Bitcoin Forum
December 07, 2016, 04:38:39 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [17] 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
Author Topic: Bitcoinica MtGox account compromised  (Read 145821 times)
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
July 13, 2012, 10:15:40 PM
 #321

Blame the victim is never a good argument.

That's what this whole thread is about, blaming the victim. Assuming OP is true, then Bitcoinica is the victim of a theft. Everybody here is blaming Bitcoinica, not the thief.

If I'm holding $100 that is yours and I get robbed, I'm the victim if I pay you back your $100 out of my own money. But if I say to you, "sorry buddy, your $100 is gone, I got robbed", then *you* are the victim.

Fair enough.
But not being the victim doesn't make you the criminal either...

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
1481128719
Hero Member
*
Offline Offline

Posts: 1481128719

View Profile Personal Message (Offline)

Ignore
1481128719
Reply with quote  #2

1481128719
Report to moderator
1481128719
Hero Member
*
Offline Offline

Posts: 1481128719

View Profile Personal Message (Offline)

Ignore
1481128719
Reply with quote  #2

1481128719
Report to moderator
1481128719
Hero Member
*
Offline Offline

Posts: 1481128719

View Profile Personal Message (Offline)

Ignore
1481128719
Reply with quote  #2

1481128719
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481128719
Hero Member
*
Offline Offline

Posts: 1481128719

View Profile Personal Message (Offline)

Ignore
1481128719
Reply with quote  #2

1481128719
Report to moderator
1481128719
Hero Member
*
Offline Offline

Posts: 1481128719

View Profile Personal Message (Offline)

Ignore
1481128719
Reply with quote  #2

1481128719
Report to moderator
1481128719
Hero Member
*
Offline Offline

Posts: 1481128719

View Profile Personal Message (Offline)

Ignore
1481128719
Reply with quote  #2

1481128719
Report to moderator
jwzguy
Hero Member
*****
Offline Offline

Activity: 868



View Profile
July 13, 2012, 10:15:49 PM
 #322

Companies like this will ruin bitcoin..

More accurate would be to say

Quote from: Vladmir
Bitcoin will ruin companies like these.

Yeah, not really.

19wXnWTeGuraN9g5UsMAi119sWzDCQcr7S
Bitcoin Logo shirts!
wareen
Millionaire
Hero Member
*****
Offline Offline

Activity: 742

bitcoin-austria.at


View Profile
July 13, 2012, 10:16:34 PM
 #323

@DarkEmi @hatshepsut  and all others.
Sorry to put you up front with the hard truth, buth...
Rule #1: Don't invest money you cannot afford to lose.
I am pretty sure iam not the first one that tells you this right?
Blame the victim is never a good argument.
Will you say the same to those who will experience a loss once pirateat40 runs?
In general, yes.
BUT, with ponzi schemes this is a bit different. Coz some of the "victims" are more like co-conspirators.

I can remember you not being that sympathetic towards the victims of the MyBitcoin incident (you basically called them insane). What made you change your mind?

I still think anyone who gives lots of money to some anonymous stranger on the internet for safekeeping is insane. I do not blame them for the theft however. These are different things. And.. well... insane in Bitcoin (and on this forum) is like a wast majority of population anyway, so this might be even a compliment.

Ok, in that case I don't see how Grouver blamed the victims any more than you did back then? You both more or less pointed out that they shouldn't have put (that much) money there in the first place - which I basically agree with, but saying so now isn't really helping either.

While I didn't have anything on Bitcoinica, I feel very sorry for all those who have lost money and I hope that the real thief won't get away with it.
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 13, 2012, 10:22:27 PM
 #324

How did someone initiate a $40 000 transfer without AML warning bells going off at Mt Gox since they use this excuse if you usually try it with anything close to $10 000 or in combinations that are close to that ? One doesnt just transfer $40 000 out of Mordor.

Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 13, 2012, 10:29:33 PM
 #325

The thing I find so amazing is there is still no police report.

sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 13, 2012, 10:30:00 PM
 #326

how can they know the current Gox user/pass was found out from LastPass? I guess to them it would seem obvious of the gox acct was a new pass that only the current controller of the gox acct had. But, these are still questions that all need to have answers to them in order to make better determinations.

I see that LastPass has a way to view history, which if that showed login from an unknown IP address, that would be a pretty good clue.

I just tried to view the history but the LastPass UI for the date picker is so horrible I could not use it successfully.  (Top-right is the Lastpass asterisk (starfish, ironically  Smiley ) , then click History)

aye. the other thing I'm not sure about as I have not tested it with my lastpass. Is if it will even sync the passwords to another computer without having the exported file with it..?? Have you tried it?

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 617


Working on new MtGox features


View Profile WWW
July 13, 2012, 10:36:12 PM
 #327

How did someone initiate a $40 000 transfer without AML warning bells going off at Mt Gox since they use this excuse if you usually try it with anything close to $10 000 or in combinations that are close to that ? One doesnt just transfer $40 000 out of Mordor.

We will open a police investigation and get this clear on the police's side. We will not however be able to share such details publicly while an investigation is in progress.

Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile
July 13, 2012, 10:39:16 PM
 #328

@DarkEmi @hatshepsut  and all others.
Sorry to put you up front with the hard truth, buth...
Rule #1: Don't invest money you cannot afford to lose.
I am pretty sure iam not the first one that tells you this right?
Blame the victim is never a good argument.
Will you say the same to those who will experience a loss once pirateat40 runs?
In general, yes.
BUT, with ponzi schemes this is a bit different. Coz some of the "victims" are more like co-conspirators.

I can remember you not being that sympathetic towards the victims of the MyBitcoin incident (you basically called them insane). What made you change your mind?

I still think anyone who gives lots of money to some anonymous stranger on the internet for safekeeping is insane. I do not blame them for the theft however. These are different things. And.. well... insane in Bitcoin (and on this forum) is like a wast majority of population anyway, so this might be even a compliment.

Ok, in that case I don't see how Grouver blamed the victims any more than you did back then? You both more or less pointed out that they shouldn't have put (that much) money there in the first place - which I basically agree with, but saying so now isn't really helping either.

While I didn't have anything on Bitcoinica, I feel very sorry for all those who have lost money and I hope that the real thief won't get away with it.

Your comparison is invalid. Mybitcoin was an obvious anonymous hack. Bitcoinica has created an impression of them being the most  reputable institution in the Bitcoin world, registered with NZ's financial regulation authorites, having CTO "with specialisation in information security", "never compromised", venture capital funded etc...  these are VERY different things.

Can a single person on this forum put an argument together without a dozen of logical fallacies in it?

 

-
scribe
Sr. Member
****
Offline Offline

Activity: 295



View Profile WWW
July 13, 2012, 10:42:37 PM
 #329

That still doesn't explain how the attacker knew that specific password should be tried at all.

We are talking about the password needed to convince LastPass to hand over your encrypted passwords right, not the passphrases needed to actually decrypt those passwords once having gotten a copy of them from LastPass?

-MarkM-


What's to say they "knew" at all? If the source was public and there were obviously duff security practices all round, wouldn't it be pretty straightforward to bruteforce LastPass with grepped strings from source and public e-mails?

Doesn't explain why the passwords were the same though. I guess laziness and hubris.

blocknois.es Bitcoin music label. ~ New release: This Is Art

Read: Bitcoin Life | Wear: FUTUREECONOMY
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 13, 2012, 10:44:01 PM
 #330

How did someone initiate a $40 000 transfer without AML warning bells going off at Mt Gox since they use this excuse if you usually try it with anything close to $10 000 or in combinations that are close to that ? One doesnt just transfer $40 000 out of Mordor.

We will open a police investigation and get this clear on the police's side. We will not however be able to share such details publicly while an investigation is in progress.


The question remains why there hasnt been a police report initiated by the owners of bitcoinica. Shouldnt it be them and not yourself that initiates such a thing ? When else do you arbitrarily "inform the police " without the actual people involved doing it ?

sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 13, 2012, 10:46:32 PM
 #331

That still doesn't explain how the attacker knew that specific password should be tried at all.

We are talking about the password needed to convince LastPass to hand over your encrypted passwords right, not the passphrases needed to actually decrypt those passwords once having gotten a copy of them from LastPass?

-MarkM-


What's to say they "knew" at all? If the source was public and there were obviously duff security practices all round, wouldn't it be pretty straightforward to bruteforce LastPass with grepped strings from source and public e-mails?

Doesn't explain why the passwords were the same though. I guess laziness and hubris.

I don't belive you can brutforce lastpass on a computer that did not already have the lastpass account synced to it.

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
wirmola
Member
**
Offline Offline

Activity: 111


View Profile
July 13, 2012, 10:47:54 PM
 #332

sry to say nut... This is a scam!!!!
freaking thieves, rot in hell..
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 617


Working on new MtGox features


View Profile WWW
July 13, 2012, 10:48:34 PM
 #333

The question remains why there hasnt been a police report initiated by the owners of bitcoinica. Shouldnt it be them and not yourself that initiates such a thing ? When else do you arbitrarily "inform the police " without the actual people involved doing it ?

We are still discussing this with our legal counsel actually, however filing the theft details pre-emptively from our side may make things easier and faster, and may protect us and our other customers too.

markm
Legendary
*
Offline Offline

Activity: 1792



View Profile WWW
July 13, 2012, 10:49:22 PM
 #334

That still doesn't explain how the attacker knew that specific password should be tried at all.

We are talking about the password needed to convince LastPass to hand over your encrypted passwords right, not the passphrases needed to actually decrypt those passwords once having gotten a copy of them from LastPass?

-MarkM-


What's to say they "knew" at all? If the source was public and there were obviously duff security practices all round, wouldn't it be pretty straightforward to bruteforce LastPass with grepped strings from source and public e-mails?

Doesn't explain why the passwords were the same though. I guess laziness and hubris.

How can you brute-force a secure download protocol? If you fail to provide an initial response that proves you possess the correct decrypt password you don't get the file. Is all of this afterall a total comically silly fail on LastPass's part of delivering the crypted passwords to random anonymous hackers to have them brute-forced at leisure?

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
iCEBREAKER
Legendary
*
Offline Offline

Activity: 1512


Crypto is the separation of Power and State.


View Profile WWW
July 13, 2012, 11:02:21 PM
 #335




This a thousand times. This last 'hack', if it happened at all, was the remnants of bitcoinica giving money away.

No-one could be so stupid as to get publicly hacked and not change all their passwords afterwards. It's just unbelievable anyone could be that dumb and still manage to dress themselves in the morning.

Both of these a million times.



/Can't believe nobody posted that yet.

The difference between bad and well-developed digital cash will determine whether we have a dictatorship or a real democracy.  David Chaum 1996
Fungibility provides privacy as a side effect.  Adam Back 2014
"Monero" : { Private - Auditable - 100% Fungible - Flexible Blocksize - Wild & Free® - Intro - Wallets - Podcats - Roadmap - Dice - Blackjack - Github - Android }


Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016
Blocks must necessarily be full for the Bitcoin network to be able to pay for its own security.  davout 2015
Blocksize is an intentionally limited resource, like the 21e6 BTC limit.  Changing it degrades the surrounding economics, creating negative incentives.  Jeff Garzik 2013


"I believed @Dashpay instamine was a bug & not a feature but then read: https://bitcointalk.org/index.php?topic=421615.msg13017231#msg13017231
I'm not against people making money, but can't support questionable origins."
https://twitter.com/Tone_LLT/status/717822927908024320


The raison d'être of bitcoin is trustlessness. - Eric Lombrozo 2015
It is an Engineering Requirement that Bitcoin be “Above the Law”  Paul Sztorc 2015
Resiliency, not efficiency, is the paramount goal of decentralized, non-state sanctioned currency -Jon Matonis 2015

Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016

Technology tends to move in the direction of making surveillance easier, and the ability of computers to track us doubles every eighteen months. - Phil Zimmerman 2013

The only way to make software secure, reliable, and fast is to make it small. Fight Features. - Andy Tanenbaum 2004

"Hard forks cannot be co
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 13, 2012, 11:10:44 PM
 #336

We are still discussing this with our legal counsel actually, however filing the theft details pre-emptively from our side may make things easier and faster, and may protect us and our other customers too.

Mt.Gox is covering their bases... Well it's a right thing to do.

To withdraw $40 000 it needs to also be a VERIFIED account. You cant just setup a new account and withdraw that much money. Unless things have changed....this means they should know who withdrew the money.

bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
July 13, 2012, 11:21:38 PM
 #337

That still doesn't explain how the attacker knew that specific password should be tried at all.

We are talking about the password needed to convince LastPass to hand over your encrypted passwords right, not the passphrases needed to actually decrypt those passwords once having gotten a copy of them from LastPass?

-MarkM-


What's to say they "knew" at all? If the source was public and there were obviously duff security practices all round, wouldn't it be pretty straightforward to bruteforce LastPass with grepped strings from source and public e-mails?

Doesn't explain why the passwords were the same though. I guess laziness and hubris.

How can you brute-force a secure download protocol? If you fail to provide an initial response that proves you possess the correct decrypt password you don't get the file. Is all of this afterall a total comically silly fail on LastPass's part of delivering the crypted passwords to random anonymous hackers to have them brute-forced at leisure?

-MarkM-



That's right, you can't sync LastPass without the master password.

I still can't find any evidence of the bitcoinica source code leak, all google results are pointing back to genjix's original post in this thread. Does anyone know where it was first leaked?

College of Bucking Bulls Knowledge
tbcoin
Hero Member
*****
Offline Offline

Activity: 896



View Profile WWW
July 13, 2012, 11:29:54 PM
 #338

That still doesn't explain how the attacker knew that specific password should be tried at all.

We are talking about the password needed to convince LastPass to hand over your encrypted passwords right, not the passphrases needed to actually decrypt those passwords once having gotten a copy of them from LastPass?

-MarkM-


What's to say they "knew" at all? If the source was public and there were obviously duff security practices all round, wouldn't it be pretty straightforward to bruteforce LastPass with grepped strings from source and public e-mails?

Doesn't explain why the passwords were the same though. I guess laziness and hubris.

How can you brute-force a secure download protocol? If you fail to provide an initial response that proves you possess the correct decrypt password you don't get the file. Is all of this afterall a total comically silly fail on LastPass's part of delivering the crypted passwords to random anonymous hackers to have them brute-forced at leisure?

-MarkM-



That's right, you can't sync LastPass without the master password.

I still can't find any evidence of the bitcoinica source code leak, all google results are pointing back to genjix's original post in this thread. Does anyone know where it was first leaked?


http://pastebin.com/htzdAJGF

Its a new hack?? the code was stolen from github, not from the cloned machines ....
Maybe github user:info@bitcoinica.com/ passwd 123 Huh

Sorry for my bad english Wink
Bitcoin card for deposit and payment + Little POS
Donations:1N65efiNUhH6sEQg7Z6oUC76kJS9Yhevyf
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 13, 2012, 11:31:33 PM
 #339

The question remains why there hasnt been a police report initiated by the owners of bitcoinica. Shouldnt it be them and not yourself that initiates such a thing ? When else do you arbitrarily "inform the police " without the actual people involved doing it ?

We are still discussing this with our legal counsel actually, however filing the theft details pre-emptively from our side may make things easier and faster, and may protect us and our other customers too.

Was the money withdrawn through a verified account ?

rdponticelli
Sr. Member
****
Offline Offline

Activity: 326


Our highest capital is the Confidence we build.


View Profile
July 13, 2012, 11:35:07 PM
 #340

I'm not usually a great adept at believing in conspiracy theories, but doesn't anybody else found very convenient that just when MtGox was suffering lots of liquidity issues, a couple of really big accounts full with somebody else's money (BTCSYN and Bitcoinica's) gets depleted by strange hacks?

Just saying, anyway...  Roll Eyes
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [17] 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!