Bitcoin Forum
December 06, 2016, 06:12:28 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 [7] 8 »  All
  Print  
Author Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized  (Read 52305 times)
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 07:46:26 PM
 #121

Just a thought to share with Zhou and others trying to locate the thief...

Approximately a week ago on the SR forums, there was someone who put out a $30,000 offer to anyone who would submit ID info and such to Mt Gox to enable him/her to withdraw from a large account without giving up his/her real information. Perhaps this was the hacker trying to cover his identity for his future 'endeavor'. Figured I would let people know.

Link?

Bitcoin addresses contain a checksum, so it is very unlikely that mistyping an address will cause you to lose money.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Rassah
Legendary
*
Offline Offline

Activity: 1624


Director of Bitcoin100


View Profile
March 02, 2012, 07:47:50 PM
 #122

Insure for a certain amount of USD/Fiat based on business risks, instead of a specific BTC value. To be safe, the Bitcoin business operator can insure for more than they actually have in case they get more. It's doable. Just stupid expensive.

ball4thegame
Jr. Member
*
Offline Offline

Activity: 35


View Profile
March 02, 2012, 07:50:54 PM
 #123

Just a thought to share with Zhou and others trying to locate the thief...

Approximately a week ago on the SR forums, there was someone who put out a $30,000 offer to anyone who would submit ID info and such to Mt Gox to enable him/her to withdraw from a large account without giving up his/her real information. Perhaps this was the hacker trying to cover his identity for his future 'endeavor'. Figured I would let people know.

Link?

Can't access from work, will try to post it later if nobody else does. It was in the discussion section on the SR forums.
runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
March 02, 2012, 07:51:40 PM
 #124

I think insurance companies would get a lot of cases on their hands if they started insuring bitcoins. I mean, how can you insure something that can be stolen without leaving any trace?
mc_lovin
Legendary
*
Offline Offline

Activity: 1134


www.bitcointrading.com


View Profile WWW
March 02, 2012, 07:55:12 PM
 #125

i pretty much saw this coming.

neo_rage
Full Member
***
Offline Offline

Activity: 196



View Profile
March 02, 2012, 07:55:57 PM
 #126

Awesome. Hope that you guys solve this problem with a little troubles.

Thanks god I'm not mining at Bitcoinica, but i'm with you.

Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
March 02, 2012, 08:10:41 PM
 #127

Awesome. Hope that you guys solve this problem with a little troubles.

Thanks god I'm not mining at Bitcoinica, but i'm with you.

Bitcoinica is far from a mining pool Wink

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
March 02, 2012, 09:30:19 PM
 #128

I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.

They could have been observing bitcoin node ip addresses and found that 8 of them belonged to linode.  Could have observed that the transaction broadcasts of bitcoinica withdrawals were originating from one of those 8.  Then concluded that bitcoinica's hot wallet was on a linode VPS.

College of Bucking Bulls Knowledge
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
March 03, 2012, 12:17:16 PM
 #129

I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.

They could have been observing bitcoin node ip addresses and found that 8 of them belonged to linode.  Could have observed that the transaction broadcasts of bitcoinica withdrawals were originating from one of those 8.  Then concluded that bitcoinica's hot wallet was on a linode VPS.

Yes, but would it not be likely that he/they would need intimiate knowledge of the linode systems, meaning they would need to be a customer or already a sysadmin at Linode ?
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784


firstbits:1MinerQ


View Profile WWW
March 03, 2012, 12:46:08 PM
 #130

I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.

They could have been observing bitcoin node ip addresses and found that 8 of them belonged to linode.  Could have observed that the transaction broadcasts of bitcoinica withdrawals were originating from one of those 8.  Then concluded that bitcoinica's hot wallet was on a linode VPS.

Yes, but would it not be likely that he/they would need intimiate knowledge of the linode systems, meaning they would need to be a customer or already a sysadmin at Linode ?
No, this is exactly how hackers work. They explore and try tons of different attack vectors until they find ones that work. Whether this was an insider or not I don't know but certainly a hacker wouldn't need to be an insider. This is what they do. They find flaws and dig in deeper until they can leverage the flaws. (I'm saying hacker but a more correct term would be "cracker".)

muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
March 03, 2012, 12:52:33 PM
 #131

Bitcoinica was also in Rackspace, right?

Well, this just in http://www.rackspace.com/knowledge_center/content/slicehost-forum-archive-migration-and-conversion

Rackspace's slicehost forum user DB compromised. They are a bit unclear on how and what exactly was compromised, and why do they know it.

This shouldn't in theory affect rackspace users but is a fair warning on not reusing passwords and also not having your passwords anywhere near "the cloud"...

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
gamer4156
Sr. Member
****
Offline Offline

Activity: 368


View Profile
March 03, 2012, 06:20:13 PM
 #132

I remember seeing that post on SR as well.
btcash
Hero Member
*****
Offline Offline

Activity: 567



View Profile
March 03, 2012, 06:32:49 PM
 #133

How can you reimburse that much? Have you really made that much profit?

Yes, our historical profit is fairly sufficient to cover the loss from this incident, and we believe that it's the best interest for the community to keep running the business. We will take appropriate strategies and implement more security features to prevent this from happening ever again, even with the presence of dishonest partners or employees.
this is hard to believe. It takes MtGox around 2 months to earn that much and their volume is way larger then yours.

I am wondering why somemany bitcoin people used that hoster. There are thousands of hoster.

The Americans take our data privacy concerns seriously. - Hans-Peter Friedrich (German Federal Minister of the Interior)
stick_theman
Sr. Member
****
Offline Offline

Activity: 372


View Profile
March 03, 2012, 08:55:35 PM
 #134

How can you reimburse that much? Have you really made that much profit?

Yes, our historical profit is fairly sufficient to cover the loss from this incident, and we believe that it's the best interest for the community to keep running the business. We will take appropriate strategies and implement more security features to prevent this from happening ever again, even with the presence of dishonest partners or employees.
this is hard to believe. It takes MtGox around 2 months to earn that much and their volume is way larger then yours.

I am wondering why somemany bitcoin people used that hoster. There are thousands of hoster.

Bitcoinica is leveraged as compared to MtGox.  I have a lot of respect for you, ZT.
kurtosis
Newbie
*
Offline Offline

Activity: 17

What is this I don't even


View Profile
March 04, 2012, 09:23:09 AM
 #135

I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
I was wondering about that, being one of the people whose account was hacked.  How do you know this?

https://cryptanalys.is/profile.php?u=kurtosis
runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
March 04, 2012, 02:18:00 PM
 #136

How can you reimburse that much? Have you really made that much profit?

Yes, our historical profit is fairly sufficient to cover the loss from this incident, and we believe that it's the best interest for the community to keep running the business. We will take appropriate strategies and implement more security features to prevent this from happening ever again, even with the presence of dishonest partners or employees.
this is hard to believe. It takes MtGox around 2 months to earn that much and their volume is way larger then yours.
Mt. Gox only charges (at most) 0.6% in fees. Bitcoinica currently charges the equivalent of 1.168%
in fees (https://www.bitcoinica.com/ bottom page) and allows leveraged trading (buying/selling more bitcoins/dollars than you actually have). So when a guy like this short sells for $130,000 worth of bitcoins, Bitcoinica makes around $1500 in, quite literally, no time.

I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
I was wondering about that, being one of the people whose account was hacked.  How do you know this?
I would argue that he doesn't know this. This is his reasoning: https://bitcointalk.org/index.php?topic=66979.msg779780#msg779780
I'm not saying Mt. Gox isn't secure though, please don't misunderstand me. I'm just saying we have no way of knowing - with absolute certainty - if they are. I think this is a relevant point.

Many people thought the Titanic was unable to sink. Until it sank.
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
March 04, 2012, 06:14:19 PM
 #137

How can you reimburse that much? Have you really made that much profit?

Yes, our historical profit is fairly sufficient to cover the loss from this incident, and we believe that it's the best interest for the community to keep running the business. We will take appropriate strategies and implement more security features to prevent this from happening ever again, even with the presence of dishonest partners or employees.
this is hard to believe. It takes MtGox around 2 months to earn that much and their volume is way larger then yours.
Mt. Gox only charges (at most) 0.6% in fees. Bitcoinica currently charges the equivalent of 1.168%
in fees (https://www.bitcoinica.com/ bottom page) and allows leveraged trading (buying/selling more bitcoins/dollars than you actually have). So when a guy like this short sells for $130,000 worth of bitcoins, Bitcoinica makes around $1500 in, quite literally, no time.


Bitcoinica spreads take the market depth into account. We don't charge fees directly. Most of the time, trading on Bitcoinica is just slightly more expensive than Mt. Gox for heavy traders (who pay 0.3% at Mt. Gox), and usually cheaper for infrequent traders.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
Seal
Donator
Hero Member
*
Offline Offline

Activity: 833


View Profile WWW
March 06, 2012, 01:36:35 AM
 #138

+1 to zhoutong. Respect.

Given the community collectively has a massive amount of skilled IT resource available. Why not put up some kind of community raised bounty for those 'skilled enough' to expose the thief.

I wonder if any of the 'anonymous' crowd would like some work...

ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
March 06, 2012, 03:21:40 AM
 #139

Here is my question. Why was it ever a good idea to be running a site like this where someone else has access to your machine? These types of operations should be run from locked up racks.

LightRider
Legendary
*
Offline Offline

Activity: 1488


I advocate the Zeitgeist Movement & Venus Project.


View Profile WWW
March 06, 2012, 04:41:38 AM
 #140

I don't know if this is related, but I just received a very strange, very small amount of bitcoin that I was not expecting. Is anyone else out there receiving such transactions?

http://blockchain.info/tx-index/3059769/de3177f4e929d4deb1984889aa7ad79fd2e78075e41babbda23315bb5135e71f

Edit: It looks like someone is sending out small amounts of bitcoin to a large number of public addresses in alphabetical order...I think I just got tainted...


Nevermind, I am unduely paranoid.

Bitcoin combines money, the wrongest thing in the world, with software, the easiest thing in the world to get wrong.
Visit www.thevenusproject.com and www.theZeitgeistMovement.com.
Pages: « 1 2 3 4 5 6 [7] 8 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!