Bitcoin Forum
December 06, 2016, 02:27:39 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
Author Topic: Bitcoinica MtGox account compromised  (Read 145752 times)
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
July 13, 2012, 05:52:37 PM
 #241

You stupid mother fucker! I am so sorry that my oversized font fucks with you head, but the size of the font honestly reflects how I feel. Please forgive me, all, if it seems out of line. I wasn't doing it for kicks, but will keep it down now that it's been brought to my attention.
Yeah, please don't do that, additionnaly calling others names does nothing but make you look like an idiot.

You're right, bud. I just got back in to pick up where I left off. Please accept my humblest apologies, all.

~Bruno~
1481034459
Hero Member
*
Offline Offline

Posts: 1481034459

View Profile Personal Message (Offline)

Ignore
1481034459
Reply with quote  #2

1481034459
Report to moderator
There are several different types of Bitcoin clients. Header-only clients like MultiBit trust that the majority of mining power is honest for the purposes of enforcing network rules such as the 21 million BTC limit. Full clients do not trust miners in this way.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
BadBitcoin (James Sutton)
Donator
Sr. Member
*
Offline Offline

Activity: 451



View Profile
July 13, 2012, 05:55:52 PM
 #242

I read the entire TOS, I felt protected.

The level of personal security of each account was an order of magnitude higher than my banks, I had a 24 character password that was essentially a hash key, as well as a google authenticator with my smart phone, best part?
 I was using bitcoinica as an exchange, I just deposited my money in my account and was planning on turning into btc that same day for an investment with starfish BCB, then the hack happened.

I did my due dilligence on the company, and the risk of the company becoming insolvent was low at that time, please don't get angry at me for believing personal security measures was enough.
So it was no issue for you that they had been hacked a few times before?
Slowly I am starting to understand why they still believe that they can continue running Bitcoinica in the future. In a year from now, everyone will say "yes, they got hacked some 20 times, but I feel that it wont happen again".

After the initial hack, I was extremely put off by bitcoinica and completely avoided them, however upon returning to their site I could see that they began (at least facetiously) taking security very seriously, and I

 decided that they had a reputation to match mtgox (another hacked website, however is still widely traded on). I decided to use them for a wire transfer because they had an easier bank name to input at the

bank vs. mtgox's japanese bank, please stop harassing people that lost their shirt in a "semi reputable" business, I don't just throw my money around willy nilly, and your assumption that I do is insulting.

Take a look at my  machine learning/economics/engineering blog!
www.learningann.wordpress.com
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 13, 2012, 05:58:15 PM
 #243


As far as Mt.Gox is concerned and as Genjix explained, we did not suffer any breach or any hack, all other account are safe and the thief only targeted Bitconica's account. Mark (MagicalTux) has been in contact with many Bitcoin players since this announcement and offered any help we can give, but unfortunately all funds (USD & BTC) are no longer within our reach.

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Despite our effort on securing Mt.Gox and protecting everyone's asset I would like to remind everyone that it is also your responsibility to secure your account with a very strong password and use either a Yubikey or Google Auth (You can even use both at the same time).

Mt.Gox

-- EDIT --

We would like to stress that Mt.Gox Verified Bitconica as a Company and NOT as an Individual.


Good one!

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
aq
Full Member
***
Offline Offline

Activity: 238


View Profile
July 13, 2012, 06:01:06 PM
 #244

I read the entire TOS, I felt protected.

The level of personal security of each account was an order of magnitude higher than my banks, I had a 24 character password that was essentially a hash key, as well as a google authenticator with my smart phone, best part?
 I was using bitcoinica as an exchange, I just deposited my money in my account and was planning on turning into btc that same day for an investment with starfish BCB, then the hack happened.

I did my due dilligence on the company, and the risk of the company becoming insolvent was low at that time, please don't get angry at me for believing personal security measures was enough.
So it was no issue for you that they had been hacked a few times before?
Slowly I am starting to understand why they still believe that they can continue running Bitcoinica in the future. In a year from now, everyone will say "yes, they got hacked some 20 times, but I feel that it wont happen again".

After the initial hack, I was extremely put off by bitcoinica and completely avoided them, however upon returning to their site I could see that they began (at least facetiously) taking security very seriously, and I

 decided that they had a reputation to match mtgox (another hacked website, however is still widely traded on). I decided to use them for a wire transfer because they had an easier bank name to input at the

bank vs. mtgox's japanese bank, please stop harassing people that lost their shirt in a "semi reputable" business, I don't just throw my money around willy nilly, and your assumption that I do is insulting.
Sorry, did not want to insult anyone. Was just trying to understand how the site got that much trust, after being hacked and once it was public knowledge that it was run by a minor.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 13, 2012, 06:02:48 PM
 #245


As far as Mt.Gox is concerned and as Genjix explained, we did not suffer any breach or any hack, all other account are safe and the thief only targeted Bitconica's account. Mark (MagicalTux) has been in contact with many Bitcoin players since this announcement and offered any help we can give, but unfortunately all funds (USD & BTC) are no longer within our reach.

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Despite our effort on securing Mt.Gox and protecting everyone's asset I would like to remind everyone that it is also your responsibility to secure your account with a very strong password and use either a Yubikey or Google Auth (You can even use both at the same time).

Mt.Gox

-- EDIT --

We would like to stress that Mt.Gox Verified Bitconica as a Company and NOT as an Individual.
to what (bank-)account was the usd sent to? ie. where can we find the guy, and beat him?

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
BadBitcoin (James Sutton)
Donator
Sr. Member
*
Offline Offline

Activity: 451



View Profile
July 13, 2012, 06:06:43 PM
 #246

I read the entire TOS, I felt protected.

The level of personal security of each account was an order of magnitude higher than my banks, I had a 24 character password that was essentially a hash key, as well as a google authenticator with my smart phone, best part?
 I was using bitcoinica as an exchange, I just deposited my money in my account and was planning on turning into btc that same day for an investment with starfish BCB, then the hack happened.

I did my due dilligence on the company, and the risk of the company becoming insolvent was low at that time, please don't get angry at me for believing personal security measures was enough.
So it was no issue for you that they had been hacked a few times before?
Slowly I am starting to understand why they still believe that they can continue running Bitcoinica in the future. In a year from now, everyone will say "yes, they got hacked some 20 times, but I feel that it wont happen again".

After the initial hack, I was extremely put off by bitcoinica and completely avoided them, however upon returning to their site I could see that they began (at least facetiously) taking security very seriously, and I

 decided that they had a reputation to match mtgox (another hacked website, however is still widely traded on). I decided to use them for a wire transfer because they had an easier bank name to input at the

bank vs. mtgox's japanese bank, please stop harassing people that lost their shirt in a "semi reputable" business, I don't just throw my money around willy nilly, and your assumption that I do is insulting.
Sorry, did not want to insult anyone. Was just trying to understand how the site got that much trust, after being hacked and once it was public knowledge that it was run by a minor.


I put zhou in utmost regard, he may have been negligent in a hack, but he certainly would have paid us what is ours within the first WEEK of the hack, not sit around on his hands for 3 MONTHS like the intersango/consultancy guys had done, if I knew there was a change of hands of ownership, I wouldn't have used bitcoinica.

I never trusted intersango with my money, I trusted zhou.

Take a look at my  machine learning/economics/engineering blog!
www.learningann.wordpress.com
btcprophet
Newbie
*
Offline Offline

Activity: 27


View Profile
July 13, 2012, 06:09:34 PM
 #247

I never trusted intersango with my money, I trusted zhou.

And Zhou sold that trust to the highest bidder. At least his mortgage is paid off!
markm
Legendary
*
Offline Offline

Activity: 1778



View Profile WWW
July 13, 2012, 06:15:20 PM
 #248

I never trusted intersango with my money, I trusted zhou.

And Zhou sold that trust to the highest bidder. At least his mortgage is paid off!

Yeah that is wrong right there. He should have included the full amount of customer money in the sale price, paid the customers all their money and let them decide whether to put any of it back in given that the site had changed ownership.

I said that wrong, but basic idea is, other people's money is theirs to sell or not sell to new owners at their own discretion.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
iCEBREAKER
Legendary
*
Offline Offline

Activity: 1498


Crypto is the separation of Power and State.


View Profile WWW
July 13, 2012, 06:16:45 PM
 #249

if I knew there was a change of hands of ownership, I wouldn't have used bitcoinica.

I never trusted intersango with my money, I trusted zhou.

Trust?  Feh.

Proof > Trust

Remember that?  It's the conceptual breakthrough that enables Bitcoin to solve the long-standing crypto currency conundrum.

The difference between bad and well-developed digital cash will determine whether we have a dictatorship or a real democracy.  David Chaum 1996
Fungibility provides privacy as a side effect.  Adam Back 2014
"Monero" : { Private - Auditable - 100% Fungible - Flexible Blocksize - Wild & Free® - Intro - Wallets - Podcats - Roadmap - Dice - Blackjack - Github - Android }


Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016
Blocks must necessarily be full for the Bitcoin network to be able to pay for its own security.  davout 2015
Blocksize is an intentionally limited resource, like the 21e6 BTC limit.  Changing it degrades the surrounding economics, creating negative incentives.  Jeff Garzik 2013


"I believed @Dashpay instamine was a bug & not a feature but then read: https://bitcointalk.org/index.php?topic=421615.msg13017231#msg13017231
I'm not against people making money, but can't support questionable origins."
https://twitter.com/Tone_LLT/status/717822927908024320


The raison d'être of bitcoin is trustlessness. - Eric Lombrozo 2015
It is an Engineering Requirement that Bitcoin be “Above the Law”  Paul Sztorc 2015
Resiliency, not efficiency, is the paramount goal of decentralized, non-state sanctioned currency -Jon Matonis 2015

Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016

Technology tends to move in the direction of making surveillance easier, and the ability of computers to track us doubles every eighteen months. - Phil Zimmerman 2013

The only way to make software secure, reliable, and fast is to make it small. Fight Features. - Andy Tanenbaum 2004

"Hard forks cannot be co
fatigue
Full Member
***
Offline Offline

Activity: 196


Bitcoin is a food group.


View Profile
July 13, 2012, 06:18:52 PM
 #250

if I knew there was a change of hands of ownership, I wouldn't have used bitcoinica.

I never trusted intersango with my money, I trusted zhou.

Trust?  Feh.

Proof > Trust

Remember that?  It's the conceptual breakthrough that enables Bitcoin to solve the long-standing crypto currency conundrum.

No, no I just solved 37 blocks guys. Trust me on thus one.
Bro
Full Member
***
Offline Offline

Activity: 218



View Profile
July 13, 2012, 06:22:57 PM
 #251

I LOL'ed when i saw this thread. Like last time and the time before that.
jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile
July 13, 2012, 06:25:45 PM
 #252


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Therefore I was not surprised when bucket shops were mentioned.


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
BadBitcoin (James Sutton)
Donator
Sr. Member
*
Offline Offline

Activity: 451



View Profile
July 13, 2012, 06:27:11 PM
 #253


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Therefore I was not surprised when bucket shops were mentioned.



what is the difference between mtgox and bitcoinica, from your point of view?

Take a look at my  machine learning/economics/engineering blog!
www.learningann.wordpress.com
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
July 13, 2012, 06:28:32 PM
 #254


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Can't you apply most or all of these items to pretty much every bitcoin business available?
AFAIK, none of the exchanges had their source code audited, for ex.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile
July 13, 2012, 06:29:13 PM
 #255


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Therefore I was not surprised when bucket shops were mentioned.



what is the difference between mtgox and bitcoinica, from your point of view?

Everything except source code visibility is different.


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
markm
Legendary
*
Offline Offline

Activity: 1778



View Profile WWW
July 13, 2012, 06:29:48 PM
 #256

Difference Gox<->Bitcoinica?

MTBH.

(Mean Time Between Hacks)

-MarkM- (Not to mention minor details such as yubikeys etc etc etc, which might contribute to MTBH.)


Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
BadBitcoin (James Sutton)
Donator
Sr. Member
*
Offline Offline

Activity: 451



View Profile
July 13, 2012, 06:31:02 PM
 #257

Difference Gox<->Bitcoinica?

MTBH.

(Mean Time Between Hacks)

-MarkM- (Not to mention minor details such as yubikeys etc etc etc, which might contribute to MTBH.)



gox had yubi keys, bitcoinica had google auth keys, from a laymans point of view both seem identical (I assumed their use functioned in the same way from a security point of view, looks like I was wrong)

Take a look at my  machine learning/economics/engineering blog!
www.learningann.wordpress.com
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
July 13, 2012, 06:32:06 PM
 #258

Does anybody if MtGox employs pentesters?

Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile
July 13, 2012, 06:34:34 PM
 #259


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Therefore I was not surprised when bucket shops were mentioned.

Yep, Jeff, you can say it again. Though, while it was just Zhou it was kind of ok (easier to secure with everything concentrated in one place and having only one principal). As soon as BC bunch got in, it quickly turned into horrendous clusterfuck.

I must admit that, my "resignation" from honorary post of Bitcoinica's "Information Security Advisor" way back in Sep 2011, was probably the smartest move of my "Bitcoin career", in hindsight.

Anyway, I am off to enforcing 2 factor auth for Bitcoin Magazine and others, for everything I can enforce it on (naturally it is on for anything that touches money already).

I hope nobody is going to challenge me now when I repeat again:
Quote
1 BTC worth 100$US on entertainment value alone.

-
jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile
July 13, 2012, 06:34:57 PM
 #260


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Can't you apply most or all of these items to pretty much every bitcoin business available?
AFAIK, none of the exchanges had their source code audited, for ex.

The difference is in degrees.  Each is not a binary choice.  MtGox, for example, has been forced by circumstance (trial by fire?) to develop good legal and technical defenses.

Even so, I never trusted any exchange and unknown website -- MtGox included -- to store any significant wealth for any period of time.

That's what paper wallets and bank safety deposit boxes are for.


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!