payb.tc
|
|
March 02, 2012, 10:25:39 AM |
|
You missed - on eligius, added bonus: The coins you receive are virgin whereas with most pools you potentially could get mixed/old coins.
What is the advantage of virgin coins weren't you the one that brought up the whole concept of taint recently? virgin coins have 0% taint.
|
|
|
|
BkkCoins
|
|
March 02, 2012, 10:27:04 AM |
|
You missed - on eligius, added bonus: The coins you receive are virgin whereas with most pools you potentially could get mixed/old coins.
What is the advantage of virgin coins They're not associated with any past transactions so have better anonymity.
|
|
|
|
sje397
Newbie
Offline
Activity: 23
Merit: 0
|
|
March 02, 2012, 10:57:40 AM |
|
Lesson learned: private keys (wallet.dat) are just that: private. Once you put them out there, cloud, webserver, hosting server, email, etc, THEY ARE NO LONGER PRIVATE.
Can we move along now?
Actually, I think the real lesson here for pool operators is that they should all move to the eligius model: - eligius has no notion "customer accounts. These are a giant PITA for the miners, require the pool op to manage a DB which is a PITA in itself. Accounts are also the source of a whole host of security problem: - need to create account/login -> need to enter data in website -> exposure surface to SQL injections - need an email -> phishing attacks, etc . - on eligius, miner just send their shares along with a public address - on eligius, no need to store any kind of BTC amount on the pool server at any time: the payout is built into the block from the coinbase. No BTC ever hit disk. - on eligius, added bonus: anonymity for the pool users - on eligius, added bonus: much easier to use for miners P2pool is another one.
|
|
|
|
Micon
Legendary
Offline
Activity: 1232
Merit: 1014
FPV Drone Pilot
|
|
March 02, 2012, 01:44:13 PM |
|
1) BTC / block chain / block explorer is awesome as we can literally see where the money goes. If anyone does any transaction with any of these funds, assuming you would ever really follow this enough to have a computer look for one of the hashes on this trail of tears, then please post everything about it here.
2) Ok, so I'm a master criminal, and I hacked the lol-tastic Linoodle security web tool, and I steal the 40k BTC off all the BTC business sites hosted there - so I have ~ $160k USD and i'm an asshole so I'd like to get some cash now. (also note homeboy is certainly reading this thread) You pretty much need to sell any reasonable amount on Gox. If they are smart they will lay low and not make any more transactions for a while. But, at some point, those coins are going to have to make it to Gox. we should ask them, really fucking nicely, to do all they can to make sure those coins don't get turned into cash on their xchange. Tradehill too. If you can get enough of the exchanges, even down to the small ones, to get on board with this and someone write some code to follow the block chain until it gets to Gox. Might be able to get some more clues.
just some thoughts.
definitely clubs.
|
|
|
|
muyuu
Donator
Legendary
Offline
Activity: 980
Merit: 1000
|
|
March 02, 2012, 01:51:42 PM |
|
2) Ok, so I'm a master criminal, and I hacked the lol-tastic Linoodle security web tool, and I steal the 40k BTC off all the BTC business sites hosted there - so I have ~ $160k USD and i'm an asshole so I'd like to get some cash now. (also note homeboy is certainly reading this thread) You pretty much need to sell any reasonable amount on Gox. If they are smart they will lay low and not make any more transactions for a while. But, at some point, those coins are going to have to make it to Gox. we should ask them, really fucking nicely, to do all they can to make sure those coins don't get turned into cash on their xchange. Tradehill too. If you can get enough of the exchanges, even down to the small ones, to get on board with this and someone write some code to follow the block chain until it gets to Gox. Might be able to get some more clues.
Firstly, it looks like we're looking at 50K+ BTC. Secondly, we need the homeboy to get either lazy or impatient. I don't want to be giving ideas but certainly these coins don't have to ever make it to any exchange if he's determined enough...
|
GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D) forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
March 02, 2012, 01:55:44 PM |
|
2) Ok, so I'm a master criminal, and I hacked the lol-tastic Linoodle security web tool, and I steal the 40k BTC off all the BTC business sites hosted there - so I have ~ $160k USD and i'm an asshole so I'd like to get some cash now. (also note homeboy is certainly reading this thread) You pretty much need to sell any reasonable amount on Gox. If they are smart they will lay low and not make any more transactions for a while. But, at some point, those coins are going to have to make it to Gox. we should ask them, really fucking nicely, to do all they can to make sure those coins don't get turned into cash on their xchange. Tradehill too. If you can get enough of the exchanges, even down to the small ones, to get on board with this and someone write some code to follow the block chain until it gets to Gox. Might be able to get some more clues.
Firstly, it looks like we're looking at 50K+ BTC. Secondly, we need the homeboy to get either lazy or impatient. I don't want to be giving ideas but certainly these coins don't have to ever make it to any exchange if he's determined enough... It's even more likely they never will. People who already had that amount could just be recouping losses of selling their legitimate coins. We're not looking for a poor hacker here, we're looking for someone who already had a lot of coins to begin with. A business maybe. Bitcoinica would be the first person to suspect tbh (although I don't have reason to believe it was Zhou).
|
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
March 02, 2012, 02:00:04 PM |
|
2) Ok, so I'm a master criminal, and I hacked the lol-tastic Linoodle security web tool, and I steal the 40k BTC off all the BTC business sites hosted there - so I have ~ $160k USD and i'm an asshole so I'd like to get some cash now. (also note homeboy is certainly reading this thread) You pretty much need to sell any reasonable amount on Gox. If they are smart they will lay low and not make any more transactions for a while. But, at some point, those coins are going to have to make it to Gox. we should ask them, really fucking nicely, to do all they can to make sure those coins don't get turned into cash on their xchange. Tradehill too. If you can get enough of the exchanges, even down to the small ones, to get on board with this and someone write some code to follow the block chain until it gets to Gox. Might be able to get some more clues.
Firstly, it looks like we're looking at 50K+ BTC. Secondly, we need the homeboy to get either lazy or impatient. I don't want to be giving ideas but certainly these coins don't have to ever make it to any exchange if he's determined enough... It's even more likely they never will. People who already had that amount could just be recouping losses of selling their legitimate coins. We're not looking for a poor hacker here, we're looking for someone who already had a lot of coins to begin with. A business maybe. Bitcoinica would be the first person to suspect tbh (although I don't have reason to believe it was Zhou). Operator of Silk Road?
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
March 02, 2012, 02:24:49 PM |
|
Operator of Silk Road?
Coincidently with this incident I went to check the road, and guess what... The Silk Road is down for maintenance. We will get the site back up asap. Thank you for your patience.
|
|
|
|
bitcoinsarefun
Member
Offline
Activity: 98
Merit: 10
|
|
March 02, 2012, 02:24:58 PM |
|
I was reading the slashdot story on this today and got a chuckle ... they served a linode ad embedded in the article about a linode exploit. i thought it was funny
|
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
March 02, 2012, 02:26:40 PM |
|
I was reading the slashdot story on this today and got a chuckle ... they served a linode ad embedded in the article about a linode exploit. i thought it was funny Irony.
|
|
|
|
goodlord666
Sr. Member
Offline
Activity: 434
Merit: 250
100%
|
|
March 02, 2012, 02:48:00 PM |
|
|
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
March 02, 2012, 02:49:54 PM |
|
Yep. Just reclaiming his property.
|
|
|
|
HostFat
Staff
Legendary
Offline
Activity: 4256
Merit: 1208
I support freedom of choice
|
|
March 02, 2012, 02:58:12 PM |
|
Satoshi is back!!
Wait! Are these addresses connected with some that Satoshi owned? ( I know that I can check, I just want an easy answer )
|
|
|
|
HostFat
Staff
Legendary
Offline
Activity: 4256
Merit: 1208
I support freedom of choice
|
|
March 02, 2012, 03:09:24 PM |
|
Anyway, it can be interesting to see who with a good knowledge of Bitcoin isn't posting on the forum during the last 2/3 days ( posting somewhere in the forum after my message isn't a good way to avoid the scanning )
|
|
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
March 02, 2012, 04:19:00 PM |
|
Yea, so you agree then? Linode should be held responsible since it had nothing to do with customer security and was indistinguishable from an inside job...
That forces the majority of Linode customers, who don't host large-value websites, to subsidize those who do. To provide coverage for exceptional and consequential losses, Linode would have to obtain much more expensive insurance and raise their rates to cover it. There's certainly room in the market for such a service, but I don't see why Linode should be forced to provide it, and their customers forced to pay for it, if they don't wish to. If you put leave your $50,000 Rolex watch in the pocket of a coat you put in the coat check of your local restaurant, you can't expect them to be responsible for it. It's just too costly to provide a service suitable for that type of high-value item. Use a safety-deposit box, where you pay for that level of security. Bitcoins in a hot wallet are simply too valuable and too easy to steal. Putting them on a cheap hosting account is equivalent to checking the Rolex at a restaurant.
|
I am an employee of Ripple. Follow me on Twitter @JoelKatz 1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
March 02, 2012, 04:23:28 PM |
|
our gov't stores gold at Fort Knox (allegedly) or in the basement of the FRBNY inside vaults with security guards, etc.
our banks store their fiat cash in vaults with similar heavy security.
Bitcoin cash needs to be stored in a likely manner.
|
|
|
|
bitcoinBull
Legendary
Offline
Activity: 826
Merit: 1001
rippleFanatic
|
|
March 02, 2012, 04:35:46 PM |
|
Operator of Silk Road?
Coincidently with this incident I went to check the road, and guess what... The Silk Road is down for maintenance. We will get the site back up asap. Thank you for your patience. Now this would be interesting. Wild speculation here.. but SR could've been hosting their online-wallet at linode and may have been one of the other 5 linode accounts accessed.
|
College of Bucking Bulls Knowledge
|
|
|
BkkCoins
|
|
March 02, 2012, 04:38:13 PM |
|
Yea, so you agree then? Linode should be held responsible since it had nothing to do with customer security and was indistinguishable from an inside job...
That forces the majority of Linode customers, who don't host large-value websites, to subsidize those who do. To provide coverage for exceptional and consequential losses, Linode would have to obtain much more expensive insurance and raise their rates to cover it. There's certainly room in the market for such a service, but I don't see why Linode should be forced to provide it, and their customers forced to pay for it, if they don't wish to. If you put leave your $50,000 Rolex watch in the pocket of a coat you put in the coat check of your local restaurant, you can't expect them to be responsible for it. It's just too costly to provide a service suitable for that type of high-value item. Use a safety-deposit box, where you pay for that level of security. Bitcoins in a hot wallet are simply too valuable and too easy to steal. Putting them on a cheap hosting account is equivalent to checking the Rolex at a restaurant. IMO the only way in court you might successfully win damages is if you showed they were negligent regarding their security. I think that would be pretty hard. You'd probably have to show they were aware of the vulnerability or open "customer service portal" and disregarded it. Or maybe they knew an employee was involved in malicious accesses but ignored it. In either case it would probably require an inside whistle blower. So far there haven't been indications that negligence occurred.
|
|
|
|
bitcoinbetas
|
|
March 02, 2012, 04:40:32 PM |
|
So what is the latest has the 43,000 bitcoins left the wallet yet ?
|
|
|
|
btc_artist
Full Member
Offline
Activity: 154
Merit: 102
Bitcoin!
|
|
March 02, 2012, 04:44:33 PM |
|
So what is the latest has the 43,000 bitcoins left the wallet yet ?
What exactly do you mean by "left the wallet"?
|
BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
|
|
|
|