Bitcoin Forum
November 10, 2024, 04:00:11 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 »  All
  Print  
Author Topic: Hacked Linode & coins stolen to 1NRy8GbX56MymBhDYM...  (Read 62157 times)
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
March 02, 2012, 01:55:27 AM
 #101

WHY DA FUCK DO YOU USE VPS's TO HOST IMPORTANT STUFF?

Hm, please read my previous post. I don't think that VPS containers itself are huge security risk. As you see now, virtualization wasn't the reason for the hack, but it was supporting tool which is in some form in every hosting company, even for unmanaged servers (yes, I'm even paying extra fee for software KVM).

Littleshop
Legendary
*
Offline Offline

Activity: 1386
Merit: 1004



View Profile WWW
March 02, 2012, 01:56:18 AM
 #102

I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000.  The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind.

Unfortunately this is very hard to achieve in real world. For example, I cannot use any housing here in Prague because of stupidly poor connectivity to abroad. Then it really don't matter if the provider is VPS or not, because technically there must be somebody who have physical access to the server instead of me. I'm hosting the pool in France - it's standalone server, but there is still software KVM (because *I* need to reach the server anytime) and there are probably tens of sysadmins with physical access to server.

So it happen today in Linode, but it can happen everywhere else tomorrow. So choosing server provider for services where you don't have thousands of dollars monthly to protect your own server room is like playing russian roulette.

I do agree that it is hard to find options in some areas.  In Baltimore we have a few 'rack space' rental places that will allow you to drop in a server that you have physically set up and nobody has access to online.  Sure, they could get to it physically but that kind of attack is quite different if disks are encrypted.  (and yes, I know it is POSSIBLE to break into those as well but you do need to take the machine offline to do it)

slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
March 02, 2012, 01:56:31 AM
 #103

Lol, psy deleted his post immediately Wink

muyuu
Donator
Legendary
*
Offline Offline

Activity: 980
Merit: 1000



View Profile
March 02, 2012, 01:58:05 AM
 #104

Another 10k+ BTC from Bitcoinica :-/.
https://bitcointalk.org/index.php?topic=66961

In the transaction related to your incident, one of the destination addresses had 25k BTC or so... by the looks of it the perp has amassed a lot of bitcoins and I bet there were many legit wallets in Linode with legit transactions so he can also use these to launder his money.

It's a lot of money to launder, though. We're talking about 1/4 million US$ or so.

Beware of big mining contract purchases in ferroh or GPUMax (or others) during the next few days.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
JeffK
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250

I never hashed for this...


View Profile
March 02, 2012, 01:58:51 AM
 #105

Since they are a company with real money on the line, they are probably doing an investigation before they make any statement, period.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 02, 2012, 01:59:06 AM
 #106

Yeah, I deleted it because I wasn't even trying to attack you nor did I wished to derail the thread.

Was just replying to you now to say: colocation with encrypted disks?

I understand if you tell me it's expensive, but the alternative is worse, as we all see now.

PS: I don't have any bitcoind facing the web so it's easy for me to stay safe.
Those guides about setting up hidden services are really helpful when one wants to setup a secure server.

Sorry Slush, hope you didn't got mad with me. I'm really in pain with this situation. I was already in pain when it was only you and Gavin, much more now that Bitcoinica even lost more than both of you together.
Thralen
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
March 02, 2012, 02:03:40 AM
 #107


I think he may be trying to "set JeffK straight" as they say...

Yes, I have issues with people that I've never seen contribute meaningfully to something trying to tear apart people that I know have contributed to that thing. In this case, Bitcoin being the thing and Slush (as someone with major contributions to it) being 'attacked' and being, in essence, called a liar. I tend to jump to the defense of what I believe in at those points. Therefore I posted the link to the other major breach that was only tangentially mentioned and linked to in this thread as additional proof, seeing if he'd decide to call Zhou (as well as Slush) a liar by continuing his current stand.

Thralen

Supporting bitcoin as best I can with 1. mining, 2. buying with bitcoin, 3. selling (or trying to) for bitcoin. If you make a donation to:  1MahzUUEYJrZ4VbPRm2h5itGZKEguGVZK1  I'll get it into circulation.
dunand
Hero Member
*****
Offline Offline

Activity: 637
Merit: 502



View Profile
March 02, 2012, 02:07:42 AM
 #108

Can someone explain how the encrypted wallet was compromised? The attacker found the wallet's password in the source code / config file somewhere?
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 02, 2012, 02:09:10 AM
 #109

Can someone explain how the encrypted wallet was compromised? The attacker found the wallet's password in the source code / config file somewhere?

Maybe because it wasn't encrypted?
I don't remember any of them saying the wallets were encrypted.
Maybe I'll need to re-read the thread(s)...
JeffK
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250

I never hashed for this...


View Profile
March 02, 2012, 02:09:24 AM
 #110


I think he may be trying to "set JeffK straight" as they say...

Yes, I have issues with people that I've never seen contribute meaningfully to something trying to tear apart people that I know have contributed to that thing. In this case, Bitcoin being the thing and Slush (as someone with major contributions to it) being 'attacked' and being, in essence, called a liar. I tend to jump to the defense of what I believe in at those points. Therefore I posted the link to the other major breach that was only tangentially mentioned and linked to in this thread as additional proof, seeing if he'd decide to call Zhou (as well as Slush) a liar by continuing his current stand.

Thralen

It's also terribly unfair to attack one of the longest standing most reputable providers without any real statement on their part, and it's doubly unfair to demand they pay back what was allegedly "lost" on the service, since they aren't required by law or their TOS to hold backups of your data for you.
paraipan
In memoriam
Legendary
*
Offline Offline

Activity: 924
Merit: 1004


Firstbits: 1pirata


View Profile WWW
March 02, 2012, 02:15:46 AM
 #111

Another 10k+ BTC from Bitcoinica :-/.
https://bitcointalk.org/index.php?topic=66961

In the transaction related to your incident, one of the destination addresses had 25k BTC or so... by the looks of it the perp has amassed a lot of bitcoins and I bet there were many legit wallets in Linode with legit transactions so he can also use these to launder his money.

It's a lot of money to launder, though. We're talking about 1/4 million US$ or so.

Beware of big mining contract purchases in ferroh or GPUMax (or others) during the next few days.

zhoutong didn't provide transaction id of the robbery like slush did

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
copumpkin
Donator
Sr. Member
*
Offline Offline

Activity: 266
Merit: 252


I'm actually a pineapple


View Profile
March 02, 2012, 02:18:06 AM
 #112


I think he may be trying to "set JeffK straight" as they say...

Yes, I have issues with people that I've never seen contribute meaningfully to something trying to tear apart people that I know have contributed to that thing. In this case, Bitcoin being the thing and Slush (as someone with major contributions to it) being 'attacked' and being, in essence, called a liar. I tend to jump to the defense of what I believe in at those points. Therefore I posted the link to the other major breach that was only tangentially mentioned and linked to in this thread as additional proof, seeing if he'd decide to call Zhou (as well as Slush) a liar by continuing his current stand.

Thralen

It's also terribly unfair to attack one of the longest standing most reputable providers without any real statement on their part, and it's doubly unfair to demand they pay back what was allegedly "lost" on the service, since they aren't required by law or their TOS to hold backups of your data for you.

Backups are not really the issue here.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 02, 2012, 02:19:54 AM
 #113

@JeffK Full disclosure request:

What is your relationship with Linode?
JeffK
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250

I never hashed for this...


View Profile
March 02, 2012, 02:20:06 AM
 #114


I think he may be trying to "set JeffK straight" as they say...

Yes, I have issues with people that I've never seen contribute meaningfully to something trying to tear apart people that I know have contributed to that thing. In this case, Bitcoin being the thing and Slush (as someone with major contributions to it) being 'attacked' and being, in essence, called a liar. I tend to jump to the defense of what I believe in at those points. Therefore I posted the link to the other major breach that was only tangentially mentioned and linked to in this thread as additional proof, seeing if he'd decide to call Zhou (as well as Slush) a liar by continuing his current stand.

Thralen

It's also terribly unfair to attack one of the longest standing most reputable providers without any real statement on their part, and it's doubly unfair to demand they pay back what was allegedly "lost" on the service, since they aren't required by law or their TOS to hold backups of your data for you.

Backups are not really the issue here.

It is "hosting something of value on an unencrypted server that is irreplaceable" then?
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


View Profile
March 02, 2012, 02:20:18 AM
 #115

Another 10k+ BTC from Bitcoinica :-/.
https://bitcointalk.org/index.php?topic=66961

In the transaction related to your incident, one of the destination addresses had 25k BTC or so... by the looks of it the perp has amassed a lot of bitcoins and I bet there were many legit wallets in Linode with legit transactions so he can also use these to launder his money.

It's a lot of money to launder, though. We're talking about 1/4 million US$ or so.

Beware of big mining contract purchases in ferroh or GPUMax (or others) during the next few days.

zhoutong didn't provide transaction id of the robbery like slush did

http://blockchain.info/tx-index/2873808/0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0 -- may be it.
Littleshop
Legendary
*
Offline Offline

Activity: 1386
Merit: 1004



View Profile WWW
March 02, 2012, 02:20:27 AM
 #116


I think he may be trying to "set JeffK straight" as they say...

Yes, I have issues with people that I've never seen contribute meaningfully to something trying to tear apart people that I know have contributed to that thing. In this case, Bitcoin being the thing and Slush (as someone with major contributions to it) being 'attacked' and being, in essence, called a liar. I tend to jump to the defense of what I believe in at those points. Therefore I posted the link to the other major breach that was only tangentially mentioned and linked to in this thread as additional proof, seeing if he'd decide to call Zhou (as well as Slush) a liar by continuing his current stand.

Thralen

It's also terribly unfair to attack one of the longest standing most reputable providers without any real statement on their part, and it's doubly unfair to demand they pay back what was allegedly "lost" on the service, since they aren't required by law or their TOS to hold backups of your data for you.

Backups are not really the issue here.

Not saying that the host did anything wrong....  but the problem is not the lack of backups....

It is one backup too many.


JeffK
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250

I never hashed for this...


View Profile
March 02, 2012, 02:21:26 AM
 #117

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1020


View Profile
March 02, 2012, 02:22:33 AM
 #118

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

Ok, you're going to be suspicious of Gavin, the bitcoinica guy, and Slush?

malevolent
can into space
Legendary
*
Offline Offline

Activity: 3472
Merit: 1724



View Profile
March 02, 2012, 02:23:17 AM
 #119

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

Normally I would agree with you but in this case Slush (and Zhoutong who's btc also were stolen) said they will cover the losses out of their own pocket.

Signature space available for rent.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 02, 2012, 02:24:24 AM
 #120

@JeffK Full disclosure request:

What is your relationship with Linode?

Two year customer last month, never had problems but I've been around the Bitcoin community long enough to be suspicious of people who "lose" bitcoins or have them "stolen"

And I find suspicious that after being inactive since Jan 9th 2012 you came back today...
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!