Bitcoinica MtGox account compromised

[bitcoinBull]

@BitcoinBull  I assume by 'box' you mean his personal computer?

More likely his VPS (virtual private server), which he explained was the cause of the last breach. He said he gives many "noobs" from #C++, etc access to that VPS.

genjix's box was hacked? Who told you that?

So, the simplest explanation is the one you gave and not that genjix himself leaked the source code?

Given his history, I think incompetence is more likely than malice, definitely in genjix's case.

That patrick would walk away right now looks suspicious, if he were a smart thief he would come back and finish the claims so everyone gets their 66% (like myBitcoin). So in a counter-intuitive way, I think that he "walked away" in anger/frustration is actually a sign that it wasn't an inside job. Its very plausible and at least equally likely that there was another thief IMO (see below)...

I think the probability is about the same as finding a sha-256 collision in bitcoin  

So its probably silly to imagine it happened. Compare the chance of an inside job (someone told the thief where to look or told them the actual password) or a keylogger (etc) type attack was used to discover it, in such cases the fact one can find it in the source code is merely a red herring, whether deliberately dyed red or merely accidentally happening to be red.

-MarkM-

I didnt see a "lastpass master pasword " label on that string.

This.

Was ANYONE here even aware that the bitcoinica source code had been leaked, prior to genjix's OP on this thread?

Plugging the file URL into Google gives only a handful of results, with this thread being the earliest incidence of it, as far as I can tell.

That, plus the fact that the tar file appears to have been packed by username genjix.

Additionally, there's the fact that the lastpass password was supposedly the MtGOX KEY (username) and not the SECRET. A bizarre thing to do, which smells more like it's a fuck-up in an attempt to make up a plausible hack story.

The whole story is just too cute for me.

The source code was leaked on reddit almost a week ago (0 points from 9 downvotes, that's why I personally missed it).

It is plausible that someone would try the mtgox api key as the LastPass password. A very lucky someone could've confirmed months ago that info@bitcoinica.com was a LastPass account, because LastPass tells you if you try log-in with an invalid username/e-mail ("Unknown e-mail address") or if its a valid LastPass account ("Invalid password").

So when the source code was leaked, they saw the API key and decided to try it.

It was posted on reddit a few days ago:
http://www.reddit.com/r/Bitcoin/comments/w6xen/bitcoinica_press_release/

[Raoul Duke]

genjix's box was hacked? Who told you that?

So, the simplest explanation is the one you gave and not that genjix himself leaked the source code?

Given his history, I think incompetence is more likely than malice, definitely in genjix's case.

That patrick would walk away right now looks suspicious, if he were a smart thief he would come back and finish the claims so everyone gets their 66% (like myBitcoin). So in a counter-intuitive way, I think that he "walked away" in anger/frustration is actually a sign that it wasn't an inside job. Its very plausible and at least equally likely that there was another thief IMO (see below)...

I agree with you on this one. If it was an inside job, and I'm not saying it is(I mean the thefts, not the source code leak), it was from someone else and not Patrick or Amir. They would have to be completely nuts to screw up on something that would tarnish their reputation in this manner.

[Bitcoin Oz]

This whole mess should have been in the hands of a third party administrator long ago and at the very least a police report filed.

Setting up a company is the essence of government interference and to turn around and to claim you dont believe in government interference after you do that doesnt make sense, which is the reason they claim they never filed a police report.

[Raoul Duke]

Adding to my previous post agreeing with bitcoinBull. If it was an inside job it wasn't Patrick or Amir.

First we had this.
https://bitcointalk.org/index.php?topic=81045.msg894435#msg894435

Please don't blame genjix. It's definitely not his fault.

He's not in our mailing list so it couldn't be him.

Well, shit just happens and it's not anyone's fault or incompetence here. I'm the only guy awake when the incident happens.

and now we have this

Posting an update soon.

good news?

If it's related to my previous email to the Bitcoinica team, no, it's a bad news.

This was a pointless and malicious comment.

Are you trying to further harm their reputation or your own? Because they're not entirely separate.

No, I was merely stating a fact. I discovered something unusual and I emailed them. They promised an update. And that's it.

I don't have the right to update you publicly because I have some advantage in obtaining insider information.

I'm not part of the "bad news" and I'm not involved in Bitcoinica. If I didn't tell them they will discover the problem anyway.

Someone care to explain to a dumb guy(me) how is it that a guy who isn't "involved in Bitcoinica" discovers a theft of almost $400k before the ones who are involved in Bitcoinica?

[sadpandatech]

Adding to my previous post agreeing with bitcoinBull. If it was an inside job it wasn't Patrick or Amir.

First we had this.
https://bitcointalk.org/index.php?topic=81045.msg894435#msg894435

Please don't blame genjix. It's definitely not his fault.

He's not in our mailing list so it couldn't be him.

Well, shit just happens and it's not anyone's fault or incompetence here. I'm the only guy awake when the incident happens.

and now we have this

Posting an update soon.

good news?

If it's related to my previous email to the Bitcoinica team, no, it's a bad news.

This was a pointless and malicious comment.

Are you trying to further harm their reputation or your own? Because they're not entirely separate.

No, I was merely stating a fact. I discovered something unusual and I emailed them. They promised an update. And that's it.

I don't have the right to update you publicly because I have some advantage in obtaining insider information.

I'm not part of the "bad news" and I'm not involved in Bitcoinica. If I didn't tell them they will discover the problem anyway.

Someone care to explain to a dumb guy(me) how is it that a guy who isn't "involved in Bitcoinica" discovers a theft of almost $400k before the ones who are involved in Bitcoinica?

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

[zhoutong]

Adding to my previous post agreeing with bitcoinBull. If it was an inside job it wasn't Patrick or Amir.

First we had this.
https://bitcointalk.org/index.php?topic=81045.msg894435#msg894435

Please don't blame genjix. It's definitely not his fault.

He's not in our mailing list so it couldn't be him.

Well, shit just happens and it's not anyone's fault or incompetence here. I'm the only guy awake when the incident happens.

and now we have this

Posting an update soon.

good news?

If it's related to my previous email to the Bitcoinica team, no, it's a bad news.

This was a pointless and malicious comment.

Are you trying to further harm their reputation or your own? Because they're not entirely separate.

No, I was merely stating a fact. I discovered something unusual and I emailed them. They promised an update. And that's it.

I don't have the right to update you publicly because I have some advantage in obtaining insider information.

I'm not part of the "bad news" and I'm not involved in Bitcoinica. If I didn't tell them they will discover the problem anyway.

Someone care to explain to a dumb guy(me) how is it that a guy who isn't "involved in Bitcoinica" discovers a theft of almost $400k before the ones who are involved in Bitcoinica?

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).

From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc

[sadpandatech]

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).

From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc

You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.

[Bitcoin Oz]

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).

From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc

You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.

Someone needs to explain this...

[rjk]

Lrn 2 timezone

[John (John K.)]

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).

From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc

You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.

Someone needs to explain this...

Time zones.

[zhoutong]

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).

From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc

You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.

All times are in UTC+8 (as I'm traveling in Singapore at the moment).

I notified Bitcoinica team at Friday, 13 July 2012 9:14:51 AM.

I posted later, when genjix promised a response.

If you convert all the time to UTC there shouldn't be any problems.

[sadpandatech]

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).

From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc

You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.

Someone needs to explain this...

Time zones.

All times are in UTC+8 (as I'm traveling in Singapore at the moment).

I notified Bitcoinica team at Friday, 13 July 2012 9:14:51 AM.

I posted later, when genjix promised a response.

If you convert all the time to UTC there shouldn't be any problems.

*double thumbs up* for different timezones.  I'd still like to know where the breech was that led to someone acquiring the source code to begin with.....

[Clipse]

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).

From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc

You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.

Someone needs to explain this...

Time zones.

All times are in UTC+8 (as I'm traveling in Singapore at the moment).

I notified Bitcoinica team at Friday, 13 July 2012 9:14:51 AM.

I posted later, when genjix promised a response.

If you convert all the time to UTC there shouldn't be any problems.

*double thumbs up* for different timezones.  I'd still like to know where the breech was that led to someone acquiring the source code to begin with.....

Probably the office cleaning lady email account got hacked, was likely also on the bitcoinica email list.

Im assuming they have an office.

[MrTeal]

[tbcoin]

this is unbelievable ...

What sense does it reuse a password like that (which is in PLAIN TEXT in the source code) and in SO EXTREMELY SENSITIVE service like lastpas ¿? ¿? ¿? ¿? ¿? is absurd. And above it looks like it was himself genjix who posted the source code (cry facepalm)

[markm]

Ok here's another millinery product of thinly crafted tin:

Genjix's machine is PWNd and if sniffing/keylogging there wouldn't have sniffed the password so is someone else's.

Likely the machine(s) was/were PWNd, the password sniffed, then while wondering what would be the best moment to drop the shoe the password was noticed to be in the source code so the idea of releasing the code came up. Throw in a friday the 13th coming up and the plan is born.

The PWNing would maybe have happened way back when the messages in the blockchain were placed saying some big more to come thing was still to come (I forget the exact wording).

-MarkM-

[Raoul Duke]

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).

I totally believe in this, after reading everyone complaining that they sent email to verify@bitcoinica.com and almost never got an answer, which wasn't the case when they emailed genjix at the gmail lol

[Bitcoin Oz]

If the lawsuit goes through they will simply declare bankruptcy. I dont know if you can be the director of other companies while bankrupt.

[rjk]

http://fakebookstatus.com/ Awesome lol

[repentance]

If the lawsuit goes through they will simply declare bankruptcy. I dont know if you can be the director of other companies while bankrupt.

In which case all of the assets of the company would be in the control of a liquidator/administrator/receiver who can reverse any transactions - including the transfer of assets and any preferential payments - which took place during the look-back period.  Perhaps even more importantly, there would be a full and open accounting of everything which took place in the lead up to the insolvency.

You generally cannot be a director of a company while you're personally bankrupt.  You're not automatically excluded from being a director of a company if a previous company of which you were a director became insolvent (although people can and do get barred from being company directors by regulatory authorities).