Bitcoinica MtGox account compromised

[Phinnaeus Gage]

So Tihan owns bitcoin.com ?

Yep! Since last year. Remember Tradehill? At the moment, I put myself on my paper (a southern phrase), therefore I'll refrain from connecting further dots.

~Bruno~

I wonder about icehill and kronos....

Don't force me to add at least six more names to your such-a-short-list.

~Bruno~

[1714219939]

1714219939

[1714219939]

1714219939

[1714219939]

1714219939

[imsaguy]

Don't force me to add at least six more names to your such-a-short-list.

~Bruno~

Either do it or don't, but all of these "don't make me" posts are just a waste to read.

[Ente]

I can't believe I just finished to read through 34 pages. It took me several days. And amazingly little facts came around, oh-so-much speculation, and a bit of drama too. There were more drama in the last few drama, however, so "well done!" :-)

Ente

/subscribed

[LoupGaroux]

Wow. Take a few days off for a family issue and I come back to this train wreck? Bitcoinica is now well and truly outed as a criminal conspiracy, and using the same tired "oh noes, we had yet another password hacked!" excuse? Seriously? Does this disgusting company of scoundrels, con-men and criminals really think that there are no intelligent people left in the world?

It is time to bring every legal action possible against every single one of these bastards. Tie every asset they have in any country up. This is nothing more than a well planned and executed theft, committed on a world-wide scale. Every single bastard involved in this is guilty as sin, and deserves to spend time at hard labor for their illegal activities.

[paraipan]

Wow. Take a few days off for a family issue and I come back to this train wreck? Bitcoinica is now well and truly outed as a criminal conspiracy, and using the same tired "oh noes, we had yet another password hacked!" excuse? Seriously? Does this disgusting company of scoundrels, con-men and criminals really think that there are no intelligent people left in the world?

It is time to bring every legal action possible against every single one of these bastards. Tie every asset they have in any country up. This is nothing more than a well planned and executed theft, committed on a world-wide scale. Every single bastard involved in this is guilty as sin, and deserves to spend time at hard labor for their illegal activities.

^this is the same way I feel, although I would've done better with words

[Phinnaeus Gage]

Wow. Take a few days off for a family issue and I come back to this train wreck? Bitcoinica is now well and truly outed as a criminal conspiracy, and using the same tired "oh noes, we had yet another password hacked!" excuse? Seriously? Does this disgusting company of scoundrels, con-men and criminals really think that there are no intelligent people left in the world?

It is time to bring every legal action possible against every single one of these bastards. Tie every asset they have in any country up. This is nothing more than a well planned and executed theft, committed on a world-wide scale. Every single bastard involved in this is guilty as sin, and deserves to spend time at hard labor for their illegal activities.

^this is the same way I feel, although I would've done better with words

He normally does write better than that, but give him a couple days and he'll be back up to speed. It doesn't matter if I agree with him or not, I simply love his writing style.

~Bruno~

[rjk]

^this is the same way I feel, although I would've done better with words

By "better" you mean "not quite as well"? Yes, that's what I thought.

[kiba]

Why go through the trouble of telling people about hacks and passwords and staying where you are when you can just quietly shut down and run far far away with the money from where you live? Why the complicated gambit of appearing legit and why risk jailtime for your robbery?

Let me tell ya, it isn't really an inside job. It's really just extreme incompetence. There's no conspiracy, because if there was, it was an extremely unbelievable conspiracy with a well executed unnecessary complicated gambit.

And it won't make you feel better knowing what I said.

[MrTeal]

Why go through the trouble of telling people about hacks and passwords and staying where you are when you can just quietly shut down and run far far away with the money from where you live? Why the complicated gambit of appearing legit and why risk jailtime for your robbery?

Let me tell ya, it isn't really an inside job. It's really just extreme incompetence. There's no conspiracy, because if there was, it was an extremely unbelievable conspiracy with a well executed unnecessary complicated gambit.

And it won't make you feel better knowing what I said.

Granted I don't use lastpass so I'm taking other people's word for it here, but my understanding is that lastpass will only let you make 3 incorrect attempts to log in and download the password file before locking the account. It might seem obvious in retrospect, but how likely is it that some hacker stumbled upon the leaked source code and was able to glean from it that the API key would be the lastpass PW? Baring something else that we haven't been told about like a keylogger installed on someone's machine, I have a hard time believing that story.

Did anyone from Bitcoinica Consultancy contact LastPass to attempt to get the IP address of the person who logged into their account? Or will that be done around the same time as the police report getting filed?

[kiba]

Last time I check, MtGox doesn't prevent people from trying as many time as they want. It should be something they fix, but don't.

[MrTeal]

Last time I check, MtGox doesn't prevent people from trying as many time as they want. It should be something they fix, but don't.

That's not the story that was presented.

[repentance]

Granted I don't use lastpass so I'm taking other people's word for it here, but my understanding is that lastpass will only let you make 3 incorrect attempts to log in and download the password file before locking the account. It might seem obvious in retrospect, but how likely is it that some hacker stumbled upon the leaked source code and was able to glean from it that the API key would be the lastpass PW? Baring something else that we haven't been told about like a keylogger installed on someone's machine, I have a hard time believing that story.

Did anyone from Bitcoinica Consultancy contact LastPass to attempt to get the IP address of the person who logged into their account? Or will that be done around the same time as the police report getting filed?

From what Zhou posted, the Rackspace hacker would have gained the information needed to access the MtGox account. The source code leak may have confirmed to the Rackspace hacker that the password likely hadn't been changed, or they may have already been waiting for funds to be transferred into the MtGox account to make repayments and decided that it was worth seeing if the credentials they had still had access.  It's far less likely that someone who randomly viewed the leaked source code just lucked in.

[kiba]

That's not the story that was presented.

You can check it for yourself. They really don't try to block you after 3 tries. It probably doesn't have anything to do with how the hacker guess it but it could help.

[MrTeal]

That's not the story that was presented.

You can check it for yourself. They really don't try to block you after 3 tries. It probably doesn't have anything to do with how the hacker guess it but it could help.

I created account and entered the password incorrectly 5 times. It locked my account and sent me this email.

Hi,

This is an advisory notice letting you know that your account has been temporarily locked because of repeated failed login attempts from xxx.xxx.xxx.xxx.

If you were attempting to login, you should wait 5 minutes and try again.
If you still are unable to regain access to your account, please try these steps.

If you did not attempt to log into LastPass, you have no reason to worry.
But if you are not using a strong master password, we suggest you change it now.



Thanks,
The LastPass Team

[kiba]

Hi, you misunderstood me. I was talking about mtgox, not LastPass.

[bitcoinBull]

Hi,

Sorry for the hiatus, but I had to take a break to preserve my mental sanity. Here's the update (also in the OP):

Update: here's the facts from my point of view:

- Patrick quit.
- Zhou quit.
- Tihan was fired, and no longer acting on behalf of Bitcoinica LP.
- Bitcoinica Consultancy were the new operators coming onboard, and the company was formed after the compromise to facilitate payments out.
- Bitcoinica LP is the owner.

The payments process is at a deadlock. Technically when a company is in debt, and cannot pay off its debtors in full, it hands the process to the government (called receivership). Bitcoinica LP would have to make a police report, and hand over the payments process as the owners.

That's it basically. Just a standstill.

Thanks for the update genjix. Even if you were responsible for leaking the source code (which would be irony of ironies), I'm extremely disappointed in Patrick. First for not ensuring that the LastPass master password was a secure one (if he didn't change it, he should've at least asked Tihan about it), among other measures like enabling two-factor auth on MtGox. But Patrick's behavior afterwards is even more despicable, quitting as though to disown any and all responsibility.

At least you, genjix, are still here giving updates, and thanks for that.

[disclaimer201]

Why go through the trouble of telling people about hacks and passwords and staying where you are when you can just quietly shut down and run far far away with the money from where you live? Why the complicated gambit of appearing legit and why risk jailtime for your robbery?

Let me tell ya, it isn't really an inside job. It's really just extreme incompetence. There's no conspiracy, because if there was, it was an extremely unbelievable conspiracy with a well executed unnecessary complicated gambit.

And it won't make you feel better knowing what I said.

Or it would be a perfect way to make everyone believe one is innocent precisely because one showed good intention to pay back funds. I'm not sure if they'd be so smart though. My personal theory is that someone in this circle might have screwed the others over and ran with the money, carefully cleared all tracks of evidence and is trying to get away with it.

[Clipse]

Anyone still buying into any of the excuses/updates/bullshit presented should really look in the mirror since they are beyond a goof ball.

If none of the big bitcoinica account holders actually move forward to make these so called experts get what they deserve then Im affraid the bitcoin world is essentially cluttered with a bunch of kids who cant do the right thing when they need to.

What you see now is the stalling game coming to an end, whoever took the money within this group have now successfully cleared and run away.

[kiba]

Or it would be a perfect way to make everyone believe one is innocent precisely because one showed good intention to pay back funds.

That's the "THAT WHAT THEY WANT YOU BELIEVE" indirection and so on that is a common feature in a conspiracy theory.

Always remember that the more complex a gambit is, the more likely they will get caught.

[disclaimer201]

Or it would be a perfect way to make everyone believe one is innocent precisely because one showed good intention to pay back funds.

That's the "THAT WHAT THEY WANT YOU BELIEVE" indirection and so on that is a common feature in a conspiracy theory.

Always remember that the more complex a gambit is, the more likely they will get caught.

You are right. It's too complicated. And that's why it has to be more in the direction of the second sentence above. I really can't believe all the hacker stories, sorry. Just doesn't get into my head.