Bitcoin Forum
December 05, 2016, 06:53:17 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
Author Topic: Bitcoinica MtGox account compromised  (Read 145732 times)
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 13, 2012, 12:28:23 PM
 #101

May be I am dumb - so they had the last pass's password set to be the same as the Mt.Gox API key? If true, uh oh - this is just so unbelievable....

aye, that's what they are saying.

My few questions;
Why was this access not included in the orginal action to change all passwords?
When did this lastpass account have it's gox password updated to the new one?
who was in control of this lastpass account?


It seems highly unreasonable to me to think that the orginal 'hacker' would just now think to randomly check lastpass using those credentials that he would have had the entire time. If someone just got them from the source code (it was just recently leaked?) then why would they even think to check last pass using that combo of credentials? Not to mention how terribly short sited it is to use the api key as a password for anything.. :/

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
1480963997
Hero Member
*
Offline Offline

Posts: 1480963997

View Profile Personal Message (Offline)

Ignore
1480963997
Reply with quote  #2

1480963997
Report to moderator
1480963997
Hero Member
*
Offline Offline

Posts: 1480963997

View Profile Personal Message (Offline)

Ignore
1480963997
Reply with quote  #2

1480963997
Report to moderator
1480963997
Hero Member
*
Offline Offline

Posts: 1480963997

View Profile Personal Message (Offline)

Ignore
1480963997
Reply with quote  #2

1480963997
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480963997
Hero Member
*
Offline Offline

Posts: 1480963997

View Profile Personal Message (Offline)

Ignore
1480963997
Reply with quote  #2

1480963997
Report to moderator
1480963997
Hero Member
*
Offline Offline

Posts: 1480963997

View Profile Personal Message (Offline)

Ignore
1480963997
Reply with quote  #2

1480963997
Report to moderator
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
July 13, 2012, 12:28:56 PM
 #102

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

I have physical health problems and need to see a doctor, but haven't had the time. On the forums I'm called a scammer and repeatedly insulted. Someone is trying to sue us. My bank gave me crap and held my money. I was borrowing cash from friends and spent 3 days eating bad muesli and cheap milk. I lost a lot of code by accident. I put a lot of work into the bitcoin.org clients page to make everything fairer, and now it will be removed, helping to recentralise bitcoin again. Electrum maybe has a security flaw and Macs have random problems. The conference needs the CFP announced soon, but I have to deal with Bitcoinica first. My health is suffering and im getting headaches. Right now is the first time I'm feeling depression, and I'm a little worried because I've never had it before but my father did. I emailed a health professional and they advised me to seek help. I've started sleeping very long, being very lethargic and apathetic. When the Bitcoinica thing first happened, I was considering suicide until Tihan said he had the funds.


Cool story bro.

http://www.youtube.com/watch?v=DksSPZTZES0

Give us our money back.

I'm only halfway through, and posts are already starting to disappear. What the mother fucking hell is going on here?

~One pissed off mother fucker!!!~
ninjarobot
Hero Member
*****
Offline Offline

Activity: 755


Mine Silent, Mine Deep


View Profile
July 13, 2012, 12:29:03 PM
 #103

@Genjix - Can you please update https://bitcoinica.com/ with the info from the OP? You can not assume all customers are reading bitcointalk.org.
flower1024
Hero Member
*****
Offline Offline

Activity: 854


luck is just a share away


View Profile
July 13, 2012, 12:31:29 PM
 #104

@Genjix - Can you please update https://bitcoinica.com/ with the info from the OP? You can not assume all customers are reading bitcointalk.org.

why is this a problem?
it should change nothing for their customers.

but they should do so as soon as they have a plan how to handle payouts.
hatshepsut
Member
**
Offline Offline

Activity: 64



View Profile
July 13, 2012, 12:33:50 PM
 #105

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

I have physical health problems and need to see a doctor, but haven't had the time. On the forums I'm called a scammer and repeatedly insulted. Someone is trying to sue us. My bank gave me crap and held my money. I was borrowing cash from friends and spent 3 days eating bad muesli and cheap milk. I lost a lot of code by accident. I put a lot of work into the bitcoin.org clients page to make everything fairer, and now it will be removed, helping to recentralise bitcoin again. Electrum maybe has a security flaw and Macs have random problems. The conference needs the CFP announced soon, but I have to deal with Bitcoinica first. My health is suffering and im getting headaches. Right now is the first time I'm feeling depression, and I'm a little worried because I've never had it before but my father did. I emailed a health professional and they advised me to seek help. I've started sleeping very long, being very lethargic and apathetic. When the Bitcoinica thing first happened, I was considering suicide until Tihan said he had the funds.


Cool story bro.

http://www.youtube.com/watch?v=DksSPZTZES0

Give us our money back.

I'm only halfway through, and posts are already starting to disappear. What the mother fucking hell is going on here?

~One pissed off mother fucker!!!~


I noticed that too.

Is it time to break out the pitch forks?
naima53
Hero Member
*****
Offline Offline

Activity: 616



View Profile
July 13, 2012, 12:34:47 PM
 #106

genjix, buy coins, freeze coin a term of 2 years, 2 years later, we continue this thread ... Seriously. You can make a vote. I think people will support it. It's better than get 1\2 - 30%. Because of the growth prices it will be a different figure (2 years later)  Roll Eyes

Donate me) 16f6iWHHkVEnDReeBQPT9GwCNwUfPTXrp2
bitclown
Full Member
***
Offline Offline

Activity: 186


View Profile
July 13, 2012, 12:37:01 PM
 #107

While the initial hacker had the ability to cause this breach it is likely that it was not taken advantage of until many users had access to the sourcecode in a recent leak:

Code:
genjix:~/tmp/bitcoinica_legacy/config/initializers$ cat mtgox_credentials.rb
if Rails.env.production?
  MtGox.configure do |config|
    config.key = "c02e1a27-5524-449f-ba65-aff9581ddedc"
    config.secret = '83U1ROG++O3vwBqFrxpcdyLIoChpgnowImy1oMVQwBLalaLevZDmWeCPJFTrYW00OQ7XUgG53LsIL2pBZ2PQgA=='
    end
end
Sourcecode download link: http://depositfiles.com/files/2p6zvadzs

Why haven't we heard about this leak until now? Where did you learn about it from? Was the linked file published by you, or did the attacker plant evidence in the file props?
Code:
$ tar -jtvf bitcoinica.tar.bz2 | head -n1
drwxr-xr-x genjix/genjix     0 2012-07-07 21:18 bitcoinica_legacy/
RandomQ
Hero Member
*****
Offline Offline

Activity: 616



View Profile
July 13, 2012, 12:37:39 PM
 #108

Security is a State of Mind

Some People have it some do not.  Huh

Every Time you get hacked you change all your passwords

Bitcoin To Cash LLC Receive cash in the mail for Bitcoin!
[CryptoStocks] GREEN - GreenBTC - Mining Company on CryptoStocks
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
July 13, 2012, 12:43:44 PM
 #109

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

[...] spent 3 days eating bad muesli and cheap milk. [...] I'm feeling depression, and I'm a little worried [...] I've started sleeping very long, being very lethargic and apathetic.


Seems like my own life. Grin
Except I was never involved in such an epic fraud.

I still can't believe genjix's post is no longer up. This thread is nuts. I read one page, and two more are added.

Quick recap:

We have a mysterious investor named Wendon who's proven to be more elusive than Satoshi Nakamoto.
Patrick is no longer involved in this fiasco.
Genjix is about to commit suicide.
Tihan Seale, only an investor, has passwords.
Zhou Tong, an almost 18-year-old kid has moved on the next-big-thing--selling domain names.
And I'm losing real money (fiat, or whatever), although I didn't have any shake (420 Satoshis) in Bitcoinica.

Perhaps, I need to go to Chicago and get some of my wood buying clients to start accepting Bitcoin. I'm sure as hell that would help my bottom line.

I is not happy, now!

~Bruno~
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
July 13, 2012, 12:45:47 PM
 #110


So basically bitcoinica was losing money paying back claims, can you explain how you loose money thats not even yours paying back claims?

Bitcoinica have to pay staff to deal with this. Anytime they're not operating, they're not making money.

In short, they are losing money to eat, pay rent, keep server up because they didn't do due diligence at the beginning of time.

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
July 13, 2012, 12:47:39 PM
 #111

/bitcoinica_legacy/.git/logs/HEAD
Code:
0000000000000000000000000000000000000000 939e877106a5bd479f350adc6d9e4170c62df8f3 genjix <genjix@nite.(none)> 1338505438 +0200 clone: from git@github.com:bitcoinica/bitcoinica_legacy.git

hmmm... so, it was genjix who leaked the Bitcoinica source code?
That unix timestamp is Thu, 31 May 2012 23:03:58 GMT

That source code came from github, not from the deleted servers. On that date the servers were already gone.

sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 13, 2012, 12:50:07 PM
 #112

/bitcoinica_legacy/.git/logs/HEAD
Code:
0000000000000000000000000000000000000000 939e877106a5bd479f350adc6d9e4170c62df8f3 genjix <genjix@nite.(none)> 1338505438 +0200 clone: from git@github.com:bitcoinica/bitcoinica_legacy.git

hmmm... so, it was genjix who leaked the Bitcoinica source code?
That unix timestamp is Thu, 31 May 2012 23:03:58 GMT

and if it was that long ago, it leads me into thinking it unlikely a hacker used the info to guess there was a lastpass invloved...

Who was it that orginally stated that lastpass was the source for the current MtGox login? That person stole your fucking money.....  I'd bet my Scottrade account on it....

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
hatshepsut
Member
**
Offline Offline

Activity: 64



View Profile
July 13, 2012, 12:52:36 PM
 #113

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

I have physical health problems and need to see a doctor, but haven't had the time. On the forums I'm called a scammer and repeatedly insulted. Someone is trying to sue us. My bank gave me crap and held my money. I was borrowing cash from friends and spent 3 days eating bad muesli and cheap milk. I lost a lot of code by accident. I put a lot of work into the bitcoin.org clients page to make everything fairer, and now it will be removed, helping to recentralise bitcoin again. Electrum maybe has a security flaw and Macs have random problems. The conference needs the CFP announced soon, but I have to deal with Bitcoinica first. My health is suffering and im getting headaches. Right now is the first time I'm feeling depression, and I'm a little worried because I've never had it before but my father did. I emailed a health professional and they advised me to seek help. I've started sleeping very long, being very lethargic and apathetic. When the Bitcoinica thing first happened, I was considering suicide until Tihan said he had the funds.


Cool story bro.

http://www.youtube.com/watch?v=DksSPZTZES0

Give us our money back.

I'm only halfway through, and posts are already starting to disappear. What the mother fucking hell is going on here?

~One pissed off mother fucker!!!~


re-Quoted. Screen shot now.
Mt.Gox Support
VIP
Sr. Member
*
Offline Offline

Activity: 308



View Profile
July 13, 2012, 12:55:25 PM
 #114

Hi everyone

We are once again very sorry to hear what's happening to many of you and that once again Bitconica has been the victim of a theft.

As far as Mt.Gox is concerned and as Genjix explained, we did not suffer any breach or any hack, all other account are safe and the thief only targeted Bitconica's account. Mark (MagicalTux) has been in contact with many Bitcoin players since this announcement and offered any help we can give, but unfortunately all funds (USD & BTC) are no longer within our reach.

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Despite our effort on securing Mt.Gox and protecting everyone's asset I would like to remind everyone that it is also your responsibility to secure your account with a very strong password and use either a Yubikey or Google Auth (You can even use both at the same time).

Of course and within our capacity we at Mt.Gox are ready to give a hand in anyway we can to help Bitconica's team.

Mt.Gox

-- EDIT --

We would like to stress that Mt.Gox Verified Bitconica as a Company and NOT as an Individual.

Mt.Gox : The Leading International Bitcoin Exchange.
Mt.Gox Merchant Solutions : https://mtgox.com/merchant
elux
Legendary
*
Offline Offline

Activity: 1454



View Profile
July 13, 2012, 12:55:51 PM
 #115

LastPass contains all your passwords. The username was info@bitcoinica.com.

Can someone please explain the intended meaning of the underlined sentence?

Has there been another leak of sensitive user data, in addition to theft?

sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 13, 2012, 12:58:48 PM
 #116

LastPass contains all your passwords. The username was info@bitcoinica.com.

Can someone please explain the intended meaning of the underlined sentence?

Has there been another leak of sensitive user data, in addition to theft?



by 'your', he is refering to a user of the program, not as in 'all of yours'.

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
July 13, 2012, 12:59:16 PM
 #117

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

I have physical health problems and need to see a doctor, but haven't had the time. On the forums I'm called a scammer and repeatedly insulted. Someone is trying to sue us. My bank gave me crap and held my money. I was borrowing cash from friends and spent 3 days eating bad muesli and cheap milk. I lost a lot of code by accident. I put a lot of work into the bitcoin.org clients page to make everything fairer, and now it will be removed, helping to recentralise bitcoin again. Electrum maybe has a security flaw and Macs have random problems. The conference needs the CFP announced soon, but I have to deal with Bitcoinica first. My health is suffering and im getting headaches. Right now is the first time I'm feeling depression, and I'm a little worried because I've never had it before but my father did. I emailed a health professional and they advised me to seek help. I've started sleeping very long, being very lethargic and apathetic. When the Bitcoinica thing first happened, I was considering suicide until Tihan said he had the funds.

Don't do too much things at the same time. Deal with Bitcoinica first. Keep in mind, that whatever you will pay out, at least 2/3 of the recipients will be complaining. But once you have paid out all, there is at least nothing left fighting about. Then you can go back to coding and be happy again.

Someone is trying to sue us.
Did you expect everyone to wait forever?


I'm currently on page 4. More pages have been added to this thread since I've started reading, albeit with posts disappearing.

I need to go on vacation. Fishing in Wisconsin with theymos sounds like fun. No internet. Just muskies.

~Bruno~
HorseRider
Donator
Legendary
*
Offline Offline

Activity: 1582


View Profile
July 13, 2012, 01:02:54 PM
 #118


Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).


can you help trace the account?

16SvwJtQET7mkHZFFbJpgPaDA1Pxtmbm5P
tbcoin
Hero Member
*****
Offline Offline

Activity: 896



View Profile WWW
July 13, 2012, 01:03:57 PM
 #119

/bitcoinica_legacy/.git/logs/HEAD
Code:
0000000000000000000000000000000000000000 939e877106a5bd479f350adc6d9e4170c62df8f3 genjix <genjix@nite.(none)> 1338505438 +0200 clone: from git@github.com:bitcoinica/bitcoinica_legacy.git

hmmm... so, it was genjix who leaked the Bitcoinica source code?
That unix timestamp is Thu, 31 May 2012 23:03:58 GMT

That source code came from github, not from the deleted servers. On that date the servers were already gone.

Genjix, please explain this.

Sorry for my bad english Wink
Bitcoin card for deposit and payment + Little POS
Donations:1N65efiNUhH6sEQg7Z6oUC76kJS9Yhevyf
OneEyed
aka aurele
Full Member
***
Offline Offline

Activity: 154



View Profile WWW
July 13, 2012, 01:05:49 PM
 #120

Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

I trust they have now put the default limits in place, haven't they?

What about refusing to raise those limits at MtGox if two steps authentication isn't used?

Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!