Bitcoin Forum
December 03, 2016, 04:50:35 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 [12] 13 14 15 »  All
  Print  
Author Topic: Hacked Linode & coins stolen to 1NRy8GbX56MymBhDYM...  (Read 57528 times)
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 04:46:23 PM
 #221

So far there haven't been indications that negligence occurred.

From...?

Did you expect Linode to announce it openly or for anyone in the community to know that without a formal investigation?

That forces the majority of Linode customers, who don't host large-value websites, to subsidize those who do.
I was referring to the off-chance that Linode knew about their hacker and he works there at Linode, and they're just covering it up. They mentioned something about a policy change due to this incident. Covering their asses through insurance or profits doesn't change anything for existing customers. I guess you misunderstood. Anyway, it doesn't matter what I think, what matters is if a court of law sees Linode as being responsible.

If you put leave your $50,000 Rolex watch in the pocket of a coat you put in the coat check of your local restaurant, you can't expect them to be responsible for it.
Really? And when it's the coat checker that steals the watch, you can't expect the police to come? When the coat checker isn't caught, you can't sue the restaurant? You must not live in the USA....

1480740635
Hero Member
*
Offline Offline

Posts: 1480740635

View Profile Personal Message (Offline)

Ignore
1480740635
Reply with quote  #2

1480740635
Report to moderator
1480740635
Hero Member
*
Offline Offline

Posts: 1480740635

View Profile Personal Message (Offline)

Ignore
1480740635
Reply with quote  #2

1480740635
Report to moderator
1480740635
Hero Member
*
Offline Offline

Posts: 1480740635

View Profile Personal Message (Offline)

Ignore
1480740635
Reply with quote  #2

1480740635
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480740635
Hero Member
*
Offline Offline

Posts: 1480740635

View Profile Personal Message (Offline)

Ignore
1480740635
Reply with quote  #2

1480740635
Report to moderator
1480740635
Hero Member
*
Offline Offline

Posts: 1480740635

View Profile Personal Message (Offline)

Ignore
1480740635
Reply with quote  #2

1480740635
Report to moderator
1480740635
Hero Member
*
Offline Offline

Posts: 1480740635

View Profile Personal Message (Offline)

Ignore
1480740635
Reply with quote  #2

1480740635
Report to moderator
bitcoinbetas
Sr. Member
****
Offline Offline

Activity: 240



View Profile
March 02, 2012, 04:47:11 PM
 #222

So what is the latest has the 43,000 bitcoins left the wallet yet ?
What exactly do you mean by "left the wallet"?

I guess I meant left the wallet of the thief to say an exchange i.e. Mt. Gox  or off to silk road to purchase $15,000 dollars worth of guns and drugs.
Portnoy
Legendary
*
Offline Offline

Activity: 1820

My money; Our Bitcoin.


View Profile
March 02, 2012, 05:01:53 PM
 #223

It looks that also user database has been compromised. Although passwords are stored in SHA1 with salt, I strongly recommend to change your password on the pool immediately.

I have been trying for a while now. I haven't gotten the email that page says will be sent to allow one to do that.

Buy Bitcoin from CoinbaseXapo
Faucets & Earn Bitcoin Sites: FreeBitco.in; BitsForClicks; Moonbit
check_status
Full Member
***
Offline Offline

Activity: 196


Web Dev, Db Admin, Computer Technician


View Profile
March 02, 2012, 05:13:53 PM
 #224

You missed  - on eligius, added bonus:
The coins you receive are virgin whereas with most pools you potentially could get mixed/old coins.

What is the advantage of virgin coins  Huh


weren't you the one that brought up the whole concept of taint recently?

virgin coins have 0% taint.



I thought Taint was the space between the vajayjay and the brown eye.

It would seem Linode is the weakest link for those hosting bitcoin stuff. Customers will need to implement a system that can thwart Linodes retardedness.

Could this be another attempt to manipulate the market with bad news? The stolen funds would remain in hibernation because they are not needed when the theft is for damaging BTC value via bad news.

For Bitcoin to be a true global currency the value of BTC needs always to rise.
If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76.
P2Pool Server List | How To's and Guides Mega List |  1EndfedSryGUZK9sPrdvxHntYzv2EBexGA
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
March 02, 2012, 05:29:32 PM
 #225

To any sane person the bad news is all on linode.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
March 02, 2012, 07:23:16 PM
 #226

IMO the only way in court you might successfully win damages is if you showed they were negligent regarding their security.
Well, before you can determine that, you have to determine how vigilant their security should have been, and that depends on whether you think Linode was marketed as suitable for high-value, easy theft targets like hot Bitcoin wallets.

Quote
I think that would be pretty hard. You'd probably have to show they were aware of the vulnerability or open "customer service portal" and disregarded it. Or maybe they knew an employee was involved in malicious accesses but ignored it. In either case it would probably require an inside whistle blower. So far there haven't been indications that negligence occurred.
Well, we don't know yet. But from just the evidence we have so far, I think it's at least reasonably probable that negligence on Linode's part was involved if you think the appropriate standard is sufficient security to host high-value Bitcoin sites.

Take my $50,000 Rolex in the coat room example. If the coat check attendant goes to the bathroom and doesn't have another employee watch the coat room, is that negligent? Yes if the coat room is supposed to be suitable for storing $50,000 Rolexes. Otherwise, no.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 07:27:13 PM
 #227

Take my $50,000 Rolex in the coat room example. If the coat check attendant goes to the bathroom and doesn't have another employee watch the coat room, is that negligent? Yes if the coat room is supposed to be suitable for storing $50,000 Rolexes. Otherwise, no.

Dude. Please don't embarrass us with "coat check" examples anymore. Even a parking lot would be more suitable of an example, or even a storage container facility. Those have contracts at least and expect you to store things for extended periods of time.

You're saying I can't sue the parking garage of one of their employees breaking into my car and stealing it?

You're saying that I can't sue the shipping container company for leaving their keys outside of my container and letting someone just rob me?

Give me a break.

JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
March 02, 2012, 07:29:16 PM
 #228

That forces the majority of Linode customers, who don't host large-value websites, to subsidize those who do.
I was referring to the off-chance that Linode knew about their hacker and he works there at Linode, and they're just covering it up. They mentioned something about a policy change due to this incident. Covering their asses through insurance or profits doesn't change anything for existing customers. I guess you misunderstood. Anyway, it doesn't matter what I think, what matters is if a court of law sees Linode as being responsible.
They're not covering anything up. I think it's quite likely an inside job involving a Linode employee or former employee. Linode hasn't said so, but they haven't denied it. It's possible they don't know.

Quote
If you put leave your $50,000 Rolex watch in the pocket of a coat you put in the coat check of your local restaurant, you can't expect them to be responsible for it.
Really? And when it's the coat checker that steals the watch, you can't expect the police to come? When the coat checker isn't caught, you can't sue the restaurant? You must not live in the USA....
You can certainly expect the police to come and the employee, if caught, to go to jail. But you aren't likely to recover $50,000 from the restaurant. They're not required to make Fort Knox to check coats.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
eleuthria
Legendary
*
Offline Offline

Activity: 1750


BTC Guild Owner


View Profile WWW
March 02, 2012, 07:36:18 PM
 #229

It's tough to say if Linode should be held liable for the damages, but only because I don't think they're going to give us the full story of what happened.

If this was an outsider accessing their Customer Service administration, then that seems like negligence to me.  Under no circumstances should a "super admin" style of account be accessible from anything but pre-approved IP addresses.  That is negligence to allow such a powerful type of account to be public facing.

If this was an inside job (rogue sys admin), Linode shouldd be liable to the customers.  It is then up to them to decide if they are going to sue the now former employee to recoup the damages on their end.

R.I.P. BTC Guild, 2011 - 2015.
BTC Guild Forum Thread
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
March 02, 2012, 07:44:52 PM
 #230

If it looks like an insider job, and it smells like an insider job, it is.... ... an insider job.

First off, what strikes me as odd (and forgive me not to read through everything that's been written about these issues in the forum for the last hours) is that the attacker targeted just Linode customers that had bitcoind running. I mean, if it was only Bitcoinica that was targeted, an outside attacker would seem more plausible, but eight customers that all ran bitcoind, and those were the only ones affected ? Seems very plausible that it's a superadmin that did this. After all, that makes logical sense, when tracks are hidden that well.

The first thing I would do if I were to investigate this case would be to interview everyone that have superadmin access at Linode, and I mean though confrontive cross examination, and lie detectors tests, everything you can throw at them + getting at all and every server logs. I assume Bitcoinica works with law enforcement on this one ? It's a lot of money gone here.

Anyway, let's take the lessons we can, and thumbs up for all the good operators that decided to use their own money to reimburse the customers.
digital
Hero Member
*****
Offline Offline

Activity: 490


View Profile
March 02, 2012, 08:12:24 PM
 #231

Wow, Bitcoinica actually lost over 43,000 coins.

Damn.

http://arstechnica.com/business/news/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost.ars?clicked=related_right

If I help you out: 17QatvSdciyv2zsdAbphDEUzST1S6x46c3
References (bitcointalk.org/index.php?topic=): 50051.20  50051.100  53668.0  53788.0  53571.0  53571.0  52212.0  50729.0  114804.0  115468  78106  69061  58572  54747
check_status
Full Member
***
Offline Offline

Activity: 196


Web Dev, Db Admin, Computer Technician


View Profile
March 02, 2012, 08:14:33 PM
 #232

To any sane person the bad news is all on linode.
So you are not willing to believe that the Dole food chain (salads specifically) were poisoned in order to profit from put option trades?
There are hundreds more of this type of examples for stocks. Of course there are no put options for Bitcoins but the method can still be used to profit or attack the value. Good and bad news has reactive tangible effects on volatile markets, of which Bitcoin is one.

For Bitcoin to be a true global currency the value of BTC needs always to rise.
If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76.
P2Pool Server List | How To's and Guides Mega List |  1EndfedSryGUZK9sPrdvxHntYzv2EBexGA
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
March 02, 2012, 08:42:30 PM
 #233

To any sane person the bad news is all on linode.
So you are not willing to believe that the Dole food chain (salads specifically) were poisoned in order to profit from put option trades?
There are hundreds more of this type of examples for stocks. Of course there are no put options for Bitcoins but the method can still be used to profit or attack the value. Good and bad news has reactive tangible effects on volatile markets, of which Bitcoin is one.

Yes of course it makes more sense in the realworld that someone stole the coins not to sell it for personal gain but to only crash the market due to tinfoil conspiracies.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 03, 2012, 12:28:29 AM
 #234

Guys, CoinExchanger is turning out to be the likely culprit in the hack.


I am almost sure that bitcoinica.com is out of funds and they are keeping the site open to get more deposits and ponzi those deposits on those who want to withdrawal. The 17 year old just lost 250,000 Dollars and I doubt he has an extra 250K to cover his loss.

I would encourage everyone to withdrawal your funds from bitcoinica and watch the shit hit the fan.

Visit, www.coinexchanger.com

We will lower our withdrawal fee in the next couple of days, in the meantime 9% is fair.

CoinExchanger.com is an admittedly unregistered MLB (money license business) that must be registered by FinCEN within 6 months of opening their doors and sharing their first stored value. They have not done so and are in direct violation of federal law.

The owner of CoinExchanger.com is Leo Camilo, who advertises his address as 440 9th ave, New york, New York,10001 US and personal telephone number 1 (347) 469-1040.

His private email (search google) is atqcapital@gmail.com.

He has publicly stated on multiple occasions that:

  • bitcoin is fake money, "monopoly money" and has no value and should not be trusted for this reason.
  • his exchange is functional with a large user base, when not a single user has ever reportedly done business with him
  • he is holding coins stolen from Zhou Tong's Bitcoinica and says "fuck you Zhou, you're just a stupid 17 year old kid, these coins are mine now" basically.

He also:

  • goes under the sock puppet scammer account name "Maria"
  • claims to be a millionaire and restaurant owner

He is currently in possession of stolen Bitcoins from the Linode hack and any coins purchased from him will not be accepted by MtGox or anyone in the Bitcoin community.


Jon
Donator
Member
*
Offline Offline

Activity: 98


No Gods; No Masters; Only You


View Profile
March 03, 2012, 12:38:40 AM
 #235

Except after they have been properly laundered through the Silk Road.

/devil's advocate

The Communists say, equal labour entitles man to equal enjoyment. No, equal labour does not entitle you to it, but equal enjoyment alone entitles you to equal enjoyment. Enjoy, then you are entitled to enjoyment. But, if you have laboured and let the enjoyment be taken from you, then – ‘it serves you right.’ If you take the enjoyment, it is your right.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
March 03, 2012, 01:07:35 AM
 #236

Guys, CoinExchanger is turning out to be the likely culprit in the hack.


I am almost sure that bitcoinica.com is out of funds and they are keeping the site open to get more deposits and ponzi those deposits on those who want to withdrawal. The 17 year old just lost 250,000 Dollars and I doubt he has an extra 250K to cover his loss.

I would encourage everyone to withdrawal your funds from bitcoinica and watch the shit hit the fan.

Visit, www.coinexchanger.com

We will lower our withdrawal fee in the next couple of days, in the meantime 9% is fair.

CoinExchanger.com is an admittedly unregistered MLB (money license business) that must be registered by FinCEN within 6 months of opening their doors and sharing their first stored value. They have not done so and are in direct violation of federal law.

The owner of CoinExchanger.com is Leo Camilo, who advertises his address as 440 9th ave, New york, New York,10001 US and personal telephone number 1 (347) 469-1040.

His private email (search google) is atqcapital@gmail.com.

He has publicly stated on multiple occasions that:

  • bitcoin is fake money, "monopoly money" and has no value and should not be trusted for this reason.
  • his exchange is functional with a large user base, when not a single user has ever reportedly done business with him
  • he is holding coins stolen from Zhou Tong's Bitcoinica and says "fuck you Zhou, you're just a stupid 17 year old kid, these coins are mine now" basically.

He also:

  • goes under the sock puppet scammer account name "Maria"
  • claims to be a millionaire and restaurant owner

He is currently in possession of stolen Bitcoins from the Linode hack and any coins purchased from him will not be accepted by MtGox or anyone in the Bitcoin community.


The part in big letters there... how do you know that he is in possession of coins from the hack?
Jine
Sr. Member
****
Offline Offline

Activity: 405


View Profile
March 03, 2012, 01:14:07 AM
 #237

We cannot know for sure to be totally honest, he claims this is a transaction to his service;
http://blockchain.info/address/0d9e2cd87cef275505cd1a831a8fdf86cd2ff571

See... some other thread for proof, to many thread to look through.
But it was something like "Hey, we just received another 12k deposit!"

Previous founder of Bit LC Inc. | I've always loved the idea of bitcoin.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
March 03, 2012, 01:25:52 AM
 #238

We cannot know for sure to be totally honest, he claims this is a transaction to his service;
http://blockchain.info/address/0d9e2cd87cef275505cd1a831a8fdf86cd2ff571

See... some other thread for proof, to many thread to look through.
But it was something like "Hey, we just received another 12k deposit!"

Got it - thanks.
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
March 03, 2012, 01:40:08 AM
 #239

I  am rather confused. Don't like to judge until I have better information about this CoinExchanger, ie, posts and comments.

JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
March 03, 2012, 03:37:52 AM
 #240

Dude. Please don't embarrass us with "coat check" examples anymore. Even a parking lot would be more suitable of an example, or even a storage container facility. Those have contracts at least and expect you to store things for extended periods of time.
The point is the difference between using a service in a way that requires the normal level of security and using a service in a way that requires an extraordinary level of security from the provider.

Quote
You're saying I can't sue the parking garage of one of their employees breaking into my car and stealing it?
Yes, but don't expect to get back the $5 million if you store a prototype car there.

Quote
You're saying that I can't sue the shipping container company for leaving their keys outside of my container and letting someone just rob me?
Yes, but don't expect them to cover the costs if your shipment was diamonds, unless they knew and agreed to extra security appropriate to diamonds.

Quote
Give me a break.
In your world, every business would have to provide security adequate to cover the most bizarre uses of their service. FedEx would have to have a team of armed guards follow every truck they dispatch just in case a package had millions of dollars worth of diamonds in it and the owner of the shipment made the shipment details public so thieves knew just what to target. But in fact, that's not how such services operate. They have precisely-defined liability limits and they require shippers to declare high-value operations and pay extra if you want them to insure them.

Yes or no, do you believe FedEx is legally obligated to defend every package they ship in a way that's suitable to protect millions of dollars worth of diamonds from an inside job? If yes, how do you think they should pay for that? If no, how can they be negligent if their security was adequate for ordinary shipments?

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
Pages: « 1 2 3 4 5 6 7 8 9 10 11 [12] 13 14 15 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!