Bitcoin Forum
December 03, 2016, 01:57:23 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 [12] 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 ... 80 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 201483 times)
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 11, 2012, 06:44:31 PM
 #221

This is very interesting. Hopefully someone actually knows about the transfer.

And hopefully someone will finally learn a lesson from this.


You're probably right. Someone will. If not Bitcoinica, the users. lol

http://blockchain.info/tx-index/5441766/51fa68b27169195618ba30a9b1f12d5590ed4c544e01699929260f0990ca5a2f

More 0.31337 BTC... Is it a message from the thieves or someone congratulating them? Wink

Yeah that one was me actually.  I figured it was a pretty 1337 hack.

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.

Sign a message with the private key of the address 114t2bCfrmw44qgZQijNzVU75YphuyZCGk and I'll believe it was you.

1480773443
Hero Member
*
Offline Offline

Posts: 1480773443

View Profile Personal Message (Offline)

Ignore
1480773443
Reply with quote  #2

1480773443
Report to moderator
1480773443
Hero Member
*
Offline Offline

Posts: 1480773443

View Profile Personal Message (Offline)

Ignore
1480773443
Reply with quote  #2

1480773443
Report to moderator
"You Asked For Change, We Gave You Coins" -- casascius
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 11, 2012, 06:46:06 PM
 #222

This is the bitcoin I've missed for the past couple months.
zellfaze
Full Member
***
Offline Offline

Activity: 142


Security Enthusiast


View Profile WWW
May 11, 2012, 06:47:24 PM
 #223

This is very interesting. Hopefully someone actually knows about the transfer.

And hopefully someone will finally learn a lesson from this.


You're probably right. Someone will. If not Bitcoinica, the users. lol

http://blockchain.info/tx-index/5441766/51fa68b27169195618ba30a9b1f12d5590ed4c544e01699929260f0990ca5a2f

More 0.31337 BTC... Is it a message from the thieves or someone congratulating them? Wink

Yeah that one was me actually.  I figured it was a pretty 1337 hack.

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.

Sign a message with the private key of the address 114t2bCfrmw44qgZQijNzVU75YphuyZCGk and I'll believe it was you.

As it was an address on my phone I can't easily do that.  Instead I'll just send you an 31337 amount of coins.

Money sent to 1PKyq6aMKcCwn8cmb9Jc5SkNydLsQb5n7K.

A+, CCENT, CCNA
Security Enthusiast
PHP Coder

Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
May 11, 2012, 06:49:52 PM
 #224

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.

Obviously Zhoutong also has the private keys. He could proceed to move the remaining funds to an uncompromised account and save them.

If you get somebody else's private keys and you want to steal the funds, you need to move them before they find out.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
May 11, 2012, 06:50:48 PM
 #225

This is very interesting. Hopefully someone actually knows about the transfer.

And hopefully someone will finally learn a lesson from this.


You're probably right. Someone will. If not Bitcoinica, the users. lol

http://blockchain.info/tx-index/5441766/51fa68b27169195618ba30a9b1f12d5590ed4c544e01699929260f0990ca5a2f

More 0.31337 BTC... Is it a message from the thieves or someone congratulating them? Wink

Yeah that one was me actually.  I figured it was a pretty 1337 hack.

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.

Sign a message with the private key of the address 114t2bCfrmw44qgZQijNzVU75YphuyZCGk and I'll believe it was you.

As it was an address on my phone I can't easily do that.  Instead I'll just send you an 31337 amount of coins.

Money sent to 1PKyq6aMKcCwn8cmb9Jc5SkNydLsQb5n7K.

Crazy. lol Address confirmed Grin
I'll send it back to you once they confirm Wink

Answering your little withdrawal method. That wouldn't work. They(Bitcoinica) would probably notice unauthorized transactions and sweep the entire balance themselves leaving the thieves with almost nothing.
Like this they swept the entire balance and problem solved.

zellfaze
Full Member
***
Offline Offline

Activity: 142


Security Enthusiast


View Profile WWW
May 11, 2012, 06:52:50 PM
 #226

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.

Obviously Zhoutong also has the private keys. He could proceed to move the remaining funds to an uncompromised account and save them.

If you get somebody else's private keys and you want to steal the funds, you need to move them before they find out.

I feel like the only reason he found out this time was because of the massive withdrawl.

I would sit on them if I had them.  Sit on them and drain them for their worth slowly.

Well... at least that is what I would do if I was a malicious person, which I am not.

This is very interesting. Hopefully someone actually knows about the transfer.

And hopefully someone will finally learn a lesson from this.


You're probably right. Someone will. If not Bitcoinica, the users. lol

http://blockchain.info/tx-index/5441766/51fa68b27169195618ba30a9b1f12d5590ed4c544e01699929260f0990ca5a2f

More 0.31337 BTC... Is it a message from the thieves or someone congratulating them? Wink

Yeah that one was me actually.  I figured it was a pretty 1337 hack.

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.

Sign a message with the private key of the address 114t2bCfrmw44qgZQijNzVU75YphuyZCGk and I'll believe it was you.

As it was an address on my phone I can't easily do that.  Instead I'll just send you an 31337 amount of coins.

Money sent to 1PKyq6aMKcCwn8cmb9Jc5SkNydLsQb5n7K.

Crazy. lol Address confirmed Grin
I'll send it back to you once they confirm Wink

No problem. Tongue  You can keep them if you want.  0.31337 isn't much BTC in the grand scheme of things.  I have a hundred or so sitting around right now.

A+, CCENT, CCNA
Security Enthusiast
PHP Coder

Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
bbulker
Full Member
***
Offline Offline

Activity: 127


View Profile
May 11, 2012, 06:54:01 PM
 #227

You can't reset the root password on a mounted filesystem, and you can't access an encrypted filesystem after a reboot without the password.
EDIT: I might as well make it crystal clear that you can't reset the root password on a mounted filesystem externally without access to the password itself.

If the host is still in control of the OS can't they just do it internally with the backdoor?
terrytibbs
Hero Member
*****
Offline Offline

Activity: 560



View Profile
May 11, 2012, 06:56:29 PM
 #228

What are you going to do about it ?
Hahaha, this is gold.
muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
May 11, 2012, 06:58:34 PM
 #229

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.

Obviously Zhoutong also has the private keys. He could proceed to move the remaining funds to an uncompromised account and save them.

If you get somebody else's private keys and you want to steal the funds, you need to move them before they find out.

I feel like the only reason he found out this time was because of the massive withdrawl.

I would sit on them if I had them.  Sit on them and drain them for their worth slowly.

Well... at least that is what I would do if I was a malicious person, which I am not.

Are you serious? you are assuming they're that incompetent at book-keeping?

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
zellfaze
Full Member
***
Offline Offline

Activity: 142


Security Enthusiast


View Profile WWW
May 11, 2012, 07:01:59 PM
 #230

Anyhow.  If they stole the private keys why would they make such a huge withdrawl?  I would import those private keys into another bitcoind and make lots and lots of smaller withdrawls over the course of the next few months.

Obviously Zhoutong also has the private keys. He could proceed to move the remaining funds to an uncompromised account and save them.

If you get somebody else's private keys and you want to steal the funds, you need to move them before they find out.

I feel like the only reason he found out this time was because of the massive withdrawl.

I would sit on them if I had them.  Sit on them and drain them for their worth slowly.

Well... at least that is what I would do if I was a malicious person, which I am not.

Are you serious? you are assuming they're that incompetent at book-keeping?

That is true.  A business, particularly one like that, ought to keep good books.  I hadn't even thought about that.

I was serious, not so much anymore.

A+, CCENT, CCNA
Security Enthusiast
PHP Coder

Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
May 11, 2012, 07:19:11 PM
 #231

Honestly, I know people want to be able to withdraw in "real-time" but why is it so terrible to have a pending period for large transfers? Surely this would avoid such massive withdrawals in near "real-time" without you being able to suspend it in case of hacks/theft?

We really wanted to keep the blockchain and wallet in MySQL database.

That is really not very smart.

I think it is a very good idea that would open lots of possibilities.

davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
May 11, 2012, 07:20:53 PM
 #232

Interacting with the official client is painful.

Hire people who know what they're doing.
You can afford it.
I know exactly what I'm doing, I'm using the official (with a couple of patches) bitcoind. It's painful in some respects but much more mature than any other client.

davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
May 11, 2012, 07:24:38 PM
 #233

So are you going to spend the next several hours responding to each point individually?
Yes.
What are you going to do about it ?
Nothing, except note that you are nothing more than a cheap spammer.

But everyone knows that already, and you're
therefore on your way to join me.
Haha, headshot

WhatsHappening
Newbie
*
Offline Offline

Activity: 23


View Profile
May 11, 2012, 08:11:23 PM
 #234

When bitcoinica is going to restart ? Is it ? Zhou ?
S3052
Legendary
*
Offline Offline

Activity: 1946


BTC Up or Down? go to www.bullbearanalytics.com


View Profile WWW
May 11, 2012, 08:15:45 PM
 #235

The short selling option at bitcoinica is actually helping avoiding bigger sell offs, as short sellers MUST eventually buy back to avoid getting wiped out.

Now, with bitcoinica down, no one has to buy (=cover shorts) any more, and selling pressure could mount.

>15years analysis experience

Always do your own due diligence & consult your financial advisor. Never invest unless you can afford to lose your entire investment.

http://twitter.com/BitcoinAnalyst

Subscribe here
girlsgonebitcoin
Member
**
Offline Offline

Activity: 99



View Profile WWW
May 11, 2012, 08:22:52 PM
 #236

Quote


You have absolutely no idea what your talking about.

Furthermore, you make yourself look quite pathetic being completely ignorant.

I feel stupid for ever responding to your post and giving it justice

I know all the owners of Bitcoinca personally, in fact I spoke to one of them not a few hours ago.
They have families, live in house, and are not going anywhere.

there is really no reason to get butt hurt by this. This is the 2nd failure from a bitcoin business this is a normal reaction from its consumer base to question what is really going on is it not ?
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 11, 2012, 08:27:22 PM
 #237

Somehow I believe that blogpost is fake.

Especially after zhoutong himself said "if" they compensate and the word "shutdown" ...

No official confirmation is making this even more of a joke Shocked

If they had 80% of funds stored offline then surely they would compensate the stolen 20% you would think.
mistfpga
Member
**
Offline Offline

Activity: 84


View Profile
May 11, 2012, 08:38:57 PM
 #238

There always is a server.  Bitcoind has to be somewhere.  If you have access to the server you have access to the keys.  Period.*

It appear the attackers gained access to the server.  Ergo they had access to the private keys.


* Well in theory maybe not with a HSM or TPM.  But even then if the attacker has gained access to the wallet server your security model has already failed, it is just you could get lucky and avoid losing a lot of funds.
Hi Death and Taxes,

This is not quite true.  if by HSM you mean Hardware Security Modules 8000 or a PayShield 9000 then both of these would have been fine.  the tamper on those badboys is _really_ good.  Most of the worlds interbanking transactions run on this kit... but I am not sure how they would handle bitcoin transactions... however for bitcoin we do not need one of those, one of these is a tenth of the price and will do everything that is needed.  including purge the keys if they come under threat.

http://www.thales-esecurity.com/Products/Hardware%20Security%20Modules/nShield%20Edge.aspx

I still do not understand why people do not shred/purge the seceret keys from the disk when the server alarms go off...  restoring a key is much cheaper...

If anyone wants to talk about this further, please feel free to email me, my email is in my profile.

(sorry if someone said all this already, I havent finished reading the thread)

regards,

steve

I feel sad for those that lost money, it isnt their fault.   What we need now is positive steps on how to avoid this in future.
DarkEmi
Full Member
***
Offline Offline

Activity: 215


View Profile
May 11, 2012, 08:41:06 PM
 #239

Each time my trust in bitcoin raises it get kinda crush by a new hacking scandal. This scare me as I invested quite a lot in bitcoin both financially and in my expectations.

In my humble opinion, one of the best solution agaisnt the theft is this proposal I made earlier (and went largely unoticed) :

https://bitcointalk.org/index.php?topic=68188.msg794810#msg794810

Btw, are multi key address already in the protocol by now ?

speculate on the mtgox price - http://www.btcoracle.com/
buy Mastercoin - http://masterxchange.com
pirateat40
Avast Ye!
Sr. Member
****
Offline Offline

Activity: 378


"Yes I am a pirate, 200 years too late."


View Profile WWW
May 11, 2012, 08:41:15 PM
 #240

Somehow I believe that blogpost is fake.

Especially after zhoutong himself said "if" they compensate and the word "shutdown" ...

No official confirmation is making this even more of a joke Shocked

If they had 80% of funds stored offline then surely they would compensate the stolen 20% you would think.

Funds does not equal profit. Sad

Pages: « 1 2 3 4 5 6 7 8 9 10 11 [12] 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 ... 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!