Bitcoinica MtGox account compromised

[sturle]

You had 40K BTC or more in Mt. Gox and weren't using a YubiKey or TOPT/Google Authenticator?  Seriously?

EDIT : Oh wait, I misread, it indeed went through the username+password authentication. I don't have words to describe the sheer amounts of fail this represents and how easily it could have been prevented.

If this isn't criminal negligence, then nothing is.  Seriously!  At least disallow withdrawal and API key creation without a Yubikey.

[1714218427]

1714218427

[1714218427]

1714218427

[1714218427]

1714218427

[lonelyminer (Peter Šurda)]

Why did even Tihan have access to any passwords? That's ridiculous.

Whoever is in charge should have long time ago created a new secure store for Bitcoins (if not for the USD) with a proper authentication trail and transfer everything there.

In your own interest, hire a crisis management specialist and a PR specialist before you fuck up to the extent that you end up in jail.

[aq]

Why did even Tihan have access to any passwords? That's ridiculous.

Whoever is in charge should have long time ago created a new secure store for Bitcoins (if not for the USD) with a proper authentication trail and transfer everything there.

In your own interest, hire a crisis management specialist and a PR specialist before you fuck up to the extent that you end up in jail.

Maybe some jail time for some of those would be the best that could happen to bitcoin. Those guys are criminal careless with other peoples bitcoins. In the past Bitcoin Consultancy did seek government regulation of bitcoin. Now give a good example and report yourself to the police.

[genjix]

Posted an update to the OP.

[hatshepsut]

I honestly feel sorry for all the people that lost, and keep losing money because of this.
I also feel very sorry for all the operators and the Bitcoin Consultancy, errors can have disastrous consequences, we're all humans, we all fuck up eventually.

I wish everyone that is impacted gets out of this with minimum suffering and stress.

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

[IIOII]

Maybe some jail time for some of those would be the best that could happen to bitcoin. Those guys are criminal careless with other peoples bitcoins. In the past Bitcoin Consultancy did seek government regulation of bitcoin. Now give a good example and report yourself to the police.

Maybe some jail time would also be the best that could happen to these scammers.

[aq]

Edit: The API key was changed, but someone had a LastPass account with the same password as that, and was actively updating it with new passwords.

genjix, use your brain and at least LOCK the damn account to YOUR yubikey. DONT SHARE IT ANY LONGER! NOW GO, DO IT!
Edit: and REVOKE all API keys!

[crazy_rabbit]

I honestly feel sorry for all the people that lost, and keep losing money because of this.
I also feel very sorry for all the operators and the Bitcoin Consultancy, errors can have disastrous consequences, we're all humans, we all fuck up eventually.

I wish everyone that is impacted gets out of this with minimum suffering and stress.

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

As do I. Although I have no more then 1btc in Bitconica Its a real anguishing public shame to see what has happened and continued to happen. It also is really just encouragement for theft, perhaps if people didn't know BTC operations were so crappy people wouldn't put so much hard work into trying to rip others off.

That said, I'm confused- how did they transfer 40K in USD out of MtGox? It seems like there are a limited number of places a Mt-GOX code could be accepted, and it seems like it would be easy for MtGox to reach out and put a hold on that money. I'm sure it wasn't auto-processed by their banks.

BTW: I have had the hardest time in hell getting verified by GOX, mostly because I'm a traveler and they want your utility bills, which I never, personally pay. But after all thats happened, how is THEIR account verified and not mine? WTF?!?!

[rapeghost]

dude.. inside job? you guys are fucking retarded.

he explained exactly what happened.

go loosen your tinfoil hats

If I remember correctly it's one of your colaborators that is the prime suspect of being the BitcoinicaHacker.
Was it also BitVPS that was hosting Patrick's email server?

No inside job indeed...

Huh?

No we dont host patricks email

Our collaborator? please explain

[rapeghost]

I honestly feel sorry for all the people that lost, and keep losing money because of this.
I also feel very sorry for all the operators and the Bitcoin Consultancy, errors can have disastrous consequences, we're all humans, we all fuck up eventually.

I wish everyone that is impacted gets out of this with minimum suffering and stress.

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

As do I. Although I have no more then 1btc in Bitconica Its a real anguishing public shame to see what has happened and continued to happen. It also is really just encouragement for theft, perhaps if people didn't know BTC operations were so crappy people wouldn't put so much hard work into trying to rip others off.

That said, I'm confused- how did they transfer 40K in USD out of MtGox? It seems like there are a limited number of places a Mt-GOX code could be accepted, and it seems like it would be easy for MtGox to reach out and put a hold on that money. I'm sure it wasn't auto-processed by their banks.

BTW: I have had the hardest time in hell getting verified by GOX, mostly because I'm a traveler and they want your utility bills, which I never, personally pay. But after all thats happened, how is THEIR account verified and not mine? WTF?!?!

Lol no shit.. ask Goat about getting verified with MtGox

[aq]

The payments process was looking good, but now Patrick has walked away and I'm unsure what happens next.

Care to explain this?

[hatshepsut]

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

I have physical health problems and need to see a doctor, but haven't had the time. On the forums I'm called a scammer and repeatedly insulted. Someone is trying to sue us. My bank gave me crap and held my money. I was borrowing cash from friends and spent 3 days eating bad muesli and cheap milk. I lost a lot of code by accident. I put a lot of work into the bitcoin.org clients page to make everything fairer, and now it will be removed, helping to recentralise bitcoin again. Electrum maybe has a security flaw and Macs have random problems. The conference needs the CFP announced soon, but I have to deal with Bitcoinica first. My health is suffering and im getting headaches. Right now is the first time I'm feeling depression, and I'm a little worried because I've never had it before but my father did. I emailed a health professional and they advised me to seek help. I've started sleeping very long, being very lethargic and apathetic. When the Bitcoinica thing first happened, I was considering suicide until Tihan said he had the funds.

Cool story bro.

http://www.youtube.com/watch?v=DksSPZTZES0

Give us our money back.

[rebuilder]

Bitcoinica - whoever that is, functionally - now needs to get whatever payments possible out ASAP. If people don't start seeing their money soon, someone is going to go to the police or a lawyer with this. That may very well happen whatever Bitcoinica do, but time is running out for them. I hate to even contemplate the kind of liability everyone involved in running the service might now be exposed to, or how big a mess any real investigation would become.

What the legal repercussions imply, IMO, is that they may decide they'd be best served in trying to settle accounts with the biggest customers at the expense of the smaller ones, and hoping they manage to appease everyone with enough incentive to give them real legal trouble. This would be unfortunate as it would mean some people getting completely shafted, but if the funds for a full refund aren't there, they're not there.

[FreeMoney]

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

I have physical health problems and need to see a doctor, but haven't had the time. On the forums I'm called a scammer and repeatedly insulted. Someone is trying to sue us. My bank gave me crap and held my money. I was borrowing cash from friends and spent 3 days eating bad muesli and cheap milk. I lost a lot of code by accident. I put a lot of work into the bitcoin.org clients page to make everything fairer, and now it will be removed, helping to recentralise bitcoin again. Electrum maybe has a security flaw and Macs have random problems. The conference needs the CFP announced soon, but I have to deal with Bitcoinica first. My health is suffering and im getting headaches. Right now is the first time I'm feeling depression, and I'm a little worried because I've never had it before but my father did. I emailed a health professional and they advised me to seek help. I've started sleeping very long, being very lethargic and apathetic. When the Bitcoinica thing first happened, I was considering suicide until Tihan said he had the funds.

Get some sun if you can. I hate to say it, but it almost has to be up from here, right?

[DarkEmi]

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

I have physical health problems and need to see a doctor, but haven't had the time. On the forums I'm called a scammer and repeatedly insulted. Someone is trying to sue us. My bank gave me crap and held my money. I was borrowing cash from friends and spent 3 days eating bad muesli and cheap milk. I lost a lot of code by accident. I put a lot of work into the bitcoin.org clients page to make everything fairer, and now it will be removed, helping to recentralise bitcoin again. Electrum maybe has a security flaw and Macs have random problems. The conference needs the CFP announced soon, but I have to deal with Bitcoinica first. My health is suffering and im getting headaches. Right now is the first time I'm feeling depression, and I'm a little worried because I've never had it before but my father did. I emailed a health professional and they advised me to seek help. I've started sleeping very long, being very lethargic and apathetic. When the Bitcoinica thing first happened, I was considering suicide until Tihan said he had the funds.

See how you feel. Now imagine if as well all the money you won the previous years were taken from you. FEEL BETTER ?

Reimburse me and you ll have my full moral support on those forums. So far I have been quiet and trusting with everybody but I am waiting and waiting and nothing.

[lonelyminer (Peter Šurda)]

Genjix,

the Intersango guys should have never agreed to assist Bitcoinica after the breach in the first place without being granted the ability to lock everyone else from accessing anything.

Also, how can one withdraw US dollars from Mt. Gox without a trace?

Also, has anyone locked down the Mt. Gox account, or is a hacker going to withdraw 40+40 tomorrow again?

[IIOII]

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

[...] spent 3 days eating bad muesli and cheap milk. [...] I'm feeling depression, and I'm a little worried [...] I've started sleeping very long, being very lethargic and apathetic.

Seems like my own life.
Except I was never involved in such an epic fraud.

[aq]

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

I have physical health problems and need to see a doctor, but haven't had the time. On the forums I'm called a scammer and repeatedly insulted. Someone is trying to sue us. My bank gave me crap and held my money. I was borrowing cash from friends and spent 3 days eating bad muesli and cheap milk. I lost a lot of code by accident. I put a lot of work into the bitcoin.org clients page to make everything fairer, and now it will be removed, helping to recentralise bitcoin again. Electrum maybe has a security flaw and Macs have random problems. The conference needs the CFP announced soon, but I have to deal with Bitcoinica first. My health is suffering and im getting headaches. Right now is the first time I'm feeling depression, and I'm a little worried because I've never had it before but my father did. I emailed a health professional and they advised me to seek help. I've started sleeping very long, being very lethargic and apathetic. When the Bitcoinica thing first happened, I was considering suicide until Tihan said he had the funds.

Don't do too much things at the same time. Deal with Bitcoinica first. Keep in mind, that whatever you will pay out, at least 2/3 of the recipients will be complaining. But once you have paid out all, there is at least nothing left fighting about. Then you can go back to coding and be happy again.

Someone is trying to sue us.

Did you expect everyone to wait forever?

[Philj]

Genjix,

the Intersango guys should have never agreed to assist Bitcoinica after the breach in the first place without being granted the ability to lock everyone else from accessing anything.

Also, how can one withdraw US dollars from Mt. Gox without a trace?

Also, has anyone locked down the Mt. Gox account, or is a hacker going to withdraw 40+40 tomorrow again?

I think you can do MTGOX USD codes that count against your USD limit, then just set up dummy mtgox accounts redeem codes buy BTC, withdrawal 100BTC from each of those...

[davout]

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

I have physical health problems and need to see a doctor, but haven't had the time. On the forums I'm called a scammer and repeatedly insulted. Someone is trying to sue us. My bank gave me crap and held my money. I was borrowing cash from friends and spent 3 days eating bad muesli and cheap milk. I lost a lot of code by accident. I put a lot of work into the bitcoin.org clients page to make everything fairer, and now it will be removed, helping to recentralise bitcoin again. Electrum maybe has a security flaw and Macs have random problems. The conference needs the CFP announced soon, but I have to deal with Bitcoinica first. My health is suffering and im getting headaches. Right now is the first time I'm feeling depression, and I'm a little worried because I've never had it before but my father did. I emailed a health professional and they advised me to seek help. I've started sleeping very long, being very lethargic and apathetic. When the Bitcoinica thing first happened, I was considering suicide until Tihan said he had the funds.

Everyone fucks up, we're all humans, you gave lots.
If I can help you in any way let me know privately.