[Emergency ANN] Bitcoinica site is taken offline for security investigation

[Raoul Duke]

In fact there were 2 transactions.
1 moving the main heist and another moving the 80 BTC.

This is getting interesting.

It wasn't interesting before?

eh, MORE interesting! that would be the right choice of words.

[homer]

They are on the move again.

http://blockchain.info/tx-index/5484758/c141115ff13ad9331e0d46776d850f06083a60fab88b15a2a2df35f2fdf565da

Seven 2600 btc transactions, and that one for 347.66367623 BTC goes to
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX  which then has splits into a bunch of smaller transactions. WTF? how do you follow this many splits?

[jgarzik]

They are on the move again.

http://blockchain.info/tx-index/5484758/c141115ff13ad9331e0d46776d850f06083a60fab88b15a2a2df35f2fdf565da

Seven 2600 btc transactions, and that one for 347.66367623 BTC goes to
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX  which then has splits into a bunch of smaller transactions. WTF? how do you follow this many splits?

You can do it with software.  It is merely a chain of TX's.

One wonders how quickly wallet theft would disappear, if the other major exchanges started rejecting well known, stolen coins.

[homer]

so my bitcoins are gone forever?  why would I want to use it then if I can't get stolen bitcoins back?

[organofcorti]

They are on the move again.

http://blockchain.info/tx-index/5484758/c141115ff13ad9331e0d46776d850f06083a60fab88b15a2a2df35f2fdf565da

Seven 2600 btc transactions, and that one for 347.66367623 BTC goes to
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX  which then has splits into a bunch of smaller transactions. WTF? how do you follow this many splits?

dbdump.py helps:

https://github.com/gavinandresen/bitcointools

Or you can write a html scraper that reloads a http://blockexplorer.com/address/ page, follows the address trail automatically and saves to a dataframe. Good luck making a visualisation though.

[JusticeForYou]

They are on the move again.

http://blockchain.info/tx-index/5484758/c141115ff13ad9331e0d46776d850f06083a60fab88b15a2a2df35f2fdf565da

Seven 2600 btc transactions, and that one for 347.66367623 BTC goes to
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX  which then has splits into a bunch of smaller transactions. WTF? how do you follow this many splits?

You can do it with software.  It is merely a chain of TX's.

One wonders how quickly wallet theft would disappear, if the other major exchanges started rejecting well known, stolen coins.

That is one very big slippery slope.

[organofcorti]

so my bitcoins are gone forever?  why would I want to use it then if I can't get stolen bitcoins back?

If you aren't reimbursed then your bitcoins are already gone. But if you follow the address trail far enough it might eventually end up somewhere legit that might respond to a request for information on the previous link in the chain.

[homer]

They are on the move again.

http://blockchain.info/tx-index/5484758/c141115ff13ad9331e0d46776d850f06083a60fab88b15a2a2df35f2fdf565da

Seven 2600 btc transactions, and that one for 347.66367623 BTC goes to
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX  which then has splits into a bunch of smaller transactions. WTF? how do you follow this many splits?

dbdump.py helps:

https://github.com/gavinandresen/bitcointools

Or you can write a html scraper that reloads a http://blockexplorer.com/address/ page, follows the address trail automatically and saves to a dataframe. Good luck making a visualisation though.

thank you.  i will look at it.

[organofcorti]

They are on the move again.

http://blockchain.info/tx-index/5484758/c141115ff13ad9331e0d46776d850f06083a60fab88b15a2a2df35f2fdf565da

Seven 2600 btc transactions, and that one for 347.66367623 BTC goes to
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX  which then has splits into a bunch of smaller transactions. WTF? how do you follow this many splits?

You can do it with software.  It is merely a chain of TX's.

One wonders how quickly wallet theft would disappear, if the other major exchanges started rejecting well known, stolen coins.

That is one very big slippery slope.

VERY big and slippery.

For example, someone recently wanted to know if they had any coins from the famous 10000 btc pizza sale:

http://bitcoin.stackexchange.com/questions/450/is-there-any-way-to-track-an-individual-bitcoin-or-satoshi

Turns out 29% of currently operating bitcoin addresses contain a little pizzacoin magic:

As of block 166149, on Feb 10th 2012, 1,037,382 addresses have held the pizza coins since they were spent. 174,584 of those still hold pizza coins (the others may or may not be empty addresses, since it's possible to have two different transactions output to the same address without the coins becoming mixed together. In other words it's possible to have "pizza coins" and "non pizza coins" in the same address and still be able to tell which are which. Of the approximately 600k addresses which are currently holding funds, around 29% of them contain pizza coins.

Rejecting stolen coins would only affect the first person to attempt to use the coins, not the thief. If the pizzacoin example is anything to go by, coins are redistributed fairly rapidly. If I'd stolen coins and was worried about exchanges not accepting them, I send bitdust to as many addresses as I could an exchange refusing them would have trouble keeping the rule implemented without pissing off innocent civilians.

[eleuthria]

Rejecting stolen coins would only affect the first person to attempt to use the coins, not the thief. If the pizzacoin example is anything to go by, coins are redistributed fairly rapidly. If I'd stolen coins and was worried about exchanges not accepting them, I send bitdust to as many addresses as I could an exchange refusing them would have trouble keeping the rule implemented without pissing off innocent civilians.

This is the big problem with blacklisting coins.  Imagine if a thief of a major theft threw 1-2k coins at various pools.  By the time the pool owners became aware of the problem, there could be hundreds/thousands of pool users who now have coins that originated from the theft.  The pool owner could obviously reimburse the party that had coins stolen from them, but that doesn't change the fact that the coins have been distributed to many innocent parties.

There really is no way to blacklist a theft, outside of the original address used to receive the stolen coins.  Anything after that carries the risk of innocent users being accused of being thieves.

[homer]

They are on the move again.

http://blockchain.info/tx-index/5484758/c141115ff13ad9331e0d46776d850f06083a60fab88b15a2a2df35f2fdf565da

Seven 2600 btc transactions, and that one for 347.66367623 BTC goes to
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX  which then has splits into a bunch of smaller transactions. WTF? how do you follow this many splits?

found something strange while following the stolen coins.  Sent from the thief to many small accounts and one large one.
 http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX

1.01100101 BTC
2.01111 BTC
3.0111 BTC
4.01100101 BTC
5.01100011 BTC
6.011101 BTC
7.001 BTC
116.4569963 BTC
8.01101101 BTC
9.01100001 BTC
10.01110011 BTC
11.01110011 BTC
12.001 BTC
13.011011 BTC
14.01100101 BTC
15.01100001 BTC
16.01101011 BTC
17.001 BTC
18.01110011 BTC
19.01101111 BTC
20.01101111 BTC
21.0110111 BTC

Why would they split it up like that?  are they trying to hide it by making it whole bunch of small transfers?

[rjk]

are they trying to hide it by making it whole bunch of small transfers?

You got it.

[giszmo]

If I'd stolen coins and was worried about exchanges not accepting them, I send bitdust to as many addresses as I could an exchange refusing them would have trouble keeping the rule implemented without pissing off innocent civilians.

Oh, at first sight I was tempted to take this approach for a cure of my worries about bitcoin's anonymity.

Imagine exchanges would not refuse tainted coins right out but "untaint" them by sending the tainted fraction to a well known unspendable address (aka destroy the stolen coins). A future recipient would well notice the tainted coins but also the untainting and accept the input for full bitcoins again.

Imagine gox doing this. Who would want tainted coins? All others would follow and refuse to take tainted coins aka untaint them and demand compensation for the tainted fraction of the payment.

I could imagine such a system for the good of bitcoin as the scheme "move your coins -> claim to got hacked -> profit" would get eliminated and bitcoin would be ultimately more secure but I have a problem to decide who should judge which coins are tainted and which not.

Imagine somebody selling bitcoin and only getting 70% of the promised [dirty something]. He could claim he got hacked to piss off his business partner who would not go to a court for [dirty something].

In a case as yesterday, I see no problem to count bitcoins as stolen and therefore nonexistent/invalid. But what if the raid is discovered only 3 months later and many people already accepted them? What if gox is forced into blacklisting coins from Iran? Etc ...

I love these thought experiments but I would prefer it were easier to say once and for all coins will never be tainted. Else mining would be the only way to get clean coins for sure. Mining where I get the created coins ... from blocks without fees

[JusticeForYou]

They are on the move again.

http://blockchain.info/tx-index/5484758/c141115ff13ad9331e0d46776d850f06083a60fab88b15a2a2df35f2fdf565da

Seven 2600 btc transactions, and that one for 347.66367623 BTC goes to
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX  which then has splits into a bunch of smaller transactions. WTF? how do you follow this many splits?

found something strange while following the stolen coins.  Sent from the thief to many small accounts and one large one.
 http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX

1.01100101 BTC  e 101
2.01111 BTC  15
3.0111 BTC
4.01100101 BTC
5.01100011 BTC
6.011101 BTC
7.001 BTC
116.4569963 BTC
8.01101101 BTC
9.01100001 BTC
10.01110011 BTC
11.01110011 BTC
12.001 BTC
13.011011 BTC
14.01100101 BTC
15.01100001 BTC
16.01101011 BTC
17.001 BTC
18.01110011 BTC
19.01101111 BTC
20.01101111 BTC
21.0110111 BTC

Why would they split it up like that?  are they trying to hide it by making it whole bunch of small transfers?

LOL, binary...

[homer]

are they trying to hide it by making it whole bunch of small transfers?

You got it.

this sucks! months of mining and the first time I try bitcoinica my btc get stolen.  stupid hackers!!  
 

[organofcorti]

They are on the move again.

http://blockchain.info/tx-index/5484758/c141115ff13ad9331e0d46776d850f06083a60fab88b15a2a2df35f2fdf565da

Seven 2600 btc transactions, and that one for 347.66367623 BTC goes to
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX  which then has splits into a bunch of smaller transactions. WTF? how do you follow this many splits?

found something strange while following the stolen coins.  Sent from the thief to many small accounts and one large one.
 http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX

1.01100101 BTC
2.01111 BTC
3.0111 BTC
4.01100101 BTC
5.01100011 BTC
6.011101 BTC
7.001 BTC
116.4569963 BTC
8.01101101 BTC
9.01100001 BTC
10.01110011 BTC
11.01110011 BTC
12.001 BTC
13.011011 BTC
14.01100101 BTC
15.01100001 BTC
16.01101011 BTC
17.001 BTC
18.01110011 BTC
19.01101111 BTC
20.01101111 BTC
21.0110111 BTC

Why would they split it up like that?  are they trying to hide it by making it whole bunch of small transfers?

He's just fucking with you. The 8 digit remainder is binary. Convert the first 7 to ascii and you get "expect <space>".

Edit: the whole 21 characters spell "expect mass leak soon".

Edit 2: and given the first three characters of the address are EML, it might have been a vanity account.

[proudhon]

are they trying to hide it by making it whole bunch of small transfers?

You got it.

this sucks! months of mining and the first time I try bitcoinica my btc get stolen.  stupid hackers!!  
 

Has it been confirmed that people won't be getting coins back?  I thought Z said they'd cover the losses.

[JusticeForYou]

If I'd stolen coins and was worried about exchanges not accepting them, I send bitdust to as many addresses as I could an exchange refusing them would have trouble keeping the rule implemented without pissing off innocent civilians.

Oh, at first sight I was tempted to take this approach for a cure of my worries about bitcoin's anonymity.

Imagine exchanges would not refuse tainted coins right out but "untaint" them by sending the tainted fraction to a well known unspendable address (aka destroy the stolen coins). A future recipient would well notice the tainted coins but also the untainting and accept the input for full bitcoins again.

Imagine gox doing this. Who would want tainted coins? All others would follow and refuse to take tainted coins aka untaint them and demand compensation for the tainted fraction of the payment.

I could imagine such a system for the good of bitcoin as the scheme "move your coins -> claim to got hacked -> profit" would get eliminated and bitcoin would be ultimately more secure but I have a problem to decide who should judge which coins are tainted and which not.

Imagine somebody selling bitcoin and only getting 70% of the promised [dirty something]. He could claim he got hacked to piss off his business partner who would not go to a court for [dirty something].

In a case as yesterday, I see no problem to count bitcoins as stolen and therefore nonexistent/invalid. But what if the raid is discovered only 3 months later and many people already accepted them? What if gox is forced into blacklisting coins from Iran? Etc ...

I love these thought experiments but I would prefer it were easier to say once and for all coins will never be tainted. Else mining would be the only way to get clean coins for sure. Mining where I get the created coins ... from blocks without fees

Well if implemented, it would be to easy to bork the system. By the nature of the system, they are forever marked but with time become but a residue. Just like 90% of Dollars have drug residue on them. You are all suspects now if you have a dollar.

What makes the idea of tainting even worse, is the ability to 'frame' others for something. i.e. 18,000 coins were supposedly stolen, the 'thief' could send 2,000 of them to a reputable person's address. The recipient will claim innocence but who is going to believe that the 'thief' just gave the coins to him? We're talking 10K about now.

So, while they are not anonymous technically, they are anonymous as far as proving anything. And if there are more than 1 'thief' if one gets caught the other can move the coins taking suspicion away from the one that was caught. All the 'what ifs' put it back into the anonymous realm, unlike getting caught with DB Cooper's loot.

[theymos]

Edit: the whole 21 characters spell "expect mass leak soon".

Cool way of releasing a message. The thief clearly has some familiarity with Bitcoin.

[organofcorti]

The last address on the list is bitcoin faucet:

http://blockchain.info/address/15ArtCgi3wmpQAAfYx4riaFmo4prJA4VsK


Way to spread that coinage thin and make sure everybody gets some. Even better than donating some to pools in terms of ensuring the coinage wont be black listed.