wpalczynski
Legendary
 Offline
Activity: 1456
Merit: 1000
|
 |
January 05, 2015, 04:09:04 PM |
|
The lack of clear and timely communication from Bitstamp is disconcerting.
|
|
|
|
|
|
|
|
|
|
|
|
|
It is a common myth that Bitcoin is ruled by a majority of miners. This is not true. Bitcoin miners "vote" on the ordering of transactions, but that's all they do. They can't vote to change the network rules.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
stonehedge
Legendary
Offline
Activity: 1652
Merit: 1002
Decentralize Everything
|
|
January 05, 2015, 04:13:03 PM |
|
The lack of clear and timely communication from Bitstamp is disconcerting.
I agree but sometimes it is necessary if you have been attacked or are still under attack. Law enforcement could be involved. There are all kinds of reasons why they might want to keep quiet for now. Better to speak occasionally and accurately than regularly and speculate. |
|
|
|
|
DoM P
Newbie
Offline
Activity: 34
Merit: 0
|
|
January 05, 2015, 04:13:31 PM |
|
The lack of clear and timely communication from Bitstamp is disconcerting.
When techs are at work, there's not much more to say than "We got it covered, working 100% on it, will keep you informed asap" And that's basically what they said... |
|
|
|
|
wpalczynski
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
January 05, 2015, 04:16:43 PM |
|
It might put peoples mind at ease if they state how much they have in cold storage, and they should have an idea of how much was stolen.
|
|
|
|
rebuilder
Legendary
Offline
Activity: 1615
Merit: 1000
|
|
January 05, 2015, 04:25:02 PM |
|
Bad and sad news.
Hopefully 2FA will be incorporated into Bitcoin at protocol level if it proves to be a success for Darkcoin.
Imagine that...stolen coins unspendable...
That wouldn't have helped here. It was Bitstamp's hot wallet that was compromised, the main reason to have a hot wallet is to be able to automate transactions. If 2FA was enabled, they'd either have to manually approve each transaction, which defeats the point of having a hot wallet, or automate that part too, which would negate the benefits of 2FA. |
Selling out to advertisers shows you respect neither yourself nor the rest of us.
---------------------------------------------------------------
Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
|
|
|
|
freebit13
|
|
January 05, 2015, 04:25:48 PM |
|
Bad and sad news.
Hopefully 2FA will be incorporated into Bitcoin at protocol level if it proves to be a success for Darkcoin.
Imagine that...stolen coins unspendable...
That's what multisig is for... |
Decentralize EVERYTHING!
|
|
|
|
celebreze32
|
|
January 05, 2015, 04:29:17 PM |
|
Bad and sad news.
Hopefully 2FA will be incorporated into Bitcoin at protocol level if it proves to be a success for Darkcoin.
Imagine that...stolen coins unspendable...
That's what multisig is for... There was a story about a dark market silk road successor site that was busted, but the feds could not get users bitcoins because the site used multisig. If a dodgy website like that can use multisig why can't the legit exchanges? They could at least offer it as optional. |
|
|
|
|
|
freebit13
|
|
January 05, 2015, 04:37:19 PM |
|
Bad and sad news.
Hopefully 2FA will be incorporated into Bitcoin at protocol level if it proves to be a success for Darkcoin.
Imagine that...stolen coins unspendable...
That's what multisig is for... There was a story about a dark market silk road successor site that was busted, but the feds could not get users bitcoins because the site used multisig. If a dodgy website like that can use multisig why can't the legit exchanges? They could at least offer it as optional. Clearly profits outweigh security. It's all speculation at this point and there is a serious lack of information, but my guess is someone screwed up some code somewhere that was creating the hotwallet key pairs and they didn't realize until it was too late which is why they cannot honor any transactions sent to those addresses. |
Decentralize EVERYTHING!
|
|
|
tarmi
Legendary
Offline
Activity: 1218
Merit: 1010
|
|
January 05, 2015, 04:40:52 PM |
|
so they sent the funds to cold storage. And there is no issue I am hoping.  the question here is whose cold storage is that. They stopped with deposits 3h before last transaction... doesnt mean anything really, because someone could have sent his coins to the stamp's hacked hot wallet addresses. in fact, I will send 1 satoshie to my old stamp address right about now just for fun. To tarmi : Some new transactions can be seen on the "Hack" address. Could you see if some of these satoshis come from your address? no. |
|
|
|
|
rebuilder
Legendary
Offline
Activity: 1615
Merit: 1000
|
|
January 05, 2015, 04:46:15 PM |
|
Clearly profits outweigh security. It's all speculation at this point and there is a serious lack of information, but my guess is someone screwed up some code somewhere that was creating the hotwallet key pairs and they didn't realize until it was too late which is why they cannot honor any transactions sent to those addresses.
As I see it, there are three scenarios. 1. Bitstamp is pulling a runner, or has otherwise been fraudulent and can no longer cover it up. See Gox. 2. Bitstamp was hacked. 3. Your scenario, where an error was made and keys were lost. Edit: Possibly the keys might also have been made openly available through a server misconfiguration or such. If it's a hack, they may or may not have lost funds. They may have been compromised in a way that might in principle expose the hot wallet keys to an intruder, but the intruder didn't or couldn't yet spend the BTC. Or they may have simply been robbed. If it's #3, the BTC is probably lost. Now, in either scenario, #2 or #3, it makes sense for them to shut the service down. The system is compromised one way or another and can't be trusted to function properly. But Bitstamp remained open for business for some time after their announcement about the keys being compromised was made. Wouldn't you pull the plug on the exchange immediately, if you knew you'd either been hacked or had been exposed to some kind of systemic flaw that might repeat itself? Why wait? |
Selling out to advertisers shows you respect neither yourself nor the rest of us.
---------------------------------------------------------------
Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
|
|
|
wpalczynski
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
January 05, 2015, 04:52:45 PM |
|
Shutting down impacts the reputation greatly. Perhaps they tried to mitigate the risk in other ways first. These exchanges depend of their reputation. Clearly profits outweigh security. It's all speculation at this point and there is a serious lack of information, but my guess is someone screwed up some code somewhere that was creating the hotwallet key pairs and they didn't realize until it was too late which is why they cannot honor any transactions sent to those addresses.
Wouldn't you pull the plug on the exchange immediately, if you knew you'd either been hacked or had been exposed to some kind of systemic flaw that might repeat itself? Why wait? |
|
|
|
DoM P
Newbie
Offline
Activity: 34
Merit: 0
|
|
January 05, 2015, 04:53:57 PM |
|
Clearly profits outweigh security. It's all speculation at this point and there is a serious lack of information, but my guess is someone screwed up some code somewhere that was creating the hotwallet key pairs and they didn't realize until it was too late which is why they cannot honor any transactions sent to those addresses.
As I see it, there are three scenarios. 1. Bitstamp is pulling a runner, or has otherwise been fraudulent and can no longer cover it up. See Gox. 2. Bitstamp was hacked. 3. Your scenario, where an error was made and keys were lost. Edit: Possibly the keys might also have been made openly available through a server misconfiguration or such. If it's a hack, they may or may not have lost funds. They may have been compromised in a way that might in principle expose the hot wallet keys to an intruder, but the intruder didn't or couldn't yet spend the BTC. Or they may have simply been robbed. If it's #3, the BTC is probably lost. Now, in either scenario, #2 or #3, it makes sense for them to shut the service down. The system is compromised one way or another and can't be trusted to function properly. But Bitstamp remained open for business for some time after their announcement about the keys being compromised was made. Wouldn't you pull the plug on the exchange immediately, if you knew you'd either been hacked or had been exposed to some kind of systemic flaw that might repeat itself? Why wait?
Because the analysis may take time. So you start communicating, then you realise the extent of the problem, and then only you pull the plug... |
|
|
|
|
|
celebreze32
|
|
January 05, 2015, 04:56:57 PM |
|
so they sent the funds to cold storage. And there is no issue I am hoping. the question here is whose cold storage is that. They stopped with deposits 3h before last transaction... doesnt mean anything really, because someone could have sent his coins to the stamp's hacked hot wallet addresses. in fact, I will send 1 satoshie to my old stamp address right about now just for fun. To tarmi : Some new transactions can be seen on the "Hack" address. Could you see if some of these satoshis come from your address? no. Everything sent to that address since this morning is dust, apart from a 0.79556526 BTC deposit an hour and a half ago. Why would someone send 0.79556526 BTC there? |
|
|
|
|
|
riiiiising
|
|
January 05, 2015, 05:00:44 PM |
|
Bitcoin, the new digital currency of the Internet age!
Just don't ever store them on the Internet, or on a computer connected to the Internet. And when you set up your cold wallet, it's best to use a computer that's never been connected to the Internet before. (and if you print it with a network enabled printer, make sure that the wallet isn't stored in the cache).
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
January 05, 2015, 05:03:20 PM |
|
|
|
|
|
|
wobber
Legendary
Offline
Activity: 1064
Merit: 1001
|
|
January 05, 2015, 05:06:07 PM |
|
Hacks on exchanges are complicated. A hack on Bitstamp, which takes security seriously, it's extremely complicated.
So, if this happened, I would assume the hacker would have acquired access at least few days earlier. I would also assume code has been tampered with someway, and some audit has to be made. Even if they use strict change management policies, a full code audit is a must.
|
If you hate me, you can spam me here: 19wdQNKjnATkgXvpzmSrkSYhJtuJWb8mKs
|
|
|
|
celebreze32
|
|
January 05, 2015, 05:06:27 PM |
|
so they sent the funds to cold storage. And there is no issue I am hoping. the question here is whose cold storage is that. They stopped with deposits 3h before last transaction... doesnt mean anything really, because someone could have sent his coins to the stamp's hacked hot wallet addresses. in fact, I will send 1 satoshie to my old stamp address right about now just for fun. To tarmi : Some new transactions can be seen on the "Hack" address. Could you see if some of these satoshis come from your address? no. Everything sent to that address since this morning is dust, apart from a 0.79556526 BTC deposit an hour and a half ago. Why would someone send 0.79556526 BTC there? nobody did deposit directly to that address. my guess is that someone did not read the notification and sent 0.79 btc to his old bitstamp address. That would suggest Bitstamp's system must be partially running, and it has not been given a new hot wallet address to use. I would have expected Bitstamp to update it's system to use a new hot wallet address if it had lost control of it's old one. |
|
|
|
|
tarmi
Legendary
Offline
Activity: 1218
Merit: 1010
|
|
January 05, 2015, 05:08:56 PM |
|
so they sent the funds to cold storage. And there is no issue I am hoping. the question here is whose cold storage is that. They stopped with deposits 3h before last transaction... doesnt mean anything really, because someone could have sent his coins to the stamp's hacked hot wallet addresses. in fact, I will send 1 satoshie to my old stamp address right about now just for fun. To tarmi : Some new transactions can be seen on the "Hack" address. Could you see if some of these satoshis come from your address? no. Everything sent to that address since this morning is dust, apart from a 0.79556526 BTC deposit an hour and a half ago. Why would someone send 0.79556526 BTC there? nobody did deposit directly to that address. my guess is that someone did not read the notification and sent 0.79 btc to his old bitstamp address. That would suggest Bitstamp's system must be partially running, and it has not been given a new hot wallet address to use. I would have expected Bitstamp to update it's system to use a new hot wallet address if it had lost control of it's old one. if they lost control of the old wallet that doesnt mean that old addresses arent valid. they are, but I assume they are compromised. |
|
|
|
|
|
freebit13
|
|
January 05, 2015, 05:45:39 PM |
|
They said new deposit addresses were forthcoming and nothing has happened... this is what leads me to believe they might have a coding problem with address creation.
|
Decentralize EVERYTHING!
|
|
|
DoM P
Newbie
Offline
Activity: 34
Merit: 0
|
|
January 05, 2015, 06:31:36 PM |
|
They said new deposit addresses were forthcoming and nothing has happened... this is what leads me to believe they might have a coding problem with address creation.
Maybe nothing's coming for the simple reason that they have a lot on their plate at the moment? Maybe it's more urgent to them to secure their assets than offereing frightened people a possibility to send them more bitcoins. Just my 2 satoshis... |
|
|
|
|
|
