Bitcoin Forum
December 07, 2016, 08:19:49 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  

Warning: Moderators do not remove likely scams. You must use your own brain: caveat emptor. Watch out for Ponzi schemes. Do not invest more than you can afford to lose.

Pages: « 1 [2]  All
  Print  
Author Topic: BTCSYN reports a $12k (1,852 BTC) theft  (Read 3537 times)
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
July 08, 2012, 05:18:02 AM
 #21

I thougt there was a 400 btc per 24 hr withdrawal limit (by default)...

There is but you can have it raised if verified.  I think it is 4,000 BTC for lvl2 and 40,000 BTC for lvl3.

Seems unlikely to go through the effort of getting verifid without also getting a yubikey. Glasswalker never mentions being verified either. Although his suspicions that it was an insider are interesting..

I think that too many of these mtgox thefts are due to rather simple keyloggers/botnets. Mtgox logins are by now standard targets for any botnet operator. But users always insist they are safe because they run an Anti-Virus program. Even the mining-botnet operator in the reddit AMA explained that he uses a fully-undetectable trojan that AV programs dont detect.

College of Bucking Bulls Knowledge
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 08, 2012, 06:05:16 AM
 #22

"I won't be back."

Didn't see that.  Wow.  Pretty obvious what happened here now.

Yep

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
July 08, 2012, 12:15:55 PM
 #23

So has anyone poked around on 130.83.54.115 yet? I haven't done much looking other than to see whether it is a Tor node (it isn't).

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
pieppiep
Sr. Member
****
Offline Offline

Activity: 402



View Profile
July 09, 2012, 10:56:35 AM
 #24

Or 134.99.64.103 according to http://blockchain.info/tx-index/11254677/4c61d3639f010e30ad305b294cd128f381f58fc161d0badda1f39807dc2f12f7
RandomQ
Hero Member
*****
Offline Offline

Activity: 616



View Profile
July 09, 2012, 02:20:01 PM
 #25

So I did a security audit on myself.

I have 108 passwords word with an average password length of 21 chrs.
I have 5 duplicate passwords, if you really want to hack my pandora play list go ahead!
I currently have 9 google auth or ubikey enabled accounts.
I have 2 weak passwords.

I've had accounts where I have to change my password every 7 days and couldn't reuse a password in the last 6 months.

I have a feeling since he reused a password with multiple banks it was stolen from a bank. I just saw like 2 weeks ago that 60-70 banks got breached.
maybe a password hash list was stolen from a bank.

I know my linkedin password was stolen because I checked via there hash database that was released.

i wonder if the same password on the linkedin account and mtgox.

Maybe i'm paranoid or I should start doing more computer security consulting lol.

and please don't take my comments about BTCSYN as negative, I think they are one of the best run assets and I tried to copy them whenever possible and I personally was a shareholder.

Bitcoin To Cash LLC Receive cash in the mail for Bitcoin!
[CryptoStocks] GREEN - GreenBTC - Mining Company on CryptoStocks
vokain
Legendary
*
Offline Offline

Activity: 1610


V.V.V.V.V.


View Profile
July 09, 2012, 03:00:11 PM
 #26

Everyone should take time to do the above Smiley

...مكتوب
Escape the plutocrats’ zanpakutō, Flower in the Mirror, Moon on the Water: brave “the ascent which is rough and steep” (Plato).
Glasswalker
Sr. Member
****
Offline Offline

Activity: 350



View Profile WWW
July 09, 2012, 03:37:05 PM
 #27

So I did a security audit on myself.

I have 108 passwords word with an average password length of 21 chrs.
I have 5 duplicate passwords, if you really want to hack my pandora play list go ahead!
I currently have 9 google auth or ubikey enabled accounts.
I have 2 weak passwords.

I've had accounts where I have to change my password every 7 days and couldn't reuse a password in the last 6 months.

I have a feeling since he reused a password with multiple banks it was stolen from a bank. I just saw like 2 weeks ago that 60-70 banks got breached.
maybe a password hash list was stolen from a bank.

I know my linkedin password was stolen because I checked via there hash database that was released.

i wonder if the same password on the linkedin account and mtgox.

Maybe i'm paranoid or I should start doing more computer security consulting lol.

and please don't take my comments about BTCSYN as negative, I think they are one of the best run assets and I tried to copy them whenever possible and I personally was a shareholder.

I know I said I wouldn't be back (and I was referring to this thread by the way, because it had turned into a witch-hunt), but this post was very well written. Thank you. (and the above audit is very similar to my situation prior to the overhaul which this incident prompted for me).

And to answer, no I didn't even have a linkedin account, (I believe there was one created for me ages ago by my employer, but I didn't even control the account, let alone set it's password).

As for the bank compromise, yes, it's a possibility. But I have yet to see verification of any of the banks I deal with being "on the list". I know most of the attackes seem to be euro-centric. But one report does say it spilled into north america as well, but didn't elaborate on what banks.

It seemed the attack was focused on stealing money specifically from high balance accounts at those banks, but I suspect stealing other valuable assets was done as well (such as passwords).

Just trying to make Bitcoin a Success... One crazy project at a time. (13rwPKskyATcAq3PpnCikfFG8989DQ8M3c)
HashVoodoo Open Source FPGA Mining Bitstream: https://github.com/pmumby/hashvoodoo-fpga-bitcoin-miner
server
Hero Member
*****
Offline Offline

Activity: 813


~\/~


View Profile
July 11, 2012, 02:14:16 PM
 #28

So I did a security audit on myself.

I have 108 passwords word with an average password length of 21 chrs.
I have 5 duplicate passwords, if you really want to hack my pandora play list go ahead!
I currently have 9 google auth or ubikey enabled accounts.
I have 2 weak passwords.

I've had accounts where I have to change my password every 7 days and couldn't reuse a password in the last 6 months.

I have a feeling since he reused a password with multiple banks it was stolen from a bank. I just saw like 2 weeks ago that 60-70 banks got breached.
maybe a password hash list was stolen from a bank.

I know my linkedin password was stolen because I checked via there hash database that was released.

i wonder if the same password on the linkedin account and mtgox.

Maybe i'm paranoid or I should start doing more computer security consulting lol.

and please don't take my comments about BTCSYN as negative, I think they are one of the best run assets and I tried to copy them whenever possible and I personally was a shareholder.

I know I said I wouldn't be back (and I was referring to this thread by the way, because it had turned into a witch-hunt), but this post was very well written. Thank you. (and the above audit is very similar to my situation prior to the overhaul which this incident prompted for me).

And to answer, no I didn't even have a linkedin account, (I believe there was one created for me ages ago by my employer, but I didn't even control the account, let alone set it's password).

As for the bank compromise, yes, it's a possibility. But I have yet to see verification of any of the banks I deal with being "on the list". I know most of the attackes seem to be euro-centric. But one report does say it spilled into north america as well, but didn't elaborate on what banks.

It seemed the attack was focused on stealing money specifically from high balance accounts at those banks, but I suspect stealing other valuable assets was done as well (such as passwords).

You're an asshole.

@#%^%$ amateur - "My password was re-used on 3-4 sites only, and most of those are full financial institutions." "I now no-longer repeat ANY passwords ANYWHERE."

Losing other peoples money and lol about this at irc. ****bag Angry


After 24 hours I regret calling you an asshole, scumbag an fucking amature. Sorry for that, I was upset and angry.

and I guess I just need to learn to stay away from investments that use the word SIN or SYN Tongue
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1092


Will read PM's. Have more time lately


View Profile
July 11, 2012, 03:14:25 PM
 #29

So I did a security audit on myself.

I have 108 passwords word with an average password length of 21 chrs.
I have 5 duplicate passwords, if you really want to hack my pandora play list go ahead!
I currently have 9 google auth or ubikey enabled accounts.
I have 2 weak passwords.

I've had accounts where I have to change my password every 7 days and couldn't reuse a password in the last 6 months.

I have a feeling since he reused a password with multiple banks it was stolen from a bank. I just saw like 2 weeks ago that 60-70 banks got breached.
maybe a password hash list was stolen from a bank.

I know my linkedin password was stolen because I checked via there hash database that was released.

i wonder if the same password on the linkedin account and mtgox.

Maybe i'm paranoid or I should start doing more computer security consulting lol.

and please don't take my comments about BTCSYN as negative, I think they are one of the best run assets and I tried to copy them whenever possible and I personally was a shareholder.

I know I said I wouldn't be back (and I was referring to this thread by the way, because it had turned into a witch-hunt), but this post was very well written. Thank you. (and the above audit is very similar to my situation prior to the overhaul which this incident prompted for me).

And to answer, no I didn't even have a linkedin account, (I believe there was one created for me ages ago by my employer, but I didn't even control the account, let alone set it's password).

As for the bank compromise, yes, it's a possibility. But I have yet to see verification of any of the banks I deal with being "on the list". I know most of the attackes seem to be euro-centric. But one report does say it spilled into north america as well, but didn't elaborate on what banks.

It seemed the attack was focused on stealing money specifically from high balance accounts at those banks, but I suspect stealing other valuable assets was done as well (such as passwords).

You're an asshole.

Fucking amateur - "My password was re-used on 3-4 sites only, and most of those are full financial institutions." "I now no-longer repeat ANY passwords ANYWHERE."

Losing other peoples money and lol about this at irc. Scumbag Angry
He'll just need to eat up the losses as his own, and repay the investors anyway.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

server
Hero Member
*****
Offline Offline

Activity: 813


~\/~


View Profile
July 11, 2012, 05:46:07 PM
 #30

How convenient! This has been pulled far too many times in this community.

+1
Coinoisseur
Sr. Member
****
Offline Offline

Activity: 252


View Profile
July 17, 2012, 09:20:16 PM
 #31

I hold a few shares of BTCSYN, was looking at the old motions and then wondering at the recent buy/sell activity. Funnily, I wasn't too happy with the liquidate current FPGAs motion when I read it. Turns out that is the source of the stolen funds. May I ask what the reasoning was behind that move? The Cairnsmore1 devices don't even have a full working bitstream yet.

Glasswalker continuing to work to make BTCSYN whole and also posting a copy of the police report would help reduce the fallout from this.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!