the data, but they most likely used Linode's password changer to minimize the downtime to a few seconds to help prevent getting caught.

A reboot wouldn't be required if they got access to the Linode hosts, but it doesn't sound like that was the case here.  I'm guessing the exploit is in their web-based server management.

This is by far one of the scariest things about the process.  Considering Slush and the Faucet were compromised at roughly the same time, it points to the flaw being in Linode's administrative control panel.  A -very- scary situation, considering Linode is one of the largest VPS providers around.

I'm late to the party. None of my bitcoind Linodes have been compromised...yet. Come and get 'em...all my coins are hot now.

I guess it was mostly the 'highest profile' targets that got hit, which explains Gavin getting chosen (although I always thought the faucet kept a rather low amount of coins in it at any time to a roughly equal inflow/outflow of coins or the fact that it used to run empty often
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
March 02, 2012, 03:22:48 AM
 #161

do these incidents not bode well for online clients like Electrum or Blockchain.info?

even with encrypted user generated private keys, they can be stolen by the server when opened to sign tx's.

Server never "opens" the key.  The signing is done client side.  While you could have funds stolen it would be because of malware on your computer.  There is nothing on the server to steal.

refer to the section written by piuk himself:  http://bitcoin.stackexchange.com/questions/2240/what-are-the-risks-of-using-strongcoin-com-as-an-online-wallet
finway
Hero Member
*****
Offline Offline

Activity: 714


View Profile
March 02, 2012, 03:25:44 AM
 #162

I can't believe the hacker!

Don't even let off 5 Bitcoins...  Sad


bbit
Legendary
*
Offline Offline

Activity: 1330


Bitcoin


View Profile
March 02, 2012, 03:28:05 AM
 #163

I can't believe the hacker!

Don't even let off 5 Bitcoins...  Sad


If you think about it that is pretty low - attack the free bitcoin faucent wtf?  Huh


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄           
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █               
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
March 02, 2012, 03:35:53 AM
 #164

I can't believe the hacker!

Don't even let off 5 Bitcoins...  Sad


If you think about it that is pretty low - attack the free bitcoin faucent wtf?  Huh

It was just for confirming he had access to all of Linode.  They said only 8 accounts were accessed (presumably those running bitcoind), so one question is, who were the other 5 and did they have any coins in their wallet?

Also, why 25k BTC?  That's the exact same number allinvain lost.  allinvain had a bit more than 25k in his wallet, but the thief only stole 25k even and let him keep the rest.

College of Bucking Bulls Knowledge
dooglus
Legendary
*
Offline Offline

Activity: 2408



View Profile
March 02, 2012, 03:45:19 AM
 #165

Have a more secure system in place next time.

The attacker went outside his secure system and gained root access.  There's not much you can do about that except for not using a hosting service which allows attackers root access to your files.

How about encrypting the wallet ?

I have root access.  I log in, modify bitcoind to send a copy of the plaintext password in a file somewhere the next time they type it, then reboot their system.  They log back in, type their password, and I get their BTC.  It's very hard to protect against an attacker with root access.  P2SH would help, of course.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
trentzb
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 03:52:18 AM
 #166

Getting access to the Linode admin UI doesn't give access to the server itself.  You can view the console, but you just get the login prompt.  You still need the server's password to log in.

To reset the password the server has to be shut down so that /etc/shadow can be modified.  At that point they could just go in and grab the data, but they most likely used Linode's password changer to minimize the downtime to a few seconds to help prevent getting caught.

A reboot wouldn't be required if they got access to the Linode hosts, but it doesn't sound like that was the case here.  I'm guessing the exploit is in their web-based server management.

This is by far one of the scariest things about the process.  Considering Slush and the Faucet were compromised at roughly the same time, it points to the flaw being in Linode's administrative control panel.  A -very- scary situation, considering Linode is one of the largest VPS providers around.

I'm late to the party. None of my bitcoind Linodes have been compromised...yet. Come and get 'em...all my coins are hot now.

I guess it was mostly the 'highest profile' targets that got hit, which explains Gavin getting chosen (although I always thought the faucet kept a rather low amount of coins in it at any time to a roughly equal inflow/outflow of coins or the fact that it used to run empty often

Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.


rjk
Sr. Member
****
Offline Offline

Activity: 448


1ngldh


View Profile
March 02, 2012, 04:15:36 AM
 #167

Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.

Now we are getting somewhere. Hacker works for the CIA? Or, more likely, hacker works for a large bank or collection of banks? Stealing from the faucet is terrorism, plain and simple. Call the federales.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
padrino
Legendary
*
Offline Offline

Activity: 1400


https://www.bitworks.io


View Profile WWW
March 02, 2012, 04:28:03 AM
 #168

I've seen a fair bit of traffic since I got into bitcoin talking about encrypting one's wallet if it's used for backup, etc. The initial articel I read indicating Linode was used only to hold a copy of the wallet but in reading the posts it sounds like it was the live wallet used to make transactions on the running systems, I guess I'm curious regarding which it was.

1CPi7VRihoF396gyYYcs2AdTEF8KQG2BCR
https://www.bitworks.io
bbit
Legendary
*
Offline Offline

Activity: 1330


Bitcoin


View Profile
March 02, 2012, 04:36:55 AM
 #169

Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.

Now we are getting somewhere. Hacker works for the CIA? Or, more likely, hacker works for a large bank or collection of banks? Stealing from the faucet is terrorism, plain and simple. Call the federales.

The last few replies mention allinvain and CIA  - anyone seen allinvain?  hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm

Couple of ways to look at it. One Allinvain worked for the CIA and wanted to make it look like there was a "huge bitcoin" loss or two the  CIA off'd Allinvain since nobody has heard from him in what like a thousand years? Or taken him to the brig off at sea....


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄           
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █               
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
stick_theman
Sr. Member
****
Offline Offline

Activity: 372


View Profile
March 02, 2012, 04:36:58 AM
 #170

I can't believe the hacker!

Don't even let off 5 Bitcoins...  Sad


If you think about it that is pretty low - attack the free bitcoin faucent wtf?  Huh

Thieving is the lowest of all sins.  
dooglus
Legendary
*
Offline Offline

Activity: 2408



View Profile
March 02, 2012, 04:37:34 AM
 #171


These are all the transactions with outputs of 2500 BTC or more in the time period we're looking at:

Code:
Thu Mar  1 02:16:40 2012 e558957e4108f33775f08cc1277d22fbb51261d232a2d2a14cfd518d333ce5f1 2822.44
Thu Mar  1 06:50:07 2012 7b45c1742ca9f544cccd92d319ef8a5e19b7dcb8742990724c6a9c2f569ae732 20555.0
Thu Mar  1 06:50:07 2012 0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0 10000.0
Thu Mar  1 06:50:07 2012 901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3 3000.0
Thu Mar  1 06:50:07 2012 a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68 3000.0
Thu Mar  1 06:50:07 2012 a57132e2cbc580ac262aa3f7bac1e441d6573f9633118bc48009618585a0967e 3000.0
Thu Mar  1 07:59:31 2012 34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb 3094.0 <-- slush
Thu Mar  1 18:39:22 2012 d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333 25000.0

The Bitcoinica 10k is certainly in that 06:50:07 block - it was a busy block indeed!  http://blockexplorer.com/b/169179

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
March 02, 2012, 04:47:43 AM
 #172

Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.

Now we are getting somewhere. Hacker works for the CIA? Or, more likely, hacker works for a large bank or collection of banks? Stealing from the faucet is terrorism, plain and simple. Call the federales.

The last few replies mention allinvain and CIA  - anyone seen allinvain?  hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm

Couple of ways to look at it. One Allinvain worked for the CIA and wanted to make it look like there was a "huge bitcoin" loss or two the  CIA off'd Allinvain since nobody has heard from him in what like a thousand years? Or taken him to the brig off at sea....

no, he's been posting regularly over in the Hardware section in the Ztex thread i believe.
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 04:48:19 AM
 #173


These are all the transactions with outputs of 2500 BTC or more in the time period we're looking at:

Code:
Thu Mar  1 02:16:40 2012 e558957e4108f33775f08cc1277d22fbb51261d232a2d2a14cfd518d333ce5f1 2822.44
Thu Mar  1 06:50:07 2012 7b45c1742ca9f544cccd92d319ef8a5e19b7dcb8742990724c6a9c2f569ae732 20555.0
Thu Mar  1 06:50:07 2012 0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0 10000.0
Thu Mar  1 06:50:07 2012 901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3 3000.0
Thu Mar  1 06:50:07 2012 a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68 3000.0
Thu Mar  1 06:50:07 2012 a57132e2cbc580ac262aa3f7bac1e441d6573f9633118bc48009618585a0967e 3000.0
Thu Mar  1 07:59:31 2012 34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb 3094.0 <-- slush
Thu Mar  1 18:39:22 2012 d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333 25000.0

The Bitcoinica 10k is certainly in that 06:50:07 block - it was a busy block indeed!  http://blockexplorer.com/b/169179

https://bitcointalk.org/index.php?topic=66979.0 -- They posted some of their "suspicious" TX Id's
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
March 02, 2012, 04:51:46 AM
 #174

aaaand the selling begins... http://mtgoxlive.com
neofutur
Full Member
***
Offline Offline

Activity: 147



View Profile WWW
March 02, 2012, 04:53:15 AM
 #175

I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000.  The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind.  No 'control panel" based hosting.  

 For sure a shared host can be less trusted than a dedicated server but . . . if the datacenter manager ( or employee ) is compromised, the thief can reboot in rescue mode, acces the disk, change root password . . . and the result will be the same . . . cold storage and therefore delayed withdraws ( manually validated once / day by the pool or exchange admin ) seem to be the only safe answer to me . . .



rjk
Sr. Member
****
Offline Offline

Activity: 448


1ngldh


View Profile
March 02, 2012, 04:55:10 AM
 #176

aaaand the selling begins... http://mtgoxlive.com

Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.

My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
March 02, 2012, 04:56:04 AM
 #177

Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.

My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!

Yeah, it's more likely market panic.

bbit
Legendary
*
Offline Offline

Activity: 1330


Bitcoin


View Profile
March 02, 2012, 04:56:53 AM
 #178

Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.

My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!

Yeah, it's more likely market panic.

The price is dropping  Huh  Not going to lie I got a little shaken also ...uggh...


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄           
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █               
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
k9quaint
Legendary
*
Offline Offline

Activity: 1190



View Profile
March 02, 2012, 04:59:25 AM
 #179

This too shall pass.

But in the mean time, I am vexed!  Angry

Bitcoin is backed by the full faith and credit of YouTube comments.
rjk
Sr. Member
****
Offline Offline

Activity: 448


1ngldh


View Profile
March 02, 2012, 05:03:21 AM
 #180

This too shall pass.

But in the mean time, I am vexed!  Angry
Buy!

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
March 02, 2012, 05:04:24 AM
 #181

Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.

My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!

Yeah, it's more likely market panic.

yeah i never said it was the stolen coins that were being sold.
k9quaint
Legendary
*
Offline Offline

Activity: 1190



View Profile
March 02, 2012, 05:13:06 AM
 #182

This too shall pass.

But in the mean time, I am vexed!  Angry
Buy!

Markets can remain irrational for longer than I can remain solvent. Cry

Bitcoin is backed by the full faith and credit of YouTube comments.
rjk
Sr. Member
****
Offline Offline

Activity: 448


1ngldh


View Profile
March 02, 2012, 05:15:05 AM
 #183

This too shall pass.

But in the mean time, I am vexed!  Angry
Buy!

Markets can remain irrational for longer than I can remain solvent. Cry
Yes this is a problem sometimes Sad

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
99Percent
Full Member
***
Offline Offline

Activity: 190



View Profile
March 02, 2012, 05:56:46 AM
 #184

Lesson learned: private keys (wallet.dat) are just that: private. Once you put them out there, cloud, webserver, hosting server, email, etc, THEY ARE NO LONGER PRIVATE.

Can we move along now?
ThomasV
Legendary
*
Offline Offline

Activity: 1901



View Profile WWW
March 02, 2012, 07:19:14 AM
 #185

do these incidents not bode well for online clients like Electrum or Blockchain.info?

even with encrypted user generated private keys, they can be stolen by the server when opened to sign tx's.

Please do not mix things. There are two separate issues:
1. - the security of the server that your client is talking to.
2. - the security of the software running on your computer.

1. It is completely impossible for an Electrum server to steal your coins, because transactions are signed locally. The only way to steal your coins would be to compromise your own computer.
2. Someone gaining access to the server that distributes the software could insert malicious code in the software that is being distributed. (the tar.gz or .zip file, or the executable). Such an attack would only affect the users who downloaded and installed software between the time of the attack and the time where the attack is discovered. This kind of attack is possible for any type of bitcoin client (even the official one). It is mitigated by scrutiny from the community.

Please understand that the situation is very different if you use a web wallet such as blockchain.info. If you use a web wallet, points 1 and 2 are not distinct; an attacker who gains control of the server will modify the javascript code that is sent by the server. The danger is amplified by the fact that your web browser will update the javascript code running on your computer everytime you use the service, and not just when you decide to upgrade your client. Thus, if the server is compromised, then the attacker can quickly replace the javascript code running in the web browser of all clients, and do whatever they want.

Electrum: the convenience of a web wallet, without the risks
Detritus
Member
**
Offline Offline

Activity: 104



View Profile
March 02, 2012, 08:15:59 AM
 #186

I think it's more likely that Linode has a staffer into bitcoins that used the command line tools from the host VM manager to halt the systems, modify the shadow file and bring them up and steal the coins than it is that the Linode user's management tool was compromised.

Linode, if we can believe what they've said, didn't see any management UI activity in the logs at the time the reboots occurred. This is more consistent with someone using a tool outside of the normal logged events, such as the native VM tools, rather than the UI being broken into.


finway
Hero Member
*****
Offline Offline

Activity: 714


View Profile
March 02, 2012, 09:00:31 AM
 #187


Actually, I think the real lesson here for pool operators
is that they should all move to the eligius model:

    - eligius has no notion "customer accounts. These are a giant PITA for the miners,
      require the pool op to manage a DB which is a PITA in itself. Accounts are also the
      source of a whole host of security problem:
              - need to create account/login -> need to enter data in website -> exposure surface to SQL injections
              - need an email -> phishing attacks, etc .

    - on eligius, miner just send their shares along with a public address
    - on eligius, no need to store any kind of BTC amount on the pool server at any time:
      the payout is built into the block from the coinbase. No BTC ever hit disk.
    - on eligius, added bonus: anonymity for the pool users
    - on eligius, added bonus: much easier to use for miners

Yes, Eligius' better than the traditional pool, on that point.

Hawkix
Hero Member
*****
Offline Offline

Activity: 520



View Profile WWW
March 02, 2012, 09:00:45 AM
 #188

I think it's more likely that Linode has a staffer into bitcoins that used the command line tools from the host VM manager to halt the systems, modify the shadow file and bring them up and steal the coins than it is that the Linode user's management tool was compromised.

Linode, if we can believe what they've said, didn't see any management UI activity in the logs at the time the reboots occurred. This is more consistent with someone using a tool outside of the normal logged events, such as the native VM tools, rather than the UI being broken into.

If, and I believe in it, it was a staffer, I just fully hope that Linode has logged all such attemps and will identify the attacker and will try hard to force him to return the stolen funds. If he somehow managed to bypass the logs, or hacked the Linode, then Linode should end immediately as whole, this is unacceptable.

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
LightRider
Legendary
*
Offline Offline

Activity: 1486


I advocate the Zeitgeist Movement & Venus Project.


View Profile WWW
March 02, 2012, 09:14:15 AM
 #189

Hopefully, this doesn't encourage other VPS/service/host providers to decline service to any potential future bitcoin sites. If slush/bitcoinica successfully convice Linode to compensate them in some significant way, then the lesson for other hosts is that "bitcoin losses will hurt or kill us". In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

Bitcoin combines money, the wrongest thing in the world, with software, the easiest thing in the world to get wrong.
Visit www.thevenusproject.com and www.theZeitgeistMovement.com.
FlipPro
Legendary
*
Offline Offline

Activity: 1540


View Profile
March 02, 2012, 09:17:29 AM
 #190

they don't cover "imaginary webzone dollar" losses.
This


LEASE THIS SIGNATURE OUT WEEKLY/MONTHLY.

PM ME FOR DETAILS