Bitcoin Forum
December 10, 2016, 01:29:04 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitcoinica's "Hot Wallet" loaded hours prior to the heist?  (Read 1894 times)
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
June 18, 2012, 06:37:10 AM
 #1

I'm no expert on "hot wallets" or "cold wallets", but it seems strange to me that a majority of the transactions that funded Bitcoinica's "Hot Wallet" which was stolen, was transferred to said wallet only hours prior to the heist. The only main exceptions are four large transactions on the 9th, the time frame of which genjix was in Germany.

0i!

I'm in Berlin for a while. I'm doing a Bitcoin intro at c-base. If you want to do a talk, then email me (genjix@riseup.net) and I'll add you to the schedule.

11th May (Friday) at 20:00
http://maps.google.com/maps?q=c-base,+berlin&hl=en&sll=37.0625,-95.677068&sspn=44.069599,69.082031&hq=c-base,&hnear=Berlin,+Germany&t=m&z=15
U-bahn Jannowitzbrucke (1 away from Alexanderplatz)

https://bitcointalk.org/index.php?topic=81045.msg894400#msg894400     DATE/TIME = May 11, 2012, 09:19:07 AM  Berlin Time?
Quote
This is the first we have heard of this attack (on the forums just now). zhoutong did not even tell us yet. We were gradually assuming control of Bitcoinica over the last weeks by setting up a new platform.

There shouldn't even be that much money in the live wallet. I'm waiting to get more information before saying more though. This is kind of ridiculous considering that already money was lost on Linode. The big question going through my head is why was that much money being stored on a Rackspace server.

I am angry that our name is being dragged through the mud for something we had no part in.


Quote
Received Time   (2012-05-11 12:18:15)

Included in block     179688       (2012-05-11 12:30:33 +12 minutes)



1KgTc9RSE91fS4Cfc48rbkkkGEHhjLhe7V (78.6284349 BTC - Output)      (2012-05-11 11:31:02)

1CMKwkqWVD6BiuHWtrBFTiiCSuSxyyN677 (4,749 BTC - Output)           (2012-05-09 22:59:22)

1KsssDbhj8sW5rvcQ6NHiNoxU2wmSVUrQT (3,750 BTC - Output)            (2012-05-09 22:59:22)

1Fs1ixzNdPDqLcvsNieUtxd6nX5mZ67SR3 (3,199.9375078 BTC - Output)   (2012-05-09 22:59:22)

1PqfGjpgZpdd4gbbGUsUWPJkVaVqoSLizY (3,519 BTC - Output)              (2012-05-09 22:59:22)


1PMCKJc5dy5qiXEjCLE7rNN38F117txf8D (10 BTC - Output)                     (2012-05-11 03:02:15)

1Fy7piz4aEJBNLUZKUfA6fDQuYyavbod7m (0.16584402 BTC - Output)      (2012-05-11 08:46:53)

1FnkfHqrBVWVSRxqkKW72frCTujmo2tt9R (5.29830025 BTC - Output)      (2012-05-11 02:47:04)

1A62DnxpWARroVYXM7X7huZe7kysMug3mM (2 BTC - Output)                 (2012-05-11 05:15:24)

12t1Dp1Cat6z7cnMGP5oGE1LsxD8wNJZTE (19.827246 BTC - Output)       (2012-05-11 02:47:04)

15EKqUPkSb6DfoMmKgatMskiAkwCdh8n7b (0.22150824 BTC - Output)     (2012-05-11 10:01:37)

1KuNvyWFqc5wBSWUCyJLDgv12vequwMMCS (0.0005 BTC - Output)        (2012-05-11 03:20:13)

1A62DnxpWARroVYXM7X7huZe7kysMug3mM (0.5 BTC - Output)               (2012-05-11 05:55:08)

1KxFvsetNsiPP6oKcHAe3D29Wq2R2Kzfxu (700 BTC - Output)                   (2012-05-11 05:15:24)

1DMcPxrjDxQ7DpnPhNVnx2Pgs8jiwk7EiX (4 BTC - Output)                        (2012-05-11 07:42:06)

1JRvN52epYmWdk3bZXE3sZxgVeTo5qN3LS (27.8375165 BTC - Output)      (2012-05-11 05:55:08)

1HPnh4o5pmmK1784TjtPyVTFj3mhyiBajn (0.01306063 BTC - Output)          (2012-05-11 05:23:51)

16ighKEKdAPqPDhw3r8KfmjhQWVHSBzBeU (10 BTC - Output)                  (2012-05-11 08:46:53)

19WsmzLuZW25WtvGLmhzVjCcRDf4KAmjYz (0.001 BTC - Output)             (2012-05-10 13:55:01)
  
1kvhbNMVbwEV1dPhh5QKfPdf8Z5DoW7zc (6.35 BTC - Output)                  (2012-05-11 06:22:44)

16ywQheQqeGMjjBeREPQ5motMQZfHghDKi (0.01593486 BTC - Output)     (2012-05-11 05:55:08)

142xFX8VJNmdkPTvMrff4rRG5d11NHEAA8 (0.001 BTC - Output)                 (2012-05-11 08:39:40)

1KuNvyWFqc5wBSWUCyJLDgv12vequwMMCS (0.001 BTC - Output)            (2012-05-11 08:39:40)

16Htoo4s3jMmRFzCqU32HtQhpWJnF7FJ21 (49.17813057 BTC - Output)      (2012-05-11 05:15:24)

1JfAAbfKAK6nNVNr9bdRuMwzM7ojuBS6gh (0.87420583 BTC - Output)        (2012-05-11 05:56:52)

18MsaLYNa5a6Un5qauip1EChxQ4ibrNBhj (8.7136648 BTC - Output)             (2012-05-11 05:15:24)

1vgTYAxdF1DaKXUP1SAAe4QmJ95MJh5HG (0.2 BTC - Output)                   (2012-05-11 08:46:53)

1EdgCDGYBn4twN1doYzQ9bUozBsuCJFY93 (50 BTC - Output)                    (2012-05-11 10:01:37)

1kvhbNMVbwEV1dPhh5QKfPdf8Z5DoW7zc (13.99 BTC - Output)                   (2012-05-11 05:23:51)

18RoAhyH8FsFWXCF54owJzReKch5MAMHsg (2,341.91382183 BTC - Output)      (2012-05-11 05:15:24)

I don't quite understand the below, given the above (Note Times).

https://bitcointalk.org/index.php?topic=81045.msg894305#msg894305
Quote
We have over 80% of our Bitcoins in offline wallets at the moment before the attack. We had to keep a large balance because the withdrawals are huge!

The time zone in Germany was mid-afternoon when the hack occurred. ZT claims genjix was asleep. Exactly what were the other principle's local times when the hack occured?

https://bitcointalk.org/index.php?topic=81045.msg894435#msg894435
Quote
Please don't blame genjix. It's definitely not his fault.

He's not in our mailing list so it couldn't be him.

Well, shit just happens and it's not anyone's fault or incompetence here. I'm the only guy awake when the incident happens.

After we're done discussing this issue, I'll have an even better question(s) waiting in the queue.

~Bruno~
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481333344
Hero Member
*
Offline Offline

Posts: 1481333344

View Profile Personal Message (Offline)

Ignore
1481333344
Reply with quote  #2

1481333344
Report to moderator
1481333344
Hero Member
*
Offline Offline

Posts: 1481333344

View Profile Personal Message (Offline)

Ignore
1481333344
Reply with quote  #2

1481333344
Report to moderator
LightRider
Legendary
*
Offline Offline

Activity: 1488


I advocate the Zeitgeist Movement & Venus Project.


View Profile WWW
June 18, 2012, 06:41:05 AM
 #2

5/11 was an inside job.

Bitcoin combines money, the wrongest thing in the world, with software, the easiest thing in the world to get wrong.
Visit www.thevenusproject.com and www.theZeitgeistMovement.com.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
June 18, 2012, 06:45:19 AM
 #3

5/11 was an inside job.

LOL!

With that, I'm going to bed, for I have to go to Valparaiso, IN, in a few hours to help load a deconstructed barn onto a truck.

~Bruno~
Foxpup
Legendary
*
Offline Offline

Activity: 1708



View Profile
June 18, 2012, 07:44:44 AM
 #4

It's not strange at all that the majority of coins in the hot wallet were only a few hours old at most. The hot wallet probably gets swept into the cold wallet every few hours or so. It would be more secure for funds to go straight to the cold wallet and transferred to the hot wallet as needed, but I guess doing it this way makes fast withdrawals easier. Or something. Either way, the real question is, what the Hell were these old coins doing in the hot wallet for so long without being either withdrawn or transfered to cold storage? Huh

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
June 18, 2012, 11:28:12 AM
 #5

Nose meet fish.

Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
June 18, 2012, 11:58:45 AM
 #6

http://internetdetective.co

I'll just leave this here  Tongue

Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
June 18, 2012, 01:23:31 PM
 #7

http://internetdetective.co

I'll just leave this here  Tongue

After clicking that link three times, I saw what you did there. I ain't stupid!

Seriously, I aint' stupid! That said, let's move on to the following.

Nose meet fish.

You think so? Wait till you read what I have to say about Foxpup's post.

It's not strange at all that the majority of coins in the hot wallet were only a few hours old at most. The hot wallet probably gets swept into the cold wallet every few hours or so. It would be more secure for funds to go straight to the cold wallet and transferred to the hot wallet as needed, but I guess doing it this way makes fast withdrawals easier. Or something. Either way, the real question is, what the Hell were these old coins doing in the hot wallet for so long without being either withdrawn or transfered to cold storage? Huh

This has bothered me from day one, yet I've never seen anybody address it.

All the transfers were done manually, some of which stemmed from another wallet that was split, possibly sending the other coins to a/the "Cold Wallet" where they still reside to this day--untouched and nicely rounded to a whole integer awaiting the 50% return-to-investers(?).

Quote
Either way, the real question is, what the Hell were these old coins doing in the hot wallet for so long without being either withdrawn or transfered to cold storage? Huh

Exactly my point! There were 15,000+ BTC simply setting for over 2 days in the "Hot Wallet" yet...

https://bitcointalk.org/index.php?topic=81045.msg894305#msg894305
Quote
We have over 80% of our Bitcoins in offline wallets at the moment before the attack. We had to keep a large balance because the withdrawals are huge!

Hunt the "Hot Wallet"

I was toying with the idea of naming this thread just that for, you see, there wasn't a single "Hot Wallet" that 18K+ BTC were taken from, but 30 separate wallets that the hacker had easy access to and transferred to 182tGyiczhXSSCTciVujNRkkMw1zQxUVhp during a 12 minute(?) time span. I don't see a "Hot Wallet" with an address 1BitcoinicaHotWallet... (example purposes only) being transferred to 182tGyiczhXSSCTciVujNRkkMw1zQxUVhp. I see a "Hot Wallet" (double, but possibly a triple entendre)--182tGyiczhXSSCTciVujNRkkMw1zQxUVhp--of which was funded with coins staged hours beforehand from 26 wallets, 15,000K+ BTC staged 2+ days prior residing in 4 other wallets, along with coins from 3 other wallets after the fact.

Unless a "Hot Wallet" (sigular) refers to a myriad of wallets (plural) where coins sit patiently awaiting transfer when the need arises, the only "Hot Wallet" I see is 182tGyiczhXSSCTciVujNRkkMw1zQxUVhp of which was still being funded after the heist was announced, then all the coins except a couple+ in said wallet neatly transferred (all whole integers except the encrypted one) only 13+ hours later.

Please correct me if I'm in error.

~Bruno~
Vod
Legendary
*
Offline Offline

Activity: 1862


Licking my boob since 1970


View Profile WWW
June 18, 2012, 01:28:13 PM
 #8

5/11 was an inside job.

I know you were making a joke, but it was an inside job.

That's the reason no one ever went to the police. 

I'm into creating universes, smiting people, writing holy books and listening to prayers.
If you want your prayers answered, you must donate to 1CDyx8AUTiYXS1ThcBU3vy4SJWQq6pdFMH
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
June 18, 2012, 02:24:45 PM
 #9

5/11 was an inside job.

I know you were making a joke, but it was an inside job.

That's the reason no one ever went to the police.  

I thought it was because of this:

A few things should be made very clear to everybody.

One of the first things we considered was having a court appointed liquidator.

It was decided that this was not the correct course of action for several reasons, first and foremost it would be significantly expensive and would be a significant delay.

Additionally we couldn't answer how they would treat bitcoin deposits.

If anybody decides to file a criminal complaint you will effectively guarantee that it will be months or even years before anybody sees their funds.

Seriously doing that is not the best way to get you funds back, indeed it is far from it.

As for isis100 there isn't even a record of your being a registered user and you have completely failed to forward any information you have to verify@bitcoinica.com

Again we are working on making this entire process be as fair as possible but the constant pressure from people who as far as i can tell are either just bored and entertaining themselves or attempting to scam funds is making the process take much longer than it should.

As for me...

  • I'm not bored. (check)
  • I'm not trying to scam funds. (check)
  • I freely admit entertaining myself with this episode, but ever so slightly. Any of my humorous posts should stick out like a sore thumb, but topics like this one are not meant as entertainment for me, et al. (check)

~Bruno~
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 18, 2012, 03:47:50 PM
 #10

A "hot wallet" doesn't have to be one address, it can contain several.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
June 20, 2012, 04:32:33 AM
 #11

A "hot wallet" doesn't have to be one address, it can contain several.

I guess I should have paid better attention in Bitcoin 101 class instead of shooting spit wads at Matthew. Thanks for the correction, rjk.

Can a whole wallet (hot or cold) be transferred in one transaction, or does each address in a wallet need to be transferred one at a time?

The reason for asking is that I find it odd that the hacker would manually transfer 0.001 BTC not once, but three times, along with scooping up an address containing 0.0005 BTC. It's akin to a bank robber stopping to pick up a penny while carrying ill-gotten loot, although he's in the hurry to get to the get-away-car.

I want to revisit this issue:

Quote
1CMKwkqWVD6BiuHWtrBFTiiCSuSxyyN677 (4,749 BTC - Output)           (2012-05-09 22:59:22)

1KsssDbhj8sW5rvcQ6NHiNoxU2wmSVUrQT (3,750 BTC - Output)            (2012-05-09 22:59:22)

1Fs1ixzNdPDqLcvsNieUtxd6nX5mZ67SR3 (3,199.9375078 BTC - Output)   (2012-05-09 22:59:22)

1PqfGjpgZpdd4gbbGUsUWPJkVaVqoSLizY (3,519 BTC - Output)              (2012-05-09 22:59:22)

In the above you see four large sums residing in four different address in the "Hot Wallet", with all four transferred there two days prior. But ZT was quick to post the following.

https://bitcointalk.org/index.php?topic=81045.msg894305#msg894305   US CST: May 11, 2012, 08:32:55 AM  by ZT
Quote
We have over 80% of our Bitcoins in offline wallets at the moment before the attack. We had to keep a large balance because the withdrawals are huge!

I'm wondering if any clients received funds from Bitcoinica prior to the heist (2-3 day window)--huge or otherwise.

Less than an hour later, genjix posted the below while in Germany.

https://bitcointalk.org/index.php?topic=81045.msg894400#msg894400   US CST: May 11, 2012, 09:19:07 AM  by genjix
Quote
This is the first we have heard of this attack (on the forums just now). zhoutong did not even tell us yet. We were gradually assuming control of Bitcoinica over the last weeks by setting up a new platform.

There shouldn't even be that much money in the live wallet. I'm waiting to get more information before saying more though. This is kind of ridiculous considering that already money was lost on Linode. The big question going through my head is why was that much money being stored on a Rackspace server.

I am angry that our name is being dragged through the mud for something we had no part in.

Please forgive me if it seems as if I'm beating a dead horse, but I'll continue to beat the beast as long as his ears are still wiggling.

~Bruno~

PS: Damn, I forgot to include in this post another nugget.

It seems that the first transaction [1KgTc9RSE91fS4Cfc48rbkkkGEHhjLhe7V (78.6284349 BTC - Output)] stemmed from a split, with the other transaction amount finding its way to...wait for it...the address 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM.
dooglus
Legendary
*
Offline Offline

Activity: 2002



View Profile
June 20, 2012, 06:54:20 AM
 #12


Quote
Received Time   (2012-05-11 12:18:15)
1CMKwkqWVD6BiuHWtrBFTiiCSuSxyyN677 (4,749 BTC - Output)           (2012-05-09 22:59:22)
1KsssDbhj8sW5rvcQ6NHiNoxU2wmSVUrQT (3,750 BTC - Output)            (2012-05-09 22:59:22)
1Fs1ixzNdPDqLcvsNieUtxd6nX5mZ67SR3 (3,199.9375078 BTC - Output)   (2012-05-09 22:59:22)
1PqfGjpgZpdd4gbbGUsUWPJkVaVqoSLizY (3,519 BTC - Output)              (2012-05-09 22:59:22)


These look like change outputs after 4 separate withdrawals of 250 BTC from the hot wallet.  It could be they split large amounts up into smaller amounts to save on fees, or perhaps they transferred coins to the cold wallet in pieces of 250 BTC.  Maybe they deposited to MtGox in 250 BTC pieces.  Either way, each of those 4 amounts is the change from sending 250 BTC elsewhere, not a deposit to the hot wallet.

bracek
Hero Member
*****
Offline Offline

Activity: 530


View Profile
June 20, 2012, 11:08:50 AM
 #13

isn't it nice that they asked users for scans of documents just before the second "hack"
if you ask me, too convenient,
take all that money, and have some identities along,
why not, it's free

please don't attack me now, but it all points to the young genius

i have no knowledge or info on all this and have no money there,
I just had to say it as an bystander

I have noticed some wild connections on all those hacks, but it would sound too stupid to even speculate...
disclaimer201
Legendary
*
Offline Offline

Activity: 1316


View Profile
June 20, 2012, 12:28:27 PM
 #14

Could this be used to follow the trail of the Bitcoinica hack, too?

https://bitcointalk.org/index.php?topic=88584.msg975907#msg975907

It was linked here for hunting down stolen coins from the Linode hack:

https://bitcointalk.org/index.php?topic=66916.300

Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
June 20, 2012, 01:23:52 PM
 #15


Quote
Received Time   (2012-05-11 12:18:15)
1CMKwkqWVD6BiuHWtrBFTiiCSuSxyyN677 (4,749 BTC - Output)           (2012-05-09 22:59:22)
1KsssDbhj8sW5rvcQ6NHiNoxU2wmSVUrQT (3,750 BTC - Output)            (2012-05-09 22:59:22)
1Fs1ixzNdPDqLcvsNieUtxd6nX5mZ67SR3 (3,199.9375078 BTC - Output)   (2012-05-09 22:59:22)
1PqfGjpgZpdd4gbbGUsUWPJkVaVqoSLizY (3,519 BTC - Output)              (2012-05-09 22:59:22)


These look like change outputs after 4 separate withdrawals of 250 BTC from the hot wallet.  It could be they split large amounts up into smaller amounts to save on fees, or perhaps they transferred coins to the cold wallet in pieces of 250 BTC.  Maybe they deposited to MtGox in 250 BTC pieces.  Either way, each of those 4 amounts is the change from sending 250 BTC elsewhere, not a deposit to the hot wallet.

All four 250 BTC went here: http://blockchain.info/tx-index/5866198/8b0a8ed0b2d3b22926615759d882364c7702cca7877782822563ead0b5f62515

So, for two days no other transfers (huge or small) were needed to send to clients from either of those amounts?

Quote
We have over 80% of our Bitcoins in offline wallets at the moment before the attack. We had to keep a large balance because the withdrawals are huge!

And who is "we", for genjix claims he had no idea such a large balance was kept (or in this case, recently placed) in the "Hot Wallet"?

~Bruno~
shad0wbitz
Full Member
***
Offline Offline

Activity: 182


View Profile WWW
June 20, 2012, 01:58:33 PM
 #16

Wow ...

Thank you for taking the time to research this Phinnaeus. I guess the three stooges have some explanations to give. By the way, what happened with the "Pie in the face claim process". I can't find that thread anywhere, and to my understanding nobody got their money.

GOX SUX COX!
The true faces of the Bitcoinica / Intersango SCAM! - Bitcoin was born in the shad0ws, for the shad0ws.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
June 20, 2012, 02:48:25 PM
 #17

Wow ...

Thank you for taking the time to research this Phinnaeus. I guess the three stooges have some explanations to give. By the way, what happened with the "Pie in the face claim process". I can't find that thread anywhere, and to my understanding nobody got their money.


Are you being a "Wise Guy" or are we being distracted by looking at the grouse?
allten
Sr. Member
****
Offline Offline

Activity: 447



View Profile
June 20, 2012, 02:51:20 PM
 #18

Wow ...

Thank you for taking the time to research this Phinnaeus. I guess the three stooges have some explanations to give. By the way, what happened with the "Pie in the face claim process". I can't find that thread anywhere, and to my understanding nobody got their money.


shad0wbitz. account created the day before (or maybe the day of) Zhou sold the company.
Too convenient.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
June 21, 2012, 02:06:09 PM
 #19

Wow ...

Thank you for taking the time to research this Phinnaeus. I guess the three stooges have some explanations to give. By the way, what happened with the "Pie in the face claim process". I can't find that thread anywhere, and to my understanding nobody got their money.


shad0wbitz. account created the day before (or maybe the day of) Zhou sold the company.
Too convenient.

I've read all of shad0wbitz's posts and he seems, to me, to be a straight-up guy.

~Bruno~
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!