Raoul Duke
aka psy
Legendary
 Offline
Activity: 1358
Merit: 1002
|
 |
May 11, 2012, 06:44:31 PM |
|
Yeah that one was me actually. I figured it was a pretty 1337 hack. Anyhow. If they stole the private keys why would they make such a huge withdrawl? I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months. Sign a message with the private key of the address 114t2bCfrmw44qgZQijNzVU75YphuyZCGk and I'll believe it was you. |
|
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
May 11, 2012, 06:46:06 PM |
|
This is the bitcoin I've missed for the past couple months.
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
zellfaze
Full Member
Offline
Activity: 141
Merit: 101
Security Enthusiast
|
|
May 11, 2012, 06:47:24 PM |
|
Yeah that one was me actually. I figured it was a pretty 1337 hack. Anyhow. If they stole the private keys why would they make such a huge withdrawl? I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months. Sign a message with the private key of the address 114t2bCfrmw44qgZQijNzVU75YphuyZCGk and I'll believe it was you. As it was an address on my phone I can't easily do that. Instead I'll just send you an 31337 amount of coins. Money sent to 1PKyq6aMKcCwn8cmb9Jc5SkNydLsQb5n7K. |
A+, CCENT, CCNA
Security Enthusiast
PHP Coder
Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
|
|
|
muyuu
Donator
Legendary
Offline
Activity: 980
Merit: 1000
|
|
May 11, 2012, 06:49:52 PM |
|
Anyhow. If they stole the private keys why would they make such a huge withdrawl? I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.
Obviously Zhoutong also has the private keys. He could proceed to move the remaining funds to an uncompromised account and save them. If you get somebody else's private keys and you want to steal the funds, you need to move them before they find out. |
GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
May 11, 2012, 06:50:48 PM |
|
Yeah that one was me actually. I figured it was a pretty 1337 hack. Anyhow. If they stole the private keys why would they make such a huge withdrawl? I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months. Sign a message with the private key of the address 114t2bCfrmw44qgZQijNzVU75YphuyZCGk and I'll believe it was you. As it was an address on my phone I can't easily do that. Instead I'll just send you an 31337 amount of coins. Money sent to 1PKyq6aMKcCwn8cmb9Jc5SkNydLsQb5n7K. Crazy. lol Address confirmed  I'll send it back to you once they confirm  Answering your little withdrawal method. That wouldn't work. They(Bitcoinica) would probably notice unauthorized transactions and sweep the entire balance themselves leaving the thieves with almost nothing. Like this they swept the entire balance and problem solved. |
|
|
|
|
zellfaze
Full Member
Offline
Activity: 141
Merit: 101
Security Enthusiast
|
|
May 11, 2012, 06:52:50 PM |
|
Anyhow. If they stole the private keys why would they make such a huge withdrawl? I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.
Obviously Zhoutong also has the private keys. He could proceed to move the remaining funds to an uncompromised account and save them. If you get somebody else's private keys and you want to steal the funds, you need to move them before they find out. I feel like the only reason he found out this time was because of the massive withdrawl. I would sit on them if I had them. Sit on them and drain them for their worth slowly. Well... at least that is what I would do if I was a malicious person, which I am not. Yeah that one was me actually. I figured it was a pretty 1337 hack. Anyhow. If they stole the private keys why would they make such a huge withdrawl? I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months. Sign a message with the private key of the address 114t2bCfrmw44qgZQijNzVU75YphuyZCGk and I'll believe it was you. As it was an address on my phone I can't easily do that. Instead I'll just send you an 31337 amount of coins. Money sent to 1PKyq6aMKcCwn8cmb9Jc5SkNydLsQb5n7K. Crazy. lol Address confirmed I'll send it back to you once they confirm No problem.  You can keep them if you want. 0.31337 isn't much BTC in the grand scheme of things. I have a hundred or so sitting around right now. |
A+, CCENT, CCNA
Security Enthusiast
PHP Coder
Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
|
|
|
|
bbulker
|
|
May 11, 2012, 06:54:01 PM |
|
You can't reset the root password on a mounted filesystem, and you can't access an encrypted filesystem after a reboot without the password.
EDIT: I might as well make it crystal clear that you can't reset the root password on a mounted filesystem externally without access to the password itself.
If the host is still in control of the OS can't they just do it internally with the backdoor? |
|
|
|
|
|
terrytibbs
|
|
May 11, 2012, 06:56:29 PM |
|
What are you going to do about it ?
Hahaha, this is gold. |
|
|
|
|
muyuu
Donator
Legendary
Offline
Activity: 980
Merit: 1000
|
|
May 11, 2012, 06:58:34 PM |
|
Anyhow. If they stole the private keys why would they make such a huge withdrawl? I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.
Obviously Zhoutong also has the private keys. He could proceed to move the remaining funds to an uncompromised account and save them. If you get somebody else's private keys and you want to steal the funds, you need to move them before they find out. I feel like the only reason he found out this time was because of the massive withdrawl. I would sit on them if I had them. Sit on them and drain them for their worth slowly. Well... at least that is what I would do if I was a malicious person, which I am not. Are you serious? you are assuming they're that incompetent at book-keeping? |
GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
|
|
|
zellfaze
Full Member
Offline
Activity: 141
Merit: 101
Security Enthusiast
|
|
May 11, 2012, 07:01:59 PM |
|
Anyhow. If they stole the private keys why would they make such a huge withdrawl? I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.
Obviously Zhoutong also has the private keys. He could proceed to move the remaining funds to an uncompromised account and save them. If you get somebody else's private keys and you want to steal the funds, you need to move them before they find out. I feel like the only reason he found out this time was because of the massive withdrawl. I would sit on them if I had them. Sit on them and drain them for their worth slowly. Well... at least that is what I would do if I was a malicious person, which I am not. Are you serious? you are assuming they're that incompetent at book-keeping? That is true. A business, particularly one like that, ought to keep good books. I hadn't even thought about that. I was serious, not so much anymore. |
A+, CCENT, CCNA
Security Enthusiast
PHP Coder
Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
May 11, 2012, 07:19:11 PM |
|
Honestly, I know people want to be able to withdraw in "real-time" but why is it so terrible to have a pending period for large transfers? Surely this would avoid such massive withdrawals in near "real-time" without you being able to suspend it in case of hacks/theft?
We really wanted to keep the blockchain and wallet in MySQL database. That is really not very smart. I think it is a very good idea that would open lots of possibilities. |
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
May 11, 2012, 07:20:53 PM |
|
Interacting with the official client is painful.
Hire people who know what they're doing. You can afford it. I know exactly what I'm doing, I'm using the official (with a couple of patches) bitcoind. It's painful in some respects but much more mature than any other client. |
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
May 11, 2012, 07:24:38 PM |
|
So are you going to spend the next several hours responding to each point individually?
Yes. What are you going to do about it ? Nothing, except note that you are nothing more than a cheap spammer. But everyone knows that already, and you're therefore on your way to join me. Haha, headshot |
|
|
|
WhatsHappening
Newbie
Offline
Activity: 23
Merit: 0
|
|
May 11, 2012, 08:11:23 PM |
|
When bitcoinica is going to restart ? Is it ? Zhou ?
|
|
|
|
|
S3052
Legendary
Offline
Activity: 2100
Merit: 1000
|
|
May 11, 2012, 08:15:45 PM |
|
The short selling option at bitcoinica is actually helping avoiding bigger sell offs, as short sellers MUST eventually buy back to avoid getting wiped out.
Now, with bitcoinica down, no one has to buy (=cover shorts) any more, and selling pressure could mount.
|
|
|
|
|
girlsgonebitcoin
|
|
May 11, 2012, 08:22:52 PM |
|
You have absolutely no idea what your talking about.
Furthermore, you make yourself look quite pathetic being completely ignorant.
I feel stupid for ever responding to your post and giving it justice
I know all the owners of Bitcoinca personally, in fact I spoke to one of them not a few hours ago.
They have families, live in house, and are not going anywhere.
there is really no reason to get butt hurt by this. This is the 2nd failure from a bitcoin business this is a normal reaction from its consumer base to question what is really going on is it not ? |
|
|
|
|
|
bulanula
|
|
May 11, 2012, 08:27:22 PM |
|
Somehow I believe that blogpost is fake. Especially after zhoutong himself said "if" they compensate and the word "shutdown" ... No official confirmation is making this even more of a joke  If they had 80% of funds stored offline then surely they would compensate the stolen 20% you would think. |
|
|
|
|
mistfpga
Member
Offline
Activity: 86
Merit: 13
|
|
May 11, 2012, 08:38:57 PM |
|
There always is a server. Bitcoind has to be somewhere. If you have access to the server you have access to the keys. Period.*
It appear the attackers gained access to the server. Ergo they had access to the private keys.
* Well in theory maybe not with a HSM or TPM. But even then if the attacker has gained access to the wallet server your security model has already failed, it is just you could get lucky and avoid losing a lot of funds.
Hi Death and Taxes, This is not quite true. if by HSM you mean Hardware Security Modules 8000 or a PayShield 9000 then both of these would have been fine. the tamper on those badboys is _really_ good. Most of the worlds interbanking transactions run on this kit... but I am not sure how they would handle bitcoin transactions... however for bitcoin we do not need one of those, one of these is a tenth of the price and will do everything that is needed. including purge the keys if they come under threat. http://www.thales-esecurity.com/Products/Hardware%20Security%20Modules/nShield%20Edge.aspxI still do not understand why people do not shred/purge the seceret keys from the disk when the server alarms go off... restoring a key is much cheaper... If anyone wants to talk about this further, please feel free to email me, my email is in my profile. (sorry if someone said all this already, I havent finished reading the thread) regards, steve I feel sad for those that lost money, it isnt their fault. What we need now is positive steps on how to avoid this in future. |
|
|
|
|
|
DarkEmi
|
|
May 11, 2012, 08:41:06 PM |
|
Each time my trust in bitcoin raises it get kinda crush by a new hacking scandal. This scare me as I invested quite a lot in bitcoin both financially and in my expectations. In my humble opinion, one of the best solution agaisnt the theft is this proposal I made earlier (and went largely unoticed) : https://bitcointalk.org/index.php?topic=68188.msg794810#msg794810Btw, are multi key address already in the protocol by now ? |
|
|
|
pirateat40
Avast Ye!
Sr. Member
Offline
Activity: 378
Merit: 250
"Yes I am a pirate, 200 years too late."
|
|
May 11, 2012, 08:41:15 PM |
|
Somehow I believe that blogpost is fake. Especially after zhoutong himself said "if" they compensate and the word "shutdown" ... No official confirmation is making this even more of a joke If they had 80% of funds stored offline then surely they would compensate the stolen 20% you would think. Funds does not equal profit.  |
|
|
|
|
