Bitcoin Forum
December 07, 2016, 08:53:55 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 »  All
  Print  
Author Topic: Hacked Linode & coins stolen to 1NRy8GbX56MymBhDYM...  (Read 57562 times)
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
March 02, 2012, 02:48:11 AM
 #141

Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481100835
Hero Member
*
Offline Offline

Posts: 1481100835

View Profile Personal Message (Offline)

Ignore
1481100835
Reply with quote  #2

1481100835
Report to moderator
1481100835
Hero Member
*
Offline Offline

Posts: 1481100835

View Profile Personal Message (Offline)

Ignore
1481100835
Reply with quote  #2

1481100835
Report to moderator
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 02, 2012, 02:48:58 AM
 #142

Regardless, I find it hard to believe that a hacker who supposedly has access to all of the Linodes uses that ability to hijack a few bitcoins.

A "few" bitcoins? troll much?  Looks like at least 4 major bitcoin sites/wallets were hit.  There may be dozens more.  At least 12K BTC were taken in a few minutes.  Could easily be double that.   We are talking six figures in USD, better than most armed bank robberies and a lot safer. You find it "hard to believe" a hacker or dishonest employee would use a foolishly unprotected super admin account to acquire $100K in irrevocable funds for a few minutes of "work"?

bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
March 02, 2012, 02:50:05 AM
 #143

I think an additional measure would be for services to broadcast transactions from their hot wallets strictly behind proxies (as simple as connecting it to a single, separate bitcoind without a wallet hosted somewhere else?), wherever they are hosted.  That way attackers can't figure out the ip address of your hot wallet just by lurking in #bitcoin.

College of Bucking Bulls Knowledge
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
March 02, 2012, 02:50:56 AM
 #144

Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.

What's that transaction? Who got jacked out of 25k BTC?

slush
Legendary
*
Offline Offline

Activity: 1358



View Profile WWW
March 02, 2012, 02:52:26 AM
 #145

Looks like Linode has issued a status update:

Interesting. There's remaining question - how attacker found that exactly those eight accounts are running bitcoin services without scanning whole database? It just confirms my opinion that they compared linode database with list of IPs with running bitcoind, but technically they had access to all linode boxes, if they wanted.

paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
March 02, 2012, 02:52:38 AM
 #146

Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.

What's that transaction? Who got jacked out of 25k BTC?

that would be the thief counting his coins in a single stash, seen live as it happened...

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 02:54:03 AM
 #147

Looks like Linode has issued a status update:

Interesting. There's remaining question - how attacker found that exactly those eight accounts are running bitcoin services without scanning whole database? It just confirms my opinion that they compared linode database with list of IPs with running bitcoind, but technically they had access to all linode boxes, if they wanted.

It uses the terms "credentials" and mentions that he had to gain individual access to eacher account, so it wasn't a superuser account
adamstgBit
Legendary
*
Offline Offline

Activity: 1904


Trusted Bitcoiner


View Profile WWW
March 02, 2012, 02:54:26 AM
 #148

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

nebulus
Hero Member
*****
Offline Offline

Activity: 490


... it only gets better...


View Profile
March 02, 2012, 02:55:10 AM
 #149

Blackmail linode... Get money for yourself plus publicity for bitcoin...

bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
March 02, 2012, 02:57:40 AM
 #150

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333

Help?
onesalt
Sr. Member
****
Offline Offline

Activity: 308


View Profile
March 02, 2012, 03:01:27 AM
 #151

Remind me why linode should pay you back for your own fuck up? If you're too lazy to search around and to then use a respectable host with reasonable security measures then its your own problem if you lose your own money. It's no different to if I change my gold into fiat dollars, put it into a government backed bank who then goes bust.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
March 02, 2012, 03:02:17 AM
 #152

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333

Help?

WTF http://blockchain.info/address/0c767fd66d57a601838213fe5da3b20681a85db4

99K Bitcoins?Huh 1 hop away from the 25k transaction? holly SH************************

Or is that a Bitcoinica or Slushs' address? I can't get my head to understand all those inputs and outputs.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 02, 2012, 03:02:56 AM
 #153

Remind me why linode should pay you back for your own fuck up? If you're too lazy to search around and to then use a respectable host with reasonable security measures then its your own problem if you lose your own money. It's no different to if I change my gold into fiat dollars, put it into a government backed bank who then goes bust.

Slush never asked or demanded that Linode pay him back so how about you just fuck off for a while?

Eveofwar
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 03:03:22 AM
 #154

I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333

Help?

WTF http://blockchain.info/address/0c767fd66d57a601838213fe5da3b20681a85db4

99K Bitcoins?Huh 1 hoop away from the 25k transaction? holly SH************************

You obviously missed the part about the coins leaving and coming back to the same address.

BTC received != BTC total
markm
Legendary
*
Offline Offline

Activity: 1792



View Profile WWW
March 02, 2012, 03:04:43 AM
 #155

It is sad that you have no option of hosting at home, Slush. I always figured it would be stupid to think private keys hosted anywhere else are not compromised and thus as long as they have not yet been stolen to assume it is mostly because there is not yet enough value in them to bother stealing them yet.

I have never considered hosting my private keys anywhere other than a site I physically control and know who else (if anyone) has physical access to. Hence, at home or in some kind of locked bunker no-one else has keys to.

Is there really no way you can get your own home hooked up to the net?

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
onesalt
Sr. Member
****
Offline Offline

Activity: 308


View Profile
March 02, 2012, 03:05:06 AM
 #156

I'm still waiting what they'll find, but expect they'll try to hide any issue on their side and they will definitely reject to pay 3000 BTC for this attack :-/.


Dude even says he doesn't expect the company to cover this which kinda implied he hoped they would in the first place.
trentzb
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 03:07:59 AM
 #157

Getting access to the Linode admin UI doesn't give access to the server itself.  You can view the console, but you just get the login prompt.  You still need the server's password to log in.

To reset the password the server has to be shut down so that /etc/shadow can be modified.  At that point they could just go in and grab the data, but they most likely used Linode's password changer to minimize the downtime to a few seconds to help prevent getting caught.

A reboot wouldn't be required if they got access to the Linode hosts, but it doesn't sound like that was the case here.  I'm guessing the exploit is in their web-based server management.

This is by far one of the scariest things about the process.  Considering Slush and the Faucet were compromised at roughly the same time, it points to the flaw being in Linode's administrative control panel.  A -very- scary situation, considering Linode is one of the largest VPS providers around.

I'm late to the party. None of my bitcoind Linodes have been compromised...yet. Come and get 'em...all my coins are hot now.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
March 02, 2012, 03:09:30 AM
 #158

I obviously get lost whenever I see more than 2k Bitcoins /me drools

JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 03:11:35 AM
 #159

Also, JeffK, your Ron Paul sig quote irritates me.

Is quoting Paul not alloed here? I thought everyone was pretty libertarian? or was it that I had a Carl Marks quote next to it.
JeffK
Sr. Member
****
Offline Offline

Activity: 350


I never hashed for this...


View Profile
March 02, 2012, 03:13:32 AM
 #160

Getting access to the Linode admin UI doesn't give access to the server itself.  You can view the console, but you just get the login prompt.  You still need the server's password to log in.

To reset the password the server has to be shut down so that /etc/shadow can be modified.  At that point they could just go in and grab the data, but they most likely used Linode's password changer to minimize the downtime to a few seconds to help prevent getting caught.

A reboot wouldn't be required if they got access to the Linode hosts, but it doesn't sound like that was the case here.  I'm guessing the exploit is in their web-based server management.

This is by far one of the scariest things about the process.  Considering Slush and the Faucet were compromised at roughly the same time, it points to the flaw being in Linode's administrative control panel.  A -very- scary situation, considering Linode is one of the largest VPS providers around.

I'm late to the party. None of my bitcoind Linodes have been compromised...yet. Come and get 'em...all my coins are hot now.

I guess it was mostly the 'highest profile' targets that got hit, which explains Gavin getting chosen (although I always thought the faucet kept a rather low amount of coins in it at any time to a roughly equal inflow/outflow of coins or the fact that it used to run empty often
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!