Bitcoin Forum
March 28, 2024, 08:59:28 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: Nevermind.. Acct wasnt hacked  (Read 4693 times)
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1009


firstbits:1MinerQ


View Profile WWW
March 03, 2012, 05:28:05 AM
 #41

So thief puts coins on CryptoXchange to sell. The price is driven down as buyers flock over to get some cheap coins - arbitrage. Then they hear that the coins are coming from the theft and start to avoid because they're worried they'll be held up and don't want the hassle. So the volume dries up and CryptoXchange realizes that to stay liquid and competitive with other exchanges they need to watch for stolen coins like MtGox.

1711616368
Hero Member
*
Offline Offline

Posts: 1711616368

View Profile Personal Message (Offline)

Ignore
1711616368
Reply with quote  #2

1711616368
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711616368
Hero Member
*
Offline Offline

Posts: 1711616368

View Profile Personal Message (Offline)

Ignore
1711616368
Reply with quote  #2

1711616368
Report to moderator
1711616368
Hero Member
*
Offline Offline

Posts: 1711616368

View Profile Personal Message (Offline)

Ignore
1711616368
Reply with quote  #2

1711616368
Report to moderator
99Percent
Full Member
***
Offline Offline

Activity: 402
Merit: 100


🦜| Save Smart & Win 🦜


View Profile WWW
March 03, 2012, 05:28:53 AM
 #42

I don't know how much cryptoxchange is involved but whomever's account sold the coins is a good spot to start the investigation.  There are posts all over the forum about the stolen BTC and where a good portion are right now.
An investigation that would lead to what exactly?

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 03, 2012, 09:19:16 AM
 #43

uh oh  Undecided
muyuu
Donator
Legendary
*
Offline Offline

Activity: 980
Merit: 1000



View Profile
March 03, 2012, 11:30:14 AM
 #44

They will not confiscate the bitcoins

i wouldn't be so quick to assume that.

i'm sure that assumption is based on the amount, 7 btc, right?

what if it had been 7000 btc or 43000 btc? would mtgox confiscate them then? i'm thinking 'yes'.


Of course they wouldn't confiscate them, if they were satisfied that you weren't the thief. This account suspension occurs more often than you think it does, and as far as I know gets rectified reasonably quickly.

Sorry, but this is MtGox self-appointing themselves as BTC police. Beats me how can they require anything outside of their ToS on the spot and without any warnings. The truth of the matter is that they cannot prove these coins got to this user legitimately or not while we preserve anonymous transactions in the system. The only way would be to enforce identification for all transactions and even then it's possible to fake an identity.

Now I'm keeping my public keys as private as I can, lest someone "donate" coins to me out of the blue and taint me.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1009


firstbits:1MinerQ


View Profile WWW
March 03, 2012, 12:53:36 PM
 #45

Sorry, but this is MtGox self-appointing themselves as BTC police. Beats me how can they require anything outside of their ToS on the spot and without any warnings. The truth of the matter is that they cannot prove these coins got to this user legitimately or not while we preserve anonymous transactions in the system. The only way would be to enforce identification for all transactions and even then it's possible to fake an identity.

Now I'm keeping my public keys as private as I can, lest someone "donate" coins to me out of the blue and taint me.
But it is in their TOS. And I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself. So pretty much all coins get tainted over time. That isn't at all what MtGox is looking at. I'm pretty sure they're looking at ones where investigating may help trace how they got to the member. To be useful at all this would limit it to just a few transactions in depth. Maybe even just one deep.

muyuu
Donator
Legendary
*
Offline Offline

Activity: 980
Merit: 1000



View Profile
March 03, 2012, 12:59:39 PM
 #46

Sorry, but this is MtGox self-appointing themselves as BTC police. Beats me how can they require anything outside of their ToS on the spot and without any warnings. The truth of the matter is that they cannot prove these coins got to this user legitimately or not while we preserve anonymous transactions in the system. The only way would be to enforce identification for all transactions and even then it's possible to fake an identity.

Now I'm keeping my public keys as private as I can, lest someone "donate" coins to me out of the blue and taint me.
But it is in their TOS. And I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself. So pretty much all coins get tainted over time. That isn't at all what MtGox is looking at. I'm pretty sure they're looking at ones where investigating may help trace how they got to the member. To be useful at all this would limit it to just a few transactions in depth. Maybe even just one deep.

MtGox is looking at the closest tainted coins I guess. Taint (properly calculated) wouldn't be binary. Over time that would grow exponentially, as you said. But you can have likelihood measures of taint, in proportion to the size and length (sequential number) of transactions. This doesn't stop anyone from randomly giving you a significant amount of stolen coins, just because you have some already, making you immediately highly suspicious.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
finway
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
March 03, 2012, 03:16:25 PM
 #47

Watching.

Bro
Full Member
***
Offline Offline

Activity: 218
Merit: 100



View Profile
March 03, 2012, 03:17:36 PM
 #48

So thief puts coins on CryptoXchange to sell. The price is driven down as buyers flock over to get some cheap coins - arbitrage. Then they hear that the coins are coming from the theft and start to avoid because they're worried they'll be held up and don't want the hassle. So the volume dries up and CryptoXchange realizes that to stay liquid and competitive with other exchanges they need to watch for stolen coins like MtGox.

this.
malevolent
can into space
Legendary
*
Offline Offline

Activity: 3472
Merit: 1721



View Profile
March 04, 2012, 12:31:30 AM
 #49

I don't know how much cryptoxchange is involved but whomever's account sold the coins is a good spot to start the investigation.  There are posts all over the forum about the stolen BTC and where a good portion are right now.
An investigation that would lead to what exactly?

If he used his own pc without tor or proxy or used the account for usd deposits/withdrawals, locating him might be possible.

Signature space available for rent.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
March 04, 2012, 02:23:41 AM
 #50

An investigation that would lead to what exactly?

If he used his own pc without tor or proxy or used the account for usd deposits/withdrawals, locating him might be possible.

After a first sweep to consolidate stolen coins the thief's next movement was a transaction for 25,000 BTC.  The size for that transaction was 1337 bytes.    Someone with sufficient skill to create a transaction so that its size is specifically a certain number of bytes is going to know what steps are necessary to avoid detection.
 - http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
 - http://blockchain.info/tree/2893660

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1327



View Profile
March 04, 2012, 06:56:11 AM
 #51

I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself.

That was me.

It's 100k addresses, and 8 of mine, but you were close.

http://bitcoin.stackexchange.com/a/2900/659

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1009


firstbits:1MinerQ


View Profile WWW
March 04, 2012, 07:14:02 AM
 #52

I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself.

That was me.

It's 100k addresses, and 8 of mine, but you were close.

http://bitcoin.stackexchange.com/a/2900/659
Ah, yes. I really scrambled them up. I was mixing pizza and allinvain figures. Still shows how they really permeate the currency. I was too lazy to go find the link so very good you posted here.

Cryptoman
Hero Member
*****
Offline Offline

Activity: 726
Merit: 500



View Profile
March 04, 2012, 07:36:27 AM
 #53

After a first sweep to consolidate stolen coins the thief's next movement was a transaction for 25,000 BTC.  The size for that transaction was 1337 bytes.    Someone with sufficient skill to create a transaction so that its size is specifically a certain number of bytes is going to know what steps are necessary to avoid detection.
 - http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
 - http://blockchain.info/tree/2893660

I'm not sure I understand the significance of a transaction being an exact number of bytes, other than a smaller transaction having a higher priority.  Care to explain?

"A small body of determined spirits fired by an unquenchable faith in their mission can alter the course of history." --Gandhi
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1327



View Profile
March 04, 2012, 08:03:50 AM
 #54

After a first sweep to consolidate stolen coins the thief's next movement was a transaction for 25,000 BTC.  The size for that transaction was 1337 bytes.    Someone with sufficient skill to create a transaction so that its size is specifically a certain number of bytes is going to know what steps are necessary to avoid detection.
 - http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
 - http://blockchain.info/tree/2893660

I'm not sure I understand the significance of a transaction being an exact number of bytes, other than a smaller transaction having a higher priority.  Care to explain?

The exact number was 1337.

http://www.urbandictionary.com/define.php?term=1337
http://en.wikipedia.org/wiki/Leet

The digits look like "LEET", as in "elite".

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
phelix
Legendary
*
Offline Offline

Activity: 1708
Merit: 1019



View Profile
March 04, 2012, 10:43:02 AM
Last edit: March 05, 2012, 09:24:22 AM by phelix
 #55

After a first sweep to consolidate stolen coins the thief's next movement was a transaction for 25,000 BTC.  The size for that transaction was 1337 bytes.    Someone with sufficient skill to create a transaction so that its size is specifically a certain number of bytes is going to know what steps are necessary to avoid detection.
 - http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
 - http://blockchain.info/tree/2893660

I'm not sure I understand the significance of a transaction being an exact number of bytes, other than a smaller transaction having a higher priority.  Care to explain?

The exact number was 1337.

http://www.urbandictionary.com/define.php?term=1337
http://en.wikipedia.org/wiki/Leet

The digits look like "LEET", as in "elite".

while I hope they catch the guy I have to pull my hat to this move - it's almost blockchain art.  Smiley

edit: it was only coincidence, read below

dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1327



View Profile
March 04, 2012, 11:03:21 AM
 #56

The exact number was 1337.

http://www.urbandictionary.com/define.php?term=1337
http://en.wikipedia.org/wiki/Leet

The digits look like "LEET", as in "elite".

while I hope they catch the guy I have to pull my hat to this move - it's almost blockchain art.  Smiley

I was just looking at it.  I recently made a post on stackexchange explaining how to calculate the size of a transaction before you send it:  http://bitcoin.stackexchange.com/a/3011/659

( "if your transaction has in inputs and out outputs, the transaction size, in bytes will be: in*180 + out*34 + 10 plus or minus 'in' )

It turns out that if your transaction has 7 inputs and 2 outputs, then the transaction size is 1338 plus/minus 7, but with a binomial distribution.  This means that 1338 is the most common size (21% of 7-in, 2-out transactions), then 1337 and 1339 are the next most common (18.3% each), etc.  Over 94% of 7-in 2-out transactions have a size between 1335 and 1341 inclusive.  So perhaps the 1337 *was* just a coincidence.  It's not a rare transaction size.

Looking at the first ten 7-in 2-out transactions made by the thief while laundering his spoils, we see a random distribution of transaction sizes:

Code:
size 1337 - tx d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
size 1337 - tx 4533991cd3072d04ffbae4bc97ac0d69c4111d2266a99a2a3853eb28acf87315
size 1340 - tx d396e1f3117c7516270e68041f50183540aeece29860a8d8bb4ca00b4dd5b202
size 1336 - tx afea4f38c1a6c42303e41462df5671aaeb439f047808cc330b911668446d3b9a
size 1340 - tx eaa4390039b8c31fe8e2c7af80494eb47ccbd4456906b461c20e58bea7a38aff
size 1339 - tx 50fe1017ea020e0f20f45cb71d855dc8f935e5db654824f7355ae0258d5fc897
size 1337 - tx 3472d8d9bcda865fbf3c34f68e4c87dc85b8fac0d37495cf2d29e887fb033532
size 1340 - tx ea49f5cd1998a218023a4f1b9f6eff6fe3a5ce41e2c3cb71640e1205b92dc44d
size 1336 - tx 8c05029e5d2b49d1cf7881f29fc3978632f858620efaeb58fb5cb5abc5ec4611
size 1338 - tx d5c18faaa0f4daf8440b20905ef8a6eba49f09aa6178af115b51b35110eb34d6

Wouldn't a 'leet' thief modify their bitcoin client to make all the 7/2 transactions use a size of exactly 1337?

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500


Hero VIP ultra official trusted super staff puppet


View Profile
March 04, 2012, 12:43:28 PM
 #57

Wouldn't a 'leet' thief modify their bitcoin client to make all the 7/2 transactions use a size of exactly 1337?

Agreed wholeheartedly.

Seems coincidental.

If I had done it, they would have all been 8008135 bytes each.

Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
March 04, 2012, 06:58:20 PM
 #58

Seems coincidental.

Don't let the facts get in the way of a good story!   Smiley

I saw how BlockExplorers shows that a single address ( 1NRy8GbX56MymBhDYMyqsNKwW9VupqKVG7 ) shows twice as inputs in that transaction so was thinking this was some script-fu to cause the length to be 1337.  The client won't do that on its own though, right?
 - http://blockexplorer.com/tx/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1327



View Profile
March 05, 2012, 02:41:40 AM
 #59

I saw how BlockExplorers shows that a single address ( 1NRy8GbX56MymBhDYMyqsNKwW9VupqKVG7 ) shows twice as inputs in that transaction so was thinking this was some script-fu to cause the length to be 1337.  The client won't do that on its own though, right?

No, wrong.  That's exactly what the client will do on its own.  If I send you 2 separate payments to the same address, they stay as two separate payments to that address.  And if you spend them both at once, they'll show up as two inputs from the same address in the transaction.  That's the only time that separate payments ever get 'mixed'.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
March 05, 2012, 03:27:29 AM
 #60

No, wrong.  That's exactly what the client will do on its own.  If I send you 2 separate payments to the same address, they stay as two separate payments to that address.  And if you spend them both at once, they'll show up as two inputs from the same address in the transaction.  That's the only time that separate payments ever get 'mixed'.

I should have known that.  Thanks for clarifying!  I found in the wiki a little more explanation:
 - https://en.bitcoin.it/wiki/Transactions#Input

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!