Bitcoin Forum
December 09, 2016, 01:39:20 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 [9] 10 11 12 13 14 15 »  All
  Print  
Author Topic: Hacked Linode & coins stolen to 1NRy8GbX56MymBhDYM...  (Read 57575 times)
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
March 02, 2012, 03:22:48 AM
 #161

do these incidents not bode well for online clients like Electrum or Blockchain.info?

even with encrypted user generated private keys, they can be stolen by the server when opened to sign tx's.

Server never "opens" the key.  The signing is done client side.  While you could have funds stolen it would be because of malware on your computer.  There is nothing on the server to steal.

refer to the section written by piuk himself:  http://bitcoin.stackexchange.com/questions/2240/what-are-the-risks-of-using-strongcoin-com-as-an-online-wallet
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481290760
Hero Member
*
Offline Offline

Posts: 1481290760

View Profile Personal Message (Offline)

Ignore
1481290760
Reply with quote  #2

1481290760
Report to moderator
finway
Hero Member
*****
Offline Offline

Activity: 714


View Profile
March 02, 2012, 03:25:44 AM
 #162

I can't believe the hacker!

Don't even let off 5 Bitcoins...  Sad


bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
March 02, 2012, 03:28:05 AM
 #163

I can't believe the hacker!

Don't even let off 5 Bitcoins...  Sad


If you think about it that is pretty low - attack the free bitcoin faucent wtf?  Huh
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
March 02, 2012, 03:35:53 AM
 #164

I can't believe the hacker!

Don't even let off 5 Bitcoins...  Sad


If you think about it that is pretty low - attack the free bitcoin faucent wtf?  Huh

It was just for confirming he had access to all of Linode.  They said only 8 accounts were accessed (presumably those running bitcoind), so one question is, who were the other 5 and did they have any coins in their wallet?

Also, why 25k BTC?  That's the exact same number allinvain lost.  allinvain had a bit more than 25k in his wallet, but the thief only stole 25k even and let him keep the rest.

College of Bucking Bulls Knowledge
dooglus
Legendary
*
Offline Offline

Activity: 2002



View Profile
March 02, 2012, 03:45:19 AM
 #165

Have a more secure system in place next time.

The attacker went outside his secure system and gained root access.  There's not much you can do about that except for not using a hosting service which allows attackers root access to your files.

How about encrypting the wallet ?

I have root access.  I log in, modify bitcoind to send a copy of the plaintext password in a file somewhere the next time they type it, then reboot their system.  They log back in, type their password, and I get their BTC.  It's very hard to protect against an attacker with root access.  P2SH would help, of course.

trentzb
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 03:52:18 AM
 #166

Getting access to the Linode admin UI doesn't give access to the server itself.  You can view the console, but you just get the login prompt.  You still need the server's password to log in.

To reset the password the server has to be shut down so that /etc/shadow can be modified.  At that point they could just go in and grab the data, but they most likely used Linode's password changer to minimize the downtime to a few seconds to help prevent getting caught.

A reboot wouldn't be required if they got access to the Linode hosts, but it doesn't sound like that was the case here.  I'm guessing the exploit is in their web-based server management.

This is by far one of the scariest things about the process.  Considering Slush and the Faucet were compromised at roughly the same time, it points to the flaw being in Linode's administrative control panel.  A -very- scary situation, considering Linode is one of the largest VPS providers around.

I'm late to the party. None of my bitcoind Linodes have been compromised...yet. Come and get 'em...all my coins are hot now.

I guess it was mostly the 'highest profile' targets that got hit, which explains Gavin getting chosen (although I always thought the faucet kept a rather low amount of coins in it at any time to a roughly equal inflow/outflow of coins or the fact that it used to run empty often

Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.


rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
March 02, 2012, 04:15:36 AM
 #167

Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.

Now we are getting somewhere. Hacker works for the CIA? Or, more likely, hacker works for a large bank or collection of banks? Stealing from the faucet is terrorism, plain and simple. Call the federales.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
padrino
Legendary
*
Online Online

Activity: 1260



View Profile
March 02, 2012, 04:28:03 AM
 #168

I've seen a fair bit of traffic since I got into bitcoin talking about encrypting one's wallet if it's used for backup, etc. The initial articel I read indicating Linode was used only to hold a copy of the wallet but in reading the posts it sounds like it was the live wallet used to make transactions on the running systems, I guess I'm curious regarding which it was.

1CPi7VRihoF396gyYYcs2AdTEF8KQG2BCR
bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
March 02, 2012, 04:36:55 AM
 #169

Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.

Now we are getting somewhere. Hacker works for the CIA? Or, more likely, hacker works for a large bank or collection of banks? Stealing from the faucet is terrorism, plain and simple. Call the federales.

The last few replies mention allinvain and CIA  - anyone seen allinvain?  hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm

Couple of ways to look at it. One Allinvain worked for the CIA and wanted to make it look like there was a "huge bitcoin" loss or two the  CIA off'd Allinvain since nobody has heard from him in what like a thousand years? Or taken him to the brig off at sea....
stick_theman
Sr. Member
****
Offline Offline

Activity: 372


View Profile
March 02, 2012, 04:36:58 AM
 #170

I can't believe the hacker!

Don't even let off 5 Bitcoins...  Sad


If you think about it that is pretty low - attack the free bitcoin faucent wtf?  Huh

Thieving is the lowest of all sins.  
dooglus
Legendary
*
Offline Offline

Activity: 2002



View Profile
March 02, 2012, 04:37:34 AM
 #171


These are all the transactions with outputs of 2500 BTC or more in the time period we're looking at:

Code:
Thu Mar  1 02:16:40 2012 e558957e4108f33775f08cc1277d22fbb51261d232a2d2a14cfd518d333ce5f1 2822.44
Thu Mar  1 06:50:07 2012 7b45c1742ca9f544cccd92d319ef8a5e19b7dcb8742990724c6a9c2f569ae732 20555.0
Thu Mar  1 06:50:07 2012 0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0 10000.0
Thu Mar  1 06:50:07 2012 901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3 3000.0
Thu Mar  1 06:50:07 2012 a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68 3000.0
Thu Mar  1 06:50:07 2012 a57132e2cbc580ac262aa3f7bac1e441d6573f9633118bc48009618585a0967e 3000.0
Thu Mar  1 07:59:31 2012 34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb 3094.0 <-- slush
Thu Mar  1 18:39:22 2012 d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333 25000.0

The Bitcoinica 10k is certainly in that 06:50:07 block - it was a busy block indeed!  http://blockexplorer.com/b/169179

cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
March 02, 2012, 04:47:43 AM
 #172

Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.

Now we are getting somewhere. Hacker works for the CIA? Or, more likely, hacker works for a large bank or collection of banks? Stealing from the faucet is terrorism, plain and simple. Call the federales.

The last few replies mention allinvain and CIA  - anyone seen allinvain?  hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm

Couple of ways to look at it. One Allinvain worked for the CIA and wanted to make it look like there was a "huge bitcoin" loss or two the  CIA off'd Allinvain since nobody has heard from him in what like a thousand years? Or taken him to the brig off at sea....

no, he's been posting regularly over in the Hardware section in the Ztex thread i believe.
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406


View Profile
March 02, 2012, 04:48:19 AM
 #173


These are all the transactions with outputs of 2500 BTC or more in the time period we're looking at:

Code:
Thu Mar  1 02:16:40 2012 e558957e4108f33775f08cc1277d22fbb51261d232a2d2a14cfd518d333ce5f1 2822.44
Thu Mar  1 06:50:07 2012 7b45c1742ca9f544cccd92d319ef8a5e19b7dcb8742990724c6a9c2f569ae732 20555.0
Thu Mar  1 06:50:07 2012 0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0 10000.0
Thu Mar  1 06:50:07 2012 901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3 3000.0
Thu Mar  1 06:50:07 2012 a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68 3000.0
Thu Mar  1 06:50:07 2012 a57132e2cbc580ac262aa3f7bac1e441d6573f9633118bc48009618585a0967e 3000.0
Thu Mar  1 07:59:31 2012 34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb 3094.0 <-- slush
Thu Mar  1 18:39:22 2012 d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333 25000.0

The Bitcoinica 10k is certainly in that 06:50:07 block - it was a busy block indeed!  http://blockexplorer.com/b/169179

https://bitcointalk.org/index.php?topic=66979.0 -- They posted some of their "suspicious" TX Id's
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
March 02, 2012, 04:51:46 AM
 #174

aaaand the selling begins... http://mtgoxlive.com
neofutur
Full Member
***
Offline Offline

Activity: 147



View Profile WWW
March 02, 2012, 04:53:15 AM
 #175

I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000.  The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind.  No 'control panel" based hosting.  

 For sure a shared host can be less trusted than a dedicated server but . . . if the datacenter manager ( or employee ) is compromised, the thief can reboot in rescue mode, acces the disk, change root password . . . and the result will be the same . . . cold storage and therefore delayed withdraws ( manually validated once / day by the pool or exchange admin ) seem to be the only safe answer to me . . .



rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
March 02, 2012, 04:55:10 AM
 #176

aaaand the selling begins... http://mtgoxlive.com

Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.

My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
March 02, 2012, 04:56:04 AM
 #177

Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.

My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!

Yeah, it's more likely market panic.

bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
March 02, 2012, 04:56:53 AM
 #178

Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.

My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!

Yeah, it's more likely market panic.

The price is dropping  Huh  Not going to lie I got a little shaken also ...uggh...
k9quaint
Legendary
*
Offline Offline

Activity: 1190



View Profile
March 02, 2012, 04:59:25 AM
 #179

This too shall pass.

But in the mean time, I am vexed!  Angry

Bitcoin is backed by the full faith and credit of YouTube comments.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
March 02, 2012, 05:03:21 AM
 #180

This too shall pass.

But in the mean time, I am vexed!  Angry
Buy!

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Pages: « 1 2 3 4 5 6 7 8 [9] 10 11 12 13 14 15 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!