Bitcoin Forum
April 24, 2014, 11:01:49 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 2 [3] 4 5 6 7 8  All
  Print  
Author Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized  (Read 35986 times)
btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW

Ignore
March 02, 2012, 04:41:13 AM
 #41

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
Unbeatable Service & Product Support
Grab Your Miners at GAWMiners.com
Order Before April 25th to receive
Double your Hashing Power for 1 week!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398337309
Hero Member
*
Offline Offline

Posts: 1398337309

View Profile Personal Message (Offline)

Ignore
1398337309
Reply with quote  #2

1398337309
Report to moderator
1398337309
Hero Member
*
Offline Offline

Posts: 1398337309

View Profile Personal Message (Offline)

Ignore
1398337309
Reply with quote  #2

1398337309
Report to moderator
1398337309
Hero Member
*
Offline Offline

Posts: 1398337309

View Profile Personal Message (Offline)

Ignore
1398337309
Reply with quote  #2

1398337309
Report to moderator
Clipse
SCAMMER
Hero Member
*****
Offline Offline

Activity: 504


View Profile

Ignore
March 02, 2012, 04:41:32 AM
 #42

Watch MTGOX, Im telling you someone is dumping these coins right now.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
smickles
Sr. Member
****
Offline Offline

Activity: 446



View Profile WWW

Ignore
March 02, 2012, 04:42:35 AM
 #43

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?

bbit
Hero Member
*****
Offline Offline

Activity: 1050


Bitcoin


View Profile

Ignore
March 02, 2012, 04:44:01 AM
 #44

Watch MTGOX, Im telling you someone is dumping these coins right now.

This is right . Why not catch the thief at this part of the chain?

BitcoinStarter.com - The First Bitcoin CrowdFunding site!
Videos4BTC.info - Video clips of girls stripping for BTC!
DopeCoin.com - A Billion Dollar Market!
btc_artist
Full Member
***
Offline Offline

Activity: 154


Bitcoin!


View Profile WWW

Ignore
March 02, 2012, 04:44:51 AM
 #45

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
Yes, an attack like that could also be done, although it would have to be slightly more sophisticated than today's attack. Likely you would modify bitcoind to log the passphrase to a file somewhere.

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile

Ignore
March 02, 2012, 04:45:00 AM
 #46

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
Pretty sure such a random suspicious reboot would cause the poolop to review the server before entering any creds anywhere. Especially when his Linode access manager says that there was a login to his account a few minutes before, not caused by him.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
kiba
Hero Member
*****
Offline Offline

Activity: 980


View Profile

Ignore
March 02, 2012, 04:45:40 AM
 #47

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.


IANASE, but keep in mind that AML increase barrier of entry, reducing competition and privacy of users. Keeping record of user identity is also a security liability if identity thieves get their hand on it.

mrb
Hero Member
*****
Offline Offline

Activity: 1008

Audite me. Discite ab meam sapientiam.


View Profile WWW

Ignore
March 02, 2012, 04:45:56 AM
 #48

We didn't have the opportunity to scan our whole system for suspicious transactions that were not initiated from our customers because we had to shut down the system immediately after we've discovered the huge loss. We did get a rough estimate and we published a press release to warn our users about the deposit address replacement.

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount.

When you introduced Bitcoinica, you claimed one of your security advantages was that you "did not operate a Bitcoin wallet" and that "all your funds are stored on MtGox". Source: https://bitcointalk.org/index.php?topic=42267.msg514429#msg514429

However this theft makes it apparent that you changed your mind, as you lost a wallet. Why did you change your mind about hosting the wallet on your own servers? You had a great idea, you should have stuck with it.

Sergey (imcex.com)
Newbie
*
Offline Offline

Activity: 22


View Profile WWW

Ignore
March 02, 2012, 04:46:10 AM
 #49

zhoutong, I do appreciate what your are doing for the community. This is a hell of responsibility your are taking, good job.

But, please, explain me - how could you be keeping the whole bunch of Bitcoins in a single wallet running on the VPS (!!!) in the wild? Having $200,000-250,000 worth customers' funds would make me invest my own money in renting dedicated server at least. Or two. Considering even this not being totally secure - it still would provide much more security at $50/month cost.

But hell, who cares about security at $50/month! Being a hero at $200 grands is much more effective!

Join IMCEX.COM - Secure Bitcoin Exchange. (https://imcex.com)
Clipse
SCAMMER
Hero Member
*****
Offline Offline

Activity: 504


View Profile

Ignore
March 02, 2012, 04:47:18 AM
 #50

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.

If Mark isnt aware of watching for this, he might just let this guy withdraw all the funds over a few days, Im not sure what the endgame is however some individual(yes it was way to coordinated, watch the graphs) solely dumped just over 20k BTC allready.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
cablepair
SCAMMER
Hero Member
*****
Offline Offline

Activity: 672


http://www.BTCFPGA.com


View Profile WWW

Ignore
March 02, 2012, 04:47:37 AM
 #51

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
Pretty sure such a random suspicious reboot would cause the poolop to review the server before entering any creds anywhere. Especially when his Linode access manager says that there was a login to his account a few minutes before, not caused by him.
+1, the idea that this hacker is sitting here watching a packet sniffer or a keylogger and the admin of the server with an encrypted wallet holding $200k+ is not going to think something suspicions is preposterous

it would take multiple fails for this scenario to be successful and the bottom line is an encrypted wallet would likely have saved this money. The problem is these web applications have not been developed to the level where they are able to interact with encrypted wallets. point blank.
cablepair
SCAMMER
Hero Member
*****
Offline Offline

Activity: 672


http://www.BTCFPGA.com


View Profile WWW

Ignore
March 02, 2012, 04:49:28 AM
 #52

and again +200k to the op for being a man and taking care of this in a responsible way, im just trying to bring awareness on how we can secure bitcoin for the future. I have only like 80 bitcoins in my wallet right now but you can damn well better believe it is in encrypted with a completely uncrackable password.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile

Ignore
March 02, 2012, 04:50:04 AM
 #53

Why did you change your mind about hosting the wallet?
my bet: mtgox limitations
^This. Especially when they are upwards of 1/3rd of MtGox's transaction volume.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bbit
Hero Member
*****
Offline Offline

Activity: 1050


Bitcoin


View Profile

Ignore
March 02, 2012, 04:50:15 AM
 #54

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.

If Mark isnt aware of watching for this, he might just let this guy withdraw all the funds over a few days, Im not sure what the endgame is however some individual(yes it was way to coordinated, watch the graphs) solely dumped just over 20k BTC allready.

The thinking is as someone told me on another thread is these thief(s) steal Bitcoin and spend bitcoin at silkroad etc., etc.,  which seems totally stupid to me then again I'm not a thief. What again happened the allinvain person again - did that thief cash out the BTC  at the $10,000 a mo. @ Mt.Gox ?

BitcoinStarter.com - The First Bitcoin CrowdFunding site!
Videos4BTC.info - Video clips of girls stripping for BTC!
DopeCoin.com - A Billion Dollar Market!
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406


View Profile

Ignore
March 02, 2012, 04:50:41 AM
 #55

and again +200k to the op for being a man and taking care of this in a responsible way, im just trying to bring awareness on how we can secure bitcoin for the future. I have only like 80 bitcoins in my wallet right now but you can damn well better believe it is in encrypted with a completely uncrackable password.


Nothing is "uncrackable" given the amount of time.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile

Ignore
March 02, 2012, 04:51:07 AM
 #56

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.

If Mark isnt aware of watching for this, he might just let this guy withdraw all the funds over a few days, Im not sure what the endgame is however some individual(yes it was way to coordinated, watch the graphs) solely dumped just over 20k BTC allready.

The thinking is as someone told me on another thread is these thief(s) steal Bitcoin and spend bitcoin at silkroad etc., etc.,  which seems totally stupid to me then again I'm not a thief. What again happened the allinvain person again - did that thief cash out the BTC  at the $10,000 a mo. @ Mt.Gox ?
Most of the coins are still floating around up there in la-la land.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
kiba
Hero Member
*****
Offline Offline

Activity: 980


View Profile

Ignore
March 02, 2012, 04:52:09 AM
 #57

Nothing is "uncrackable" given the amount of time.

If you don't remember your password, it's as good as lost(Unless you found a way to crack them in a reasonable amount of time). There's a tradeoff between convenience and security.

Clipse
SCAMMER
Hero Member
*****
Offline Offline

Activity: 504


View Profile

Ignore
March 02, 2012, 04:59:24 AM
 #58

and its still dumping, will probably create a false panic selloff.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
cypherdoc
Hero Member
*****
Offline Offline

Activity: 1120



View Profile

Ignore
March 02, 2012, 05:00:37 AM
 #59

i would hold off on the congrats to Zhou until he actually delivers the coins.  that is a lot to deliver.
k9quaint
Hero Member
*****
Offline Offline

Activity: 882



View Profile

Ignore
March 02, 2012, 05:01:53 AM
 #60

Maybe the attacker will pull an "Omar" and sell the coins back to him for 40 cents on the dollar.  Shocked

Bitcoin is backed by the full faith and credit of YouTube comments.
Pages: 1 2 [3] 4 5 6 7 8  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!