Bitcoin Forum
December 08, 2016, 08:17:59 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 [5] 6 7 8 »  All
  Print  
Author Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized  (Read 52311 times)
roomservice
Full Member
***
Offline Offline

Activity: 190



View Profile
March 02, 2012, 07:37:42 AM
 #81

Sorry for your loss zhoutong!

To be honest, this incident brought Bitcoinica to my attention for the first time.

Really great service, i just registered and made a deposit!

Wish you the best and good luck for the future.

"Tonight's the night. And it's going to happen again, and again. It has to happen. Nice night."
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481185079
Hero Member
*
Offline Offline

Posts: 1481185079

View Profile Personal Message (Offline)

Ignore
1481185079
Reply with quote  #2

1481185079
Report to moderator
1481185079
Hero Member
*
Offline Offline

Posts: 1481185079

View Profile Personal Message (Offline)

Ignore
1481185079
Reply with quote  #2

1481185079
Report to moderator
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
March 02, 2012, 07:41:05 AM
 #82

I'm impressed with the way Z has handled this so far.  Sufficiently impressed that I've decided not to withdraw the bitcoin I have in bitcoinica.  Hopefully, like MtGox, bitcoinica will emerge from this more secure than ever.
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
March 02, 2012, 08:44:20 AM
 #83

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount.

I'm sincerely impressed by your good behavior here. Congratulations.

Can't you try to sue Linode or something? This is mainly their fault. I wouldn't be surprised at all if the attacker is a rogue employee of theirs.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
Brian DeLoach
VIP
Full Member
*
Offline Offline

Activity: 158


View Profile
March 02, 2012, 08:54:28 AM
 #84


This comment is oddly prophetic.

Quote from: jerf
I'm going to pitch a different take than a few others: Yes, great initiative, please keep trying things and building things, but end this project now. There are no probable outcomes where you do not end up having to explain where thousands of dollars of other people's money went to some angry people.

I do wonder how an 18 year old is going to come up with $200,000 worth of bitcoins as reimbursement. I don't know how profitable bitcoinica has been, but that much money seems too much to overcome.

Quote from: Matthew N. Wright
I use the blockchain to power my rotating love bed.
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 08:54:48 AM
 #85

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount.

I'm sincerely impressed by your good behavior here. Congratulations.

Can't you try to sue Linode or something? This is mainly their fault. I wouldn't be surprised at all if the attacker is a rogue employee of theirs.

Unofficially, already working on it.

Officially, I'm not working with Bitcoinica and can't comment.

zby
Legendary
*
Offline Offline

Activity: 1431


View Profile
March 02, 2012, 09:12:06 AM
 #86

The question now is were user passwords compromised?  I would assume an affirmative answer to this, even if they were encrypted - this is only a matter of time.  Just like with the historical MtGox hack bitcoinica now should shutdown and go through a round of account claiming.
racerguy
Sr. Member
****
Offline Offline

Activity: 271


View Profile
March 02, 2012, 09:13:11 AM
 #87

are deposits working?  I deposited 0.1btc's from mining a while ago that still aren't showing up, 13confirms so far.
racerguy
Sr. Member
****
Offline Offline

Activity: 271


View Profile
March 02, 2012, 09:14:15 AM
 #88

The question now is were user passwords compromised?  I would assume an affirmative answer to this, even if they were encrypted - this is only a matter of time.  Just like with the historical MtGox hack bitcoinica now should shutdown and go through a round of account claiming.

The way I understood it only a machine with the hot wallet was hacked, not machines holding user data.
FlipPro
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
March 02, 2012, 09:20:11 AM
 #89

Zhous got the fucking dough WOW!  Cheesy

Tweet For Coins http://uptweet.com
Koekiemonster
Sr. Member
****
Offline Offline

Activity: 321


Bitbuy.nl!


View Profile
March 02, 2012, 10:14:40 AM
 #90

Tough hit Zhou! I hope P2SH will leave major hacking incidents behind us, another great lesson learned here.

I actually don't understand why everybody seems to be surprised Zhou is able to cover these losses. If you look at their volume and fees I think they easily covered this, huge hit nonetheless.

https://www.bitbuy.nl - Koop eenvoudig, snel en goedkoop bitcoins bij Bitbuy!
Bitcointalk topic over Bitbuy!
muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
March 02, 2012, 10:29:45 AM
 #91

I'm a bit surprised that this whole turn of events hasn't hit the market more, to be honest.

Just goes to show how successful a short, directed attack can be. 1/4M from a bunch of accounts in a matter of minutes, and the perp is nowhere to be found...

At the end of the day, a VPS is an untrusted party and you cannot put your private keys there. They stop being private at all. Single point of failure and all that jazz...

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
March 02, 2012, 10:48:15 AM
 #92

Sorry to hear about this zhoutong,

This will be a test of whether bitcoin is truly anonymous and un-blockable. Will the hacker be able to successfully launder and exchange this volume of stolen coins? I don't know if it is better if they are successful or not.

Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
March 02, 2012, 11:10:54 AM
 #93

My condolences for the theft mate Sad

Technomage
Legendary
*
Offline Offline

Activity: 1624


Affordable Physical Bitcoins - Denarium.com


View Profile WWW
March 02, 2012, 11:32:03 AM
 #94

People who think the dumps at Mt. Gox is the stolen money, are absolutely clueless about everything. Gox takes money laundering more seriously than any other Bitcoin exchange. The thief would be out of his mind to try selling the coins via Gox, not now or ever.

There are better ways to do it. What we're seeing now at Gox is speculators selling because there has been serious bad news in the Bitcoin world. That's about it.

Denarium - Leading Physical Bitcoin Manufacturer - Special Xmas deals now live!
Mageant
Legendary
*
Offline Offline

Activity: 1079



View Profile WWW
March 02, 2012, 12:11:40 PM
 #95

Good work, Zhou.
 Smiley

  ►  NEW ECONOMY MOVEMENT  ◄ 
  100% built from scratch • revolutionary forging mechanism • fairly distributed

BIETCOIN.DE - Kleinanzeigenmarkt für Bitcoin
muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
March 02, 2012, 01:34:32 PM
 #96



Probably not, but none of us need to know the addresses that go through MtGox. Only MtGox needs to know. All we need to know is what MtGox is going to do about it if they find one, and that is up to them to tell us, since we agree to the user agreement when we make our accounts and we support them as a community by giving them our business.

Sure, but if we're going to have some sort of collaborative tracking of coins stolen in big hacks, that kind of information would be very useful. MtGox and other exchanges could also transfer coins to a number of accounts publicly to their name at some point (either to store them or to pass them out) and that would also help.

Since MtGox already stated publicly that the coins were not the same ones, it's very clear he's just out to cause trouble.

Since I tend to ignore Paraipan's posts I'm not sure what you're talking about here, to be frank.

It was just an idea. Probably having a public statistical tracking service would not be a great idea. After all, one would only know if the BTC he just received are significantly tainted AFTER receiving them...

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 01:53:48 PM
 #97

@Matthew N. Wright i'm only doing this to help the robbed people out for Christ sake
You're misguided. We are already helping the 'robbed people' out by asking questions. You are making statements and asking people to break other laws just to make you happy. You're as misguided now as you were when you filed a police report because Zhou Tong didn't answer you quickly enough.

Being honest is important. I am completely honest that Zhou Tong dropped the ball by ignoring our advice to be collocated instead of using the magical cloud he loves so much. I support him and believe since he is covering the costs himself, he has learned his lesson and will move on. He's a bright kid who just needs some polishing.

I am not advocating secrecy, I am advocating common sense. What your asking for doesn't help anyone. What you think is necessary isn't even necessary. Yet, you're not listening to anyone and you can't give a good reason. Why would anyone support you? Start asking questions and giving reasons instead of making demands and statements against things.

putting my reputation in line with people like you calling me names.
Your reputation is not in line with me. You do not work with me. I had held on to you against the recommendation of every-single-participating-party in the Bitcoin Magazine because I didn't believe it was fair to judge you on a single instance of irresponsible behavior (regardless of how large and idiotic it was) for filing a worthless police report against Zhou and bragging about it on the forums. Today however, before this thread was started, I removed you from the magazine completely for continuing to be over-the-top, ignoring facts, and just pushing pushing pushing, like a wannabe cop with no jurisdiction.

Which side you on Matthew ? Gavin, SLush, Zhoutong and other bitcoiners or the robbers side ?
Slush and ZhouTong are both in the DCAO with me. Gavin might be too. Other Bitcoiners do business with me. The robber might too (who knows!). I am not on anyones side. I am on the side of common sense, as always. You are not making any sense. Your demands, even if provided, would help no one and hurt people in the process. Your continued denial of this shows your ignorance, your continued lack of self explanation and clarification shows your stubbornness and your continued self important vagaries about how you're going to help when people who are actually helping right now don't even need what you're asking for shows me that you're so out of the loop you should just be ignored.

Why am I responding to you then? Because it's in my nature to care, as obnoxious and vicious as I come across, it is in my nature to never ignore people who need a good punch in the face. I would do it to you, I would do it to my own father. Humans are humans and we all need a good check once in a while. This is your check.

That isn't much info at all and already public, you wouldn't know who deposited which coins only MtGox, but they already know that, right ?
Trust the powers that be or stop supporting them. You are not a shareholder of MtGox. You are not a recognized legal official. You are not representing anyone right now. If you are curious and want to "do your part", then start asking questions and stop asking people to do things for you like you are an all-knowing investigator, ready to file your weekly police reports!

Help me out dude, damn it.
Trust me, I am. You just don't realize it yet.

glitch003
Full Member
***
Offline Offline

Activity: 216


View Profile WWW
March 02, 2012, 02:29:25 PM
 #98


This comment is oddly prophetic.

Quote from: jerf
I'm going to pitch a different take than a few others: Yes, great initiative, please keep trying things and building things, but end this project now. There are no probable outcomes where you do not end up having to explain where thousands of dollars of other people's money went to some angry people.

I do wonder how an 18 year old is going to come up with $200,000 worth of bitcoins as reimbursement. I don't know how profitable bitcoinica has been, but that much money seems too much to overcome.

He said it's not a problem as the companies historical profits are high enough to cover it.  Zhou is a smart guy, smarter than leaving all his profit in bitcoins on a internet-accessible server.  If anything, it's a testament to Bitcoinica's success.  (This is assuming that Zhou does in fact stick to his word)

Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
March 02, 2012, 02:49:13 PM
 #99

He said it's not a problem as the companies historical profits are high enough to cover it.  Zhou is a smart guy, smarter than leaving all his profit in bitcoins on a internet-accessible server.  If anything, it's a testament to Bitcoinica's success.  (This is assuming that Zhou does in fact stick to his word)

If he has made enough to cover it, it would certainly seem to be in his best interest to stick to his word.

sgbett
Legendary
*
Offline Offline

Activity: 1330



View Profile
March 02, 2012, 02:59:55 PM
 #100

@Matthew N. Wright i'm only doing this to help the robbed people out for Christ sake
You're misguided. We are already helping the 'robbed people' out by asking questions. You are making statements and asking people to break other laws just to make you happy. You're as misguided now as you were when you filed a police report because Zhou Tong didn't answer you quickly enough.

Being honest is important. I am completely honest that Zhou Tong dropped the ball by ignoring our advice to be collocated instead of using the magical cloud he loves so much. I support him and believe since he is covering the costs himself, he has learned his lesson and will move on. He's a bright kid who just needs some polishing.

I am not advocating secrecy, I am advocating common sense. What your asking for doesn't help anyone. What you think is necessary isn't even necessary. Yet, you're not listening to anyone and you can't give a good reason. Why would anyone support you? Start asking questions and giving reasons instead of making demands and statements against things.

putting my reputation in line with people like you calling me names.
Your reputation is not in line with me. You do not work with me. I had held on to you against the recommendation of every-single-participating-party in the Bitcoin Magazine because I didn't believe it was fair to judge you on a single instance of irresponsible behavior (regardless of how large and idiotic it was) for filing a worthless police report against Zhou and bragging about it on the forums. Today however, before this thread was started, I removed you from the magazine completely for continuing to be over-the-top, ignoring facts, and just pushing pushing pushing, like a wannabe cop with no jurisdiction.

Which side you on Matthew ? Gavin, SLush, Zhoutong and other bitcoiners or the robbers side ?
Slush and ZhouTong are both in the DCAO with me. Gavin might be too. Other Bitcoiners do business with me. The robber might too (who knows!). I am not on anyones side. I am on the side of common sense, as always. You are not making any sense. Your demands, even if provided, would help no one and hurt people in the process. Your continued denial of this shows your ignorance, your continued lack of self explanation and clarification shows your stubbornness and your continued self important vagaries about how you're going to help when people who are actually helping right now don't even need what you're asking for shows me that you're so out of the loop you should just be ignored.

Why am I responding to you then? Because it's in my nature to care, as obnoxious and vicious as I come across, it is in my nature to never ignore people who need a good punch in the face. I would do it to you, I would do it to my own father. Humans are humans and we all need a good check once in a while. This is your check.

That isn't much info at all and already public, you wouldn't know who deposited which coins only MtGox, but they already know that, right ?
Trust the powers that be or stop supporting them. You are not a shareholder of MtGox. You are not a recognized legal official. You are not representing anyone right now. If you are curious and want to "do your part", then start asking questions and stop asking people to do things for you like you are an all-knowing investigator, ready to file your weekly police reports!

Help me out dude, damn it.
Trust me, I am. You just don't realize it yet.

well said.

it's cliched but "keep calm and carry on" seems to be sage advice right now.

bad stuff happens all the time. its how you deal with it that counts, looks like bitcoinica/zhou is showing exactly what it/he's made of.

good work. keep it up, I'm not withdrawing anything. I don't thank anything has fundamentally changed, and if anything this is a good thing because this can only lead to more security.

http://haschinabannedbitcoin.com
Full Node: http://46.51.193.129 (BU)
"A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution" - Satoshi Nakamoto
Pages: « 1 2 3 4 [5] 6 7 8 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!