Bitcoin Forum
April 19, 2014, 06:54:18 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 8  All
  Print  
Author Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized  (Read 35828 times)
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW

Ignore
March 02, 2012, 03:37:39 AM
 #1

We didn't have the opportunity to scan our whole system for suspicious transactions that were not initiated from our customers because we had to shut down the system immediately after we've discovered the huge loss. We did get a rough estimate and we published a press release to warn our users about the deposit address replacement.

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount. For transparency, we would like to disclose all the suspicious transaction ids in this incident:

{
        "account" : "",
        "address" : "1F3czt4VGUGdmrXW4qbh8hbQZ1hcHpwFGT",
        "category" : "send",
        "amount" : -1999.00000000,
        "fee" : -0.01750000,
        "confirmations" : 99,
        "txid" : "5a09f4ef0e91bc7bc044365cd27236fe4ac3c02088ac21ab51c93c8a11d33d4b",
        "time" : 1330584607
    },
    {
        "account" : "",
        "address" : "1DMuVKe9PKpx3dbs2b2MnXuVmLfA4drHif",
        "category" : "send",
        "amount" : -20555.00000000,
        "fee" : 0.00000000,
        "confirmations" : 99,
        "txid" : "7b45c1742ca9f544cccd92d319ef8a5e19b7dcb8742990724c6a9c2f569ae732",
        "time" : 1330584607
    },
    {
        "account" : "",
        "address" : "13CmJpbAueuWiPKw3UYU4vXEcZ4WzP6nxt",
        "category" : "send",
        "amount" : -3000.00000000,
        "fee" : 0.00000000,
        "confirmations" : 99,
        "txid" : "901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3",
        "time" : 1330584607
    },
    {
        "account" : "",
        "address" : "1978kFf3WKYiZsy89WX6qJ8vxWAbRWFGLq",
        "category" : "send",
        "amount" : -0.01002773,
        "fee" : 0.00000000,
        "confirmations" : 99,
        "txid" : "901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3",
        "time" : 1330584607
    },
    {
        "account" : "",
        "address" : "1JL7vc2Ecn8QeeBYdpAP22pVpaSP6Cni3J",
        "category" : "send",
        "amount" : -3000.00000000,
        "fee" : 0.00000000,
        "confirmations" : 99,
        "txid" : "a57132e2cbc580ac262aa3f7bac1e441d6573f9633118bc48009618585a0967e",
        "time" : 1330584607
    },
    {
        "account" : "",
        "address" : "13CmJpbAueuWiPKw3UYU4vXEcZ4WzP6nxt",
        "category" : "send",
        "amount" : -3000.00000000,
        "fee" : 0.00000000,
        "confirmations" : 99,
        "txid" : "a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68",
        "time" : 1330584607
    },
    {
        "account" : "",
        "address" : "15WoJ7L4AUfGHWdGj45NY9rFNiwU48woX2",
        "category" : "send",
        "amount" : -0.01002644,
        "fee" : 0.00000000,
        "confirmations" : 99,
        "txid" : "a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68",
        "time" : 1330584607
    },
    {
        "account" : "",
        "address" : "1NRy8GbX56MymBhDYMyqsNKwW9VupqKVG7",
        "category" : "send",
        "amount" : -2000.00000000,
        "fee" : 0.00000000,
        "confirmations" : 99,
        "txid" : "ff04763e3e8c93e43799dbbca833e183faad7e2611f20f136f47c2f1049481ae",
        "time" : 1330584607
    },
   {
        "account" : "",
        "address" : "1AaXeH5DuP6FpPxdCn9RGXKWhSG4r9Hq9q",
        "category" : "send",
        "amount" : -10000.00000000,
        "fee" : 0.00000000,
        "confirmations" : 99,
        "txid" : "0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0",
        "time" : 1330584607
    }

Again, we would like to reassure that trading will not be in any way affected and we are already in the process of contacting Linode regarding this incident. The Bitcoinica system has not been compromised and our reserves are more than sufficient for regular trading activities.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397890458
Hero Member
*
Offline Offline

Posts: 1397890458

View Profile Personal Message (Offline)

Ignore
1397890458
Reply with quote  #2

1397890458
Report to moderator
1397890458
Hero Member
*
Offline Offline

Posts: 1397890458

View Profile Personal Message (Offline)

Ignore
1397890458
Reply with quote  #2

1397890458
Report to moderator
1397890458
Hero Member
*
Offline Offline

Posts: 1397890458

View Profile Personal Message (Offline)

Ignore
1397890458
Reply with quote  #2

1397890458
Report to moderator
1397890458
Hero Member
*
Offline Offline

Posts: 1397890458

View Profile Personal Message (Offline)

Ignore
1397890458
Reply with quote  #2

1397890458
Report to moderator
theymos
Administrator
Hero Member
*
Offline Offline

Activity: 1540


View Profile
March 02, 2012, 03:39:23 AM
 #2

How can you reimburse that much? Have you really made that much profit?

cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
March 02, 2012, 03:39:58 AM
 #3

unbelievable.  and you're going to be able to reimburse all your customers?
cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
March 02, 2012, 03:40:51 AM
 #4

there goes Zhou's tuition.
bbit
Hero Member
*****
Offline Offline

Activity: 1050


Bitcoin


View Profile

Ignore
March 02, 2012, 03:41:47 AM
 #5

my mouth dropped  Shocked

BitcoinStarter.com - The First Bitcoin CrowdFunding site!
Videos4BTC.info - Video clips of girls stripping for BTC!
DopeCoin.com - A Billion Dollar Market!
tonto
Hero Member
*****
Offline Offline

Activity: 604



View Profile WWW

Ignore
March 02, 2012, 03:43:36 AM
 #6

*whew* my coins are still safe on his server.  Cheesy

*** This signature is for rent. ***
jimbobway
Hero Member
*****
Offline Offline

Activity: 1269



View Profile

Ignore
March 02, 2012, 03:44:16 AM
 #7

 Embarrassed Embarrassed Embarrassed
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW

Ignore
March 02, 2012, 03:44:31 AM
 #8

How can you reimburse that much? Have you really made that much profit?

Yes, our historical profit is fairly sufficient to cover the loss from this incident, and we believe that it's the best interest for the community to keep running the business. We will take appropriate strategies and implement more security features to prevent this from happening ever again, even with the presence of dishonest partners or employees.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
March 02, 2012, 03:45:38 AM
 #9

http://status.linode.com/2012/03/manager-security-incident.html



Quote
Manager Security Incident

Ensuring the security of our platform is our top priority. We maintain a strong security policy and aim to communicate openly should it ever be compromised. Thus, we are posting to describe a recent incident affecting the Linode Manager.

Here are the facts:

This morning, an intruder accessed a web-based Linode customer service portal. Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted.  All activity via the web portal is logged, and an exhaustive audit has provided the following:

All activity by the intruder was limited to a total of eight customers, all of which had references to "bitcoin".  The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins.  Those customers affected have been notified.  If you have not received a notification then your account is unaffected.  Again, only eight accounts were affected.

The portal does not have access to credit card information or Linode Manager user passwords.  Only those eight accounts were viewed or manipulated -- no other accounts were viewed or accessed.

Security is our number one priority and has been for over eight years. We depend on and value the trust our customers have placed in us. Now, more than ever, we remain committed to ensuring the safety and security of our customers' accounts, and will be reviewing our policies and procedures to prevent this from ever recurring.

ok, 8 accts:  Zhou, Gavin, Slush.  who are the other 5?
Clipse
SCAMMER
Hero Member
*****
Offline Offline

Activity: 504


View Profile

Ignore
March 02, 2012, 03:47:54 AM
 #10

I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
jimbobway
Hero Member
*****
Offline Offline

Activity: 1269



View Profile

Ignore
March 02, 2012, 03:48:20 AM
 #11

ok, 8 accts:  Zhou, Gavin, Slush.  who are the other 5?

Seems likely an attacker would have or has had a linode account as well...
Jointops420
Full Member
***
Offline Offline

Activity: 131


View Profile

Ignore
March 02, 2012, 03:48:42 AM
 #12

Bravo to you and slush. I am sure it will come back to you in trust but what a mongrel act that's been committed.
mb300sd
Hero Member
*****
Offline Offline

Activity: 896

troll (mini)whale, TO THE MOON!!! ┗(°0°)┛


View Profile

Ignore
March 02, 2012, 03:50:53 AM
 #13

http://status.linode.com/2012/03/manager-security-incident.html



Quote
Manager Security Incident

Ensuring the security of our platform is our top priority. We maintain a strong security policy and aim to communicate openly should it ever be compromised. Thus, we are posting to describe a recent incident affecting the Linode Manager.

Here are the facts:

This morning, an intruder accessed a web-based Linode customer service portal. Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted.  All activity via the web portal is logged, and an exhaustive audit has provided the following:

All activity by the intruder was limited to a total of eight customers, all of which had references to "bitcoin".  The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins.  Those customers affected have been notified.  If you have not received a notification then your account is unaffected.  Again, only eight accounts were affected.

The portal does not have access to credit card information or Linode Manager user passwords.  Only those eight accounts were viewed or manipulated -- no other accounts were viewed or accessed.

Security is our number one priority and has been for over eight years. We depend on and value the trust our customers have placed in us. Now, more than ever, we remain committed to ensuring the safety and security of our customers' accounts, and will be reviewing our policies and procedures to prevent this from ever recurring.

ok, 8 accts:  Zhou, Gavin, Slush.  who are the other 5?

I would hope zhou dosen't keep 40k btc on one server  Shocked, I assume more than 1 was bitcoinica

Bltcoin Libraries: https://github.com/mb300sd
┗(°0°)┛!!! 1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco !!! ┗(°0°)┛
jimbobway
Hero Member
*****
Offline Offline

Activity: 1269



View Profile

Ignore
March 02, 2012, 04:02:12 AM
 #14

zhoutong, thx for being part of the bitcoin community and being a class act.  I hope Linode provides you with all of the compensation.
deego
Donator
Sr. Member
*
Offline Offline

Activity: 315


1HjBRoxe5vHn3GQnyp5rs3qJCtgzMyr2aR


View Profile WWW

Ignore
March 02, 2012, 04:05:37 AM
 #15

we will reimburse our customers for the full amount.

Very nice of you. Hope you are some day able to recoup this and extract compensation from the responsible party (insecure host, and of course, the thief.)

 

1HjBRoxe5vHn3GQnyp5rs3qJCtgzMyr2aR
Rassah
Hero Member
*****
Offline Offline

Activity: 1064


Director of Bitcoin100


View Profile

Ignore
March 02, 2012, 04:07:51 AM
 #16

I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.

stick_theman
Sr. Member
****
Offline Offline

Activity: 372


View Profile

Ignore
March 02, 2012, 04:11:21 AM
 #17

Thanks Bitcoinica for keeping cool and maintain your integrity.

But, wtf @ Linode?!!!  Where's that Vice President?!!!  We need him to get on the forum ASAP!!!!!!  This has to be an inside/co-ordinated job.  All these happened at the same time.
The-Real-Link
Hero Member
*****
Offline Offline

Activity: 527



View Profile

Ignore
March 02, 2012, 04:12:03 AM
 #18

Wow that's one heck of an attack.  Terribly sorry to hear about the loss but hopefully you can recouperate in some way with the company or community.  

Is Linode like a version of Linux or server software, or just a hosting company such as 1&1, Dreamhost, GoDaddy etc.?  I suppose whether it is Windows, Linux, or Mac, if someone knows what they are doing it doesn't matter what software runs the wallet.  A user could get to the right files if they know.  

Oh Loaded, who art up in Mt. Gox, hallowed be thy name!  Thy dollars rain, thy will be done, on BTCUSD.  Give us this day our daily 10% 30%, and forgive the bears, as we have bought their bitcoins.  And lead us into quadruple digits
cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
March 02, 2012, 04:13:50 AM
 #19

Zhou, talk to Mark at mtgox.  i bet there's something he can do to intercept at least some of these coins as the thief tries to cash out on mtgox.
cablepair
SCAMMER
Hero Member
*****
Offline Offline

Activity: 672


http://www.BTCFPGA.com


View Profile WWW

Ignore
March 02, 2012, 04:21:39 AM
 #20

You’re a class act for standing behind your business and accepting the burden of loss yourself.

Your losses can be decreased substantially if you wait to reimburse your clients until after the associated market drop that will follow this event.


+1

but I have to ask, is there something I am missing here, why was this wallet with over $200k worth of bitcoins not encrypted with a strong password?
Pages: [1] 2 3 4 5 6 7 8  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!