Bitcoin Forum
December 12, 2024, 03:31:23 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  

Warning: Moderators do not remove likely scams. You must use your own brain: caveat emptor. Watch out for Ponzi schemes. Do not invest more than you can afford to lose.

Pages: « 1 2 3 4 [5] 6 »  All
  Print  
Author Topic: [BDK] - Liquidating, Permanent Closure -  (Read 16742 times)
on9isrock
Member
**
Offline Offline

Activity: 70
Merit: 15



View Profile
July 21, 2012, 02:48:24 PM
 #81

PM sent.
i am glad bitcoin forum allows people to lend BTC
hope this services not gone

my address :18TTx6qBr2LTiyRu6SuLDX1SFwDCQyeJRC
zvs
Legendary
*
Offline Offline

Activity: 1680
Merit: 1000


https://web.archive.org/web/*/nogleg.com


View Profile WWW
July 21, 2012, 07:24:32 PM
 #82

Just for curiosity's sake,

Quote
You also need an extensive, positive business-related reputation on this forum or OTC. I don't care about your eBay rating.

Why would one place greater emphasis on OTC than on eBay?  Someone can have eBay history back to '98, I'm not sure about this other thing.. 2011?

I suppose eBay would be more prone to have stolen accts, but if you can verify the person's identity?

I would trade with someone with 1000's of feedbacks on eBay with account since 1998, rather than someone with 50 on bitcoin-otc,  the second  would be much more likely to be building up reputation for a massive take
stochastic
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
July 21, 2012, 08:41:26 PM
 #83

Just for curiosity's sake,

Quote
You also need an extensive, positive business-related reputation on this forum or OTC. I don't care about your eBay rating.

Why would one place greater emphasis on OTC than on eBay?  Someone can have eBay history back to '98, I'm not sure about this other thing.. 2011?

I suppose eBay would be more prone to have stolen accts, but if you can verify the person's identity?

I would trade with someone with 1000's of feedbacks on eBay with account since 1998, rather than someone with 50 on bitcoin-otc,  the second  would be much more likely to be building up reputation for a massive take
Difficult to verify the owner of the eBay account is the person I'm talking to, and more prone to hacking attempts than OTC. If someone with an extensive eBay history would post an item from the account, then it would be considered acceptable "Proof of Reputation."

Ebay's feedback ratings were not very robust until 2007.  Before that it was easy to build positive feedback without having any substance to back it up.  Still now one could have thousands of penny auctions and still get quality feedback.

Introducing constraints to the economy only serves to limit what can be economical.
silverbox
Legendary
*
Offline Offline

Activity: 966
Merit: 1003


View Profile
July 22, 2012, 04:35:50 PM
 #84

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple logins were attempted in a personal email account from a Tor exit node and shortly after by an Amazon cloud server (which seems to have succeeded and has been reported to AWS). I am assuming all email data sent to Benjm00@gmail.com has been compromised. All other email accounts do not appear touched. The password is shared, but I only allow one "sensitive" website to use one shared password. My initial assumption is that this is related to the multiple Bitcoinica thefts, but this is certainly not certain. I'm not sure how I managed to let it slip my mind that I used the same password elsewhere. My MtGox account, Bitcoin Wallet, and various bank/CU accounts are not assumed to be at risk unless I left compromising information in my email account. There is currently no assumed risk for Bitcoins being stolen. There is currently no assumed risk for USD being stolen. It is assumed very likely that all information sent to my email address has been compromised, including contact information (which includes Paypal receipts) sent to that email account. It is assumed very likely the attacker has sensitive personally-identifying information.

Obvious security measures have been taken to prevent future attempts. Please do not contact me with sensitive information without using a known gpg key until I have everything locked down and resolved. Please do not assume communications from me are indeed from me unless I have signed them using a known gpg key until I say otherwise.

I will provide any important updates as I'm aware of them. I apologize for any potential inconvenience or damages caused by this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJQDCedAAoJEBR6Ov1xmEtJZDwH/iH2GTaFxyT5KjTxWAMmt5Ad
5bERY7FvLu7BSaYmTsnkv4MYA0COOsCKd/e22tOCO997ElcuEUjSdGUdpq+6OuiL
5GQGzzQsLHqc5JRQRQ4m//CQ2aqbGldDiYrBj5aZXLfmIUNBjcOTM5ijsUDJJSgY
PwCGYLAHR56O9Aa7aL0L78CBCDEVmLzG0gqEjmpczBnKXA34NCV1KUs8hLlLeNEq
zp/VQHE7FFmZLMW7fkrb/mhhWiT0p3Api/g25M7CAJsSp52ima4Z/HwAwmMcpqYD
atwTPQ6VoULi2762Pevinl546otec4NyxWjcD3i0T0zw5LVDe0EdncnH9YsMjYU=
=llL8
-----END PGP SIGNATURE-----


Ouch.  Sad
Kluge (OP)
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1015



View Profile
July 22, 2012, 07:13:32 PM
 #85

From BTC:  -41.98   13Kqkv3QAvfQRGnuZySLBXPhJTtbWiAiyr   2012-07-22 14:49:23
From BDK: -85.8435   13Kqkv3QAvfQRGnuZySLBXPhJTtbWiAiyr   2012-07-22 14:51:43
From BDK.BND: -216.2935   13Kqkv3QAvfQRGnuZySLBXPhJTtbWiAiyr   2012-07-22 14:54:19
der_meister
Full Member
***
Offline Offline

Activity: 155
Merit: 100



View Profile
July 22, 2012, 07:42:01 PM
 #86

Just noticed that the bidwall @BDK.BND is gone. Embarrassed

Moving on is a simple thing,
what it leaves behind is hard...
PatrickHarnett
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
July 22, 2012, 08:14:05 PM
 #87

Yes, his GLBSE account was hacked and appears all the shares/assets were crashed into whatever bids were there.  Expect some reversals.  14000 BDK.BND at basically zero price isn't reasonable.
gabbynot
Sr. Member
****
Offline Offline

Activity: 341
Merit: 250


View Profile
July 22, 2012, 08:23:24 PM
 #88

I'd be taking a good look at any GLBSE accounts that just happened to place low-ball bids on those securities...
Kluge (OP)
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1015



View Profile
July 22, 2012, 08:24:51 PM
 #89

My assumption of the events so far:
[1]Everything from Bitcoinica has been leaked, including credentials. I haven't been keeping up as much as I should have since I had nothing in there -- maybe that's already public knowledge. The other alternative is that EMC's credentials db was compromised, but I find that hard to believe. There are some other alternatives, including a brute force attack, which seem even more unlikely.
[2]It's possible I was stupid enough to use the same or similar password on Bitcoinica as LastPass. Clearly, I was stupid enough to use the same Gmail pw as Bitcoinica. I no longer have history of what my old LP master password was before changing it.
[3]The attacker accidentally logged onto Gmail using Tor, without realizing Gmail has Tor mostly blacklisted. He was not expecting me to be alerted. Perhaps he did not expect me to wake up relatively soon. Had he been more clever, he would have used the AWS server in MI to begin with.
[4]The attacker then....? Well, I'm not really sure what he did from 6am to 1:30pm. Maybe took a nap.
[5]While the attacker was napping and I was alerted to the unauthorized use, I changed all of my passwords to sensitive sites, including GLBSE, and LastPass, obviously.
[6]I eventually emailed Nef (11:30am? I don't have access to that email account right now), asking him to freeze my account and release recent activity info to me.  He did not respond, I assume because he was sleeping.
[7]I'm assuming the session the attacker had active from before I changed the password never expired on GLBSE, nor was revoked when I changed the pw. I did not think to enable 2FA for all activities until after the withdrawal. I did not have 2FA enabled prior to this attack because I'm too cheap to buy a cell phone -- that "frugality" has obviously bitten me in the ass. (Actually, I would've had an AT&T smartphone a few days ago if they allowed me to have a different shipping and billing address....)
[8]Around 1:45pm, I was alerted to BDK.BND being dumped. You can see https://bitcointalk.org/index.php?topic=67446.msg1046806#msg1046806 for how much was withdrawn. The funds from the BTC account were withdrawn by dumping the few remaining securities I kept. No new securities were issued, but the attacker sold all securities in the account. At that time, it was obvious what happened. I emailed Nef somewhere between 1:45p and 2p, asking him to halt all withdrawals (withdrawals from GLBSE are not immediate). I assume he was still sleeping -- he's in the UK and works just about his entire day, so understandable. At least one other lender texted Nefario as an additional alert, but it was quickly too late, and the withdrawal was processed.


Currently, I am not aware of any losses outside of what I have already reported. I have moved all coins out of my possession in case the primary OS was compromised. Ideally, Nef will reverse the fraudulent transactions.

Current "hard" losses are 344.117BTC. "Soft" losses (currently non-reversed GLBSE transactions) could push total losses near or above 2kBTC, but I'm assuming Nef will reverse the unauthorized transactions. Either way, BDK is not at immediate risk of insolvency.
Scott J
Legendary
*
Offline Offline

Activity: 1792
Merit: 1000


View Profile
July 22, 2012, 08:40:18 PM
 #90

Best of luck sorting everything out.

This thread has shown me how important it could be to have an emergency, secure address to send your BTC to.
stochastic
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
July 22, 2012, 10:35:54 PM
 #91

You should also set up 2-factor auth for your gmail account.

Introducing constraints to the economy only serves to limit what can be economical.
PatrickHarnett
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
July 22, 2012, 10:48:37 PM
Last edit: July 23, 2012, 10:19:21 PM by PatrickHarnett
 #92

Not so much a relief fund, but it helps.  It's pretty sucky to see a heap of hard work plundered.

And yes it is a re-used address, but tagged specifically for Kluge (Ben) - current balance 90 coins: 1J4qAYqQsNJbTDhwyf7A9eCPykNLVysnp2

Edit: 120 coins - thanks to Ineedausername
Edit: Thanks also to Brendio and BurtW  (current total 180)
Edit: DollarTrader and BrightAnarchist have provided donations.  (current total 216)
stochastic
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
July 23, 2012, 04:37:51 AM
 #93

I am still surprised that GLBSE does not have a session expiration.  That nap the scum had would have been prevented if the sessions expired after a period of inactivity.

Introducing constraints to the economy only serves to limit what can be economical.
Kluge (OP)
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1015



View Profile
July 23, 2012, 06:10:46 AM
Last edit: July 23, 2012, 06:32:00 AM by Kluge
 #94

"Hello Ben,

We have received your report of unwanted access to your Gmail account from an Amazon IP address.

We have completed an initial investigation of the issue and learned that the IP address you reported did indeed belong to an Amazon EC2 instance. Amazon’s EC2 service allows EC2 customers to run their applications using Amazon’s infrastructure, including IP addresses. The accesses that you reported may have come from an Amazon EC2 customer’s application. You may learn more about EC2 at http://aws.amazon.com/ec2 .

The customer we have identified runs a Social Media/Networking Site or mobile device push service. You may have signed up for this service and granted permission and provided username/password to their application to access your Gmail account. We have passed this message on to the customer that uses the IP address mentioned in your abuse report. However, we have no reason to believe that this is an actual intrusion attempt. This issue was also addressed in our security bulletins: http://aws.amazon.com/security/security-bulletins/ (see July 13th 2010 bulletin).

If you continue to see unwanted activity, please contact Google and ask that they initiate an investigation with Amazon.

Regards,

Amazon EC2 Abuse Team"

Considering police report, police I don't think would bother doing anything, vs. attempting to contact Google, a company I doubt would want to get involved without a police filing, at least. ETA: Made an indirect request to Gmail. They don't allow direct contact by default, so hopefully someone will see what I've written and contact me directly. ETA2: Made a direct request. ETA3: Also made another request of AWS.
Kluge (OP)
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1015



View Profile
July 23, 2012, 07:02:39 AM
 #95

I've been advised the only way to get Google to release the IP activity AWS wants is by going to the police, filing a report, and hoping for a court filing leading to a demand from Google/Gmail to release information. At that time, that info can be sent to AWS, who would then hopefully release the information I'm seeking without requiring a separate demand -- or the demand could be sent directly to AWS. Then, further action can be taken.

Sounding like a strenuous, time-consuming task, but it would be nice to catch at least one of these fellows, and set a precedent that it's possible.
Nefario
Hero Member
*****
Offline Offline

Activity: 602
Merit: 513


GLBSE Support support@glbse.com


View Profile WWW
July 23, 2012, 07:32:15 AM
 #96

After speaking with Kluge(verified it was him) we've done a few things.

His account has been frozen, as have both BDK and BDK.BND assets meaning they can't be traded, they will remain frozen until everything has been cleared up(likely a couple of days).

We will be reversing those transactions for these two assets from the break in, those who bought will have their BTC returned.

Dividend payments due soon (within the next 24 hours I think) for these assets will be delayed, possibly by a couple of days.

The alternativ to this would be to close down the assets.

Kluge is going this route at great personal expense.

Nefario.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
Kluge (OP)
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1015



View Profile
July 23, 2012, 08:19:55 AM
 #97

I've contacted the police and will head over in the afternoon. I have no expectations.

Fwiw, current damages in the form of funds withdrawn are 344.117BTC. Current damages in the form of funds needing to be sent for the reversal of transactions related to this are 204.85BTC. The grand total, then, is 548.967BTC in damages, or a bit over $4.8k at current rates. However, the various lenders and related contacts, have, in a show of extreme generosity, provided 180BTC worth of relief, significantly offsetting losses.

I was a shack, I am now a barricade, and within a week, I will be a fortress. Shocked

Cheers,
Ben

(and thanks, Nef)
Nefario
Hero Member
*****
Offline Offline

Activity: 602
Merit: 513


GLBSE Support support@glbse.com


View Profile WWW
July 23, 2012, 03:51:11 PM
 #98

Hmmm, formatting of my post is all messed up, sorry about that.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
July 23, 2012, 05:54:31 PM
 #99

For future reference, our very own Mike works in Google's abuse department.

Agorista
Member
**
Offline Offline

Activity: 65
Merit: 10

a29hbGFibGFzdA==


View Profile
July 23, 2012, 10:52:12 PM
 #100

Quote
I was a shack, I am now a barricade, and within a week, I will be a fortress.
That's what I like to hear. I was thinking of buying in, then this happened =( I will reconsider after you get your fortress up and running and you publicize the types of measures you have in place to prevent future theft. Best of luck! Can't wait to jump in once the moat has been dug.

Mike
Member since June 2011 - watching BTC since $0.25
Pages: « 1 2 3 4 [5] 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!