Bitcoin Forum
December 13, 2017, 12:37:26 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
Author Topic: Bitcoinica MtGox account compromised  (Read 155372 times)
BadBitcoin (James Sutton)
Donator
Sr. Member
*
Offline Offline

Activity: 452



View Profile
July 13, 2012, 05:55:52 PM
 #241

I read the entire TOS, I felt protected.

The level of personal security of each account was an order of magnitude higher than my banks, I had a 24 character password that was essentially a hash key, as well as a google authenticator with my smart phone, best part?
 I was using bitcoinica as an exchange, I just deposited my money in my account and was planning on turning into btc that same day for an investment with starfish BCB, then the hack happened.

I did my due dilligence on the company, and the risk of the company becoming insolvent was low at that time, please don't get angry at me for believing personal security measures was enough.
So it was no issue for you that they had been hacked a few times before?
Slowly I am starting to understand why they still believe that they can continue running Bitcoinica in the future. In a year from now, everyone will say "yes, they got hacked some 20 times, but I feel that it wont happen again".

After the initial hack, I was extremely put off by bitcoinica and completely avoided them, however upon returning to their site I could see that they began (at least facetiously) taking security very seriously, and I

 decided that they had a reputation to match mtgox (another hacked website, however is still widely traded on). I decided to use them for a wire transfer because they had an easier bank name to input at the

bank vs. mtgox's japanese bank, please stop harassing people that lost their shirt in a "semi reputable" business, I don't just throw my money around willy nilly, and your assumption that I do is insulting.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513125446
Hero Member
*
Offline Offline

Posts: 1513125446

View Profile Personal Message (Offline)

Ignore
1513125446
Reply with quote  #2

1513125446
Report to moderator
1513125446
Hero Member
*
Offline Offline

Posts: 1513125446

View Profile Personal Message (Offline)

Ignore
1513125446
Reply with quote  #2

1513125446
Report to moderator
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 13, 2012, 05:58:15 PM
 #242


As far as Mt.Gox is concerned and as Genjix explained, we did not suffer any breach or any hack, all other account are safe and the thief only targeted Bitconica's account. Mark (MagicalTux) has been in contact with many Bitcoin players since this announcement and offered any help we can give, but unfortunately all funds (USD & BTC) are no longer within our reach.

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Despite our effort on securing Mt.Gox and protecting everyone's asset I would like to remind everyone that it is also your responsibility to secure your account with a very strong password and use either a Yubikey or Google Auth (You can even use both at the same time).

Mt.Gox

-- EDIT --

We would like to stress that Mt.Gox Verified Bitconica as a Company and NOT as an Individual.


Good one!

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
aq
Full Member
***
Offline Offline

Activity: 238


View Profile
July 13, 2012, 06:01:06 PM
 #243

I read the entire TOS, I felt protected.

The level of personal security of each account was an order of magnitude higher than my banks, I had a 24 character password that was essentially a hash key, as well as a google authenticator with my smart phone, best part?
 I was using bitcoinica as an exchange, I just deposited my money in my account and was planning on turning into btc that same day for an investment with starfish BCB, then the hack happened.

I did my due dilligence on the company, and the risk of the company becoming insolvent was low at that time, please don't get angry at me for believing personal security measures was enough.
So it was no issue for you that they had been hacked a few times before?
Slowly I am starting to understand why they still believe that they can continue running Bitcoinica in the future. In a year from now, everyone will say "yes, they got hacked some 20 times, but I feel that it wont happen again".

After the initial hack, I was extremely put off by bitcoinica and completely avoided them, however upon returning to their site I could see that they began (at least facetiously) taking security very seriously, and I

 decided that they had a reputation to match mtgox (another hacked website, however is still widely traded on). I decided to use them for a wire transfer because they had an easier bank name to input at the

bank vs. mtgox's japanese bank, please stop harassing people that lost their shirt in a "semi reputable" business, I don't just throw my money around willy nilly, and your assumption that I do is insulting.
Sorry, did not want to insult anyone. Was just trying to understand how the site got that much trust, after being hacked and once it was public knowledge that it was run by a minor.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 13, 2012, 06:02:48 PM
 #244


As far as Mt.Gox is concerned and as Genjix explained, we did not suffer any breach or any hack, all other account are safe and the thief only targeted Bitconica's account. Mark (MagicalTux) has been in contact with many Bitcoin players since this announcement and offered any help we can give, but unfortunately all funds (USD & BTC) are no longer within our reach.

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Despite our effort on securing Mt.Gox and protecting everyone's asset I would like to remind everyone that it is also your responsibility to secure your account with a very strong password and use either a Yubikey or Google Auth (You can even use both at the same time).

Mt.Gox

-- EDIT --

We would like to stress that Mt.Gox Verified Bitconica as a Company and NOT as an Individual.
to what (bank-)account was the usd sent to? ie. where can we find the guy, and beat him?

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
BadBitcoin (James Sutton)
Donator
Sr. Member
*
Offline Offline

Activity: 452



View Profile
July 13, 2012, 06:06:43 PM
 #245

I read the entire TOS, I felt protected.

The level of personal security of each account was an order of magnitude higher than my banks, I had a 24 character password that was essentially a hash key, as well as a google authenticator with my smart phone, best part?
 I was using bitcoinica as an exchange, I just deposited my money in my account and was planning on turning into btc that same day for an investment with starfish BCB, then the hack happened.

I did my due dilligence on the company, and the risk of the company becoming insolvent was low at that time, please don't get angry at me for believing personal security measures was enough.
So it was no issue for you that they had been hacked a few times before?
Slowly I am starting to understand why they still believe that they can continue running Bitcoinica in the future. In a year from now, everyone will say "yes, they got hacked some 20 times, but I feel that it wont happen again".

After the initial hack, I was extremely put off by bitcoinica and completely avoided them, however upon returning to their site I could see that they began (at least facetiously) taking security very seriously, and I

 decided that they had a reputation to match mtgox (another hacked website, however is still widely traded on). I decided to use them for a wire transfer because they had an easier bank name to input at the

bank vs. mtgox's japanese bank, please stop harassing people that lost their shirt in a "semi reputable" business, I don't just throw my money around willy nilly, and your assumption that I do is insulting.
Sorry, did not want to insult anyone. Was just trying to understand how the site got that much trust, after being hacked and once it was public knowledge that it was run by a minor.


I put zhou in utmost regard, he may have been negligent in a hack, but he certainly would have paid us what is ours within the first WEEK of the hack, not sit around on his hands for 3 MONTHS like the intersango/consultancy guys had done, if I knew there was a change of hands of ownership, I wouldn't have used bitcoinica.

I never trusted intersango with my money, I trusted zhou.
btcprophet
Newbie
*
Offline Offline

Activity: 27


View Profile
July 13, 2012, 06:09:34 PM
 #246

I never trusted intersango with my money, I trusted zhou.

And Zhou sold that trust to the highest bidder. At least his mortgage is paid off!
markm
Legendary
*
Offline Offline

Activity: 2002



View Profile WWW
July 13, 2012, 06:15:20 PM
 #247

I never trusted intersango with my money, I trusted zhou.

And Zhou sold that trust to the highest bidder. At least his mortgage is paid off!

Yeah that is wrong right there. He should have included the full amount of customer money in the sale price, paid the customers all their money and let them decide whether to put any of it back in given that the site had changed ownership.

I said that wrong, but basic idea is, other people's money is theirs to sell or not sell to new owners at their own discretion.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
iCEBREAKER
Legendary
*
Offline Offline

Activity: 1862


WARNING FOR NOOBS: Dash is an Instamined scam coin


View Profile WWW
July 13, 2012, 06:16:45 PM
 #248

if I knew there was a change of hands of ownership, I wouldn't have used bitcoinica.

I never trusted intersango with my money, I trusted zhou.

Trust?  Feh.

Proof > Trust

Remember that?  It's the conceptual breakthrough that enables Bitcoin to solve the long-standing crypto currency conundrum.


██████████
█████████████████
██████████████████████
█████████████████████████
████████████████████████████
████
████████████████████████
█████
███████████████████████████
█████
███████████████████████████
██████
████████████████████████████
██████
████████████████████████████
██████
████████████████████████████
██████
███████████████████████████
██████
██████████████████████████
█████
███████████████████████████
█████████████
██████████████
████████████████████████████
█████████████████████████
██████████████████████
█████████████████
██████████

Monero
"The difference between bad and well-developed digital cash will determine
whether we have a dictatorship or a real democracy." 
David Chaum 1996
"Fungibility provides privacy as a side effect."  Adam Back 2014
Buy and sell XMR near you
P2P Exchange Network
Buy XMR with fiat
fatigue
Full Member
***
Offline Offline

Activity: 196


Bitcoin is a food group.


View Profile
July 13, 2012, 06:18:52 PM
 #249

if I knew there was a change of hands of ownership, I wouldn't have used bitcoinica.

I never trusted intersango with my money, I trusted zhou.

Trust?  Feh.

Proof > Trust

Remember that?  It's the conceptual breakthrough that enables Bitcoin to solve the long-standing crypto currency conundrum.

No, no I just solved 37 blocks guys. Trust me on thus one.
Bro
Full Member
***
Offline Offline

Activity: 218



View Profile
July 13, 2012, 06:22:57 PM
 #250

I LOL'ed when i saw this thread. Like last time and the time before that.
jgarzik
Legendary
*
Offline Offline

Activity: 1484


View Profile
July 13, 2012, 06:25:45 PM
 #251


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Therefore I was not surprised when bucket shops were mentioned.


Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
BadBitcoin (James Sutton)
Donator
Sr. Member
*
Offline Offline

Activity: 452



View Profile
July 13, 2012, 06:27:11 PM
 #252


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Therefore I was not surprised when bucket shops were mentioned.



what is the difference between mtgox and bitcoinica, from your point of view?
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
July 13, 2012, 06:28:32 PM
 #253


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Can't you apply most or all of these items to pretty much every bitcoin business available?
AFAIK, none of the exchanges had their source code audited, for ex.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
jgarzik
Legendary
*
Offline Offline

Activity: 1484


View Profile
July 13, 2012, 06:29:13 PM
 #254


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Therefore I was not surprised when bucket shops were mentioned.



what is the difference between mtgox and bitcoinica, from your point of view?

Everything except source code visibility is different.


Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
markm
Legendary
*
Offline Offline

Activity: 2002



View Profile WWW
July 13, 2012, 06:29:48 PM
 #255

Difference Gox<->Bitcoinica?

MTBH.

(Mean Time Between Hacks)

-MarkM- (Not to mention minor details such as yubikeys etc etc etc, which might contribute to MTBH.)


Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
BadBitcoin (James Sutton)
Donator
Sr. Member
*
Offline Offline

Activity: 452



View Profile
July 13, 2012, 06:31:02 PM
 #256

Difference Gox<->Bitcoinica?

MTBH.

(Mean Time Between Hacks)

-MarkM- (Not to mention minor details such as yubikeys etc etc etc, which might contribute to MTBH.)



gox had yubi keys, bitcoinica had google auth keys, from a laymans point of view both seem identical (I assumed their use functioned in the same way from a security point of view, looks like I was wrong)
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
July 13, 2012, 06:32:06 PM
 #257

Does anybody if MtGox employs pentesters?

Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile
July 13, 2012, 06:34:34 PM
 #258


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Therefore I was not surprised when bucket shops were mentioned.

Yep, Jeff, you can say it again. Though, while it was just Zhou it was kind of ok (easier to secure with everything concentrated in one place and having only one principal). As soon as BC bunch got in, it quickly turned into horrendous clusterfuck.

I must admit that, my "resignation" from honorary post of Bitcoinica's "Information Security Advisor" way back in Sep 2011, was probably the smartest move of my "Bitcoin career", in hindsight.

Anyway, I am off to enforcing 2 factor auth for Bitcoin Magazine and others, for everything I can enforce it on (naturally it is on for anything that touches money already).

I hope nobody is going to challenge me now when I repeat again:
Quote
1 BTC worth 100$US on entertainment value alone.

-
jgarzik
Legendary
*
Offline Offline

Activity: 1484


View Profile
July 13, 2012, 06:34:57 PM
 #259


Some of the reasons why I avoided bitcoinica with a ten foot pole, which were obvious right from the start:

  • The big one -- Zero hard evidence they actually had all the funds claimed, or could produce funds if outsized events (big selloff, big withdrawal, etc.) occur
  • Opaque ownership structure
  • Zero independent source code auditing or visibility
  • Zero proof of any experience at securing wealth from virtual and physical threats
  • Zero appearance of adhering to any regulatory structure

Can't you apply most or all of these items to pretty much every bitcoin business available?
AFAIK, none of the exchanges had their source code audited, for ex.

The difference is in degrees.  Each is not a binary choice.  MtGox, for example, has been forced by circumstance (trial by fire?) to develop good legal and technical defenses.

Even so, I never trusted any exchange and unknown website -- MtGox included -- to store any significant wealth for any period of time.

That's what paper wallets and bank safety deposit boxes are for.


Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
aq
Full Member
***
Offline Offline

Activity: 238


View Profile
July 13, 2012, 06:38:17 PM
 #260

what is the difference between mtgox and bitcoinica, from your point of view?

MtGox has a 1:1 relation of input and output. A coin or USD can only come of of MtGox after it did come in.

Bitcoinica had leverage. So you could "earn" more coins/USD depending on the MtGox rate than there actually where in Bitcoinica. So Bitcoinica had to "play" against you by selling and buying coins on MtGox.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!