zhoutong (OP)
VIP
Hero Member
Offline
Activity: 490
Merit: 502
|
 |
March 02, 2012, 03:37:39 AM |
|
We didn't have the opportunity to scan our whole system for suspicious transactions that were not initiated from our customers because we had to shut down the system immediately after we've discovered the huge loss. We did get a rough estimate and we published a press release to warn our users about the deposit address replacement.
However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount. For transparency, we would like to disclose all the suspicious transaction ids in this incident:
{ "account" : "", "address" : "1F3czt4VGUGdmrXW4qbh8hbQZ1hcHpwFGT", "category" : "send", "amount" : -1999.00000000, "fee" : -0.01750000, "confirmations" : 99, "txid" : "5a09f4ef0e91bc7bc044365cd27236fe4ac3c02088ac21ab51c93c8a11d33d4b", "time" : 1330584607 }, { "account" : "", "address" : "1DMuVKe9PKpx3dbs2b2MnXuVmLfA4drHif", "category" : "send", "amount" : -20555.00000000, "fee" : 0.00000000, "confirmations" : 99, "txid" : "7b45c1742ca9f544cccd92d319ef8a5e19b7dcb8742990724c6a9c2f569ae732", "time" : 1330584607 }, { "account" : "", "address" : "13CmJpbAueuWiPKw3UYU4vXEcZ4WzP6nxt", "category" : "send", "amount" : -3000.00000000, "fee" : 0.00000000, "confirmations" : 99, "txid" : "901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3", "time" : 1330584607 }, { "account" : "", "address" : "1978kFf3WKYiZsy89WX6qJ8vxWAbRWFGLq", "category" : "send", "amount" : -0.01002773, "fee" : 0.00000000, "confirmations" : 99, "txid" : "901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3", "time" : 1330584607 }, { "account" : "", "address" : "1JL7vc2Ecn8QeeBYdpAP22pVpaSP6Cni3J", "category" : "send", "amount" : -3000.00000000, "fee" : 0.00000000, "confirmations" : 99, "txid" : "a57132e2cbc580ac262aa3f7bac1e441d6573f9633118bc48009618585a0967e", "time" : 1330584607 }, { "account" : "", "address" : "13CmJpbAueuWiPKw3UYU4vXEcZ4WzP6nxt", "category" : "send", "amount" : -3000.00000000, "fee" : 0.00000000, "confirmations" : 99, "txid" : "a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68", "time" : 1330584607 }, { "account" : "", "address" : "15WoJ7L4AUfGHWdGj45NY9rFNiwU48woX2", "category" : "send", "amount" : -0.01002644, "fee" : 0.00000000, "confirmations" : 99, "txid" : "a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68", "time" : 1330584607 }, { "account" : "", "address" : "1NRy8GbX56MymBhDYMyqsNKwW9VupqKVG7", "category" : "send", "amount" : -2000.00000000, "fee" : 0.00000000, "confirmations" : 99, "txid" : "ff04763e3e8c93e43799dbbca833e183faad7e2611f20f136f47c2f1049481ae", "time" : 1330584607 }, { "account" : "", "address" : "1AaXeH5DuP6FpPxdCn9RGXKWhSG4r9Hq9q", "category" : "send", "amount" : -10000.00000000, "fee" : 0.00000000, "confirmations" : 99, "txid" : "0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0", "time" : 1330584607 }
Again, we would like to reassure that trading will not be in any way affected and we are already in the process of contacting Linode regarding this incident. The Bitcoinica system has not been compromised and our reserves are more than sufficient for regular trading activities.
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 4844
Merit: 11331
|
 |
March 02, 2012, 03:39:23 AM |
|
How can you reimburse that much? Have you really made that much profit?
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
 |
March 02, 2012, 03:39:58 AM |
|
unbelievable. and you're going to be able to reimburse all your customers?
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
 |
March 02, 2012, 03:40:51 AM |
|
there goes Zhou's tuition.
|
|
|
|
bbit
Legendary
Offline
Activity: 1330
Merit: 1000
Bitcoin
|
 |
March 02, 2012, 03:41:47 AM |
|
my mouth dropped 
|
|
|
|
tonto
|
 |
March 02, 2012, 03:43:36 AM |
|
*whew* my coins are still safe on his server. 
|
|
|
|
jimbobway
Legendary
Offline
Activity: 1304
Merit: 1014
|
 |
March 02, 2012, 03:44:16 AM |
|
|
|
|
|
zhoutong (OP)
VIP
Hero Member
Offline
Activity: 490
Merit: 502
|
 |
March 02, 2012, 03:44:31 AM |
|
How can you reimburse that much? Have you really made that much profit?
Yes, our historical profit is fairly sufficient to cover the loss from this incident, and we believe that it's the best interest for the community to keep running the business. We will take appropriate strategies and implement more security features to prevent this from happening ever again, even with the presence of dishonest partners or employees.
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
 |
March 02, 2012, 03:45:38 AM |
|
http://status.linode.com/2012/03/manager-security-incident.htmlManager Security Incident
Ensuring the security of our platform is our top priority. We maintain a strong security policy and aim to communicate openly should it ever be compromised. Thus, we are posting to describe a recent incident affecting the Linode Manager.
Here are the facts:
This morning, an intruder accessed a web-based Linode customer service portal. Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted. All activity via the web portal is logged, and an exhaustive audit has provided the following:
All activity by the intruder was limited to a total of eight customers, all of which had references to "bitcoin". The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins. Those customers affected have been notified. If you have not received a notification then your account is unaffected. Again, only eight accounts were affected.
The portal does not have access to credit card information or Linode Manager user passwords. Only those eight accounts were viewed or manipulated -- no other accounts were viewed or accessed.
Security is our number one priority and has been for over eight years. We depend on and value the trust our customers have placed in us. Now, more than ever, we remain committed to ensuring the safety and security of our customers' accounts, and will be reviewing our policies and procedures to prevent this from ever recurring.
ok, 8 accts: Zhou, Gavin, Slush. who are the other 5?
|
|
|
|
Clipse
|
 |
March 02, 2012, 03:47:54 AM |
|
I cant help but know some Linode employee wont be at work tomorrow.
This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.
This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.
|
...In the land of the stale, the man with one share is king... >> ClipseWe pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
|
|
|
jimbobway
Legendary
Offline
Activity: 1304
Merit: 1014
|
 |
March 02, 2012, 03:48:20 AM |
|
ok, 8 accts: Zhou, Gavin, Slush. who are the other 5?
Seems likely an attacker would have or has had a linode account as well...
|
|
|
|
Jointops420
|
 |
March 02, 2012, 03:48:42 AM |
|
Bravo to you and slush. I am sure it will come back to you in trust but what a mongrel act that's been committed.
|
|
|
|
mb300sd
Legendary
Offline
Activity: 1260
Merit: 1000
Drunk Posts
|
 |
March 02, 2012, 03:50:53 AM |
|
http://status.linode.com/2012/03/manager-security-incident.htmlManager Security Incident
Ensuring the security of our platform is our top priority. We maintain a strong security policy and aim to communicate openly should it ever be compromised. Thus, we are posting to describe a recent incident affecting the Linode Manager.
Here are the facts:
This morning, an intruder accessed a web-based Linode customer service portal. Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted. All activity via the web portal is logged, and an exhaustive audit has provided the following:
All activity by the intruder was limited to a total of eight customers, all of which had references to "bitcoin". The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins. Those customers affected have been notified. If you have not received a notification then your account is unaffected. Again, only eight accounts were affected.
The portal does not have access to credit card information or Linode Manager user passwords. Only those eight accounts were viewed or manipulated -- no other accounts were viewed or accessed.
Security is our number one priority and has been for over eight years. We depend on and value the trust our customers have placed in us. Now, more than ever, we remain committed to ensuring the safety and security of our customers' accounts, and will be reviewing our policies and procedures to prevent this from ever recurring.
ok, 8 accts: Zhou, Gavin, Slush. who are the other 5? I would hope zhou dosen't keep 40k btc on one server  , I assume more than 1 was bitcoinica
|
1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
|
|
|
jimbobway
Legendary
Offline
Activity: 1304
Merit: 1014
|
 |
March 02, 2012, 04:02:12 AM |
|
zhoutong, thx for being part of the bitcoin community and being a class act. I hope Linode provides you with all of the compensation.
|
|
|
|
Rassah
Legendary
Offline
Activity: 1680
Merit: 1035
|
 |
March 02, 2012, 04:07:51 AM |
|
I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
|
|
|
|
stick_theman
|
 |
March 02, 2012, 04:11:21 AM |
|
Thanks Bitcoinica for keeping cool and maintain your integrity.
But, wtf @ Linode?!!! Where's that Vice President?!!! We need him to get on the forum ASAP!!!!!! This has to be an inside/co-ordinated job. All these happened at the same time.
|
|
|
|
The-Real-Link
|
 |
March 02, 2012, 04:12:03 AM |
|
Wow that's one heck of an attack. Terribly sorry to hear about the loss but hopefully you can recouperate in some way with the company or community.
Is Linode like a version of Linux or server software, or just a hosting company such as 1&1, Dreamhost, GoDaddy etc.? I suppose whether it is Windows, Linux, or Mac, if someone knows what they are doing it doesn't matter what software runs the wallet. A user could get to the right files if they know.
|
Oh Loaded, who art up in Mt. Gox, hallowed be thy name! Thy dollars rain, thy will be done, on BTCUSD. Give us this day our daily 10% 30%, and forgive the bears, as we have bought their bitcoins. And lead us into quadruple digits
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
 |
March 02, 2012, 04:13:50 AM |
|
Zhou, talk to Mark at mtgox. i bet there's something he can do to intercept at least some of these coins as the thief tries to cash out on mtgox.
|
|
|
|
cablepair
|
 |
March 02, 2012, 04:21:39 AM |
|
You’re a class act for standing behind your business and accepting the burden of loss yourself.
Your losses can be decreased substantially if you wait to reimburse your clients until after the associated market drop that will follow this event.
+1 but I have to ask, is there something I am missing here, why was this wallet with over $200k worth of bitcoins not encrypted with a strong password?
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1010
|
 |
March 02, 2012, 04:22:05 AM |
|
Maybe you should consider reducing your hot wallet? A little inconvenience is a lot better than losing that much money.
|
|
|
|
|