Bitcoin Forum
March 29, 2024, 06:23:00 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 7 »  All
  Print  
Author Topic: 135 BTC Stolen from my Deepbit account!!!!!!!!  (Read 29015 times)
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
May 14, 2011, 11:45:23 PM
 #61

Code:
error@underground ~ $ host 94.75.217.249
Host 249.217.75.94.in-addr.arpa. not found: 3(NXDOMAIN)
error@underground ~ $ whois 94.75.217.249
[Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '94.75.217.0 - 94.75.217.255'

inetnum:        94.75.217.0 - 94.75.217.255
netname:        LEASEWEB
descr:          LeaseWeb
descr:          P.O. Box 93054
descr:          1090BB AMSTERDAM
descr:          Netherlands
descr:          www.leaseweb.com
remarks:        Please send email to "abuse@leaseweb.com" for complaints
remarks:        regarding portscans, DoS attacks and spam.
remarks:        assignment LEASEWEB 20080723
country:        NL
admin-c:        LSW1-RIPE
tech-c:         LSW1-RIPE
status:         ASSIGNED PA
mnt-by:         LEASEWEB-MNT
source:         RIPE # Filtered

person:         RIP Mean
address:        P.O. Box 93054
address:        1090BB AMSTERDAM
address:        Netherlands
phone:          +31 20 3162880
fax-no:         +31 20 3162890
abuse-mailbox:  abuse@leaseweb.com
nic-hdl:        LSW1-RIPE
mnt-by:         OCOM-MNT
source:         RIPE # Filtered

% Information related to '94.75.192.0/18AS16265'

route:          94.75.192.0/18
descr:          LEASEWEB
origin:         AS16265
remarks:        LeaseWeb
mnt-by:         OCOM-MNT
source:         RIPE # Filtered

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
Even if you use Bitcoin through Tor, the way transactions are handled by the network makes anonymity difficult to achieve. Do not expect your transactions to be anonymous unless you really know what you're doing.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711693380
Hero Member
*
Offline Offline

Posts: 1711693380

View Profile Personal Message (Offline)

Ignore
1711693380
Reply with quote  #2

1711693380
Report to moderator
1711693380
Hero Member
*
Offline Offline

Posts: 1711693380

View Profile Personal Message (Offline)

Ignore
1711693380
Reply with quote  #2

1711693380
Report to moderator
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
May 15, 2011, 01:56:43 AM
 #62

Bitcoin addresses of all users were removed by me in order to implement new system for enhanced security.
Additional details will be available shortly.

I found that someone changed bitcoin addresses of some users. I'm not sure how the attacker got passwords, but now you'll have to use e-mail confirmation for changing your wallet address.
I'm very sorry that I haven't implemented this feature earlier, so your stolen bitcoins will be reimbursed.
(Please note: I can't garantee that I can do such reimbursment in the future).

Your money is safe and i'll give instructions on setting your address again. Please wait.

A total of ~150 BTC were stolen: 136 from this user and ~14 BTC from others.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
MemoryDealers (OP)
VIP
Legendary
*
Offline Offline

Activity: 1052
Merit: 1055



View Profile WWW
May 15, 2011, 02:07:31 AM
 #63

Bitcoin addresses of all users were removed by me in order to implement new system for enhanced security.
Additional details will be available shortly.

I found that someone changed bitcoin addresses of some users. I'm not sure how the attacker got passwords, but now you'll have to use e-mail confirmation for changing your wallet address.
I'm very sorry that I haven't implemented this feature earlier, so your stolen bitcoins will be reimbursed.
(Please note: I can't garantee that I can do such reimbursment in the future).

Your money is safe and i'll give instructions on setting your address again. Please wait.

A total of ~150 BTC were stolen: 136 from this user and ~14 BTC from others.

Wow!
That is very generous of you!
Can I ask about how many users had their bitcoin addresses changed?
So this sounds like it means that none of my employees violated my trust.  (I'm still implementing stronger security measures.)
Would you agree?

I have been worried all day about who could be a thief at my company.
I was worried even more about it than the missing bitcoins.

Thank you again, and I will gladly continue mining with deepbit because of your help!  (I'll keep a much lower balance though)

tiberiandusk
Hero Member
*****
Offline Offline

Activity: 575
Merit: 500


The North Remembers


View Profile WWW
May 15, 2011, 02:46:12 AM
 #64

+1 Tycho. Most people wouldn't be so nice. Sounds like some of the people attacking mt. gox have been looking for other attack vectors.

Bitcoin Auction House http://www.BitBid.net BTC - 1EwfBVC6BwA6YeqcYZmm3htwykK3MStW6N | LTC - LdBpJJHj4WSAsUqaTbwyJQFiG1tVjo4Uys Don't get Goxed.
bitcoindaddy
Hero Member
*****
Offline Offline

Activity: 481
Merit: 500


View Profile
May 15, 2011, 02:47:13 AM
 #65

Either the email verification is taking a long time - or it's not working.
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
May 15, 2011, 02:54:23 AM
 #66

Either the email verification is taking a long time - or it's not working.
It's not deployed yet, i'm testing it atm. Wait a bit more please.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1309



View Profile
May 15, 2011, 02:54:34 AM
 #67

My deepbit password is now over 20 characters long with caps and symbols.
That just shortened the time to crack now didn't it?

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).

That's what I thought, but, hey, apparently I'm a dummy for revealing this personal data on a public forum.

You shouldn't take this personally; in fact, you should be gracious. I was reminded to be more aware of accidentally revealing personal info online.

To be clear, the personal info I revealed is that my password is more than 20 characters long.  I just don't see how telling the world that my password is more than 20 characters long compromises me that much.  You've still got to test a huge set of keyboard characters, including capitalization, for 20+ character passwords and for all anyone knows knows my password could be 40 characters long.  Just for reference, if my password is exactly 21 characters long, and if it uses upper and lower case alphabet characters plus numbers and common symbols, then there are 408,162,404,503,791,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 possibilities.

Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
May 15, 2011, 02:57:45 AM
 #68

Last week was slush's pool that succumbed to an as yet unidentified failure ... and now deepbit gets hacked for a measly 150 BTC.
I'm not sure yet how the attacker got the passwords, but some of his data was not correct.
May be he sniffed the mining traffic and tried to log in with same credentials, may be he used some other kind of exploit.

I'll look into it after finishing with confirmation system.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
mewantsbitcoins
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
May 15, 2011, 03:02:31 AM
Last edit: May 15, 2011, 03:39:55 AM by mewantsbitcoins
 #69


Quote
408,162,404,503,791,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000


Hint: scientific notation.

He's learning. Unfortunately, still wrong conclusions
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
May 15, 2011, 04:29:54 AM
 #70

Even though my account appears to be fine, I appreciate you being completely transparent with us Tycho, and taking full responsibility for it.  Much respect.
[Tycho]
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile WWW
May 15, 2011, 04:43:42 AM
 #71

E-mail confirmation should be working now.
PM me if your e-mail was non-existent or you can't receive the message.

Welcome to my bitcoin mining pool: https://deepbit.net - Both payment schemes (including PPS), instant payout, no invalid blocks !
ICBIT Trading platform : USD/BTC futures trading, Bitcoin difficulty futures (NEW!). Third year in bitcoin business.
jimbobway
Legendary
*
Offline Offline

Activity: 1304
Merit: 1014



View Profile
May 15, 2011, 05:16:39 AM
 #72

Last week was slush's pool that succumbed to an as yet unidentified failure ... and now deepbit gets hacked for a measly 150 BTC.
I'm not sure yet how the attacker got the passwords, but some of his data was not correct.
May be he sniffed the mining traffic and tried to log in with same credentials, may be he used some other kind of exploit.

I'll look into it after finishing with confirmation system.

Password cracking have been used successfully a while back at mtgox until mtgox changed their login process.  Has this been ruled out?
Tha Feds
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
May 15, 2011, 05:54:47 AM
 #73


I'm very sorry that I haven't implemented this feature earlier, so your stolen bitcoins will be reimbursed.
(Please note: I can't garantee that I can do such reimbursment in the future).

Your money is safe and i'll give instructions on setting your address again. Please wait.

A total of ~150 BTC were stolen: 136 from this user and ~14 BTC from others.


If this is accurate, then major props for the reimbursement.
Tha Feds
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
May 15, 2011, 06:05:35 AM
 #74


To be clear, the personal info I revealed is that my password is more than 20 characters long.  I just don't see how telling the world that my password is more than 20 characters long compromises me that much.  You've still got to test a huge set of keyboard characters, including capitalization, for 20+ character passwords and for all anyone knows knows my password could be 40 characters long.  Just for reference, if my password is exactly 21 characters long, and if it uses upper and lower case alphabet characters plus numbers and common symbols, then there are 408,162,404,503,791,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 possibilities.

No one is claiming that your 20 character password is easy to crack, for the time being. It has, however, been pointed out that since you revealed that it is 20 characters, it would be easier to crack than if you had said nothing about its length, since the cracker will not have to spend time checking passwords <20 characters. If this seems trivial, remember that passwords nowadays are the key to valuable information about us and that Moore's Observation (Law) means that the cost of technology needed to crack passwords is getting cheaper quickly. The time will come when there will be a low degree of difficulty to crack a 20 character pw--it might come sooner than you think.
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
May 15, 2011, 09:11:46 AM
 #75

Beware of other people using your accounts.

I agree,  but they are both trusted long term employees 5+ years who I trust.


I am guessing that deepbit maybe susceptible to a brute force password hacking attack.
You seem to be able to try as many incorrect passwords on the site in a row as you want.
I hope they put a delay after 3 failed log in attempts.

Does anyone have the contact info for the admin at deepbit?
I am hoping they have some kind of log for whoever logged into my account.

You "trust" your employees? Hah.
eMansipater
Sr. Member
****
Offline Offline

Activity: 294
Merit: 273



View Profile WWW
May 15, 2011, 09:48:41 AM
 #76

You "trust" your employees? Hah.
Yeah, forming real human relationships and then relying on them is for suckers.  Next thing you know he'll be claiming to have "friends" or some other kind of nonsense too.  Wink

Major kudos to [Tycho] for his response to this incident.  Real trustworthiness is proven in a person's response to unplanned-for circumstances.

If you found my post helpful, feel free to send a small tip to 1QGukeKbBQbXHtV6LgkQa977LJ3YHXXW8B
Visit the BitCoin Q&A Site to ask questions or share knowledge.
0.009 BTC too confusing?  Use mBTC instead!  Details at www.em-bit.org or visit the project thread to help make Bitcoin prices more human-friendly.
vuce
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
May 15, 2011, 10:26:41 AM
 #77

Bitcoin addresses of all users were removed by me in order to implement new system for enhanced security.
Additional details will be available shortly.

I found that someone changed bitcoin addresses of some users. I'm not sure how the attacker got passwords, but now you'll have to use e-mail confirmation for changing your wallet address.
I'm very sorry that I haven't implemented this feature earlier, so your stolen bitcoins will be reimbursed.
(Please note: I can't garantee that I can do such reimbursment in the future).

Your money is safe and i'll give instructions on setting your address again. Please wait.

A total of ~150 BTC were stolen: 136 from this user and ~14 BTC from others.
real class, way to go Tycho!
proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1309



View Profile
May 15, 2011, 11:15:32 AM
Last edit: May 15, 2011, 12:47:27 PM by proudhon
 #78


Quote
4.08162404503791e+125


Hint: scientific notation.

He's learning. Unfortunately, still wrong conclusions

Oh, come on, I wrote it out to make a point.  But, there, I fixed it for you.  What wrong conclusion am I coming to?  Help me not be such a dummy.  I'm sincerely asking for you to help understand what wrong conclusion I'm making.  I don't even mind if you continue to mock me.  Just help me out too.


To be clear, the personal info I revealed is that my password is more than 20 characters long.  I just don't see how telling the world that my password is more than 20 characters long compromises me that much.  You've still got to test a huge set of keyboard characters, including capitalization, for 20+ character passwords and for all anyone knows knows my password could be 40 characters long.  Just for reference, if my password is exactly 21 characters long, and if it uses upper and lower case alphabet characters plus numbers and common symbols, then there are 4.08162404503791e+125 possibilities.

No one is claiming that your 20 character password is easy to crack, for the time being. It has, however, been pointed out that since you revealed that it is 20 characters, it would be easier to crack than if you had said nothing about its length, since the cracker will not have to spend time checking passwords <20 characters. If this seems trivial, remember that passwords nowadays are the key to valuable information about us and that Moore's Observation (Law) means that the cost of technology needed to crack passwords is getting cheaper quickly. The time will come when there will be a low degree of difficulty to crack a 20 character pw--it might come sooner than you think.

Just to be clear, I did not reveal that my password is 20 characters.  I revealed that my password is more than 20 characters.

Edit: mewantsbitcoins, is it that the possibilities answer is wrong?  I took that value from a website that claims to calculate password possibilities, but my own calculation says it should be 3.40562E+41.  Basically, I entered the values backwards.  Is that it?

Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
bitcoindaddy
Hero Member
*****
Offline Offline

Activity: 481
Merit: 500


View Profile
May 15, 2011, 12:01:29 PM
 #79

I recommend Tycho accelerate the installation of an SSL certificate. They can be had for a low as $50 (perhaps cheaper if you shop around) at RapidSSL. Of course, if his server was hacked, this would not have helped. In fact, if his server were hacked, the email confirmation won't help either because they could access the database directly.  Let's hope that was not the case.

Kudos to Tycho for reacting in an honorable manner with regard to his customer's loss.  
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2347


Eadem mutata resurgo


View Profile
May 15, 2011, 12:28:11 PM
 #80

I recommend Tycho accelerate the installation of an SSL certificate. They can be had for a low as $50 (perhaps cheaper if you shop around) at RapidSSL. Of course, if his server was hacked, this would not have helped. In fact, if his server were hacked, the email confirmation won't help either because they could access the database directly.  Let's hope that was not the case.

Kudos to Tycho for reacting in an honorable manner with regard to his customer's loss.  

It's not clear that it was hacked. It could have been a some packet sniffing quite easily if people use the web account password the same as there miner(s) password (do not do this) since that is getting sent in plain-text by the miner all the time they getwork (i.e. lots). Someone was talking about wrapping up the miners-to-pools comms inside https, ssl or similar, where did that project get to? (It could be useful for other reasons down the line if miners get targeted.)

Pages: « 1 2 3 [4] 5 6 7 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!