Bitcoin Forum
December 05, 2016, 04:36:54 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 [6] 7 8 »  All
  Print  
Author Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized  (Read 52293 times)
runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
March 02, 2012, 03:14:10 PM
 #101

I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
Exactly how have you made the assessment of the security of the Mt. Gox platform that allows you to make this claim?

Tough hit Zhou! I hope P2SH will leave major hacking incidents behind us, another great lesson learned here.
I doubt it will. It will make it harder, no doubt about that, but theft will never be prevented. All we can hope for is a reduction in these occurrences, a lower profit to work ratio (how much work the thief has to put in for a certain amount of profit). But as soon as the price of Bitcoins double, the profit to reward ratio will double as well.
1480912614
Hero Member
*
Offline Offline

Posts: 1480912614

View Profile Personal Message (Offline)

Ignore
1480912614
Reply with quote  #2

1480912614
Report to moderator
1480912614
Hero Member
*
Offline Offline

Posts: 1480912614

View Profile Personal Message (Offline)

Ignore
1480912614
Reply with quote  #2

1480912614
Report to moderator
1480912614
Hero Member
*
Offline Offline

Posts: 1480912614

View Profile Personal Message (Offline)

Ignore
1480912614
Reply with quote  #2

1480912614
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480912614
Hero Member
*
Offline Offline

Posts: 1480912614

View Profile Personal Message (Offline)

Ignore
1480912614
Reply with quote  #2

1480912614
Report to moderator
1480912614
Hero Member
*
Offline Offline

Posts: 1480912614

View Profile Personal Message (Offline)

Ignore
1480912614
Reply with quote  #2

1480912614
Report to moderator
1480912614
Hero Member
*
Offline Offline

Posts: 1480912614

View Profile Personal Message (Offline)

Ignore
1480912614
Reply with quote  #2

1480912614
Report to moderator
Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
March 02, 2012, 04:14:45 PM
 #102

I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
Exactly how have you made the assessment of the security of the Mt. Gox platform that allows you to make this claim?

Their word that they rewrote the code for it from scratch, closed down all access they could, and are now storing most coins in offline storage. Also them putting limits on all withdrawals, requiring some type of ID for anyone wishing to withdraw substantial funds, and being the first to use two factor authentication. Plus the part about them still being the top exchange by volume by far, and yet not being hacked since that last incident almost 9 months ago. Also, I wouldn't be surprised if a lot of the common sense ideas everyone uses now (cold storage, withdrawal limits, two factor option) were things people didn't care about until MtGox incident, and which they got from MtGox since then. I wouldn't be surprised if Bitcoinica came up with new security procedures that everyone else six months from now would look back on as a no-brainer, and at the very least this would emphasize the urgency of implementing multi-sig security, whereas without it people would have greeted the change with a "meh." In fact, I'd go as far as to say we were about due for another major security breach to get people to learn more about or invent better security measures. The more that happens during Bitcoin's development stage the better.

muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
March 02, 2012, 04:17:05 PM
 #103

I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
Exactly how have you made the assessment of the security of the Mt. Gox platform that allows you to make this claim?

Their word that they rewrote the code for it from scratch, closed down all access they could, and are now storing most coins in offline storage. Also them putting limits on all withdrawals, requiring some type of ID for anyone wishing to withdraw substantial funds, and being the first to use two factor authentication. Plus the part about them still being the top exchange by volume by far, and yet not being hacked since that last incident almost 9 months ago. Also, I wouldn't be surprised if a lot of the common sense ideas everyone uses now (cold storage, withdrawal limits, two factor option) were things people didn't care about until MtGox incident, and which they got from MtGox since then. I wouldn't be surprised if Bitcoinica came up with new security procedures that everyone else six months from now would look back on as a no-brainer, and at the very least this would emphasize the urgency of implementing multi-sig security, whereas without it people would have greeted the change with a "meh." In fact, I'd go as far as to say we were about due for another major security breach to get people to learn more about or invent better security measures. The more that happens during Bitcoin's development stage the better.

In reality we have one true measure regarding to security and its perception in the Bitcoin community: time passed since last big fuck-up.

It was just reset to zero yesterday. In the particular case of MtGox, we have it running at under a year still.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
March 02, 2012, 04:18:10 PM
 #104

I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
Exactly how have you made the assessment of the security of the Mt. Gox platform that allows you to make this claim?

Their word that they rewrote the code for it from scratch, closed down all access they could, and are now storing most coins in offline storage. Also them putting limits on all withdrawals, requiring some type of ID for anyone wishing to withdraw substantial funds, and being the first to use two factor authentication. Plus the part about them still being the top exchange by volume by far, and yet not being hacked since that last incident almost 9 months ago. Also, I wouldn't be surprised if a lot of the common sense ideas everyone uses now (cold storage, withdrawal limits, two factor option) were things people didn't care about until MtGox incident, and which they got from MtGox since then. I wouldn't be surprised if Bitcoinica came up with new security procedures that everyone else six months from now would look back on as a no-brainer, and at the very least this would emphasize the urgency of implementing multi-sig security, whereas without it people would have greeted the change with a "meh." In fact, I'd go as far as to say we were about due for another major security breach to get people to learn more about or invent better security measures. The more that happens during Bitcoin's development stage the better.

i agree with this.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
March 02, 2012, 05:06:49 PM
 #105

In reality we have one true measure regarding to security and its perception in the Bitcoin community: time passed since last big fuck-up.

It was just reset to zero yesterday. In the particular case of MtGox, we have it running at under a year still.
It's not really a "fuck-up" if the server provider is compromised. the mtgox breach was caused by a employee that had access to the db, which is totally different.

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
March 02, 2012, 05:09:00 PM
 #106

Rassah, you are a bastion of common sense.

Common sense is just common, not sensical. What MtGox and Bitcoinica were doing before they got hacked was common sense  Cool

muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
March 02, 2012, 05:16:54 PM
 #107

In reality we have one true measure regarding to security and its perception in the Bitcoin community: time passed since last big fuck-up.

It was just reset to zero yesterday. In the particular case of MtGox, we have it running at under a year still.
It's not really a "fuck-up" if the server provider is compromised. the mtgox breach was caused by a employee that had access to the db, which is totally different.

It doesn't matter who fucked up. It's a combination of things. Criminals have stashed a big amount of coins from important figureheads in the community. For the layman this translates as "BTC are insecure, even their gurus get stolen."

Notice I was talking about security and its perception.

Personally I think one should never store his private keys anywhere it can be seen in any form they can possibly be seen, so the responsibility would be shared.

True enough, VPS's are nice and cheap. I use them. But I don't put any private keys in them, or anything that can be directly stolen.

Hopefully this is a learnt lesson now.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
Elwar
Legendary
*
Offline Offline

Activity: 1932


www.bitpools.com


View Profile WWW
March 02, 2012, 05:19:53 PM
 #108

Bitcoin is definitely not yet ready for prime time when it comes to large companies where several people have access to the money with no paper trail if it goes missing.

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
goodlord666
Sr. Member
****
Offline Offline

Activity: 434


100%


View Profile
March 02, 2012, 05:21:03 PM
 #109

Again, we would like to reassure that trading will not be in any way affected and we are already in the process of contacting Linode regarding this incident. The Bitcoinica system has not been compromised and our reserves are more than sufficient for regular trading activities.

Your writing style has improved exceptionally since the beginning! Keep it up!




MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile
March 02, 2012, 05:30:56 PM
 #110

Quote
Yes, our historical profit is fairly sufficient to cover the loss from this incident

From bitcoinica right now:

Quote
73,661.62 traded (56% hedged) 1.152% equivalent fees (indicative)

73661.62 BTC * 1.152 / 100 = 848.581862400 BTC

From Thursday, 1 September 2011 to Friday, 2 March 2012: 183 days.

If bitcoinica grew linearly (unlikely, but for the sake of argument)

848.581862400 * 183 / 2 = 77645.240409600 BTC, or less than twice the 43k lost.

Basically Zhou is putting most of this revenue to cover for this loss, which shows real mettle. To all the people going "o, he's a 17 yo kid": no. He's a 17 yo man.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
BadBear
v2.0
Administrator
Legendary
*
Offline Offline

Activity: 1652



View Profile WWW
March 02, 2012, 05:37:40 PM
 #111

He has a nice little business going, eventually he can hire staff to run it while he focuses on other things, using the profits as capital. So he's definitely gonna wanna keep it going.

1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
LoupGaroux
Sr. Member
****
Offline Offline

Activity: 420



View Profile
March 02, 2012, 05:42:51 PM
 #112

As the business owner he set the volume of his hot wallet based on what he believed to be his transactional needs. Hard to fault a businessman for trying to handle his customers needs well. He got ripped off and is standing behind his reputation and his service with his own money. Hard to fault a guy for being honest and showing some backbone in adversity.

Sounds like he may be getting some valuable advice about who should be the responsible party here... absolutely inexcusable that Linode permitted this vulnerability, and the responsibility is theirs to make good on all losses, irrespective of whatever exclusionary language they might have pasted into their service agreements. It is called fiduciary responsibility, and they failed.

54Gh/s bASIC Bitcoin Mining Devices
Pre-Order Yours Today!     
Only $1069.99 ! @ http://www.BitcoinASIC.com


Look^^ I'm selling my soul too!
Aggro
Donator
Sr. Member
*
Offline Offline

Activity: 296



View Profile
March 02, 2012, 06:32:44 PM
 #113

I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 06:44:06 PM
 #114

I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.

I don't know, I hacked VizVideo's phone banks and the St. Joseph county library network both using the method you just described --stumbling upon it.

stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
March 02, 2012, 07:18:29 PM
 #115

We didn't have the opportunity to scan our whole system for suspicious transactions that were not initiated from our customers because we had to shut down the system immediately after we've discovered the huge loss. We did get a rough estimate and we published a press release to warn our users about the deposit address replacement.

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount. For transparency, we would like to disclose all the suspicious transaction ids in this incident:

I hope you get insurance next time to account for any losses due to theft.

Doesn't exist.

You could only have the USD insured.

Any insurance can exist.  It is just a contract.  Of course if these thefts keeps happening then the premiums are going to be expensive.

Introducing constraints to the economy only serves to limit what can be economical.
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 07:21:29 PM
 #116

Any insurance can exist.  It is just a contract.  Of course if these thefts keeps happening then the premiums are going to be expensive.

I didn't say it won't ever exist, I said it doesn't exist. Now provide your link to the only service in the world that will insure bitcoins (because I've checked to London and back and there isn't one) or stop daydreaming outloud.

stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
March 02, 2012, 07:32:48 PM
 #117

Any insurance can exist.  It is just a contract.  Of course if these thefts keeps happening then the premiums are going to be expensive.

I didn't say it won't ever exist, I said it doesn't exist. Now provide your link to the only service in the world that will insure bitcoins (because I've checked to London and back and there isn't one) or stop daydreaming outloud.

What I am saying is a person needs to call a specialist insurance company and they will figure it out.  Did you call Lloyd's?

Introducing constraints to the economy only serves to limit what can be economical.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
March 02, 2012, 07:43:47 PM
 #118

Again, we would like to reassure that trading will not be in any way affected and we are already in the process of contacting Linode regarding this incident. The Bitcoinica system has not been compromised and our reserves are more than sufficient for regular trading activities.

Your writing style has improved exceptionally since the beginning! Keep it up!


Ironically, I was going to pen a similar sentiment, but you, goodlord666, beat me to it.
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 07:44:19 PM
 #119

Any insurance can exist.  It is just a contract.  Of course if these thefts keeps happening then the premiums are going to be expensive.

I didn't say it won't ever exist, I said it doesn't exist. Now provide your link to the only service in the world that will insure bitcoins (because I've checked to London and back and there isn't one) or stop daydreaming outloud.

What I am saying is a person needs to call a specialist insurance company and they will figure it out.  Did you call Lloyd's?

Are you kidding? They're the first I thought of!

Given the lack of assurance to the location of the bitcoins, the fact that the keys can be copied and moved, the volatility of the market value, and the inability to hold the only physical copies in any medium, they won't insure.

If it had a fixed price, I'd imagine they would insure it for more than it's spot value in fees, but what's the point of that?

ball4thegame
Jr. Member
*
Offline Offline

Activity: 35


View Profile
March 02, 2012, 07:45:42 PM
 #120

Just a thought to share with Zhou and others trying to locate the thief...

Approximately a week ago on the SR forums, there was someone who put out a $30,000 offer to anyone who would submit ID info and such to Mt Gox to enable him/her to withdraw from a large account without giving up his/her real information. Perhaps this was the hacker trying to cover his identity for his future 'endeavor'. Figured I would let people know.
Pages: « 1 2 3 4 5 [6] 7 8 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!