Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized

[Clipse]

Watch MTGOX, Im telling you someone is dumping these coins right now.

[smickles]

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.

why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?

You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.

am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?

[bbit]

Watch MTGOX, Im telling you someone is dumping these coins right now.

This is right . Why not catch the thief at this part of the chain?

[btc_artist]

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.

why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?

You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.

am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?

Yes, an attack like that could also be done, although it would have to be slightly more sophisticated than today's attack. Likely you would modify bitcoind to log the passphrase to a file somewhere.

[rjk]

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.

why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?

You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.

am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?

Pretty sure such a random suspicious reboot would cause the poolop to review the server before entering any creds anywhere. Especially when his Linode access manager says that there was a login to his account a few minutes before, not caused by him.

[kiba]

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.


IANASE, but keep in mind that AML increase barrier of entry, reducing competition and privacy of users. Keeping record of user identity is also a security liability if identity thieves get their hand on it.

[mrb]

We didn't have the opportunity to scan our whole system for suspicious transactions that were not initiated from our customers because we had to shut down the system immediately after we've discovered the huge loss. We did get a rough estimate and we published a press release to warn our users about the deposit address replacement.

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount.

When you introduced Bitcoinica, you claimed one of your security advantages was that you "did not operate a Bitcoin wallet" and that "all your funds are stored on MtGox". Source: https://bitcointalk.org/index.php?topic=42267.msg514429#msg514429

However this theft makes it apparent that you changed your mind, as you lost a wallet. Why did you change your mind about hosting the wallet on your own servers? You had a great idea, you should have stuck with it.

[Sergey (imcex.com)]

zhoutong, I do appreciate what your are doing for the community. This is a hell of responsibility your are taking, good job.

But, please, explain me - how could you be keeping the whole bunch of Bitcoins in a single wallet running on the VPS (!!!) in the wild? Having $200,000-250,000 worth customers' funds would make me invest my own money in renting dedicated server at least. Or two. Considering even this not being totally secure - it still would provide much more security at $50/month cost.

But hell, who cares about security at $50/month! Being a hero at $200 grands is much more effective!

[Clipse]

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.

If Mark isnt aware of watching for this, he might just let this guy withdraw all the funds over a few days, Im not sure what the endgame is however some individual(yes it was way to coordinated, watch the graphs) solely dumped just over 20k BTC allready.

[cablepair]

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.

why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?

You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.

am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?

Pretty sure such a random suspicious reboot would cause the poolop to review the server before entering any creds anywhere. Especially when his Linode access manager says that there was a login to his account a few minutes before, not caused by him.

+1, the idea that this hacker is sitting here watching a packet sniffer or a keylogger and the admin of the server with an encrypted wallet holding $200k+ is not going to think something suspicions is preposterous

it would take multiple fails for this scenario to be successful and the bottom line is an encrypted wallet would likely have saved this money. The problem is these web applications have not been developed to the level where they are able to interact with encrypted wallets. point blank.

[cablepair]

and again +200k to the op for being a man and taking care of this in a responsible way, im just trying to bring awareness on how we can secure bitcoin for the future. I have only like 80 bitcoins in my wallet right now but you can damn well better believe it is in encrypted with a completely uncrackable password.

[rjk]

Why did you change your mind about hosting the wallet?

my bet: mtgox limitations

^This. Especially when they are upwards of 1/3rd of MtGox's transaction volume.

[bbit]

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.

If Mark isnt aware of watching for this, he might just let this guy withdraw all the funds over a few days, Im not sure what the endgame is however some individual(yes it was way to coordinated, watch the graphs) solely dumped just over 20k BTC allready.

The thinking is as someone told me on another thread is these thief(s) steal Bitcoin and spend bitcoin at silkroad etc., etc.,  which seems totally stupid to me then again I'm not a thief. What again happened the allinvain person again - did that thief cash out the BTC  at the $10,000 a mo. @ Mt.Gox ?

[Eveofwar]

and again +200k to the op for being a man and taking care of this in a responsible way, im just trying to bring awareness on how we can secure bitcoin for the future. I have only like 80 bitcoins in my wallet right now but you can damn well better believe it is in encrypted with a completely uncrackable password.

Nothing is "uncrackable" given the amount of time.

[rjk]

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.

If Mark isnt aware of watching for this, he might just let this guy withdraw all the funds over a few days, Im not sure what the endgame is however some individual(yes it was way to coordinated, watch the graphs) solely dumped just over 20k BTC allready.

The thinking is as someone told me on another thread is these thief(s) steal Bitcoin and spend bitcoin at silkroad etc., etc.,  which seems totally stupid to me then again I'm not a thief. What again happened the allinvain person again - did that thief cash out the BTC  at the $10,000 a mo. @ Mt.Gox ?

Most of the coins are still floating around up there in la-la land.

[kiba]

Nothing is "uncrackable" given the amount of time.

If you don't remember your password, it's as good as lost(Unless you found a way to crack them in a reasonable amount of time). There's a tradeoff between convenience and security.

[Clipse]

and its still dumping, will probably create a false panic selloff.

[cypherdoc]

i would hold off on the congrats to Zhou until he actually delivers the coins.  that is a lot to deliver.

[k9quaint]

Maybe the attacker will pull an "Omar" and sell the coins back to him for 40 cents on the dollar. 

[Etlase2]

bananas

B-A-N-A-N-A-S

3k was one thing, but 44k? damn