cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
March 02, 2012, 03:22:48 AM |
|
do these incidents not bode well for online clients like Electrum or Blockchain.info?
even with encrypted user generated private keys, they can be stolen by the server when opened to sign tx's.
Server never "opens" the key. The signing is done client side. While you could have funds stolen it would be because of malware on your computer. There is nothing on the server to steal. refer to the section written by piuk himself: http://bitcoin.stackexchange.com/questions/2240/what-are-the-risks-of-using-strongcoin-com-as-an-online-wallet
|
|
|
|
finway
|
|
March 02, 2012, 03:25:44 AM |
|
I can't believe the hacker!
Don't even let off 5 Bitcoins...
|
|
|
|
bbit
Legendary
Offline
Activity: 1330
Merit: 1000
Bitcoin
|
|
March 02, 2012, 03:28:05 AM |
|
I can't believe the hacker!
Don't even let off 5 Bitcoins... If you think about it that is pretty low - attack the free bitcoin faucent wtf?
|
|
|
|
bitcoinBull
Legendary
Offline
Activity: 826
Merit: 1001
rippleFanatic
|
|
March 02, 2012, 03:35:53 AM |
|
I can't believe the hacker!
Don't even let off 5 Bitcoins... If you think about it that is pretty low - attack the free bitcoin faucent wtf? It was just for confirming he had access to all of Linode. They said only 8 accounts were accessed (presumably those running bitcoind), so one question is, who were the other 5 and did they have any coins in their wallet? Also, why 25k BTC? That's the exact same number allinvain lost. allinvain had a bit more than 25k in his wallet, but the thief only stole 25k even and let him keep the rest.
|
College of Bucking Bulls Knowledge
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
March 02, 2012, 03:45:19 AM |
|
Have a more secure system in place next time.
The attacker went outside his secure system and gained root access. There's not much you can do about that except for not using a hosting service which allows attackers root access to your files. How about encrypting the wallet ? I have root access. I log in, modify bitcoind to send a copy of the plaintext password in a file somewhere the next time they type it, then reboot their system. They log back in, type their password, and I get their BTC. It's very hard to protect against an attacker with root access. P2SH would help, of course.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
trentzb
|
|
March 02, 2012, 03:52:18 AM |
|
Getting access to the Linode admin UI doesn't give access to the server itself. You can view the console, but you just get the login prompt. You still need the server's password to log in.
To reset the password the server has to be shut down so that /etc/shadow can be modified. At that point they could just go in and grab the data, but they most likely used Linode's password changer to minimize the downtime to a few seconds to help prevent getting caught.
A reboot wouldn't be required if they got access to the Linode hosts, but it doesn't sound like that was the case here. I'm guessing the exploit is in their web-based server management.
This is by far one of the scariest things about the process. Considering Slush and the Faucet were compromised at roughly the same time, it points to the flaw being in Linode's administrative control panel. A -very- scary situation, considering Linode is one of the largest VPS providers around. I'm late to the party. None of my bitcoind Linodes have been compromised...yet. Come and get 'em...all my coins are hot now. I guess it was mostly the 'highest profile' targets that got hit, which explains Gavin getting chosen (although I always thought the faucet kept a rather low amount of coins in it at any time to a roughly equal inflow/outflow of coins or the fact that it used to run empty often Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 02, 2012, 04:15:36 AM |
|
Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.
Now we are getting somewhere. Hacker works for the CIA? Or, more likely, hacker works for a large bank or collection of banks? Stealing from the faucet is terrorism, plain and simple. Call the federales.
|
|
|
|
padrino
Legendary
Offline
Activity: 1428
Merit: 1000
https://www.bitworks.io
|
|
March 02, 2012, 04:28:03 AM |
|
I've seen a fair bit of traffic since I got into bitcoin talking about encrypting one's wallet if it's used for backup, etc. The initial articel I read indicating Linode was used only to hold a copy of the wallet but in reading the posts it sounds like it was the live wallet used to make transactions on the running systems, I guess I'm curious regarding which it was.
|
|
|
|
bbit
Legendary
Offline
Activity: 1330
Merit: 1000
Bitcoin
|
|
March 02, 2012, 04:36:55 AM |
|
Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.
Now we are getting somewhere. Hacker works for the CIA? Or, more likely, hacker works for a large bank or collection of banks? Stealing from the faucet is terrorism, plain and simple. Call the federales. The last few replies mention allinvain and CIA - anyone seen allinvain? hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm Couple of ways to look at it. One Allinvain worked for the CIA and wanted to make it look like there was a "huge bitcoin" loss or two the CIA off'd Allinvain since nobody has heard from him in what like a thousand years? Or taken him to the brig off at sea....
|
|
|
|
stick_theman
|
|
March 02, 2012, 04:36:58 AM |
|
I can't believe the hacker!
Don't even let off 5 Bitcoins... If you think about it that is pretty low - attack the free bitcoin faucent wtf? Thieving is the lowest of all sins.
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
March 02, 2012, 04:37:34 AM |
|
could be, if it's the only 10 grand that moved lately, will wait for zt confirm These are all the transactions with outputs of 2500 BTC or more in the time period we're looking at: Thu Mar 1 02:16:40 2012 e558957e4108f33775f08cc1277d22fbb51261d232a2d2a14cfd518d333ce5f1 2822.44 Thu Mar 1 06:50:07 2012 7b45c1742ca9f544cccd92d319ef8a5e19b7dcb8742990724c6a9c2f569ae732 20555.0 Thu Mar 1 06:50:07 2012 0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0 10000.0 Thu Mar 1 06:50:07 2012 901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3 3000.0 Thu Mar 1 06:50:07 2012 a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68 3000.0 Thu Mar 1 06:50:07 2012 a57132e2cbc580ac262aa3f7bac1e441d6573f9633118bc48009618585a0967e 3000.0 Thu Mar 1 07:59:31 2012 34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb 3094.0 <-- slush Thu Mar 1 18:39:22 2012 d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333 25000.0
The Bitcoinica 10k is certainly in that 06:50:07 block - it was a busy block indeed! http://blockexplorer.com/b/169179
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
March 02, 2012, 04:47:43 AM |
|
Yea, that is a reason to remain 'low profile'. But the faucet...yea, that just doesn't make sense. 5, 20 or 100 coins, grabbing from the faucet will hurt the end game.
Now we are getting somewhere. Hacker works for the CIA? Or, more likely, hacker works for a large bank or collection of banks? Stealing from the faucet is terrorism, plain and simple. Call the federales. The last few replies mention allinvain and CIA - anyone seen allinvain? hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm Couple of ways to look at it. One Allinvain worked for the CIA and wanted to make it look like there was a "huge bitcoin" loss or two the CIA off'd Allinvain since nobody has heard from him in what like a thousand years? Or taken him to the brig off at sea.... no, he's been posting regularly over in the Hardware section in the Ztex thread i believe.
|
|
|
|
Eveofwar
|
|
March 02, 2012, 04:48:19 AM |
|
could be, if it's the only 10 grand that moved lately, will wait for zt confirm These are all the transactions with outputs of 2500 BTC or more in the time period we're looking at: Thu Mar 1 02:16:40 2012 e558957e4108f33775f08cc1277d22fbb51261d232a2d2a14cfd518d333ce5f1 2822.44 Thu Mar 1 06:50:07 2012 7b45c1742ca9f544cccd92d319ef8a5e19b7dcb8742990724c6a9c2f569ae732 20555.0 Thu Mar 1 06:50:07 2012 0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0 10000.0 Thu Mar 1 06:50:07 2012 901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3 3000.0 Thu Mar 1 06:50:07 2012 a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68 3000.0 Thu Mar 1 06:50:07 2012 a57132e2cbc580ac262aa3f7bac1e441d6573f9633118bc48009618585a0967e 3000.0 Thu Mar 1 07:59:31 2012 34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb 3094.0 <-- slush Thu Mar 1 18:39:22 2012 d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333 25000.0
The Bitcoinica 10k is certainly in that 06:50:07 block - it was a busy block indeed! http://blockexplorer.com/b/169179 https://bitcointalk.org/index.php?topic=66979.0 -- They posted some of their "suspicious" TX Id's
|
|
|
|
|
neofutur
|
|
March 02, 2012, 04:53:15 AM |
|
I would not trust any shared host (VM or not) that has access to your data for a wallet over $1000. The only way to do this is with encrypted disks that are setup or encrypted by the customer with no host access of any kind. No 'control panel" based hosting.
For sure a shared host can be less trusted than a dedicated server but . . . if the datacenter manager ( or employee ) is compromised, the thief can reboot in rescue mode, acces the disk, change root password . . . and the result will be the same . . . cold storage and therefore delayed withdraws ( manually validated once / day by the pool or exchange admin ) seem to be the only safe answer to me . . .
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 02, 2012, 04:55:10 AM |
|
Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth. My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1020
|
|
March 02, 2012, 04:56:04 AM |
|
Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.
My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!
Yeah, it's more likely market panic.
|
|
|
|
bbit
Legendary
Offline
Activity: 1330
Merit: 1000
Bitcoin
|
|
March 02, 2012, 04:56:53 AM |
|
Come on, stop spreading FUD. There is NO WAY IN HELL that the guy can cash out so quickly. Think of daily withdrawal limits, ID verification, coin tracing, and so forth.
My guess? Disheartened noobs cashing out because of loss of faith in the system. All the more coins for me!
Yeah, it's more likely market panic. The price is dropping Not going to lie I got a little shaken also ...uggh...
|
|
|
|
k9quaint
Legendary
Offline
Activity: 1190
Merit: 1000
|
|
March 02, 2012, 04:59:25 AM |
|
This too shall pass. But in the mean time, I am vexed!
|
Bitcoin is backed by the full faith and credit of YouTube comments.
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
March 02, 2012, 05:03:21 AM |
|
This too shall pass. But in the mean time, I am vexed! Buy!
|
|
|
|
|