Bitcoin Forum
December 04, 2016, 10:39:46 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
Author Topic: Bitcoinica MtGox account compromised  (Read 145719 times)
Aseras
Hero Member
*****
Offline Offline

Activity: 658


View Profile
July 14, 2012, 12:31:44 AM
 #361

How did someone initiate a $40 000 transfer without AML warning bells going off at Mt Gox since they use this excuse if you usually try it with anything close to $10 000 or in combinations that are close to that ? One doesnt just transfer $40 000 out of Mordor.

AML as nothing to do with warning. AML is just here to make sure you are who you say you are, and then once a person on here in this case a company prove they are who they say they are they become Trusted or Verified. Once you have a Verified Account or a Trusted account your limits are not lifted, you or in this case the representative of the company need to contact us and ask us to lift their account limits.

AML has once again nothing to do with that. Now Mt.Gox offers many withdrawal methods, and the thief use the one(s) that fit his/her/their needs in that matter.

Which is BS since you can be a level 47 verified and you all will sit on a wire transfer for weeks. Especially a larger transfer.
1480891186
Hero Member
*
Offline Offline

Posts: 1480891186

View Profile Personal Message (Offline)

Ignore
1480891186
Reply with quote  #2

1480891186
Report to moderator
1480891186
Hero Member
*
Offline Offline

Posts: 1480891186

View Profile Personal Message (Offline)

Ignore
1480891186
Reply with quote  #2

1480891186
Report to moderator
1480891186
Hero Member
*
Offline Offline

Posts: 1480891186

View Profile Personal Message (Offline)

Ignore
1480891186
Reply with quote  #2

1480891186
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480891186
Hero Member
*
Offline Offline

Posts: 1480891186

View Profile Personal Message (Offline)

Ignore
1480891186
Reply with quote  #2

1480891186
Report to moderator
1480891186
Hero Member
*
Offline Offline

Posts: 1480891186

View Profile Personal Message (Offline)

Ignore
1480891186
Reply with quote  #2

1480891186
Report to moderator
markm
Legendary
*
Offline Offline

Activity: 1778



View Profile WWW
July 14, 2012, 12:32:35 AM
 #362

I think the probability is about the same as finding a sha-256 collision in bitcoin   Smiley

So its probably silly to imagine it happened. Compare the chance of an inside job (someone told the thief where to look or told them the actual password) or a keylogger (etc) type attack was used to discover it, in such cases the fact one can find it in the source code is merely a red herring, whether deliberately dyed red or merely accidentally happening to be red.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 14, 2012, 12:36:43 AM
 #363

Well I hope they have changed all the intersango passwords and are using 2 factor auth on any exchange accounts. They have done this havent they.........

Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 14, 2012, 12:38:43 AM
 #364

I think the probability is about the same as finding a sha-256 collision in bitcoin   Smiley

So its probably silly to imagine it happened. Compare the chance of an inside job (someone told the thief where to look or told them the actual password) or a keylogger (etc) type attack was used to discover it, in such cases the fact one can find it in the source code is merely a red herring, whether deliberately dyed red or merely accidentally happening to be red.

-MarkM-


I didnt see a "lastpass master pasword " label on that string.

Mt.Gox Support
VIP
Sr. Member
*
Offline Offline

Activity: 308



View Profile
July 14, 2012, 12:39:46 AM
 #365


As far as Mt.Gox is concerned and as Genjix explained, we did not suffer any breach or any hack, all other account are safe and the thief only targeted Bitconica's account. Mark (MagicalTux) has been in contact with many Bitcoin players since this announcement and offered any help we can give, but unfortunately all funds (USD & BTC) are no longer within our reach.

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Despite our effort on securing Mt.Gox and protecting everyone's asset I would like to remind everyone that it is also your responsibility to secure your account with a very strong password and use either a Yubikey or Google Auth (You can even use both at the same time).

Mt.Gox

-- EDIT --

We would like to stress that Mt.Gox Verified Bitconica as a Company and NOT as an Individual.
to what (bank-)account was the usd sent to? ie. where can we find the guy, and beat him?

We wish things could be so simple, unfortunately they are not! But if you read a little further we explain that we know how and where the money goes and we will give all these details to the appropriate authorities to get this done right. Despite what some want to believe we are at Mt.Gox extremely furious about this situation a lot of good people and very close friends lost a LOT of money. We have of course nothing to do with what happen and will help the community has much as we can on this matter.

Mt.Gox : The Leading International Bitcoin Exchange.
Mt.Gox Merchant Solutions : https://mtgox.com/merchant
Mt.Gox Support
VIP
Sr. Member
*
Offline Offline

Activity: 308



View Profile
July 14, 2012, 12:46:56 AM
 #366

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

-- EDIT --

We would like to stress that Mt.Gox Verified Bitconica as a Company and NOT as an Individual.


it would not be plausible for mt. gox to not know about the change in ownership in april.

did mt. gox really allow this new company to use an account at mt. gox that did not belong to them (i.e., use an account that was verfied under a different name)?

after the change in ownership, there should have been a new account created (and verified) by the new owner.  because the old company didn't have any other source of income, deposits to the old company's account should have dropped towards zero.  

the kyc of aml/kyc is to know the source of the funds the customer is depositing.  mt. gox wouldn't know the source of funds if the verified owner of the account sold the business and has no other business.  these further deposits to "the bitcoinica account" should not have been made available for transfer or withdrawal until the source of the funds could be verified as truly belonging to the previously verified owner of the account.

it looks like there were multiple changes in ownership.  first was xwaylab (delaware), then [opaque change well known] then the bitcoinica lp of new zealand.

bitcoinica lp should not have been allowed to deposit to and withdaw funds from an account where the verified owner is anything other than bitcoinica lp.

here is some history:

  • On 2012/01/30 Bitcoin Consultancy became Bitcoinica Consultancy Ltd. (*1)
  • On 2012/03/22 Bitcoinica Consultancy Ltd became the General Partner of the newly formed Bitcoinica Limited Partnership (*2)
  • On 2012/03/27 Bitcoin Consultancy was retained to perform a comprehensive security audit. (*3)
  • On 2012/04/24 Bitcoin Consultancy took over ownership and daily operations of Bitcoinica from Zhou (*4)
  • On 2012/05/11 Bitcoinica was hacked due to a root password reset via a compromised email server (belonging to a member of Bitcoin Consultancy). (*5)

References:
1) http://www.business.govt.nz/companies/app/ui/pages/companies/3715077
2) http://www.business.govt.nz/fsp/app/ui/fsp/version/searchSummaryCompanyFSP/FSP207625/4.do?noReturn=true
3) https://bitcointalk.org/index.php?topic=81045.msg919130#msg919130 (Tihan's post)
4) http://bitcoinmedia.com/first-licensed-advanced-trading-platform-for-bitcoin/ (written by Donald, CEO of Bitcoin Consultancy)
5) http://bitcoinica.com (post-mortem)

Your analysis is not only wrong but straight up defamation.

Bitcoin Consultancy LTD is a UK Limited company which is neither owned nor owns any other company.
Intersango LTD is a UK Limited company which is neither owned nor owns any other company.
Bitcoinica LP is a New Zealand Limited Partnership.
Core Credit LTD is a New Zealand Limited Company and the General Partner of Bitcoinica LP.
Core Credit LTD was renamed to Bitcoinica Consultancy LTD significantly after the events occurred.

disclaimer: i am not a lawyer

We cannot of course give such details here on a public forum, but I can tell you that we have been VERY caution when this particular change of ownership happen. We of course use the advise of our Lawyer and act accordingly. We did not let this change or ownership happen until we were fully satisfied with the document that were send over to us.

Mt.Gox : The Leading International Bitcoin Exchange.
Mt.Gox Merchant Solutions : https://mtgox.com/merchant
bpd
Member
**
Offline Offline

Activity: 114


View Profile
July 14, 2012, 12:47:40 AM
 #367

I think the probability is about the same as finding a sha-256 collision in bitcoin   Smiley

So its probably silly to imagine it happened. Compare the chance of an inside job (someone told the thief where to look or told them the actual password) or a keylogger (etc) type attack was used to discover it, in such cases the fact one can find it in the source code is merely a red herring, whether deliberately dyed red or merely accidentally happening to be red.

-MarkM-


I didnt see a "lastpass master pasword " label on that string.

This.

Was ANYONE here even aware that the bitcoinica source code had been leaked, prior to genjix's OP on this thread?

Plugging the file URL into Google gives only a handful of results, with this thread being the earliest incidence of it, as far as I can tell.

That, plus the fact that the tar file appears to have been packed by username genjix.

Additionally, there's the fact that the lastpass password was supposedly the MtGOX KEY (username) and not the SECRET. A bizarre thing to do, which smells more like it's a fuck-up in an attempt to make up a plausible hack story.

The whole story is just too cute for me.
Mt.Gox Support
VIP
Sr. Member
*
Offline Offline

Activity: 308



View Profile
July 14, 2012, 12:58:59 AM
 #368

Which is BS since you can be a level 47 verified and you all will sit on a wire transfer for weeks. Especially a larger transfer.

No BS here. As I said before and as Mark explained, we cannot discuss these details here, however I strongly advise you to read the 20 (pages) of this thread.

PS. We are on your side not against you.

Mt.Gox : The Leading International Bitcoin Exchange.
Mt.Gox Merchant Solutions : https://mtgox.com/merchant
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
July 14, 2012, 12:59:15 AM
 #369

So, the encoded file has the exact same thing on the /bitcoinica_legacy/.git/logs/HEAD file
Code:
0000000000000000000000000000000000000000 939e877106a5bd479f350adc6d9e4170c62df8f3 genjix <genjix@nite.(none)> 1338505438 +0200 clone: from git@github.com:bitcoinica/bitcoinica_legacy.git

Cloned by Genjix from the bitcoinica private github repo on May 31 2012... Interesting Wink


And look at who packed it... surprise surprise
Code:
drwxr-xr-x genjix/genjix     0 2012-07-07 20:18 bitcoinica_legacy/


That's not the encoded file. You're still looking at genjix's re-pack.

[...]

After, I opened the bit.tar.bz2 file with Ubuntu file manager and navigated to /bitcoinica_legacy/.git/logs/ and opened the HEAD file with gedit.

Try it yourself.


You're right, my mistake.

This line is in the original encoded file.

Code:
0000000000000000000000000000000000000000 939e877106a5bd479f350adc6d9e4170c62df8f3 genjix <genjix@nite.(none)> 1338505438 +0200 clone: from git@github.com:bitcoinica/bitcoinica_legacy.git

This shows that somebody accessed genjix's copy of the bitcoinica source code (maybe it was on that VPS which also had the SSH key which was re-used on the consultancy's e-mail server for the prior breach).

But how did you get this to claim that he packed it:
Code:
drwxr-xr-x genjix/genjix     0 2012-07-07 20:18 bitcoinica_legacy/

You are implying that genjix intentionally leaked the code. I can't confirm that.

College of Bucking Bulls Knowledge
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 14, 2012, 01:00:58 AM
 #370

How did the hacker also get access to genjix account on github ?

sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 14, 2012, 01:01:54 AM
 #371

How did the hacker also get access to genjix account on github ?

that is what I am wondering, with following that part of the thread..

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
July 14, 2012, 01:11:03 AM
 #372

But how did you get this to claim that he packed it:
Code:
drwxr-xr-x genjix/genjix     0 2012-07-07 20:18 bitcoinica_legacy/

You are implying that genjix intentionally leaked the code. I can't confirm that.

This
Code:
$ tar -jtvf bit.tar.bz2 | head -n1
gives this
Code:
drwxr-xr-x genjix/genjix     0 2012-07-07 20:18 bitcoinica_legacy/
which means that the bitcoinica_legacy folder that was packed to the encrypted file had the owner genjix from group genjix and was last modified at 2012-07-07 20:18

If I unpack the file to my system it will have owner "me" from group "me". If I pack it again and run the above command it will give me a similar line but with my name and the date on which the folder was created/modified on my system when I unpacked it.

I posted all you needed to do to. Not sure why you're asking lol


Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 14, 2012, 01:13:53 AM
 #373

How did the hacker also get access to genjix account on github ?

I did git pull, looks like genjix's account required public key.


The authenticity of host 'github.com (207.97.227.239)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,207.97.227.239' (RSA) to the list of known hosts.
Permission denied (publickey).
fatal: The remote end hung up unexpectedly



If only you needed a public key to withdraw from Gox Smiley

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
July 14, 2012, 01:14:22 AM
 #374

LastPass offers this following cool feature: The ability to share a saved password with a third party, while both keeping said password secret and not sharing the rest of your passwords. You can see a screenshot of how it works below.
IF we assume that passwords were being shared using this facility, then we can also reasonably assume that each LastPass user has his own password that is different. Therefore, I would like to know WHOSE LastPass got compromised.


Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
July 14, 2012, 01:21:41 AM
 #375

How did the hacker also get access to genjix account on github ?

that is what I am wondering, with following that part of the thread..

It wasn't from genjix's github account. Genjix cloned the github repo to his own box <genjix@nite.(none)>. It was accessed from there.



But how did you get this to claim that he packed it:
Code:
drwxr-xr-x genjix/genjix     0 2012-07-07 20:18 bitcoinica_legacy/

You are implying that genjix intentionally leaked the code. I can't confirm that.

This
Code:
$ tar -jtvf bit.tar.bz2 | head -n1
gives this
Code:
drwxr-xr-x genjix/genjix     0 2012-07-07 20:18 bitcoinica_legacy/
which means that the bitcoinica_legacy folder that was packed to the encrypted file had the owner genjix from group genjix and was last modified at 2012-07-07 20:18

I posted all you needed to do to. Not sure why you're asking lol

Thanks. So the leaker who accessed genjix's box packed it on his box as him. That's why it says genjix/genjix, genjix's box was hacked.

College of Bucking Bulls Knowledge
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
July 14, 2012, 01:28:10 AM
 #376

How did the hacker also get access to genjix account on github ?

that is what I am wondering, with following that part of the thread..

It wasn't from genjix's github account. Genjix cloned the github repo to his own box <genjix@nite.(none)>. It was accessed from there.



But how did you get this to claim that he packed it:
Code:
drwxr-xr-x genjix/genjix     0 2012-07-07 20:18 bitcoinica_legacy/

You are implying that genjix intentionally leaked the code. I can't confirm that.

This
Code:
$ tar -jtvf bit.tar.bz2 | head -n1
gives this
Code:
drwxr-xr-x genjix/genjix     0 2012-07-07 20:18 bitcoinica_legacy/
which means that the bitcoinica_legacy folder that was packed to the encrypted file had the owner genjix from group genjix and was last modified at 2012-07-07 20:18

I posted all you needed to do to. Not sure why you're asking lol

Thanks. So the leaker who accessed genjix's box packed it on his box as him. That's why it says genjix/genjix, genjix's box was hacked.

genjix's box was hacked? Who told you that? Shocked

So, the simplest explanation is the one you gave and not that genjix himself leaked the source code? Roll Eyes

sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 14, 2012, 01:32:38 AM
 #377


Thanks. So the leaker who accessed genjix's box packed it on his box as him. That's why it says genjix/genjix, genjix's box was hacked.

genjix's box was hacked? Who told you that? Shocked

So, the simplest explanation is the one you gave and not that genjix himself leaked the source code? Roll Eyes
no one is giving an 'explanation'. We are jsut trying to trace this stuff back as close to 'source' as possible..


@BitcoinBull  I assume by 'box' you mean his personal computer?

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
July 14, 2012, 01:34:34 AM
 #378

Therefore, I would like to know WHOSE LastPass got compromised.

Tihan created the LastPass account (I believe from reading his post). My guess, Tihan set the password by copy-pasting the mtgox api key, which was in a text file given to him by zhoutong.

Tihan shared the LastPass account and password with Bitcoin Consultancy, who "assumed" it was "secure", so he's blaming them because they didn't tell Tihan to change it. I agree with Tihan, they should have recognized it as the API key and changed it, both because they hyphens are suggestive of an API key and because they should have already seen the same string in the bitcoinica source code (failed to put 1 + 1 together). In any case, they should have changed it.

College of Bucking Bulls Knowledge
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
July 14, 2012, 01:36:02 AM
 #379

Which is BS since you can be a level 47 verified and you all will sit on a wire transfer for weeks. Especially a larger transfer.

No BS here. As I said before and as Mark explained, we cannot discuss these details here, however I strongly advise you to read the 20 (pages) of this thread.

PS. We are on your side not against you.

Just want to pop in and say thanks to MtGox for pursuing this.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
July 14, 2012, 01:37:07 AM
 #380


Thanks. So the leaker who accessed genjix's box packed it on his box as him. That's why it says genjix/genjix, genjix's box was hacked.

genjix's box was hacked? Who told you that? Shocked

So, the simplest explanation is the one you gave and not that genjix himself leaked the source code? Roll Eyes
no one is giving an 'explanation'. We are jsut trying to trace this stuff back as close to 'source' as possible..


@BitcoinBull  I assume by 'box' you mean his personal computer?

I will not give much importance to bitcoinBull's assumptions as 20 minutes ago he was assuming I was looking at the file on the OP and not at the file I had downloaded from the link at the pastebin and decoded with the instructions posted at reddit...

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!