Bitcoin Forum
December 10, 2016, 08:41:26 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 15 »  All
  Print  
Author Topic: Hacked Linode & coins stolen to 1NRy8GbX56MymBhDYM...  (Read 57588 times)
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
March 02, 2012, 10:25:39 AM
 #201

You missed  - on eligius, added bonus:
The coins you receive are virgin whereas with most pools you potentially could get mixed/old coins.

What is the advantage of virgin coins  Huh


weren't you the one that brought up the whole concept of taint recently?

virgin coins have 0% taint.


1481402486
Hero Member
*
Offline Offline

Posts: 1481402486

View Profile Personal Message (Offline)

Ignore
1481402486
Reply with quote  #2

1481402486
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481402486
Hero Member
*
Offline Offline

Posts: 1481402486

View Profile Personal Message (Offline)

Ignore
1481402486
Reply with quote  #2

1481402486
Report to moderator
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784


firstbits:1MinerQ


View Profile WWW
March 02, 2012, 10:27:04 AM
 #202

You missed  - on eligius, added bonus:
The coins you receive are virgin whereas with most pools you potentially could get mixed/old coins.
What is the advantage of virgin coins  Huh
They're not associated with any past transactions so have better anonymity.

sje397
Newbie
*
Offline Offline

Activity: 23


View Profile
March 02, 2012, 10:57:40 AM
 #203

Lesson learned: private keys (wallet.dat) are just that: private. Once you put them out there, cloud, webserver, hosting server, email, etc, THEY ARE NO LONGER PRIVATE.

Can we move along now?


Actually, I think the real lesson here for pool operators
is that they should all move to the eligius model:

    - eligius has no notion "customer accounts. These are a giant PITA for the miners,
      require the pool op to manage a DB which is a PITA in itself. Accounts are also the
      source of a whole host of security problem:
              - need to create account/login -> need to enter data in website -> exposure surface to SQL injections
              - need an email -> phishing attacks, etc .

    - on eligius, miner just send their shares along with a public address
    - on eligius, no need to store any kind of BTC amount on the pool server at any time:
      the payout is built into the block from the coinbase. No BTC ever hit disk.
    - on eligius, added bonus: anonymity for the pool users
    - on eligius, added bonus: much easier to use for miners



P2pool is another one.
Micon
Legendary
*
Offline Offline

Activity: 1218


I'm not the law, but I represent justice


View Profile WWW
March 02, 2012, 01:44:13 PM
 #204

1)  BTC / block chain / block explorer is awesome as we can literally see where the money goes.  If anyone does any transaction with any of these funds, assuming you would ever really follow this enough to have a computer look for one of the hashes on this trail of tears, then please post everything about it here.

2)  Ok, so I'm a master criminal, and I hacked the lol-tastic Linoodle security web tool, and I steal the 40k BTC off all the BTC business sites hosted there - so I have ~ $160k USD and i'm an asshole so I'd like to get some cash now.  (also note homeboy is certainly reading this thread) You pretty much need to sell any reasonable amount on Gox.  If they are smart they will lay low and not make any more transactions for a while.  But, at some point, those coins are going to have to make it to Gox.  we should ask them, really fucking nicely, to do all they can to make sure those coins don't get turned into cash on their xchange.  Tradehill too.  If you can get enough of the exchanges, even down to the small ones, to get on board with this and someone write some code to follow the block chain until it gets to Gox.  Might be able to get some more clues.

just some thoughts.

definitely clubs.

Chairman SwCPoker.eu Bitcoin Poker 2.0 |  Pro Poker Player  |  blog & podcas DonkDown.com | @BryanMicon | 2015- PGP Key
muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
March 02, 2012, 01:51:42 PM
 #205

2)  Ok, so I'm a master criminal, and I hacked the lol-tastic Linoodle security web tool, and I steal the 40k BTC off all the BTC business sites hosted there - so I have ~ $160k USD and i'm an asshole so I'd like to get some cash now.  (also note homeboy is certainly reading this thread) You pretty much need to sell any reasonable amount on Gox.  If they are smart they will lay low and not make any more transactions for a while.  But, at some point, those coins are going to have to make it to Gox.  we should ask them, really fucking nicely, to do all they can to make sure those coins don't get turned into cash on their xchange.  Tradehill too.  If you can get enough of the exchanges, even down to the small ones, to get on board with this and someone write some code to follow the block chain until it gets to Gox.  Might be able to get some more clues.

Firstly, it looks like we're looking at 50K+ BTC.

Secondly, we need the homeboy to get either lazy or impatient. I don't want to be giving ideas but certainly these coins don't have to ever make it to any exchange if he's determined enough...

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 01:55:44 PM
 #206

2)  Ok, so I'm a master criminal, and I hacked the lol-tastic Linoodle security web tool, and I steal the 40k BTC off all the BTC business sites hosted there - so I have ~ $160k USD and i'm an asshole so I'd like to get some cash now.  (also note homeboy is certainly reading this thread) You pretty much need to sell any reasonable amount on Gox.  If they are smart they will lay low and not make any more transactions for a while.  But, at some point, those coins are going to have to make it to Gox.  we should ask them, really fucking nicely, to do all they can to make sure those coins don't get turned into cash on their xchange.  Tradehill too.  If you can get enough of the exchanges, even down to the small ones, to get on board with this and someone write some code to follow the block chain until it gets to Gox.  Might be able to get some more clues.

Firstly, it looks like we're looking at 50K+ BTC.

Secondly, we need the homeboy to get either lazy or impatient. I don't want to be giving ideas but certainly these coins don't have to ever make it to any exchange if he's determined enough...

It's even more likely they never will. People who already had that amount could just be recouping losses of selling their legitimate coins. We're not looking for a poor hacker here, we're looking for someone who already had a lot of coins to begin with. A business maybe. Bitcoinica would be the first person to suspect tbh (although I don't have reason to believe it was Zhou).

Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218


Michael, send me some coins before I hitman you


View Profile
March 02, 2012, 02:00:04 PM
 #207

2)  Ok, so I'm a master criminal, and I hacked the lol-tastic Linoodle security web tool, and I steal the 40k BTC off all the BTC business sites hosted there - so I have ~ $160k USD and i'm an asshole so I'd like to get some cash now.  (also note homeboy is certainly reading this thread) You pretty much need to sell any reasonable amount on Gox.  If they are smart they will lay low and not make any more transactions for a while.  But, at some point, those coins are going to have to make it to Gox.  we should ask them, really fucking nicely, to do all they can to make sure those coins don't get turned into cash on their xchange.  Tradehill too.  If you can get enough of the exchanges, even down to the small ones, to get on board with this and someone write some code to follow the block chain until it gets to Gox.  Might be able to get some more clues.

Firstly, it looks like we're looking at 50K+ BTC.

Secondly, we need the homeboy to get either lazy or impatient. I don't want to be giving ideas but certainly these coins don't have to ever make it to any exchange if he's determined enough...

It's even more likely they never will. People who already had that amount could just be recouping losses of selling their legitimate coins. We're not looking for a poor hacker here, we're looking for someone who already had a lot of coins to begin with. A business maybe. Bitcoinica would be the first person to suspect tbh (although I don't have reason to believe it was Zhou).
Operator of Silk Road?

Don't mix your coins someone said isn't legal
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
March 02, 2012, 02:24:49 PM
 #208

Operator of Silk Road?

Coincidently with this incident I went to check the road, and guess what...

Quote
The Silk Road is down for maintenance. We will get the site back up asap. Thank you for your patience.

bitcoinsarefun
Member
**
Offline Offline

Activity: 98



View Profile
March 02, 2012, 02:24:58 PM
 #209

I was reading the slashdot story on this today and got a chuckle ... they served a linode ad embedded in the article about a linode exploit.

i thought it was funny Smiley
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 02:26:40 PM
 #210

I was reading the slashdot story on this today and got a chuckle ... they served a linode ad embedded in the article about a linode exploit.

i thought it was funny Smiley

Irony.

goodlord666
Sr. Member
****
Offline Offline

Activity: 434


100%


View Profile
March 02, 2012, 02:48:00 PM
 #211

Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.


Satoshi is back!!



Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 02:49:54 PM
 #212

Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.


Satoshi is back!!

Yep. Just reclaiming his property.

HostFat
Staff
Legendary
*
Offline Offline

Activity: 2296


I support freedom of choice


View Profile WWW
March 02, 2012, 02:58:12 PM
 #213

Satoshi is back!!
Wait! Are these addresses connected with some that Satoshi owned? ( I know that I can check, I just want an easy answer Grin )

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
HostFat
Staff
Legendary
*
Offline Offline

Activity: 2296


I support freedom of choice


View Profile WWW
March 02, 2012, 03:09:24 PM
 #214

Anyway, it can be interesting to see who with a good knowledge of Bitcoin isn't posting on the forum during the last 2/3 days Smiley
( posting somewhere in the forum after my message isn't a good way to avoid the scanning Grin )

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
March 02, 2012, 04:19:00 PM
 #215

Yea, so you agree then? Linode should be held responsible since it had nothing to do with customer security and was indistinguishable from an inside job...
That forces the majority of Linode customers, who don't host large-value websites, to subsidize those who do. To provide coverage for exceptional and consequential losses, Linode would have to obtain much more expensive insurance and raise their rates to cover it. There's certainly room in the market for such a service, but I don't see why Linode should be forced to provide it, and their customers forced to pay for it, if they don't wish to.

If you put leave your $50,000 Rolex watch in the pocket of a coat you put in the coat check of your local restaurant, you can't expect them to be responsible for it. It's just too costly to provide a service suitable for that type of high-value item. Use a safety-deposit box, where you pay for that level of security.

Bitcoins in a hot wallet are simply too valuable and too easy to steal. Putting them on a cheap hosting account is equivalent to checking the Rolex at a restaurant.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
March 02, 2012, 04:23:28 PM
 #216

our gov't stores gold at Fort Knox (allegedly) or in the basement of the FRBNY inside vaults with security guards, etc.

our banks store their fiat cash in vaults with similar heavy security.

Bitcoin cash needs to be stored in a likely manner.
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
March 02, 2012, 04:35:46 PM
 #217

Operator of Silk Road?

Coincidently with this incident I went to check the road, and guess what...

Quote
The Silk Road is down for maintenance. We will get the site back up asap. Thank you for your patience.

Now this would be interesting.  Wild speculation here.. but SR could've been hosting their online-wallet at linode and may have been one of the other 5 linode accounts accessed.

College of Bucking Bulls Knowledge
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784


firstbits:1MinerQ


View Profile WWW
March 02, 2012, 04:38:13 PM
 #218

Yea, so you agree then? Linode should be held responsible since it had nothing to do with customer security and was indistinguishable from an inside job...
That forces the majority of Linode customers, who don't host large-value websites, to subsidize those who do. To provide coverage for exceptional and consequential losses, Linode would have to obtain much more expensive insurance and raise their rates to cover it. There's certainly room in the market for such a service, but I don't see why Linode should be forced to provide it, and their customers forced to pay for it, if they don't wish to.

If you put leave your $50,000 Rolex watch in the pocket of a coat you put in the coat check of your local restaurant, you can't expect them to be responsible for it. It's just too costly to provide a service suitable for that type of high-value item. Use a safety-deposit box, where you pay for that level of security.

Bitcoins in a hot wallet are simply too valuable and too easy to steal. Putting them on a cheap hosting account is equivalent to checking the Rolex at a restaurant.
IMO the only way in court you might successfully win damages is if you showed they were negligent regarding their security. I think that would be pretty hard. You'd probably have to show they were aware of the vulnerability or open "customer service portal" and disregarded it. Or maybe they knew an employee was involved in malicious accesses but ignored it. In either case it would probably require an inside whistle blower. So far there haven't been indications that negligence occurred.

bitcoinbetas
Sr. Member
****
Offline Offline

Activity: 240



View Profile
March 02, 2012, 04:40:32 PM
 #219

So what is the latest has the 43,000 bitcoins left the wallet yet ?
btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW
March 02, 2012, 04:44:33 PM
 #220

So what is the latest has the 43,000 bitcoins left the wallet yet ?
What exactly do you mean by "left the wallet"?

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 15 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!