Bitcoin Forum
April 18, 2014, 03:13:12 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 [29] 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 133212 times)
drakahn
Hero Member
*****
Offline Offline

Activity: 504



View Profile WWW

Ignore
May 13, 2012, 04:24:49 AM
 #561

maybe it means 'mass' in the chemistry sense

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle
14ga8dJ6NGpiwQkNTXg7KzwozasfaXNfEU
1397790792
Hero Member
*
Offline Offline

Posts: 1397790792

View Profile Personal Message (Offline)

Ignore
1397790792
Reply with quote  #2

1397790792
Report to moderator
1397790792
Hero Member
*
Offline Offline

Posts: 1397790792

View Profile Personal Message (Offline)

Ignore
1397790792
Reply with quote  #2

1397790792
Report to moderator
1397790792
Hero Member
*
Offline Offline

Posts: 1397790792

View Profile Personal Message (Offline)

Ignore
1397790792
Reply with quote  #2

1397790792
Report to moderator
    mBitCASINOWIN BITCOINS IN OUR
24/7 LIVE DEALER CASINO

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397790792
Hero Member
*
Offline Offline

Posts: 1397790792

View Profile Personal Message (Offline)

Ignore
1397790792
Reply with quote  #2

1397790792
Report to moderator
organofcorti
Donator
Hero Member
*
Offline Offline

Activity: 1036


Poor impulse control.


View Profile WWW

Ignore
May 13, 2012, 04:29:29 AM
 #562

btw anyone seen the mass leak? or any updated info from bitcoinica?

I'm thinking that zhoutong had a 'mass leak' as soon as he noticed all the btc missing, poor bugger.

Bitcoin network and pool analysis 12QxPHEuxDrs7mCyGSx1iVSozTwtquDB3r
follow @oocBlog for new post notifications
Phinnaeus Gage
Hero Member
*****
Offline Offline

Activity: 1050


Bitcoin: An Idea Worth Spending


View Profile WWW

Ignore
May 13, 2012, 04:30:05 AM
 #563

http://www.reuters.com/article/2012/04/01/traders-bitcoin-idUSL6E8ET5K620120401
Quote
Zhou Tong, who is professionally advised by a forex trader and the head of a Singapore-based algorithmic trading firm, now lends his name to international slang.

I'm curious as to who the forex trader is advising Zhou Tong.

And here's a pic of ZT and two of his closest friends (partners?) taken about a couple years ago.


BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW

Ignore
May 13, 2012, 04:35:06 AM
 #564

Why does the wallet even need to reside on the server?

But I'd like to know if it is usual for a 18K BTC transaction to take place without review?

I mean, if I goto the bank to withdrawal 50K+ USD, I would expect a little more scrutiny.

A stepped system of checks, I believe would have, if not stopped, delayed it.


Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
dizzy1
Full Member
***
Offline Offline

Activity: 134


View Profile

Ignore
May 13, 2012, 04:47:36 AM
 #565

Why does the wallet even need to reside on the server?

But I'd like to know if it is usual for a 18K BTC transaction to take place without review?

I mean, if I goto the bank to withdrawal 50K+ USD, I would expect a little more scrutiny.

A stepped system of checks, I believe would have, if not stopped, delayed it.


As some people have said, there should be a hold on large or unusual withdrawls from a hot wallet.
Transisto
Donator
Hero Member
*
Offline Offline

Activity: 1134



View Profile WWW

Ignore
May 13, 2012, 05:22:21 AM
 #566

Updates ?

I haven't seen an update in 2 days,
Maybe because :

A. I'm not keeping track of Zoutong post history
B. I'm not going to search this whole thread for clues.
D. I'm not seeing the OP being updated.
E. I'm not visiting the forum very often.
F. I'm not visiting Bitcoinica's website.
G. I cannot visit Bitcoinica's website, isn't working - AT ALL
H. Bitcoinica never sent any email notification,,, neither did they sent any about new fees structure.

Hint : Some people have better to do than go on an information hunt to know what's happening with their $/BTC.


Visit and contribute to reddit.com/r/Bitcoin
M4v3R
Hero Member
*****
Offline Offline

Activity: 604



View Profile

Ignore
May 13, 2012, 06:44:31 AM
 #567

^^^^^^

Very good point. The fact that the website is STILL offline, there are no status updates nowhere and there wasn't any email notification is just plain ridiculous.
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile

Ignore
May 13, 2012, 07:30:32 AM
 #568

^^^^^^

Very good point. The fact that the website is STILL offline, there are no status updates nowhere and there wasn't any email notification is just plain ridiculous.

People better come to terms that they are not getting their money back.  None of Bitcoinica's customers even know who runs the business.  The death spiral started with the theft of 40,000 bitcoins and then the transfer of responsibilities to other people was just a reminder of where Bitcoinica was heading.  This recent negligence in securing their customer's accounts is the nail in the coffin.

Introducing constraints to the economy only serves to limit what can be economical.
JoelKatz
Hero Member
*****
Offline Offline

Activity: 1036


Democracy is vulnerable to a 51% attack.


View Profile WWW

Ignore
May 13, 2012, 08:02:22 AM
 #569

As some people have said, there should be a hold on large or unusual withdrawls from a hot wallet.
Then it wouldn't be a hot wallet at all.

I am an employee of Ripple Labs, the company behind the Ripple payment network.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ
dizzy1
Full Member
***
Offline Offline

Activity: 134


View Profile

Ignore
May 13, 2012, 08:08:32 AM
 #570

As some people have said, there should be a hold on large or unusual withdrawls from a hot wallet.
Then it wouldn't be a hot wallet at all.
A hot wallet would be btc immediately available for withdrawl. In this case, how often would a transaction moving 18k btc or even just 1k btc be exucuted? Almost never. So you could have transactions past a certain limit be manually approved.
eleuthria
Hero Member
*****
Online Online

Activity: 1120


Michael Marsee


View Profile WWW

Ignore
May 13, 2012, 08:30:50 AM
 #571

As some people have said, there should be a hold on large or unusual withdrawls from a hot wallet.
Then it wouldn't be a hot wallet at all.
A hot wallet would be btc immediately available for withdrawl. In this case, how often would a transaction moving 18k btc or even just 1k btc be exucuted? Almost never. So you could have transactions past a certain limit be manually approved.

Except a hot wallet must store enough coins for many users to withdrawal in a reasonable time frame.  A reasonable time frame is up for debate of course.  And given the size of Bitcoinica, and the supposed profits it made (since they CLAIM that the previous theft was covered by their profits up to that point), the volume is likely very high at peak times.

EskimoBob
Hero Member
*****
Offline Offline

Activity: 882


Quality Printing Services by Federal Reserve Bank


View Profile

Ignore
May 13, 2012, 09:05:47 AM
 #572

Except a hot wallet must store enough coins for many users to withdrawal in a reasonable time frame.... 

Adding extra layer of security to large BTC transfers from exchange is a must.
BTC transfer, with acceptable number of confirmations, takes forever to begin with. Is that reasonable? There is no "immediately" in BTC transfers with out a third party help.
On the other hand, I am used to get my bank transfers done in minutes and transfers between different banks, in less than an hour (usually minutes). I do not know, how fast is this done in USA, you guys still use paper cheques Smiley

If I have to transfer a large amount of money from my bank, extra layer of security is added and yes, this takes a bit more time to execute. This is acceptable to everyone in the world and eliminates fuckups like Bitcoinica just had (twice!).

Not even a large amount of cache is transferred (in a suitcase) in seconds Smiley  You count it before you let it go for good.

While reading what I wrote, use the most friendliest and relaxing voice in your head.
BTW, Things in BTC bubble universes are getting ugly....
JoelKatz
Hero Member
*****
Offline Offline

Activity: 1036


Democracy is vulnerable to a 51% attack.


View Profile WWW

Ignore
May 13, 2012, 10:41:41 AM
 #573

A hot wallet would be btc immediately available for withdrawl. In this case, how often would a transaction moving 18k btc or even just 1k btc be exucuted? Almost never. So you could have transactions past a certain limit be manually approved.
If they have to be manually approved, it's not a hot wallet. The gist of a hot wallet is that a release of coins is automated.

I am an employee of Ripple Labs, the company behind the Ripple payment network.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ
dizzy1
Full Member
***
Offline Offline

Activity: 134


View Profile

Ignore
May 13, 2012, 11:07:12 AM
 #574

A hot wallet would be btc immediately available for withdrawl. In this case, how often would a transaction moving 18k btc or even just 1k btc be exucuted? Almost never. So you could have transactions past a certain limit be manually approved.
If they have to be manually approved, it's not a hot wallet. The gist of a hot wallet is that a release of coins is automated.
Then our defenitions of a hot wallet may be different. I am thinking that a hot wallet is an online wallet with coins available for withdrawl. Which would be in constrast to a cold storage wallet. I don't believe a hot wallet has to be automated.
JoelKatz
Hero Member
*****
Offline Offline

Activity: 1036


Democracy is vulnerable to a 51% attack.


View Profile WWW

Ignore
May 13, 2012, 11:13:49 AM
 #575

Then our defenitions of a hot wallet may be different. I am thinking that a hot wallet is an online wallet with coins available for withdrawl. Which would be in constrast to a cold storage wallet. I don't believe a hot wallet has to be automated.
If the wallet is online and available for withdrawal, then a thief who compromises the machine can take all the coins in the wallet, whether your normal withdrawal path is automated or not. If the point of the human security check is that the coins *cannot* be withdrawn without the approval, then it's not a hot wallet. If the security check is just a human saying "yes", then it can still be a hot wallet, but a compromise of the machine will include the ability to bypass the withdrawal authorization.

I am an employee of Ripple Labs, the company behind the Ripple payment network.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ
coinft
Full Member
***
Offline Offline

Activity: 171



View Profile

Ignore
May 13, 2012, 11:26:24 AM
 #576

Thanks I respect yours also.  No, I'm just saying for big thefts like the one's that have been happening I think there would be a big consensus in favor of disabling $87,000 worth of bitcoin.  Yes, I don't know all the logistics of how it would play out but I'm pretty sure we are all smart enough to figure it out.

Ok say I buy 20,000 BTC worth of Gold from you.  I pay you, you get the 6 confirms.  I walk away with my ~$100K in gold.  Then I report the coins stolen.  Oops you lose 20K BTC.  Even better I cal you up and threaten to report them stolen.  If you give me back 5K BTC I won't report them stolen. You lose 5K or you lose 20K.  Your choice.

Worse say I did steal 20K BTC.  I then buy some gold form you.  Nobody has reported them stolen ... yet.  I pay you, you get the 6 confirms.  I walk away with $100K in gold and then the original legit owner of the coins reports them stolen.  I stole the coins and lost nothing.  The owner is still out 20K coins and you are out $100K in gold.

Awesome system you got there.  Also there is no central agency in Bitcoin.  Who decides if a coin is disabled or not?  Someone with 51% of hashing power.  Awesome you just gave the govt an auto kill switch.  Gain 51% control of Bitcoin (even temporarily) and disable all 21M coins.  Game Over.

As soon as we have a way to decide (vote) on stolen status, and we get false stolen reports, we will create a system to decide the truth of theft reports. When we can revoke false theft reports, we will soon need to revoke theft report revocations. Then we will need to be able to revoke revocations of theft report revocations. Someone will create a recursive revocation block chain. Every bitcoin will end up 50% +/- X legit since no one can determine tomorrow's status, at which point hopefully we can drop this whole mess.


dizzy1
Full Member
***
Offline Offline

Activity: 134


View Profile

Ignore
May 13, 2012, 11:37:42 AM
 #577

Then our defenitions of a hot wallet may be different. I am thinking that a hot wallet is an online wallet with coins available for withdrawl. Which would be in constrast to a cold storage wallet. I don't believe a hot wallet has to be automated.
If the wallet is online and available for withdrawal, then a thief who compromises the machine can take all the coins in the wallet, whether your normal withdrawal path is automated or not. If the point of the human security check is that the coins *cannot* be withdrawn without the approval, then it's not a hot wallet. If the security check is just a human saying "yes", then it can still be a hot wallet, but a compromise of the machine will include the ability to bypass the withdrawal authorization.

Unless the human saying yes must enter a passphrase to temporaily decrypt the wallet to send the transaction. Either that or having a set of wallets encrypted for large withdrawls that need manual authorization and a set of encrypted but loaded wallets for smaller transactions. So if a large withdrawl is needed then it is sent manually, but for smaller one they can be sent automatically from the currently loaded smaller wallet. and if a smaller wallet is running low, then the remaining balance should be transfered to another small wallet specifically for the spare change and the wallet moved to another in the line. This way the majority of the money is very accessible and there is minimal risk to either party. This will protect against people breaking into a machine containing the wallet(s) and stealing them as they will be encrypted. The most they may get is the contents of a smaller wallet if this is properly monitored.
hoki
Member
**
Offline Offline

Activity: 106


Say BYE to tobacco taxes and bureaucratized trade.


View Profile WWW

Ignore
May 13, 2012, 11:41:32 AM
 #578

I cannot believe it Sad

zhoutong, give us some updates, please man!

http://www.cigs.eu — The Europe's leading discount cigarette shop. Worldwide shipping. Now accepting Bitcoins. Affiliates click here.
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW

Ignore
May 13, 2012, 12:10:40 PM
 #579

I cannot believe it Sad

zhoutong, give us some updates, please man!

We are building an account claim page. You can submit your account information, financial information (balances) and trading information to verify your identity. We will then match with the records we have. If they have matched, we will send Bitcoin balance to your nominated Bitcoin address within 24 hours and USD balance with unrealized P/L to your email as a Mt. Gox code. If you sent the funds to us via Wire (i.e. you don't use Mt. Gox at all), we will try our best to fulfill wire transfer requests.

Current positions will all be liquidated at a settlement price. We haven't decided the price yet, but my personal estimate is 4.98 / 4.94. (All long positions can liquidate at 4.98 and all short positions can liquidate at 4.94, we pay the spread for you.) All unrealized P/L will be settled in USD. If you don't have sufficient USD balance, we will use your BTC to settle, with the mid-point exchange rate (again, we pay the spread).

The page will be up in a few days but I don't have accurate information on this. Patrick is working on the page now. Thanks for your understanding and patience.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
caston
Hero Member
*****
Offline Offline

Activity: 504



View Profile WWW

Ignore
May 13, 2012, 12:14:10 PM
 #580

Were any personal documents leaked during the intrusion that could potentially be used to make fraudulent claims against accounts?

BTW for historical references here is the original post on hackernews:

http://news.ycombinator.com/item?id=2973313

18jL18iH96BBhwUCQn27FQp7ocodSxvJAB
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 [29] 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!