Bitcoin Forum
April 16, 2014, 08:44:11 AM *
News: ♦♦ A bug in OpenSSL, used by Bitcoin-Qt/Bitcoin Core, could allow your bitcoins to be stolen. Immediately updating Bitcoin Core to 0.9.1 is required in some cases, especially if you're using 0.9.0. Download. More info.
The same bug also affected the forum. Changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17  All
  Print  
Author Topic: List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses  (Read 150782 times)
dree12
Hero Member
*****
Offline Offline

Activity: 980


Du bist ein kartoffelsalat.


View Profile

Ignore
May 26, 2012, 08:39:04 PM
 #1

Last updated: November 28, 2013, 12:54:33 AM.

List of Bitcoin Heists
Following is the result of research on prior Bitcoin-related thefts. I have provided dates and times as I know them. The list is designed to be as accurate and informative as possible, and most of it is well-referenced. For disputed thefts, I have applied best judgement and included the ones that were most publicly accepted.

Because of the volatile nature of Bitcoin's exchange price, I have denominated heist estimates in BTC. Although not heists per se, major permanent bitcoin-denominated losses are also included in this list. If I missed any major thefts, heists, or losses, or if you have any other information to contribute to one of these events, please leave a reply in this thread.

Additionally, I would be grateful if contributors write commentary for each theft. Ideally, the theft descriptions should be as detailed as possible. Much of the present commentary is inadequate.

Table of Contents

Licence
This entire document is licenced under the public domain. If that is not permissible in your jurisdiction, it can then be licenced under any permissible licence of your choosing.

The author of this list believes all information contained thereof to be factual; however, the author takes no responsibility for any losses associated with factual inaccuracies in the list.

Factual inaccuracies
Although I make every attempt to ensure information in the list is well-cited and factual, there is always the possibility of error (whether on my part or on my source's part). If you find a factual inaccuracy, please report it. You will be credited appropriately for such reports.

Donation
Donations are appreciated and are accepted at 1MLSW1nmYkHqaHWNNkHSAHct6exd8fYYLX. Alternatively, consider a donation to a charitable cause. Many victims of these thefts accept donations, and they likely need the donations more than I.

Qualification
Without properly-defined bounds, this list could not possibly be complete. Consequently, several clauses below limit the scope of the list.

General
Generally, a major heist, theft, hack, scam, or loss must cause damage greater than or equal to 1000 BTC, in BTC damage only, to qualify for inclusion in this list. Thefts related to Bitcoin but with most damage in another currency do not qualify, unless customers were damaged in BTC. Borderline thefts may qualify if reasonable estimates are over or equal to 1000 BTC. Thefts that do not strictly qualify but are of significant importance are listed in the thefts not included section.

Managing Bitcoin prices
It is well-known that Bitcoin prices are volatile. Before 2011, the value of a single BTC was extremely low. Consequently, this list ignores most events that occurred before 2011. If a theft, hack, scam, or loss caused damage greater than or equal to 5000 BTC before 2011 (i.e., in 2009 or 2010), it is not listed on the severity charts. If a theft, hack, scam, or loss caused damage less than 5000 BTC before 2011, it is not listed on this list at all.

This list also employs USD cutoff values. Thefts with USD damages below the given cutoff for the year will still be included, but will be excluded from or unranked in severity lists.

Cutoff values so far are below:
YearCutoff ValueSeverity list cutoff
20095000 BTC*N/A
20105000 BTC*N/A
20111000 BTC12000 $
20121000 BTC12000 $
20131000 BTC12000 $
* These thefts are not listed in the BTC-denominated severity chart.

Included borderline thefts
Finally, another clause is provided to allow important thefts not meeting the cutoff to remain included. Borderline thefts, which have less than 1000 BTC in total damages, may still be included if their total damage when measured in June 2013 BTC exceeds 500 BTC. This measurement is based on Mt. Gox price data prior to 2013-06-09, Bitstamp price data after 2013-06-10, and US CPI data published by the United States Bureau of Labor Statistics.

Instructions
For ease of navigation, I have assigned each theft a name. Note that this name is neither official nor permanent and is used solely for ease of navigation. To search for the heading that details the actual theft, simply use your browser's Find function and search for the name. This will either bring you to the theft itself, or a link to the theft. If the latter, simply click the link to be directed to the theft.

Some links will appear in commentary and in lists. These can be clicked; their destination is set to the beginning of the linked incident's section.

List of events by severity
NB: This section is under construction.
In this section, each theft is listed alongside the value stolen when converted to a June 2013 BTC equivalent. This represents the true value stolen and is generally the best list in that regard. No incidents need be left out of this list, thanks to its method of ranking based on true severity.

List of events by BTC value stolen
In this section, each theft is listed along with its rank, severity, and time, ordered by the highest mBTC value stolen from most severe to least. To navigate to a theft, simply click on the link.

Critical (≥10 kBTC)
RankNameTimeSeverity
1Bitcoin Savings and Trust2011–2012est. 263024 BTC
2Silk Road SeizureOctober 2013171955.09292687BTC
3MyBitcoin TheftJuly 201178739.58205388BTC
4Linode HacksMarch 2012l.b. 46653.46630495BTC
5July 2012 Bitcoinica TheftJuly 201240000.00000000BTC
6*May 2012 Bitcoinica HackMay 2012
Unresolved as of December 2012
18547.66867623BTC
39000 BTC total impact
7Allinvain TheftJune 201125000.01000000BTC
8Tony Silk Road ScamApril 2012est. 30000 BTC
9Bitfloor TheftSeptember 2012u.b. 24086.17219307BTC
10Bitomat.pl LossAugust 2011est. 17000 BTC
11Bitcoin7 HackOctober 2011est. 11000 BTC u.b. 15000 BTC
* Rank includes pass-through impact

Major (≥1 kBTC)
RankNameTimeSeverity
12Cdecker TheftSeptember 20129222.21195900BTC
13Stefan Thomas LossJune 2011est. 7000 BTC
14BTC-E HackJuly 2012est. 4500 BTC
15Inputs.io HackOctober 2013est. 4100 BTC
16Mass MyBitcoin TheftsJune 20114019.42939378BTC
17Mooncoin TheftSeptember 2011est. 4000 BTC
18Kronos HackUnknownest. 4000 BTC
19Bitcoin Rain2011–2013est. 4000 BTC
202012 TrojanSeptember through November 20123500 BTC a. 3457 BTC
21Betcoin TheftApril 20123171.50195016BTC
22June 2011 Mt. Gox IncidentJune 2011l.b. 2643.27BTC
*October 2011 Mt. Gox LossOctober 20112609.36304319BTC
*Andrew Nollan ScamFebruary 2012l.b. 2211.07786728BTC
23Bit LC TheftFebruary 2013est. 2000 BTC
24Bitcoin Syndicate TheftJuly 20121852.61553553BTC
25ZigGap2012a. 1708.65967460BTC
26Just Dice IncidentJuly 2013a. 1300 BTC
27BTCGuild IncidentMarch 2013a. 1254 BTC
282012 50BTC TheftOctober 20121173.51659074BTC
*Ubitex Scam2011a. 1138.98BTC
*Bitscalper Scam2012est. 1000 BTC
* Unranked because USD value at time does not meet cutoff.

Borderline (<1 kBTC)
RankNameTimeSeverity
292013 ForkMarch 2013960.09645667BTC
30Ozcoin TheftApril 2013922.99063322BTC

List of events by USD equivalent of mBTC at time of theft
NB: This section is outdated.
This section houses a list of thefts, from most severe to least, by the USD equivalent of mBTC at that time. Note that USD values stolen, if any, are not included, only the mBTC value.
1. Bitcoin Savings & Trust (1834303 $)
2. MyBitcoin Theft (1110544 $)
3. Allinvain Theft (502750.20 $)
4. July 2012 Bitcoinica Theft (305200 $)
5. Bitfloor Theft (248088 $)
6. Linode Hacks (230468 $)
7. Bitomat.pl Loss (236000 $)
8. Tony Silk Road Scam (150000 $)
9. Stefan Thomas Loss (128000 $)
10. Just-Dice.com Incident (121000 $)
11. Cdecker Theft (113894 $)
12. May 2012 Bitcoinica Hack (91306.46 $)
13. XBTGuild Incident (58737 $)
14. Bit LC Theft (51000 $)
15. Bitcoin7 Hack (50000 $)
16. June 2011 Mt. Gox Incident (46970.91 $)
17. BTC-E Hack (42000 $)
18. 2012 Trojan (38000 $)
19. Mooncoin Theft (24000 $)
20. Betcoin Theft (15509 $)
21. Bitcoin Syndicate Theft (12134.61 $)
U. Ubitex Scam (11668.70 $)
U. Andrew Nollan Scam (10978 $)
U. October 2011 Mt. Gox Loss (8115.12 $)
U. Bitscalper Scam (5000 $)

1397637852
Hero Member
*
Offline Offline

Posts: 1397637852

View Profile Personal Message (Offline)

Ignore
1397637852
Reply with quote  #2

1397637852
Report to moderator
      THE ONLY DICE GAME WITH ACTUAL ROLLING DICE BetCoin™ Dice
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397637852
Hero Member
*
Offline Offline

Posts: 1397637852

View Profile Personal Message (Offline)

Ignore
1397637852
Reply with quote  #2

1397637852
Report to moderator
1397637852
Hero Member
*
Offline Offline

Posts: 1397637852

View Profile Personal Message (Offline)

Ignore
1397637852
Reply with quote  #2

1397637852
Report to moderator
dree12
Hero Member
*****
Offline Offline

Activity: 980


Du bist ein kartoffelsalat.


View Profile

Ignore
July 26, 2013, 11:52:51 PM
 #2

List of events in rough chronological order
Stone Man Loss
Type: Loss
Time: August 09, 2010, 11:35:00 PM ± 600 s
Victim: Stone Man @BitcoinTalk
Status: Coins lost, effectively destroyed
Amount: Exactly 8999.00000000BTC
Equivalent in June 2013 BTC: 5.73BTC
Transaction of interest: eb5b761c7380ed4c6adf688f9e5ab94953dcabeda47d9eeabd77261902fccccf
Due to not keeping proper wallet backups, 8999 BTC sent as change were effectively destroyed when the private key controlling them was lost. Because this theft is from 2010, it is not included in severity lists.

Ubitex Scam
Time: April 2011 to July 2011
Victim: Investors on GLBSE of Ubitex
Status: Ubitex founder known, but nothing returned
Amount: About 1138.98BTC (amount “invested” into Ubitex)
Equivalent USD: 11668.70 $ (wt. avg)
Equivalent in June 2013 BTC: 155 BTC
Ubitex was the first company to be listed on the now-defunct GLBSE “stock exchange”, which has been criticised for its illegal operations.[1] The company was run by a minor, but this fact was not initially known.

Around 1000 BTC of the missing investments are said to have been “spent”, many of which were further scammed, or converted into USD without follow-up.

The Ubitex scam would not have been possible today. Bitcoin users at the time were enjoying their newly-acquired wealth thanks to significant appreciation. Most “investors” at the time were extremely naïve.


Stefan Thomas Loss
Type: Loss
Time: June 2011
Victim: Stefan Thomas
Status: Coins destroyed (no thief)
Amount: Estimate 7000 BTC[2]
Equivalent USD: 128000 $ (wt. avg, rounded to nearest thousand)
Equivalent in June 2013 BTC: 1250 BTC
Stefan Thomas, an early adopter (and eventually developer) of Bitcoin, uses this loss to teach other Bitcoiners the importance of backups—many of them. He had three copies of his wallet, and yet lost all of them.

Allinvain Theft
Time: June 13, 2011, 05:52:00 PM ± 600 s [satoshi estimated block transmission time]
Victim: Bitcointalk.org user “allinvain”
Status: Thief uncaught
Amount: Exactly 25000.01000000BTC[3]
Equivalent USD: 502750.20 $
Equivalent in June 2013 BTC: 4480 BTC
Chief transaction of interest: 4885ddf124a0f97b5a3775a12de0274d342d12842ebe59520359f976721ac8c3
A polarizing theft, its authenticity has undergone much dispute. Some believe that it was set up as a ploy for donations. However, these critics often lack evidence to back up their claims. Indeed, the victim was an early adopter who mined many coins at a low cost, so there is little reason for him to sabotage Bitcoin's image.

Although the hack attracted great attention in its day, said fame has mostly subsided. Even today, however, the hack still affects Bitcoiners. A common debate among Bitcoin users is that of “tainting” coins, and this hack is often used as an example for why “tainting” coins is futile. In just a few years, coins stolen in this hack are now present in nearly every user's wallet. This rapid redistribution is often cited as a reason that a tainted coin system would certainly fail.


June 2011 Mt. Gox Incident
Time: June 19, 2011, 06:00:00 PM ± 1 h (theft), days ensuing (hacks & withdrawals)
Victim: Mt. Gox (some claim also customers)
Status: Thief uncaught
Amount:
Stolen by thief: 2000 BTC[4]
Additional withdrawn from Mt. Gox: 643.27BTC[5] (lower bound)
Total: Lower bound 2643.27BTC
Equivalent USD: 46970.91 $ (trades on Mt. Gox not reliable at the time)
Equivalent in June 2013 BTC: 473 BTC
Transactions: none released officially
Mt. Gox, then the leading BTC/USD exchange service, suffered a severe breach as a consequence of an ownership change. The sale conditions involved a share of revenue to be remitted to the seller. To audit this revenue, the seller was permitted an account with administrator access.[4]

The seller's administrator account was hacked by an unknown process. The priveleges were then abused to generate humungous quantities of BTC. None of the BTC, however, was backed by Mt. Gox. The attackers sold the BTC generated, driving Mt. Gox BTC prices down to cents. They then purchased the cheap BTC with their own accounts and withdrew the money. Some additional money was stolen by non-attacking traders capitalizing on the dropping price and withdrawing in time, including toasty, a member of BitcoinTalk.

Mt. Gox resolved the hack by reverting trades to a previous version. Many customers claim they have lost money from this reversion, but Mt. Gox claims it has reimbursed all customers fully for this theft. After the incident, Mt. Gox shut down for several days.[6]

The event's scale was widely disputed; some report a theft of almost 500000 BTC due to related account hacking. However, these reports are sparse and disreputable. Closer inspection puts the losses at closer to 2500 BTC.

Aside from the direct damages of the theft, the hack involved a database leak. Some weaker passwords were used to conduct the relatively more severe Mass MyBitcoin Thefts.


Mass MyBitcoin Thefts
NB: Not to be confused with the far more severe MyBitcoin Theft.
Time: 2011-06-20 through 2011-06-21
Victim: MyBitcoin users with weak account passwords
Amount: Exactly 4019.42939378BTC
Equivalent in June 2013 BTC: 712 BTC
Transactions: all to 1MAazCWMydsQB5ynYXqSGQDjNQMN3HFmEu[7]
Users with weak passwords on MyBitcoin who used the same password on Mt. Gox were in for a surprise after the June 2011 Mt. Gox Incident allowed weakly-salted hashes of all Mt. Gox user passwords to be leaked. These passwords were then hacked on MyBitcoin and a significant amount of money lost.[8]

MyBitcoin estimates indicate 1% of MyBitcoin users were affected.[8] Users that were not affected would be later stolen from anyways, due to the subsequent MyBitcoin Theft.


MyBitcoin Theft
Time: Unknown time in July 2011 (claimed it was a process)
Victim: MyBitcoin & customers
Status: Thief unknown, planned shutdown suspected (disputed theft)
Suspects: “Tom Williams”, likely pseudonym (founder of MyBitcoin)
Amount: Exactly 78739.58205388BTC
Equivalent USD: 1110544 $ (wt. avg, definitely >$1M, rounded to nearest $)
Equivalent in June 2013 BTC: 10600 BTC
Transaction information: none
Little information was released about the MyBitcoin theft, however, many argue that Tom Williams ran it as a scam (and was not a theft per se). In terms of both dollars and bitcoins, this was by far the largest theft, however, it is possible it was simply a scam. Although MyBitcoin offered to release its code as a gift to the community, it failed to follow through on that promise. In the months ensuing, some evidence has been uncovered supporting mortgage broker Bruce Wagner; however, any evidence is inconclusive.

The theft resulted in the closure of MyBitcoin, which was once a successful Bitcoin company in Bitcoin's early days.


Bitomat.pl Loss
Type: Loss
Time: 2011-07-26
Victim: Bitomat.pl
Status: Coins destroyed (no thief)
Amount: Estimate 17000 BTC (likely estimate/lower bound, no tx due to technical reason)
Equivalent USD: 236000 $ (rounded to nearest thousand)
Equivalent in June 2013 BTC: 2290 BTC
Bitomat.pl, during a server restart, had its remote Amazon service that housed the wallet wiped. No backups were kept. Mt. Gox later bailed bitomat.pl out, and neither customers nor original owners suffered any loss from the incident.

Mooncoin Theft
Time: 2011-09-11
Victim: Mr. Moon, Mooncoin, & Customers
Status: Unknown (Federal intervention suspected)
Amount: Estimate 4000 BTC (conservative estimate based on SC values)
Equivalent USD: 24000 $ (rounded to nearest thousand)
Equivalent in June 2013 BTC: 219 BTC
Transactions: numerous
Moonco.in's hack has been compared to the MyBitcoin of SolidCoin, back when it remained a powerful cryptocurrency. Over 800000 SC have been removed from circulation, only to have been put back through SolidCoin 2.0. The effects on Bitcoin were also substantial, and the effect on Namecoin was not negligible. In total, this may have been the worst cross-currency hack in cryptocurrency history.

Bitcoin7 Hack
Time: 2011-10-05 (UTC)
Victim: Bitcoin7 & Customers
Status: Hacker unknown (officially from Eastern Europe or Russia), scam suspected, some returned
Amount: Estimate 11000 BTC*
  • Based on size of order books at that time, ~15000.
  • A quarter supposedly not stolen (3 of 4 wallets compromised).
  • Rounded to 11000 BTC
* Bitcoin7 may have disappeared with more (u.b. 15000 BTC).
Equivalent USD: 50000 $ (rounded to nearest ten thousand)
Equivalent in June 2013 BTC: 346 BTC
Bitcoin7 later shut down because of this hack. The magnitude served as a reminder to the Bitcoin community to stop trusting new exchanges without identification.

October 2011 Mt. Gox Loss
Type: Loss
Time: 2011-10-28T21:11 (UTC) [blockchain time, off by up to three hours]
Victim: Mt. Gox
Status: Coins destroyed (no thief)
Amount: Exactly 2609.36304319 BTC
Equivalent USD: 8115.12 $ (wt. avg price)
Equivalent in June 2013 BTC: 82.0BTC
Transactions:
  • 111291fcf8ab84803d42ec59cb4eaceadd661185242a1e8f4b7e49b79ecbe5f3
  • 81f591582b436c5b129f347fe7e681afd6811417973c4a4f83b18e92a9d130fd
  • ddddf9f04b4c1d4e1185cacf5cf302f3d11dee5d74f71721d741fbb507062e9e
  • 305fbc2ec7f7f2bc5a21d2dfb01a5fc52ab5d064a7278e2ecbab0d2a27b8c392
  • f0137a6b31947cf7ab367ae23942a263272c41f36252fcd3460ee8b6e94a84c1
  • 633acf266c913523ab5ed9fcc4632bae18d2a7efc1744fd43dd669e5f2869ce5
  • 5bd88ab32b50e4a691dcfd1fff9396f512e003d7275bb5c1b816ab071beca5ba
  • 64c01fedd5cf6d306ca18d85e842f068e19488126c411741e089be8f4052df09
  • 3be0ac3dc1c3b7fa7fbe34f4678037ed733a14e801abe6d3da42bc643a651401
  • 9edab6e7fadf1d6006315ff9394c08a7bf42e19cf61502200a1f73994f8da94b
  • 835d4dcc52e160c23173658de0b747082f1937d1184e8e1838e9394bc62c0392
  • aebe39a99114f1b46fc5a67289545e54cbfec92d08fc8ffc92dc9df4a15ea05a
  • aa62bdd690de061a6fbbd88420f7a7aa574ba86da4fe82edc27e2263f8743988
  • 6a86e6a5e8d5f9e9492114dafe5056c5618222f5042408ad867d3c1888855a31
  • 7ad47a19b201ce052f98161de1b1457bacaca2e698f542e196d4c7f8f45899ab
  • 0ca7f7299dc8d87c26c82badf9a303049098af050698c694fbec35c4b08fc3df
  • 3ab5f53978850413a273920bfc86f4278d9c418272accddade736990d60bdd53
  • 03acfae47d1e0b7674f1193237099d1553d3d8a93ecc85c18c4bec37544fe386
  • 15ad0894ab42a46eb04108fb8bd66786566a74356d2103f077710733e0516c3a
  • 2d00ef4895f20904d7d4c0bada17a8e9d47d6c049cd2e5002f8914bfa7f1d27b
  • 6d39eeb2ae7f9d42b0569cf1009de4c9f031450873bf2ec84ce795837482e7a6
  • 07d33c8c74e945c50e45d3eaf4add7553534154503a478cf6d48e1c617b3f9f3
  • 6d5088c138e2fbf4ea7a8c2cb1b57a76c4b0a5fab5f4c188696aad807a5ba6d8
Mt. Gox fully reimbursed customers after this incident.

Bitscalper Scam
Time: January 2012 to March/April 2012
Suspects:
  • Alberto Armandi
    • bitdaytrade @BitcoinTalk
    • bitscalper @BitcoinTalk
    • jjfarren @BitcoinTalk
Victim: Users of Bitscalper
Status: MiningBuddy (bitcointalk.org user) attempted to reorganize bitscalper, but failed. No coins have been returned at all.
Amount: Estimate 1000 BTC (official estimate)
Equivalent USD: 5000 $ (wt. avg, rounded to nearest thousand)
Equivalent in June 2013 BTC: 47.9BTC
Bitscalper was founded as an “arbitrage engine”, and users were invited to deposit money. It was promising extremely high and unrealistic returns. As a result, it was suspected of being a scam from the beginning, fears that were compounded due to a shady and anonymous management. After Bitscalper shut down without returning user funds, BitcoinTalk user MiningBuddy attempted to reform Bitscalper using the remnants of the engine. However, no success was found and the coins could not be returned.

Bitcoin Savings and Trust
Time: 2011–2012
Victim: Creditors of First Pirate Savings and Trust, later Bitcoin Savings and Trust
Status: Trendon Shavers (Perpetrator) caught by SEC[9]
Amount: Lower bounds 150649 BTC[9], 193319 BTC[10], 200000 BTC[11]; Estimate 263024 BTC[12]; Upper bound >700467 BTC[13]
Equivalent USD: 1834303 $
Equivalent in June 2013 BTC: 26800 BTC
More information on Trendon Shavers default.

Andrew Nollan Scam
Time: February 2012
Victim: Investors of Shades Minoco, creditors of bitcointalk.org user “shakaru”, investors of BitArb
Status: Andrew Nollan (a.k.a. shakaru[14]) (thief) known but disappeared, repaid some (not included in amount)
Amount: Lower bound 2211.07786728 BTC, possibly more [15]
Equivalent USD: 10978 $ (wt. avg price, rounded to nearest $)
Equivalent in June 2013 BTC: 106 BTC

Linode Hacks
Time: Late 2012-03-01, Early 2012-03-02
Victim: Bitcoinica, Bitcoin.cz mining pool (Marek Palatinus), Bitcoin Faucet, possible others
Status: Thief unknown, not caught. Linode employee suspected.
Amount:
  • Bitcoinica: 43554.02005417BTC[16]
  • Bitcoin.cx: 3094.45825078BTC[17]
  • Bitcoin faucet[18]: 4.98800000BTC[19]
Total: About 46653.46630495BTC
Equivalent USD: 230468 $ (rounded to nearest $)
Equivalent in June 2013 BTC: 2140 BTC
Transactions of interest:
  • 5a09f4ef0e91bc7bc044365cd27236fe4ac3c02088ac21ab51c93c8a11d33d4b
  • 7b45c1742ca9f544cccd92d319ef8a5e19b7dcb8742990724c6a9c2f569ae732
  • 901dbcef30a541b8b55fae8f7ad9917ef0754bda5b643705f3773e590785c4d3
  • a57132e2cbc580ac262aa3f7bac1e441d6573f9633118bc48009618585a0967e
  • a82ad85286c68f37a2feda1f5e8a4efa9db1e642b4ef53cb9fd86170169e5e68
  • ff04763e3e8c93e43799dbbca833e183faad7e2611f20f136f47c2f1049481ae
  • 0268b7285b95444808753969099f7ae43fb4193d442e3e0deebb10e2bb1764d0
  • 34b84108a142ad7b6c36f0f3549a3e83dcdbb60e0ba0df96cd48f852da0b1acb
  • 14350f6f2bda8f4220f5b5e11022ab126a4b178e5c4fca38c6e0deb242c40c5f[18]
In early March 2012, the New Jersey-based web and cloud hosting company Linode was suspected of robbing many popular Bitcoin services. A vulnerability in the customer support system was used to obtain administrator access to the servers. Once the Linode servers were compromised, eight accounts dealing with bitcoins were targeted.[20] The hardest hit was the bitcoin trading platform, Bitcoinica. This resulted in the unauthorized transfer of BTC from the “hot wallets”, a term used to describe operational withdrawal wallets, of the services affected. A severe bitcoin-denominated theft, the Linode theft also affected Tradehill, but no coins were stolen from them; instead, Tradehill had a short downtime because of the incident. In the aftermath of this theft, all the services migrated to other platforms. To this day, Bitcoin users fear Linode and usually refrain from using its services.

Betcoin Theft
Time:
EventTime
Theft Commences
Transaction: #1, #2
2012-04-11T10:55:54
Theft Continues
Transaction: #3
2012-04-11T12:15:49
Theft Culminates
Transaction: #4
2012-04-11T12:43:14
All times are blockchain time, and have possible error of up to 3 hours.
Victims: Betco.in, creditors
Status: Hacker not known. Some of creditors' deposits were repaid, around 2900 BTC outstanding.[21]
Amount: Exactly 3171.50195016BTC[22]
Equivalent USD: 15509 $ (rounded to nearest $)
Equivalent in June 2013 BTC: 148 BTC
Transactions of interest:[23]
  • 266e4682abdf4932c4c271872ca9ba6bfdbe75941eb9ba4c4d81e4d3c7364e4b
  • 40fc8f6b2f222fb2871a38a245132ed1eada9ff6aec8d46ebe74b29c64fd82a7
  • bf70ac1d2b702dbe0e14fbefb3a0cb2ff5ee5aa425cfe4249f16d6ede7b3ff14
  • 92968a2331a02a3128460a64ba16fbf8d3a2fc79ebc8882300015d3ca0e4fb17
Similar to the Mooncoin Theft a year ago, and just as devastating, a gambling website's customers lost a large amount of money. This time, the owner took just as large a hit: all the deposits, plus non-live storage, were stolen. 2900 BTC remains to be refunded to creditors today.[21]

Tony Silk Road Scam
Time: 2012-04-20
Victim: Buyers on Silk Road
Status: Scammer known to be Silk Road user “Tony76”
Amount: Estimate 30000 BTC[24]
Equivalent USD: 150000 $ (wt. avg price, rounded to nearest thousand)
Equivalent in June 2013 BTC: 1400 BTC
Users of Silk Road, an underground drug market using Bitcoin as the default currency, bought significant quantities of illicit drugs from trusted vendor “Tony76”. Although Silk Road has an escrow system, trusted vendors are allowed to bypass the system and request that the buyers pay first. On April 20, which is a popular day for drug sales in American culture, Tony76 offered drugs at a significant discount. However, none of the products made it to the customers, revealing the sale as an elaborate sham.

May 2012 Bitcoinica Hack
Time: May 12, 2012, 11:19:00 AM [blockchain time, off by up to three hours]
Victim: Bitcoinica, LLC
Status:
  • Hacker unknown, minimal coins were returned.
  • Venture capital group Wendon Group threatened legal action against Bitcoinica Consultancy.
  • Receivership in New Zealand ongoing.
Amount:
  • Bitcoinica: Exactly 18547.66867623 BTC
  • Creditors of Bitcoinica: Pending liquidation
    • BitMarket.Eu: About 19980 BTC
Total impact: At least 38527 BTC
Equivalent USD: 91306.46 $ (last Mt. Gox price)
Equivalent in June 2013 BTC: 1830 BTC
Chief transaction of interest: 7a22917744aa9ed740faf3068a2f895424ed816ed1a04012b47df7a493f056e8
Zhou Tong, former founder of Bitcoinica, discovered an entry into Bitcoinica's Rackspace server through an excessively privileged compromised email address. This caused the theft of the entire “hot wallet”, funds stored on-site, as well as the loss of the main database. No backups were kept. Bitcoinica shut down because of this incident. The claims process is still ongoing; however, Bitcoinica is now entering receivership.

On December 21, 2012, it was discovered that BitMarket.eu lost a large portion of customer funds which were stored on Bitcoinica.[25] These customers were reportedly unaware that their funds were stored on Bitcoinica. Return of a portion of these funds is still possible, pending the outcome of liquidation.


Bitcoin Syndicate Theft
Time: July 04, 2012, 02:34:19 PM (Mt. Gox time)
Victims:
  • Bitcoin Syndicate
    • Paul Mumby
    • Shareholders on GLBSE
Suspect: IP 130.83.54.115
Status: Pending
Amount: Exactly 1852.61553553 BTC
Equivalent USD: 12134.61 $
Equivalent in June 2013 BTC: 140 BTC
Medium of theft: Mt. Gox
Transactions of interest: On Mt. Gox. Withdrawal transaction was 4c61d3639f010e30ad305b294cd128f381f58fc161d0badda1f39807dc2f12f7.
A hacker infiltrated the Mt. Gox account used by Bitcoin Syndicate, sold off the USD owned, and withdrew all balances.

July 2012 Bitcoinica Theft
Time: 2012-07-13 (UTC)
Victims:
  • Bitcoinica, LLC
  • Creditors of Bitcoinica (former users of Bitcoinica)
Suspects:
SuspectAccused byDefended byAdditional evidence
Zhou TongAurumXChange
Mt. Gox
Tihan SealeSelling bitcoins after event
Chen JinghaiZhou Tong
Status: All funds returned
Amount: Exactly 40000.00000000 BTC (Mt. Gox Daily Limit)
Equivalent USD: 305200 $ (wt. avg, rounded to nearest $)
Equivalent in June 2013 BTC: 3030 BTC
Medium of theft: On MtGox.
On July 13, 2012, a thief compromised the Bitcoinica Mt. Gox account. The thief made off with around 30% of Bitcoinica's bitcoin assets, which are likely to cost claimants of Bitcoinica debt. Additionally, 40000 USD was also reported to be stolen. The thief is still unknown at this point, but the theft has supposedly been entirely returned. This theft further complicated the [#=may_2012_bitcoinica_hack]May 2012 Bitcoinica Hack[/iurl].

BTC-E Hack
Time:
EventTime
Commencing2012-07-31 00:07 (UTC)
Action taken2012-07-31 06:30 (UTC)
Victim: btc-e.com
Suspects:
  • BTC-E chat user MrWubbles*, known as:
    • Bitcoin-related
      • FelicityWubwell @BitcoinTalk
      • SupaDupaJenkins @BitcoinTalk
      • SupaDupaJenkins @bitcoin-otc
    • Social networking
      • SupaDupaTweetz @Twitter
      • SupaDupaDotBit @YouTube
    * Person has denied committing theft after initially pretending to do it. Evidence supports the faked theft admission as mere trolling.
    † Account used at the time of the theft, no longer active.
  • BTC-E (accusation of inside job): Little evidence has been provided; as BTC-E reimbursed its customers, the only thing it could gain from faking the theft was PR—and faking poor security is usually not considered useful PR.
Status: Pending
Amount: Estimate 4500 BTC (Official estimate)
Equivalent USD: 42000 $ (rounded to nearest thousand)
Equivalent in June 2013 BTC: 340 BTC
Medium of theft: On BTC-E.
On July 31, 2012, the BTC-E Liberty Reserve API secret key was broken. This key was shorter than it needed to be at only 16 characters long. The attacker initiated many Liberty Reserve deposits and injected large amounts of USD into the system, which were quickly sold for BTC. Not all BTC was withdrawn; official estimates state that the scope was limited to 4500 BTC. Similar to the June 2011 Mt. Gox Incident, the BTC-E market was disturbed during the duration of the hack. The handling of this hack was widely applauded after BTC-E revealed they would cover the losses and revert to a backup made just before the hack.

Bitfloor Theft
Time:
EventTime
Theft Commences
Transaction: #1
2012-09-04T03:07:39
Theft Continues
Transaction: #2, #3
2012-09-04T03:12:52
Theft Culminates
Transaction: #4, #5
2012-09-04T03:43:33
All times are blockchain time, and have possible error of up to 3 hours.
Victims: Bitfloor, creditors
Status: Hacker not known, but IP is 178.176.218.157. Some coins repayed to creditors.
Amount: Upper Bound 24086.17219307BTC
Equivalent USD: 248088 $ (rounded to nearest)
Equivalent in June 2013 BTC: 2570 BTC
Transactions of interest:[26]
  • 83f3c30dc4fa25afe57b85651b9bbc372e8789d81b08d6966ea81f524e0a02be
  • d5d23a05858236c379d2aa30886b97600506933bc46c6f2aab2e05da85e61ad2
  • 358c873892016649ace8e9db4c59f98a6ca8165287ac80e80c52e621f5a26e46
  • f9d55dc4b8af65e15f856496335a29e2be40f128a7374c75b75529e864579f93
  • 42ea472060118ee5aee801cdedbc4a3403f3708a87340660f766e2669f0afeb0
Although the keys to the hot wallet of Bitfloor was secured, an unencrypted backup was mistakenly stored on some of the servers. After a hacker gained entry, most of not only the hot wallet but also the cold wallet was stolen. To this date, none of the coins have been returned by the hacker to Bitfloor. Although Bitfloor briefly shut down after the incident, it has since restarted and has committed to repaying its creditors.[27] Unfortunately, Bitfloor's banks shut down the exchange's operation before all coins could be recouped.

Cdecker Theft
Time: September 28, 2012, 07:21:14 PM
Victim: Cdecker
Status: Thief IP may be 178.140.220.181[28]
Amount: Exactly 9222.21195900 BTC
Equivalent USD: 113894 $ (rounded to nearest)
Equivalent in June 2013 BTC: 984 BTC
Transactions of interest:
  • 6f85951bcecbe64999ad192275af087c5be2922ee13937693992c1ddf9ae8ce6
  • 8e6a2d0b8132d3d9edc1fcffe1b3079de59c10c67522e2abc51c1d84b260fdac
A supposedly long-time user of Bitcoin found his personal wallet emptied of a significant amount in late September 2012. Because far more severe personal thefts had occurred in the past, the theft went by without much incident.

2012 50BTC Theft
Date: 2012-10-13
Victim: 50BTC Mining Pool
Status: Unresolved.
Transactions of interest:[29]
  • 9dfdb24667657365c469ff20568fcc820f6f028a125d9c22dc521ae44dcf7c5e
  • bd2ad7b49c22d12cf2f8f12ef601952aed2a96907af4df732156fd90165b5ef5
  • d0035ad189634e90239cca82eb53f78e08c0179620b2bd24e2cb291478c7d57a
  • a2b642bafea45bc128d81314ef33542bc807811ba066329eaa1306bd62bec075
Amount: 1173.51659074BTC
Equivalent in June 2013 BTC: 127 BTC
The 50BTC mining pool suffered a hack of the billing software in late 2012. They were unable to identify the vulnerability. After the incident, 50BTC completely rewrote the billing software.[29]

2012 Trojan
Time:
EventTime
Theft Commences
Transaction: #1
2012-10-18 22:56:56
Theft Continues
Transaction: #2, #3, #4, #5, #6, #7, #8, #9, #10
September, October and November 2012
Mralbi @BitcoinTalk theft
Transaction: #11
2012-11-16 03:30:13
Theft Culminates
Transaction: #12, #13
2012-11-16 03:30:13
Victim: Various, incl. Mralbi @BitcoinTalk
Status: Thief IP may be:
  • 97.106.160.84
  • 178.177.115.229
Amount:
  • Through blockchain: Exactly 3257.00000000 BTC +0.02450000 BTC tx fees
  • Through Mt. Gox: Lower Bound 200 BTC
Total: About 3457 BTC
Equivalent USD: 38000 $ (rounded to nearest thousand)
Equivalent in June 2013 BTC: 372 BTC
Transactions of interest:
  • 04e378f81eb620f21927639cd4cda00e0473ca958f4d21f2255f37554b5440fa
  • 065e7ff6b1503fc023876ffe930dcd9866531812e40bbda72835f232c2f23910
  • 0723b67631588b6d5a4a406a9ef8d431c0d5282c6f1cb308fef57c7503d83158
  • 0ae924c33555b294a3f0b256da6a02ab996d30be00eaf184d53281009a3a50d6
  • 3f938408deb6d20a74f6256d3ba0217df266450d4c00c40d94df7b840f66db05
  • 9766b624e004ad1a9369b1b461d33f57e7dddabb43942d34ac10e912cd9ce36b
  • 2db76ebd4b5eecf008334d1bdc1f63f764ca3fb9275557a2a82d52ebf52eea9f
  • c041a74fd565c3eb247ff4b1fb6eb0ab9299c3e7d58e5172c28cbe9540858d5a
  • 82719bedd0730511385faf68d88b9a03e269a40e3fa5f269efe4a9fc3a821f7f
  • 2bc69aa29f56d7051f9cb19bf923c5e2a81879b4f6a3bc849f4166f56d417c2a
  • 8d6602b0e8e4479d79e5dab0c35bdb4f7545513cb426411348ec1502413a8f80
  • 3a66ebef43041f230e799f1efd3a93e41f875c718da683e236632e13a70cf898
  • 0197692748ba894697a0a48fdfdb3e72f3275b079005efad8be062de38b65edf
A trojan horse stole thousands of BTC between September and November of 2012. BitcoinTalk user “mralbi” was a major victim, losing almost 2600 BTC.[30] The same hacker also stole 200 BTC from Mt. Gox accounts, supposedly with the same trojan which doubled as a keylogger.

Bit LC Theft
Time: Discovered February 13, 2013
Victim: Bit LC Inc. and miners
Status: Suspected theft by “Erick”, could be misunderstanding.
Amount: Estimate 2000 BTC[31]
Equivalent USD: 51000 $ (rounded to nearest thousand)
Equivalent in June 2013 BTC: 481 BTC
Transactions of interest:
This alleged theft was unique in that coins held in the hot wallet were safe, but coins held in a cold wallet compromised. The thief is not expected to have access to the coins regardless, so there was little financial gain from this theft. Erick, allegedly the only one with physical access to Bit LC Inc.'s cold wallet, has failed to communicate and withdraw coins. Bit LC Inc. therefore was required to declare bankruptcy. There is no proof that Erick intentionally stole the coins; indeed, some evidence asserts that he or she may simply have disappeared in some manner.

BTCGuild Incident
Time: March 10, 2013
Victim: BTCGuild mining pool
Status: 16 thieves, one has returned 47 BTC
Amount: About 1254 BTC[32]
Equivalent USD: 58737 $ (rounded to nearest)
Equivalent in June 2013 BTC: 675 BTC
When BTCGuild was upgrading the Bitcoind client to 0.8, the mining pool used its original upgrade plan. However, 0.8 is unique in that it reindexes the blockchain. This prompted a temporary state in which the pool was paying out for difficulty-1 shares, as that was the extent of the blockchain parsed. Sixteen separate thieves subsequently emptied the hot wallet. 47 BTC have been returned to the pool. The pool would on the following day lose even more money thanks to a bug causing its recent upgrade to 0.8 to differ from nodes running 0.7 or lower.

2013 Fork
Time: 2013-03-11
Victims: OKPay, many mining pools including slush, BTCGuild, etc.
Status: OKPay double-spend attack resolved.
Amount: Exactly 960.09645667BTC[33]
Equivalent in June 2013 BTC: 517 BTC
A major blockchain fork occurred due to a bug in Bitcoin-Qt clients which had not upgraded to the new 0.8 version. Unfortuantely, those clients formed the majority of Bitcoin users at the time. The resulting fork split mining pools; those that had upgraded lost block revenue. Some mining pools took the hit, whereas others passed the cost on to miners.

The fork also made possible isolated double-spending attack. Only one such attack was conducted, costing OKPay significantly. Luckily, the thief has since returned the money.


Bitcoin Rain
Date: 2011-10-03 to 2013-03-28
Victims: Investors in Bitcoin Rain, account holders on Mercado Bitcoin.
Perpetrator: Leandro César
Amount: Estimate 4000 BTC[34]
Equivalent in June 2013 BTC: 2150 BTC
A suspected long-running con likened to the infamous Bitcoin Savings and Trust, Bitcoin Rain finally defaulted on March 28, 2013. Leandro César claimed there was a security breach on his exchange website Mercado Bitcoin.[35] As Bitcoin Rain's funds were stored there, investors in Bitcoin Rain as well as account holders on Mercado Bitcoin lost money. Some money was reportedly paid back, but the vast majority is still outstanding.

ZigGap
Date: February to April 2013
Victim: Investors and creditors of ZigGap
Amount: About 1708.65967460BTC[36]
Equivalent in June 2013 BTC: 919 BTC
User aethero, who was originally a reputable Bitcoiner, founded ZigGap after two previously succesful ventures, including BitPantry. Purporting to offer easy ways to purchase BTC, ZigGap saw little business. The founder seems to have also suffered mental illness in the latter stages of business operation.[37]

Ozcoin Theft
Time: 2013-04-19
Victim: Ozcoin mining pool
Status: Thief, a user of Strongcoin, known but not disclosed. Strongcoin seized funds and returned 568.94BTC to the mining pool operator.[38]
Amount: Exactly 922.99063322BTC[39]
Equivalent in June 2013 BTC: 983 BTC
A hacker managed to infilterate Ozcoin's payout script, such that all money was paid out to the hacker's address. Luckily, a day later Strongcoin seized most of the stolen funds and promptly returned them to Ozcoin.

Just Dice Incident
Time: 2013-07-15
Victim: Just-Dice investors, Dooglus
Suspect: Just-Dice.com user “celeste”, who claims he was hacked.
Status: Bets rolled back.
Amount: About 1300 BTC[40]
Equivalent USD: About 121000 $
Equivalent in June 2013 BTC: 1000 BTC
A player on Just-Dice.com with an especially large balance asked to withdraw 1300 BTC. Because the hot wallet did not contain that much money, Just-Dice.com operator “dooglus” manually processed the transaction from the cold wallet. However, “dooglus” forgot to remove the balance in Just-Dice.com's database. The Just-Dice.com user then proceeded to bet the fake balance on the gambling website and subsequently lost it all. Because of the manner Just-Dice.com is structured, the website lost money even though the malicious user did not earn any money from the theft.

To recoup losses, the operator rolled back the gambling losses and corrected the wrong balance. This resulted in losses for all “investors” of Just-Dice.com; however, the operator explains that nobody actually lost money because the bet should never have happened. In conclusion, it seems that odd decisions on the malicious user's part and probability ensured no actual loss from the incident, even though 1300 BTC was stolen. The amount was simply lost back to Just-Dice.com thanks to luck in the website's favour.


Silk Road Seizure
Dates:
  • 2013-10-02: First seizure (Silk Road user funds)
  • 2013-10-25: Second seizure (Ross Ulbricht's personal coins)
Victim: Silk Road, Ross Ulbricht, Silk Road users
Perpetrator: FBI seizure
Amount:
  • First seizure: 27618.69843217BTC[41]
  • Second seizure: 144336.39449470BTC[42]
Total: Exactly 171955.09292687BTC
Equivalent in June 2013 BTC: TBD
Silk Road was a former underground marketplace that dealt primarily in Bitcoin. Run by Ross Ulbricht, it was once widely known for frequent narcotic sales.[43] Although it operated under the jurisdiction of the United States, it made little attempt to comply with US law.[44] However, clever use of the Tor technology allowed Silk Road to escape the authorities for years.

Finally, in October 2013, the FBI was able to produce conclusive evidence of Ross Ulbrict's culpability. Ulbricht was found in San Francisco and arrested.[45] In the days ensuing, it seized a large portion of Ulbricht's personal wealth in addition to stored balances by Silk Road users.[46] However, the FBI has yet to successfully seize an estimated remaining 400000 BTC in Ulbricht's personal wallet.[47].

The first seizure came right as Silk Road's domain was seized, and included funds belonging to Silk Road users. The second seizure came several weeks later, seizing coins belonging to Ross Ulbricht himself.

This seizure is notable in that it is the first major legally authorized seizure. At the moment, Ulbricht is awaiting trial in New York.[48]


Inputs.io Hack
Date: 2013-10-26[49] (disputed)
Victim: Inputs.io, passed on to creditors.
Perpetrator: Accusations of inside job.
Transaction of interest: 9536feebe3a50b94f85ca27d56e669a7209bd4188385d55c5b97227c95cf7f74[50]
Amount: Estimate 4100 BTC[51]
Inputs.io, a web wallet service run by BitcoinTalk user TradeFortress, was supposedly “hacked” in October 2013 and was unable to repay user balances in full. There are many accusations of the hack being an inside job. TradeFortress had a contentious reputation and had supposedly scammed two separate people before this incident.[52][53] When the theft was announced in November 2013, TradeFortress began offering partial refunds; however, 4100 BTC was not paid back as that was the shortfall from the supposed “hack”.

Thefts without known chronology
Kronos Hack
Time: ?
Suspects:
  • Alberto Armandi
    • bitdaytrade @BitcoinTalk
    • bitscalper @BitcoinTalk
    • jjfarren @BitcoinTalk
Victim: Kronos.io
Status: Legal action possibly pending
Amount: Estimate 4000 BTC (official estimate)
Amount in June 2013 BTC: 400 BTC[54]
A serial scammer, Alberto Armandi reportedly hacked into a website he himself coded. The vulnerability was in the withdrawal script that Alberto coded, reportedly intentionally as a backdoor. Information about Kronos is highly uncertain, due to a lack of communication. Jonathon Ryan Owens was not responsive to demands for information.

Thefts not included
Some thefts in Bitcoin's history, although severe and damaging to Bitcoin users, did not involve the theft of over one thousand bitcoins. These thefts are listed below.
  • World Bitcoin Exchange, due to fraudulent activity, stole over 5000 BTC worth at the time in AUD. The total amount stolen was 25779.49 AUD. More information: https://bitcointalk.org/index.php?topic=65867.msg923845#msg923845
  • Tradehill was repeatedly hassled by Dwolla, and eventually dropped support after being scammed off 17000 USD. Later fraudulent transactions ended up costing the exchange even more, and after the March 2012 Linode Hacks they shut down, citing 100000 USD stolen or scammed through fraud.

Minor but notable thefts
Other thefts are minor, but are unique in some manner (for example, interesting methods or a first of its kind).
On watch
This section is reserved for possible thefts and scams that bear mentioning. It is not an endorsement, and the presence on this list does not imply a scam. At the moment, no thefts are listed here.

Pirate default
NB: This section is mostly outdated and is preserved for historical reasons.
It's over. I personally will offer sympathy to those who may have lost.

I'm at odds about what to do about this. On one side, the implications are clear: Pirate@40 willingly scammed hundreds off their money, which best estimates put at around 500000 BTC. Such an amount, making up more than 5% of all BTC in circulation, in unprecedented in the history of Bitcoin. It is my duty to include it in this list, as not doing so would be dishonest. However, by doing so, the complexity of this situation requires restructuring at the least.

I am looking for community input into this issue. There are missing data which I deem important, and I welcome any estimates for the values I list below.
  • Total BTC defaulted on
  • Total investors directly with Pirate
  • Total investors exposed through defaulting passthroughs
  • Total investors exposed through all passthroughs, including ones that compensated partially or fully

There are also semantical issues. For example, the list of victims is large and diverse; some were affected in different ways than others. Certain passthrough owners have repaid in Pirate's name in full or in part (notme). The honest passthrough owners (to use the term to describe veracity, to withhold it not to imply malevolence) have without doubt been hurt, but then again many would have profited greatly from the 7% while offered.

I ask for input on handling of semantics. The list below will provide a general overview of decisions that need to be made.

  • BS&T has paid interest. Should this amount be included in the amount scammed, or excluded?
  • People have made bets. Should reference to this be included?
  • Passthrough owners have been hurt in different manners. To what degree should this be highlighted?

Any other help in this complex issue, I would appreciate greatly. I also would like to take this time to, once again, offer heartfelt condolences to all who have suffered.

References

[si

bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile

Ignore
May 26, 2012, 08:52:06 PM
 #3

Thanks for the comprehensive list.

Might want to include hacker caught / law enforcement involved category.

I wanted to do a list like this myself but never had the time.

Can you also maybe do a total of how many BTC have been "stolen" / "lost" / "tainted" / "scammed" !
dree12
Hero Member
*****
Offline Offline

Activity: 980


Du bist ein kartoffelsalat.


View Profile

Ignore
May 26, 2012, 09:13:47 PM
 #4

I'm not sure how to do a total of the amount of stolen coins, because they are always constantly recycled and restolen. If the hacker is ever caught in a major theft, I will be sure to add a category for that.

Blitz­
Donator
Hero Member
*
Offline Offline

Activity: 1008



View Profile

Ignore
May 26, 2012, 09:22:07 PM
 #5

Everyone forgets that Bitcoinica has actually been hacked 3 times.

http://bitcoinmedia.com/bitcoinica-vulnerability-discovered/

I don’t know how much exactly has been stolen in Feb, but it was a few thousand.

"Bitcoin had been transformed from an anarachistic challenge to the financial status quo, to the crypto spawn of Satan, fuelled by cut-throat greed and delusions of avarice." - MatTheCat
dree12
Hero Member
*****
Offline Offline

Activity: 980


Du bist ein kartoffelsalat.


View Profile

Ignore
May 26, 2012, 09:28:23 PM
 #6

Everyone forgets that Bitcoinica has actually been hacked 3 times.

http://bitcoinmedia.com/bitcoinica-vulnerability-discovered/

I don’t know how much exactly has been stolen in Feb, but it was a few thousand.
To be able to include it, there needs to be a good enough estimate. I'll put it as an unknown with the range 2000-9000 for now.

On a side note, does anyone know more about this?
Some guy managed to scam a huge amount of bitcoins on 4/20 'sale weekend' where the site doesn't charge escrow fees, so there's a crazy amount of orders. Tony, their so-called Top #1 selling vendor decided to make hundreds of listings that were auto finalized instantly then disappeared. The estimated loss is at least 100k in bitcoins. Has to be the biggest bitcoin scam of all time, even better than the 643BTC that guy goxxed out of MtGox back in 2011. (allinvain huge loss doesn't count, never was any proof). He also lured fools off site to scam an unknown amount through a secret store he set up.

TONY 2012 - invisible drugs

If this is true, then that is ~20000 BTC, which would rank fourth in the list.

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile

Ignore
May 26, 2012, 09:57:17 PM
 #7

Could you do it in chronological order?

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
dree12
Hero Member
*****
Offline Offline

Activity: 980


Du bist ein kartoffelsalat.


View Profile

Ignore
May 26, 2012, 10:10:30 PM
 #8

Could you do it in chronological order?
Done. The by BTC severity list remains, and I think I'll do a by USD (wt. avg for the long-period scams) list too soon.

Some guy managed to scam a huge amount of bitcoins on 4/20 'sale weekend' where the site doesn't charge escrow fees, so there's a crazy amount of orders. Tony, their so-called Top #1 selling vendor decided to make hundreds of listings that were auto finalized instantly then disappeared. The estimated loss is at least 100k in bitcoins. Has to be the biggest bitcoin scam of all time, even better than the 643BTC that guy goxxed out of MtGox back in 2011. (allinvain huge loss doesn't count, never was any proof). He also lured fools off site to scam an unknown amount through a secret store he set up.

TONY 2012 - invisible drugs

Still need confirmation/more details for this.

epbaha
Member
**
Offline Offline

Activity: 82


View Profile

Ignore
May 26, 2012, 10:27:27 PM
 #9

I can't wait for The Crypto Network to come out in theaters:  http://www.imdb.com/title/tt12850160/  Wink

malevolent
Hypernode
Global Moderator
Hero Member
*
Online Online

Activity: 1036


View Profile

Ignore
May 26, 2012, 11:01:53 PM
 #10

I wanted to make such a list myself too for a few days already but glad someone else wasn't as lazy as me.

You forgot to add moonco.in and a few more probably Wink
dree12
Hero Member
*****
Offline Offline

Activity: 980


Du bist ein kartoffelsalat.


View Profile

Ignore
May 26, 2012, 11:23:13 PM
 #11

I wanted to make such a list myself too for a few days already but glad someone else wasn't as lazy as me.

You forgot to add moonco.in and a few more probably Wink
Does anyone have a better estimate of moonco.in's theft amount? Using SC/BTC parity, and the valuation of SolidCoin at 0.006, and CoinHunter's value of 800000 SC stolen, I think 4800 might be a reasonable estimate. To veer on the conservative side, and to avoid any false precision, I'll use 4000 BTC as a weak estimate.

BIGMERVE
Hero Member
*****
Offline Offline

Activity: 658



View Profile

Ignore
May 26, 2012, 11:35:07 PM
 #12

Some guy managed to scam a huge amount of bitcoins on 4/20 'sale weekend' where the site doesn't charge escrow fees, so there's a crazy amount of orders. Tony, their so-called Top #1 selling vendor decided to make hundreds of listings that were auto finalized instantly then disappeared. The estimated loss is at least 100k in bitcoins. Has to be the biggest bitcoin scam of all time, even better than the 643BTC that guy goxxed out of MtGox back in 2011. (allinvain huge loss doesn't count, never was any proof). He also lured fools off site to scam an unknown amount through a secret store he set up.







The guys name was Tony. I read about 30 or 40 pages on the Silk Road forums. I'll see if I can dig them up.

Kluge
Donator
Hero Member
*
Offline Offline

Activity: 924



View Profile

Ignore
May 27, 2012, 12:02:49 AM
 #13

Now, someone make a list of all USD heists, thefts, hacks, scams, and losses resulting in loss >$5,000.

Accepting new escrow transactions. Free/tips -- over 1350 BTC held in escrow to date.
(seeking remote PT work, ~10hrs/wk - must be tax-compliant in US)
PatrickHarnett
SCAMMER
Hero Member
*****
Offline Offline

Activity: 518



View Profile

Ignore
May 27, 2012, 12:13:52 AM
 #14

https://bitcointalk.org/index.php?topic=65867.msg923845#msg923845

Good list - I would suggest a 1000BTC minimum to get on it, otherwise there would be a number of other, smaller and less relevant losses.  Would Shakaru qualify?
dree12
Hero Member
*****
Offline Offline

Activity: 980


Du bist ein kartoffelsalat.


View Profile

Ignore
May 27, 2012, 12:21:31 AM
 #15

Good list - I would suggest a 1000BTC minimum to get on it, otherwise there would be a number of other, smaller and less relevant losses.  Would Shakaru qualify?
(as of now, defined as over one thousand bitcoin)
I should probably make this more clear. I will wait a while on Andrew Nolan if he reappears. Otherwise, this is a very well defined scam with >1000 BTC.

While this is a very significant bitcoin-related "theft" (by the banks?), I take that no bitcoin was lost, and the losses were actually in AUD. Is this correct?

PatrickHarnett
SCAMMER
Hero Member
*****
Offline Offline

Activity: 518



View Profile

Ignore
May 27, 2012, 12:32:58 AM
 #16

While this is a very significant bitcoin-related "theft" (by the banks?), I take that no bitcoin was lost, and the losses were actually in AUD. Is this correct?
I am guessing the majority of losses will be AUD losses (around $26000), but depending on recovery, there are likely to be people over 1000 coins out of pocket.  It might just sit here in the thread as a footnote/cross link.
dree12
Hero Member
*****
Offline Offline

Activity: 980


Du bist ein kartoffelsalat.


View Profile

Ignore
May 27, 2012, 12:40:03 AM
 #17

While this is a very significant bitcoin-related "theft" (by the banks?), I take that no bitcoin was lost, and the losses were actually in AUD. Is this correct?
I am guessing the majority of losses will be AUD losses (around $26000), but depending on recovery, there are likely to be people over 1000 coins out of pocket.  It might just sit here in the thread as a footnote/cross link.
I listed WBE in a new section. This section is broad enough some others may qualify.

repentance
Hero Member
*****
Offline Offline

Activity: 770


View Profile

Ignore
May 27, 2012, 12:52:30 AM
 #18

I listed WBE in a new section. This section is broad enough some others may qualify.

TradeHill should probably be in this section too as losses due to fraud were the primary reason they stopped operating.  I think don't think Jered posted final figures on how much user fraud cost TradeHill overall, but I seem to recall him talking about specific amounts in relation to some of the earlier incidents which affected them and the amount being in the tens of thousands of dollars.

Although both TradeHill and MtGox covered the losses so users weren't affected, the Bitcoins which were bought and then sold through fraudulent deposit schemes should probably count as "stolen" or "scammed" as they were never paid for by the users who laundered them.


All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
FreeMoney
Hero Member
*****
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW

Ignore
May 27, 2012, 01:35:00 AM
 #19

Now, someone make a list of all USD heists, thefts, hacks, scams, and losses resulting in loss >$5,000.

That happens? I'm still using dollars for some things, is it safe?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
malevolent
Hypernode
Global Moderator
Hero Member
*
Online Online

Activity: 1036


View Profile

Ignore
May 27, 2012, 09:34:26 AM
 #20

I think don't think Jered posted final figures on how much user fraud cost TradeHill overall

I think he mentioned $100k somewhere but I'm not 100% sure.

P.S. Add shakaru too, about $22k in dollars and bitcoins
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!