Bitcoin Forum
March 28, 2024, 08:51:44 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 7 8 »  All
  Print  
Author Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized  (Read 56369 times)
proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1309



View Profile
March 02, 2012, 07:41:05 AM
 #81

I'm impressed with the way Z has handled this so far.  Sufficiently impressed that I've decided not to withdraw the bitcoin I have in bitcoinica.  Hopefully, like MtGox, bitcoinica will emerge from this more secure than ever.

Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
Unlike traditional banking where clients have only a few account numbers, with Bitcoin people can create an unlimited number of accounts (addresses). This can be used to easily track payments, and it improves anonymity.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711659104
Hero Member
*
Offline Offline

Posts: 1711659104

View Profile Personal Message (Offline)

Ignore
1711659104
Reply with quote  #2

1711659104
Report to moderator
1711659104
Hero Member
*
Offline Offline

Posts: 1711659104

View Profile Personal Message (Offline)

Ignore
1711659104
Reply with quote  #2

1711659104
Report to moderator
caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
March 02, 2012, 08:44:20 AM
 #82

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount.

I'm sincerely impressed by your good behavior here. Congratulations.

Can't you try to sue Linode or something? This is mainly their fault. I wouldn't be surprised at all if the attacker is a rogue employee of theirs.
Brian DeLoach
VIP
Full Member
*
Offline Offline

Activity: 166
Merit: 100


View Profile
March 02, 2012, 08:54:28 AM
 #83


This comment is oddly prophetic.

Quote from: jerf
I'm going to pitch a different take than a few others: Yes, great initiative, please keep trying things and building things, but end this project now. There are no probable outcomes where you do not end up having to explain where thousands of dollars of other people's money went to some angry people.

I do wonder how an 18 year old is going to come up with $200,000 worth of bitcoins as reimbursement. I don't know how profitable bitcoinica has been, but that much money seems too much to overcome.
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 08:54:48 AM
 #84

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount.

I'm sincerely impressed by your good behavior here. Congratulations.

Can't you try to sue Linode or something? This is mainly their fault. I wouldn't be surprised at all if the attacker is a rogue employee of theirs.

Unofficially, already working on it.

Officially, I'm not working with Bitcoinica and can't comment.

zby
Legendary
*
Offline Offline

Activity: 1592
Merit: 1001


View Profile
March 02, 2012, 09:12:06 AM
 #85

The question now is were user passwords compromised?  I would assume an affirmative answer to this, even if they were encrypted - this is only a matter of time.  Just like with the historical MtGox hack bitcoinica now should shutdown and go through a round of account claiming.
racerguy
Sr. Member
****
Offline Offline

Activity: 270
Merit: 250


View Profile
March 02, 2012, 09:13:11 AM
 #86

are deposits working?  I deposited 0.1btc's from mining a while ago that still aren't showing up, 13confirms so far.
racerguy
Sr. Member
****
Offline Offline

Activity: 270
Merit: 250


View Profile
March 02, 2012, 09:14:15 AM
 #87

The question now is were user passwords compromised?  I would assume an affirmative answer to this, even if they were encrypted - this is only a matter of time.  Just like with the historical MtGox hack bitcoinica now should shutdown and go through a round of account claiming.

The way I understood it only a machine with the hot wallet was hacked, not machines holding user data.
FlipPro
Legendary
*
Offline Offline

Activity: 1764
Merit: 1015


View Profile
March 02, 2012, 09:20:11 AM
 #88

Zhous got the fucking dough WOW!  Cheesy
Koekiemonster
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250


Bitbuy.nl!


View Profile
March 02, 2012, 10:14:40 AM
 #89

Tough hit Zhou! I hope P2SH will leave major hacking incidents behind us, another great lesson learned here.

I actually don't understand why everybody seems to be surprised Zhou is able to cover these losses. If you look at their volume and fees I think they easily covered this, huge hit nonetheless.

https://www.bitbuy.nl - Koop eenvoudig, snel en goedkoop bitcoins bij Bitbuy!
Bitcointalk topic over Bitbuy!
muyuu
Donator
Legendary
*
Offline Offline

Activity: 980
Merit: 1000



View Profile
March 02, 2012, 10:29:45 AM
 #90

I'm a bit surprised that this whole turn of events hasn't hit the market more, to be honest.

Just goes to show how successful a short, directed attack can be. 1/4M from a bunch of accounts in a matter of minutes, and the perp is nowhere to be found...

At the end of the day, a VPS is an untrusted party and you cannot put your private keys there. They stop being private at all. Single point of failure and all that jazz...

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
piuk
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1005



View Profile WWW
March 02, 2012, 10:48:15 AM
 #91

Sorry to hear about this zhoutong,

This will be a test of whether bitcoin is truly anonymous and un-blockable. Will the hacker be able to successfully launder and exchange this volume of stolen coins? I don't know if it is better if they are successful or not.

Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
March 02, 2012, 11:10:54 AM
 #92

My condolences for the theft mate Sad

Technomage
Legendary
*
Offline Offline

Activity: 2184
Merit: 1056


Affordable Physical Bitcoins - Denarium.com


View Profile WWW
March 02, 2012, 11:32:03 AM
 #93

People who think the dumps at Mt. Gox is the stolen money, are absolutely clueless about everything. Gox takes money laundering more seriously than any other Bitcoin exchange. The thief would be out of his mind to try selling the coins via Gox, not now or ever.

There are better ways to do it. What we're seeing now at Gox is speculators selling because there has been serious bad news in the Bitcoin world. That's about it.

Denarium closing sale discounts now up to 43%! Check out our products from here!
Mageant
Legendary
*
Offline Offline

Activity: 1145
Merit: 1001



View Profile WWW
March 02, 2012, 12:11:40 PM
 #94

Good work, Zhou.
 Smiley

cjgames.com
muyuu
Donator
Legendary
*
Offline Offline

Activity: 980
Merit: 1000



View Profile
March 02, 2012, 01:34:32 PM
 #95



Probably not, but none of us need to know the addresses that go through MtGox. Only MtGox needs to know. All we need to know is what MtGox is going to do about it if they find one, and that is up to them to tell us, since we agree to the user agreement when we make our accounts and we support them as a community by giving them our business.

Sure, but if we're going to have some sort of collaborative tracking of coins stolen in big hacks, that kind of information would be very useful. MtGox and other exchanges could also transfer coins to a number of accounts publicly to their name at some point (either to store them or to pass them out) and that would also help.

Since MtGox already stated publicly that the coins were not the same ones, it's very clear he's just out to cause trouble.

Since I tend to ignore Paraipan's posts I'm not sure what you're talking about here, to be frank.

It was just an idea. Probably having a public statistical tracking service would not be a great idea. After all, one would only know if the BTC he just received are significantly tainted AFTER receiving them...

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500


Hero VIP ultra official trusted super staff puppet


View Profile
March 02, 2012, 01:53:48 PM
 #96

@Matthew N. Wright i'm only doing this to help the robbed people out for Christ sake
You're misguided. We are already helping the 'robbed people' out by asking questions. You are making statements and asking people to break other laws just to make you happy. You're as misguided now as you were when you filed a police report because Zhou Tong didn't answer you quickly enough.

Being honest is important. I am completely honest that Zhou Tong dropped the ball by ignoring our advice to be collocated instead of using the magical cloud he loves so much. I support him and believe since he is covering the costs himself, he has learned his lesson and will move on. He's a bright kid who just needs some polishing.

I am not advocating secrecy, I am advocating common sense. What your asking for doesn't help anyone. What you think is necessary isn't even necessary. Yet, you're not listening to anyone and you can't give a good reason. Why would anyone support you? Start asking questions and giving reasons instead of making demands and statements against things.

putting my reputation in line with people like you calling me names.
Your reputation is not in line with me. You do not work with me. I had held on to you against the recommendation of every-single-participating-party in the Bitcoin Magazine because I didn't believe it was fair to judge you on a single instance of irresponsible behavior (regardless of how large and idiotic it was) for filing a worthless police report against Zhou and bragging about it on the forums. Today however, before this thread was started, I removed you from the magazine completely for continuing to be over-the-top, ignoring facts, and just pushing pushing pushing, like a wannabe cop with no jurisdiction.

Which side you on Matthew ? Gavin, SLush, Zhoutong and other bitcoiners or the robbers side ?
Slush and ZhouTong are both in the DCAO with me. Gavin might be too. Other Bitcoiners do business with me. The robber might too (who knows!). I am not on anyones side. I am on the side of common sense, as always. You are not making any sense. Your demands, even if provided, would help no one and hurt people in the process. Your continued denial of this shows your ignorance, your continued lack of self explanation and clarification shows your stubbornness and your continued self important vagaries about how you're going to help when people who are actually helping right now don't even need what you're asking for shows me that you're so out of the loop you should just be ignored.

Why am I responding to you then? Because it's in my nature to care, as obnoxious and vicious as I come across, it is in my nature to never ignore people who need a good punch in the face. I would do it to you, I would do it to my own father. Humans are humans and we all need a good check once in a while. This is your check.

That isn't much info at all and already public, you wouldn't know who deposited which coins only MtGox, but they already know that, right ?
Trust the powers that be or stop supporting them. You are not a shareholder of MtGox. You are not a recognized legal official. You are not representing anyone right now. If you are curious and want to "do your part", then start asking questions and stop asking people to do things for you like you are an all-knowing investigator, ready to file your weekly police reports!

Help me out dude, damn it.
Trust me, I am. You just don't realize it yet.

glitch003
Full Member
***
Offline Offline

Activity: 219
Merit: 101


View Profile
March 02, 2012, 02:29:25 PM
 #97


This comment is oddly prophetic.

Quote from: jerf
I'm going to pitch a different take than a few others: Yes, great initiative, please keep trying things and building things, but end this project now. There are no probable outcomes where you do not end up having to explain where thousands of dollars of other people's money went to some angry people.

I do wonder how an 18 year old is going to come up with $200,000 worth of bitcoins as reimbursement. I don't know how profitable bitcoinica has been, but that much money seems too much to overcome.

He said it's not a problem as the companies historical profits are high enough to cover it.  Zhou is a smart guy, smarter than leaving all his profit in bitcoins on a internet-accessible server.  If anything, it's a testament to Bitcoinica's success.  (This is assuming that Zhou does in fact stick to his word)
Etlase2
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
March 02, 2012, 02:49:13 PM
 #98

He said it's not a problem as the companies historical profits are high enough to cover it.  Zhou is a smart guy, smarter than leaving all his profit in bitcoins on a internet-accessible server.  If anything, it's a testament to Bitcoinica's success.  (This is assuming that Zhou does in fact stick to his word)

If he has made enough to cover it, it would certainly seem to be in his best interest to stick to his word.

sgbett
Legendary
*
Offline Offline

Activity: 2576
Merit: 1087



View Profile
March 02, 2012, 02:59:55 PM
 #99

@Matthew N. Wright i'm only doing this to help the robbed people out for Christ sake
You're misguided. We are already helping the 'robbed people' out by asking questions. You are making statements and asking people to break other laws just to make you happy. You're as misguided now as you were when you filed a police report because Zhou Tong didn't answer you quickly enough.

Being honest is important. I am completely honest that Zhou Tong dropped the ball by ignoring our advice to be collocated instead of using the magical cloud he loves so much. I support him and believe since he is covering the costs himself, he has learned his lesson and will move on. He's a bright kid who just needs some polishing.

I am not advocating secrecy, I am advocating common sense. What your asking for doesn't help anyone. What you think is necessary isn't even necessary. Yet, you're not listening to anyone and you can't give a good reason. Why would anyone support you? Start asking questions and giving reasons instead of making demands and statements against things.

putting my reputation in line with people like you calling me names.
Your reputation is not in line with me. You do not work with me. I had held on to you against the recommendation of every-single-participating-party in the Bitcoin Magazine because I didn't believe it was fair to judge you on a single instance of irresponsible behavior (regardless of how large and idiotic it was) for filing a worthless police report against Zhou and bragging about it on the forums. Today however, before this thread was started, I removed you from the magazine completely for continuing to be over-the-top, ignoring facts, and just pushing pushing pushing, like a wannabe cop with no jurisdiction.

Which side you on Matthew ? Gavin, SLush, Zhoutong and other bitcoiners or the robbers side ?
Slush and ZhouTong are both in the DCAO with me. Gavin might be too. Other Bitcoiners do business with me. The robber might too (who knows!). I am not on anyones side. I am on the side of common sense, as always. You are not making any sense. Your demands, even if provided, would help no one and hurt people in the process. Your continued denial of this shows your ignorance, your continued lack of self explanation and clarification shows your stubbornness and your continued self important vagaries about how you're going to help when people who are actually helping right now don't even need what you're asking for shows me that you're so out of the loop you should just be ignored.

Why am I responding to you then? Because it's in my nature to care, as obnoxious and vicious as I come across, it is in my nature to never ignore people who need a good punch in the face. I would do it to you, I would do it to my own father. Humans are humans and we all need a good check once in a while. This is your check.

That isn't much info at all and already public, you wouldn't know who deposited which coins only MtGox, but they already know that, right ?
Trust the powers that be or stop supporting them. You are not a shareholder of MtGox. You are not a recognized legal official. You are not representing anyone right now. If you are curious and want to "do your part", then start asking questions and stop asking people to do things for you like you are an all-knowing investigator, ready to file your weekly police reports!

Help me out dude, damn it.
Trust me, I am. You just don't realize it yet.

well said.

it's cliched but "keep calm and carry on" seems to be sage advice right now.

bad stuff happens all the time. its how you deal with it that counts, looks like bitcoinica/zhou is showing exactly what it/he's made of.

good work. keep it up, I'm not withdrawing anything. I don't thank anything has fundamentally changed, and if anything this is a good thing because this can only lead to more security.

"A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution" - Satoshi Nakamoto
*my posts are not investment advice*
runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
March 02, 2012, 03:14:10 PM
 #100

I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
Exactly how have you made the assessment of the security of the Mt. Gox platform that allows you to make this claim?

Tough hit Zhou! I hope P2SH will leave major hacking incidents behind us, another great lesson learned here.
I doubt it will. It will make it harder, no doubt about that, but theft will never be prevented. All we can hope for is a reduction in these occurrences, a lower profit to work ratio (how much work the thief has to put in for a certain amount of profit). But as soon as the price of Bitcoins double, the profit to reward ratio will double as well.
Pages: « 1 2 3 4 [5] 6 7 8 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!