Bitcoin Forum
November 11, 2024, 01:21:19 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 »  All
  Print  
Author Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized  (Read 56416 times)
Clipse
Hero Member
*****
Offline Offline

Activity: 504
Merit: 502


View Profile
March 02, 2012, 04:41:32 AM
 #41

Watch MTGOX, Im telling you someone is dumping these coins right now.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
smickles
Sr. Member
****
Offline Offline

Activity: 446
Merit: 250



View Profile WWW
March 02, 2012, 04:42:35 AM
 #42

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?

bbit
Legendary
*
Offline Offline

Activity: 1330
Merit: 1000


Bitcoin


View Profile
March 02, 2012, 04:44:01 AM
 #43

Watch MTGOX, Im telling you someone is dumping these coins right now.

This is right . Why not catch the thief at this part of the chain?


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄           
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █               
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
btc_artist
Full Member
***
Offline Offline

Activity: 154
Merit: 102

Bitcoin!


View Profile WWW
March 02, 2012, 04:44:51 AM
 #44

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
Yes, an attack like that could also be done, although it would have to be slightly more sophisticated than today's attack. Likely you would modify bitcoind to log the passphrase to a file somewhere.

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
March 02, 2012, 04:45:00 AM
 #45

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
Pretty sure such a random suspicious reboot would cause the poolop to review the server before entering any creds anywhere. Especially when his Linode access manager says that there was a login to his account a few minutes before, not caused by him.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1020


View Profile
March 02, 2012, 04:45:40 AM
 #46

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.


IANASE, but keep in mind that AML increase barrier of entry, reducing competition and privacy of users. Keeping record of user identity is also a security liability if identity thieves get their hand on it.

mrb
Legendary
*
Offline Offline

Activity: 1512
Merit: 1028


View Profile WWW
March 02, 2012, 04:45:56 AM
 #47

We didn't have the opportunity to scan our whole system for suspicious transactions that were not initiated from our customers because we had to shut down the system immediately after we've discovered the huge loss. We did get a rough estimate and we published a press release to warn our users about the deposit address replacement.

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount.

When you introduced Bitcoinica, you claimed one of your security advantages was that you "did not operate a Bitcoin wallet" and that "all your funds are stored on MtGox". Source: https://bitcointalk.org/index.php?topic=42267.msg514429#msg514429

However this theft makes it apparent that you changed your mind, as you lost a wallet. Why did you change your mind about hosting the wallet on your own servers? You had a great idea, you should have stuck with it.
Sergey (imcex.com)
Newbie
*
Offline Offline

Activity: 20
Merit: 0


View Profile WWW
March 02, 2012, 04:46:10 AM
 #48

zhoutong, I do appreciate what your are doing for the community. This is a hell of responsibility your are taking, good job.

But, please, explain me - how could you be keeping the whole bunch of Bitcoins in a single wallet running on the VPS (!!!) in the wild? Having $200,000-250,000 worth customers' funds would make me invest my own money in renting dedicated server at least. Or two. Considering even this not being totally secure - it still would provide much more security at $50/month cost.

But hell, who cares about security at $50/month! Being a hero at $200 grands is much more effective!
Clipse
Hero Member
*****
Offline Offline

Activity: 504
Merit: 502


View Profile
March 02, 2012, 04:47:18 AM
 #49

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.

If Mark isnt aware of watching for this, he might just let this guy withdraw all the funds over a few days, Im not sure what the endgame is however some individual(yes it was way to coordinated, watch the graphs) solely dumped just over 20k BTC allready.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
cablepair
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000


Buy this account on March-2019. New Owner here!!


View Profile WWW
March 02, 2012, 04:47:37 AM
 #50

i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
Pretty sure such a random suspicious reboot would cause the poolop to review the server before entering any creds anywhere. Especially when his Linode access manager says that there was a login to his account a few minutes before, not caused by him.
+1, the idea that this hacker is sitting here watching a packet sniffer or a keylogger and the admin of the server with an encrypted wallet holding $200k+ is not going to think something suspicions is preposterous

it would take multiple fails for this scenario to be successful and the bottom line is an encrypted wallet would likely have saved this money. The problem is these web applications have not been developed to the level where they are able to interact with encrypted wallets. point blank.
cablepair
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000


Buy this account on March-2019. New Owner here!!


View Profile WWW
March 02, 2012, 04:49:28 AM
 #51

and again +200k to the op for being a man and taking care of this in a responsible way, im just trying to bring awareness on how we can secure bitcoin for the future. I have only like 80 bitcoins in my wallet right now but you can damn well better believe it is in encrypted with a completely uncrackable password.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
March 02, 2012, 04:50:04 AM
 #52

Why did you change your mind about hosting the wallet?
my bet: mtgox limitations
^This. Especially when they are upwards of 1/3rd of MtGox's transaction volume.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bbit
Legendary
*
Offline Offline

Activity: 1330
Merit: 1000


Bitcoin


View Profile
March 02, 2012, 04:50:15 AM
 #53

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.

If Mark isnt aware of watching for this, he might just let this guy withdraw all the funds over a few days, Im not sure what the endgame is however some individual(yes it was way to coordinated, watch the graphs) solely dumped just over 20k BTC allready.

The thinking is as someone told me on another thread is these thief(s) steal Bitcoin and spend bitcoin at silkroad etc., etc.,  which seems totally stupid to me then again I'm not a thief. What again happened the allinvain person again - did that thief cash out the BTC  at the $10,000 a mo. @ Mt.Gox ?


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄           
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █               
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
Eveofwar
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


View Profile
March 02, 2012, 04:50:41 AM
 #54

and again +200k to the op for being a man and taking care of this in a responsible way, im just trying to bring awareness on how we can secure bitcoin for the future. I have only like 80 bitcoins in my wallet right now but you can damn well better believe it is in encrypted with a completely uncrackable password.


Nothing is "uncrackable" given the amount of time.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
March 02, 2012, 04:51:07 AM
 #55

Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.

If Mark isnt aware of watching for this, he might just let this guy withdraw all the funds over a few days, Im not sure what the endgame is however some individual(yes it was way to coordinated, watch the graphs) solely dumped just over 20k BTC allready.

The thinking is as someone told me on another thread is these thief(s) steal Bitcoin and spend bitcoin at silkroad etc., etc.,  which seems totally stupid to me then again I'm not a thief. What again happened the allinvain person again - did that thief cash out the BTC  at the $10,000 a mo. @ Mt.Gox ?
Most of the coins are still floating around up there in la-la land.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1020


View Profile
March 02, 2012, 04:52:09 AM
 #56

Nothing is "uncrackable" given the amount of time.

If you don't remember your password, it's as good as lost(Unless you found a way to crack them in a reasonable amount of time). There's a tradeoff between convenience and security.

Clipse
Hero Member
*****
Offline Offline

Activity: 504
Merit: 502


View Profile
March 02, 2012, 04:59:24 AM
 #57

and its still dumping, will probably create a false panic selloff.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
March 02, 2012, 05:00:37 AM
 #58

i would hold off on the congrats to Zhou until he actually delivers the coins.  that is a lot to deliver.
k9quaint
Legendary
*
Offline Offline

Activity: 1190
Merit: 1000



View Profile
March 02, 2012, 05:01:53 AM
 #59

Maybe the attacker will pull an "Omar" and sell the coins back to him for 40 cents on the dollar.  Shocked

Bitcoin is backed by the full faith and credit of YouTube comments.
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
March 02, 2012, 05:02:05 AM
 #60

bananas

B-A-N-A-N-A-S

3k was one thing, but 44k? damn

Pages: « 1 2 [3] 4 5 6 7 8 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!