[Emergency ANN] Bitcoinica site is taken offline for security investigation

[Vladimir]

Unfortunately it is not that easy to secure a hot wallet.

The game plan should be:

1. Minimise amount of bitcoins to be held in hot wallet.
2. Have complete control over physical and management access to hardware and OS. It sucks but this requires extending trust to a few trusted people. This is the weakest link.
3. Definitely do not have ANY 3rd parties anywhere in the loop with any kind of access to the hot wallet server in either management or physical access capacity.
4. Obviously, having secure web interfacing code, with all user supplied data sanitised and hardened server helps a lot. But this is relatively trivial matter.
5. Using multisig functionality could help a lot. For example, say, a "offline" second sig server, which also has some monitoring code and freeze withdrawals based on some set of rules, until manual intervention resolves the flagged issues."

- Hosting your own email could help too in some cases.
- Securing cold wallets is another topic.

This basically means, decent colo setup with a few nuts and bolts on top of it. Hello! Big news! It was pretty much brought to Bitconica's attention in August/September 2011. I hope others will be able to learn from this.

This also means no hosting any wallets with nontrivial amounts of bitcoins on any:
- VPS's (generally, the bigger the company operating those VPS's, the more random dudes have root access, the more risk you take)
- dedicated servers are effectively the same VPS with all kinds of management access hosters have, however encrypted partitions could help a lil bit in this scenario, i.e. attacker would need to access it without rebooting.

(The above assumes VPS's and dedi's hosted by 3rd parties)

In other words, if you do not know who EXACTLY has or can have root access, say bye bye to your hot wallet.

Tough titty, "google search based sysadmins" and "flying in the clouds" generation! You simply cannot google up 10-20 years of professional experience and once you start relying blindly on all those cloud services you are screwed again.

Bitcoinica's "Zero sysadmin" policy in action. Enjoy!

[MrTeal]

There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind. There is no server to hack into when the only network-accessible thing is the custom interface.

There always is a server.  Some custom protocol doesn't change the fact that a server exists.  When you send a command using the costom protocol where is going?  Obviously bitcoind is running somewhere.  Your solution is no solution.  Attacker would simply bypass the stupid "interface" hit the real server and steal the private keys.

You do understand the private keys are simply numbers right?  If you have the numbers you have the funds.  Thieves don't need to use the lockdown bitcoind.  They steal the private keys and execute a transaction from anywhere in the world.

Why would you have a custom interface but leave the bitcoind rpc port and ssh open to the public?

Are you intentionally missing their point?

Are they implying the hacker would have physical access to the machine? I thought computers could only communicate through ports.

If the server is sitting in Zhoutong's basement, you can set it up that way. If you buy server space from a company, you obviously need a way even outside of whatever software you load on it to manage that server. If you get control of the server, it doesn't matter what obfuscation you use on your bitcoin client, they now own your client and everything else. You're arguing that a car dealer should use non-standard keys and awesome alarms on the cars they sell, people here are telling you that won't do a whole lot of good when the thieves smash down the walls and load all the cars onto 20 semis.

[DeathAndTaxes]

I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins have been a result of the attacker gaining access to the server with the private keys and simply copying them.

[bulanula]

ding dong MR Z i see you online where are the updates

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

[PawShaker]

I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

What about a setup where hot wallet is on separate machine which periodically fetches instructions for transfers. Attacker would have to reverse engineer the setup in short time from obtaining access to alarm being raised. The main server can be collocated while hot wallet server can be in a basement of undisclosed private home.

[rjk]

I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

What about a setup where hot wallet is on separate machine which periodically fetches instructions for transfers. Attacker would have to reverse engineer the setup in short time from obtaining access to alarm being raised. The main server can be collocated while hot wallet server can be in a basement of undisclosed private home.

You can do this with multisig transactions.

[bbulker]

I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

Not sure how the hacker would gain access to the server when the only network-accessible thing is the custom interface as previously stated. Did you think I was trying to come up with a solution to stop the hacker after he already gained access or something?

[girlsgonebitcoin]

ding dong MR Z i see you online where are the updates

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

[rjk]

I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

Not sure how the hacker would gain access to the server when the only network-accessible thing is the custom interface as previously stated. Did you think I was trying to come up with a solution to stop the hacker after he already gained access or something?

Yes it sounded like that, because that's what happened. The "only network accessible things" extend to the control panel as well as the server itself. Sure, if you are in complete control of the hardware, making that interface difficult to access is common sense (actually it is always common sense), but when someone can reset the root password at the click of a button, that isn't going to help you.

[bulanula]

ding dong MR Z i see you online where are the updates

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

I am celebrating my 1 year anniversary on this forum with a proud scammer tag.

Soon zhoutong will join me, by the looks of things

[girlsgonebitcoin]

ding dong MR Z i see you online where are the updates

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

I am celebrating my 1 year anniversary on this forum with a proud scammer tag.

Soon zhoutong will join me, by the looks of things

ROFL!!!   Whole bunch of these guys are going to be given scammer tags LOL     either that or long prison sentences!

Who are these "founders"  can someone list them here ?

[Vladimir]

Vladimir, I have the biggest respect for you and cypherdoc, and because of this it amazes me how you guys only can be so oblivious to the social dynamics at play here. If Bitcoin keeps destroying value instead of creating value, the market will simply drop it. Not even to mention the image problems Bitcoin already has with anyone who is not already a Bitcoiner (couple ten k guys). We cannot continue at this rate and transfer hard earned Bitcoins from market participants to hackers, scammers and leeches forever expecting Bitcoin to have any value.

You have reasonable point here, and I do not think that either myself or doc are directly arguing it with you. We are just a bit more relaxed and not so much concerned with short term noise.

[bbulker]

I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

Not sure how the hacker would gain access to the server when the only network-accessible thing is the custom interface as previously stated. Did you think I was trying to come up with a solution to stop the hacker after he already gained access or something?

Yes it sounded like that, because that's what happened. The "only network accessible things" extend to the control panel as well as the server itself. Sure, if you are in complete control of the hardware, making that interface difficult to access is common sense (actually it is always common sense), but when someone can reset the root password at the click of a button, that isn't going to help you.

In that case there is no possible solution. Not even an encrypted filesystem will help because it will still be mounted.

[rjk]

ding dong MR Z i see you online where are the updates

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

I am celebrating my 1 year anniversary on this forum with a proud scammer tag.

Soon zhoutong will join me, by the looks of things

ROFL!!!   Whole bunch of these guys are going to be given scammer tags LOL     either that or long prison sentences!

Who are these "founders"  can someone list them here ?

WTF you idiots, shut the fuck up about a scammer tag already. It hasn't even been 12 hours for them to review the security of the system, and you think that it is all gone. No it isn't all gone it just takes a while to get things back into a secure and operational state.

[rjk]

I don't keep my real wallet in a public lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes that was already covered extensively before you went off with a derail involving your "non solution".

If Bitcoinica had avoided the attackers gaining access to the server containing the private keys then the theft wouldn't have occured.  No custom protocol was required.

If the attackers gained access to the server containing the private keys then the theft still would have happened.  No custom protocol would have helped.

Hence the whole point about your "custom timed delayed protocol" being of dubious value.  Most (all ?) major thefts involving bitcoins was a result of attacker gaining access to the private keys.

Not sure how the hacker would gain access to the server when the only network-accessible thing is the custom interface as previously stated. Did you think I was trying to come up with a solution to stop the hacker after he already gained access or something?

Yes it sounded like that, because that's what happened. The "only network accessible things" extend to the control panel as well as the server itself. Sure, if you are in complete control of the hardware, making that interface difficult to access is common sense (actually it is always common sense), but when someone can reset the root password at the click of a button, that isn't going to help you.

In that case there is no possible solution. Not even an encrypted filesystem will help because it will still be mounted.

You can't reset the root password on a mounted filesystem, and you can't access an encrypted filesystem after a reboot without the password.
EDIT: I might as well make it crystal clear that you can't reset the root password on a mounted filesystem externally without access to the password itself.

[girlsgonebitcoin]

ding dong MR Z i see you online where are the updates

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

I am celebrating my 1 year anniversary on this forum with a proud scammer tag.

Soon zhoutong will join me, by the looks of things

ROFL!!!   Whole bunch of these guys are going to be given scammer tags LOL     either that or long prison sentences!

Who are these "founders"  can someone list them here ?

WTF you idiots, shut the fuck up about a scammer tag already. It hasn't even been 12 hours for them to review the security of the system, and you think that it is all gone. No it isn't all gone it just takes a while to get things back into a secure and operational state.

ROFL! cool story bro.  You clearly know this is it for Bitcoinica what stake do you have in this ?

[rjk]

ROFL! cool story bro.  You clearly know this is it for Bitcoinica what stake do you have in this ?

We have over 80% of our Bitcoins in offline wallets at the moment before the attack.

Offline == not stolen. Try again.

[Raoul Duke]

This is very interesting. Hopefully someone actually knows about the transfer.

And hopefully someone will finally learn a lesson from this.

You're probably right. Someone will. If not Bitcoinica, the users. lol

http://blockchain.info/tx-index/5441766/51fa68b27169195618ba30a9b1f12d5590ed4c544e01699929260f0990ca5a2f

More 0.31337 BTC... Is it a message from the thieves or someone congratulating them?

[Yankee (BitInstant)]

ding dong MR Z i see you online where are the updates

No updates. They are probably busy packing up. Why wouldn't they ? BTC is 0 value in legal system

As long as they give you all the USD / fiat back then they are 100% clean legally.

Very funny putting the meatspin crap up AFTER the BTC was stolen ... real clever proof of you getting hacked zhoutong !

What a joke !

Dude, what is up with your profile on this forum ? what a mess lol

I am celebrating my 1 year anniversary on this forum with a proud scammer tag.

Soon zhoutong will join me, by the looks of things

ROFL!!!   Whole bunch of these guys are going to be given scammer tags LOL     either that or long prison sentences!

Who are these "founders"  can someone list them here ?

WTF you idiots, shut the fuck up about a scammer tag already. It hasn't even been 12 hours for them to review the security of the system, and you think that it is all gone. No it isn't all gone it just takes a while to get things back into a secure and operational state.

ROFL! cool story bro.  You clearly know this is it for Bitcoinica what stake do you have in this ?

You have absolutely no idea what your talking about.

Furthermore, you make yourself look quite pathetic being completely ignorant.

I feel stupid for ever responding to your post and giving it justice

I know all the owners of Bitcoinca personally, in fact I spoke to one of them not a few hours ago.
They have families, live in house, and are not going anywhere.

[zellfaze]

This is very interesting. Hopefully someone actually knows about the transfer.

And hopefully someone will finally learn a lesson from this.

You're probably right. Someone will. If not Bitcoinica, the users. lol

http://blockchain.info/tx-index/5441766/51fa68b27169195618ba30a9b1f12d5590ed4c544e01699929260f0990ca5a2f

More 0.31337 BTC... Is it a message from the thieves or someone congratulating them?

Yeah that one was me actually.  I figured it was a pretty 1337 hack.

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.