Bitcoin Forum
December 06, 2016, 04:21:39 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 [36] 37 38 39 40 41 »
  Print  
Author Topic: Bitcoinica MtGox account compromised  (Read 145760 times)
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
July 24, 2012, 04:26:48 AM
 #701

Here is my ultimate nail in this obvious scam.

A real scam would have the team running away real fast to avoid capture from the police. However, their names and faces are known and they are not running away. At least one individual even contributed code to the bitcoin codebase.

Quote
Bitcoinica is now managed by Intersango guys but they somehow decide to move the refundable coins/USD over to their biggest competitor MTGOX.

Why didnt they move the funds over to their own exchange for safekeeping, is this perhaps their way of distorting progress by getting an

other exchange involved in this mess, hell only knows.

The intersango team didn't keep the fund, Tihan did, and he did it in the worst possible way you can. Stupidity is easier than intelligent actions.

1481041299
Hero Member
*
Offline Offline

Posts: 1481041299

View Profile Personal Message (Offline)

Ignore
1481041299
Reply with quote  #2

1481041299
Report to moderator
1481041299
Hero Member
*
Offline Offline

Posts: 1481041299

View Profile Personal Message (Offline)

Ignore
1481041299
Reply with quote  #2

1481041299
Report to moderator
1481041299
Hero Member
*
Offline Offline

Posts: 1481041299

View Profile Personal Message (Offline)

Ignore
1481041299
Reply with quote  #2

1481041299
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
July 24, 2012, 04:33:38 AM
 #702

Here is my ultimate nail in this obvious scam.

A real scam would have the team running away real fast to avoid capture from the police. However, their names and faces are known and they are not running away. At least one individual even contributed code to the bitcoin codebase.

Quote
Bitcoinica is now managed by Intersango guys but they somehow decide to move the refundable coins/USD over to their biggest competitor MTGOX.

Why didnt they move the funds over to their own exchange for safekeeping, is this perhaps their way of distorting progress by getting an

other exchange involved in this mess, hell only knows.

The intersango team didn't keep the fund, Tihan did, and he did it in the worst possible way you can. Stupidity is easier than intelligent actions.

That is a scam that wants people to chase them down.

Staying in public and handling this like idiots just creates an illusion that this all is just a huge fuckup and not something they(or one of them) decided to carry out.

This whole fiasco is a much better way to run a scam than to collect and run away.

Tihan noted in the pastebin post that he gave the funds to intersango guys who then had to distribute it to the users and this is where intersango seemingly moved the funds to mtgox which then got stolen or so they say.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 700


Wat


View Profile WWW
July 24, 2012, 04:37:35 AM
 #703

I still dont understand why they even needed Mt Gox in the first place at least for the bitcoin side of things. Why pay all the fees when you can just transfer bitcoin directly Huh?

repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
July 24, 2012, 04:46:20 AM
 #704

I still dont understand why they even needed Mt Gox in the first place at least for the bitcoin side of things. Why pay all the fees when you can just transfer bitcoin directly Huh?

Because they needed to make those transfers from a hot wallet and ever since the Linode hack people had been screaming at them about keeping their hot wallet on their own servers (and suggesting that it should be kept on MtGox for security).  Doing it through MtGox would also help give them a better record of the transactions if something went wrong with their own systems.  Remember that people were also asking to be paid in MtGox codes.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
July 24, 2012, 04:55:09 AM
 #705

Even if it was the original hacker, according to genjix the LastPass PW was not compromised. The password was the MtGox API key and that key was stored in the source that the Rackspace hacker would have had access to, but how likely is it that if you had 5 guesses you would choose an API key buried in the source vs attempting one of the other passwords that you did compromised to see if it was a duplicate of those?

Which is what most people assume they did.  You get 5 attempts before it locks you out for 5 minutes and sends an email.  If the list of compromised passwords the hacker had wasn't especially long, then they didn't have a lot to lose by trying the duplicates - if one of them was right, there was every chance they'd be into the LastPass account before anyone read the email.

Quote
Any time a hacking fiasco happens, it basically turns into a witchhunt, because people feel extremely powerless.

This is equally true when conventional companies go out of business.

How would the hacker know beforehand it it was even worth getting into the account to get a look-see. First, he would have to know the account existed then, by happenstance, find the PW(s), then try them, all the long not only hoping that it works, but that it was all worth his time.

~Bruno~
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
July 24, 2012, 05:00:39 AM
 #706

I just tried the LastPass account. I didn't expect to be able to log in, but I was able to using the original credentials!

And LastPass didn't log the IP that reverted the master password. It's so weird.

Quote
07/12/2012 22:17:04
LastPass.com
 
67.188.9.35
Master Password Changed
07/17/2012 08:30:52
LastPass.com
 
0.0.0.0
Master Password Reverted

I've read this post, then reread it. Then again. Then stared at it, thinking of something to pen (not this post), but couldn't come up with anything substantial. I truly am shocked at what I have just read. Thanks, ZT.

~Bruno~
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
July 24, 2012, 05:25:05 AM
 #707


How would the hacker know beforehand it it was even worth getting into the account to get a look-see. First, he would have to know the account existed then, by happenstance, find the PW(s), then try them, all the long not only hoping that it works, but that it was all worth his time.

~Bruno~


We know that an email account was breached in order to effect the Rackspace compromise.  That would have given the Rackspace hacker to the email communications for the mailing list, among other things.  I have little doubt that the existence of the LastPass account has probably been discussed in internal emails.

Again, Zhou has already said that whoever perpetrated the Rackspace hack had enough information to compromise the MtGox account.  They may have waited to make an attempt until they knew funds had been moved there (which was obvious once refunds were being made).  Just because you assume that people will change credentials after an attack doesn't mean it will happen, and there's nothing to be lost by seeing if the credentials you've obtained will work.  The source code leak confirmed that the MtGox API key hadn't been changed - this could have encouraged the Rackspace hacker (or someone else with whom he shared the information he'd obtained during the hack) to see what else hadn't been changed.

To a large extent, exploiting vulnerabilities involves a lot of poking around for holes you don't expect to find rather than creating sophisticated means to overcome security measures which do exist.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile
July 24, 2012, 05:31:26 AM
 #708

yep, the mindset of a good attacker often starts with "let's imagine that the target is stupid beyond reason and does all kinds of idiotic things that no sane person would ever do".

-
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
July 24, 2012, 05:39:09 AM
 #709

yep, the mindset of a good attacker often starts with "let's imagine that the target is stupid beyond reason and does all kinds of idiotic things that no sane person would ever do".


People are often creatures of habit, too.  If you know one mistake they've made, you can often take an educated guess at other mistakes they may have made.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
July 24, 2012, 05:49:29 AM
 #710

Guys, I'm not happy, constantly worried and possibly scared. I didn't have a nice sleep since long time ago.

I'm really afraid of the possible criminal charges if things don't work out well. It'll be devastating to my life, considering the permanent record and inconvenience in every single official activity, even if I'm proven innocent. I know some victims are desparate, and they are going to take actions against whatever entity that's ever related to Bitcoinica.

When the General Partners asked for apology, I gave. When they asked for respect, I also gave. I also contributed a significant portion of my personal investment to compensate the victims. I'm trying to cut down the ties but I can't, even though I owned nothing of the company since January and announced the change of management explicitly in April.

And today, there are still people claiming that I hacked the accounts. Both Mt. Gox and AurumXchange froze some of my personal funds without giving specific reasons (they did tell me some generic reasons), persumably related to Bitcoinica. I'm really nervous! (If it's unrelated, please email/PM me so that I'll feel much better.)

I can be sure that I'm not financially related to Bitcoinica, and I should never be liable for any debt of the company. I am willing to join any lawsuit against Bitcoin/Bitcoinica Consultancy Ltd and/or Bitcoinica LP as a claimant, and I also possess important but secretive documents that can only be revealed in court.

I want to do whatever I can to help you, and help myself.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
July 24, 2012, 05:55:04 AM
 #711

Guys, I'm not happy, constantly worried and possibly scared. I didn't have a nice sleep since long time ago.

I'm really afraid of the possible criminal charges if things don't work out well. It'll be devastating to my life, considering the permanent record and inconvenience in every single official activity, even if I'm proven innocent. I know some victims are desparate, and they are going to take actions against whatever entity that's ever related to Bitcoinica.

When the General Partners asked for apology, I gave. When they asked for respect, I also gave. I also contributed a significant portion of my personal investment to compensate the victims. I'm trying to cut down the ties but I can't, even though I owned nothing of the company since January and announced the change of management explicitly in April.

And today, there are still people claiming that I hacked the accounts. Both Mt. Gox and AurumXchange froze some of my personal funds without giving specific reasons (they did tell me some generic reasons), persumably related to Bitcoinica. I'm really nervous! (If it's unrelated, please email/PM me so that I'll feel much better.)

I can be sure that I'm not financially related to Bitcoinica, and I should never be liable for any debt of the company. I am willing to join any lawsuit against Bitcoin/Bitcoinica Consultancy Ltd and/or Bitcoinica LP as a claimant, and I also possess important but secretive documents that can only be revealed in court.

I want to do whatever I can to help you, and help myself.

How much did you make on the sale of Bitcoinica?

Introducing constraints to the economy only serves to limit what can be economical.
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
July 24, 2012, 06:08:40 AM
 #712

Guys, I'm not happy, constantly worried and possibly scared. I didn't have a nice sleep since long time ago.

I'm really afraid of the possible criminal charges if things don't work out well. It'll be devastating to my life, considering the permanent record and inconvenience in every single official activity, even if I'm proven innocent. I know some victims are desparate, and they are going to take actions against whatever entity that's ever related to Bitcoinica.

When the General Partners asked for apology, I gave. When they asked for respect, I also gave. I also contributed a significant portion of my personal investment to compensate the victims. I'm trying to cut down the ties but I can't, even though I owned nothing of the company since January and announced the change of management explicitly in April.

And today, there are still people claiming that I hacked the accounts. Both Mt. Gox and AurumXchange froze some of my personal funds without giving specific reasons (they did tell me some generic reasons), persumably related to Bitcoinica. I'm really nervous! (If it's unrelated, please email/PM me so that I'll feel much better.)

I can be sure that I'm not financially related to Bitcoinica, and I should never be liable for any debt of the company. I am willing to join any lawsuit against Bitcoin/Bitcoinica Consultancy Ltd and/or Bitcoinica LP as a claimant, and I also possess important but secretive documents that can only be revealed in court.

I want to do whatever I can to help you, and help myself.

How much did you make on the sale of Bitcoinica?

I want to tell you, but I can't. It's the only thing NDA'd.

All I can say is, the money isn't enough to compensate for my unhappiness and worries during this period.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
flower1024
Hero Member
*****
Offline Offline

Activity: 854


luck is just a share away


View Profile
July 24, 2012, 06:10:52 AM
 #713


I want to tell you, but I can't. It's the only thing NDA'd.

All I can say is, the money isn't enough to compensate for my unhappiness and worries during this period.

i feel you deserve every bitcent/usd of it.
thank you again for your 5k btc.

i dont believe you are the hacker. but as soon as police is involved i am pretty sure they'll have questions for you.

i wish you all the best.
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
July 24, 2012, 06:14:18 AM
 #714

I want to tell you, but I can't. It's the only thing NDA'd.

All I can say is, the money isn't enough to compensate for my unhappiness and worries during this period.

Can you confirm that Wendon owns the Bitcoinica domain and IP (you said a while ago that those were what you sold and Patrick's IRC comments which were quoted here strongly suggest that Wendon was the buyer)?

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
July 24, 2012, 06:20:34 AM
 #715

Guys, I'm not happy, constantly worried and possibly scared. I didn't have a nice sleep since long time ago.

I'm really afraid of the possible criminal charges if things don't work out well. It'll be devastating to my life, considering the permanent record and inconvenience in every single official activity, even if I'm proven innocent. I know some victims are desparate, and they are going to take actions against whatever entity that's ever related to Bitcoinica.

When the General Partners asked for apology, I gave. When they asked for respect, I also gave. I also contributed a significant portion of my personal investment to compensate the victims. I'm trying to cut down the ties but I can't, even though I owned nothing of the company since January and announced the change of management explicitly in April.

And today, there are still people claiming that I hacked the accounts. Both Mt. Gox and AurumXchange froze some of my personal funds without giving specific reasons (they did tell me some generic reasons), persumably related to Bitcoinica. I'm really nervous! (If it's unrelated, please email/PM me so that I'll feel much better.)

I can be sure that I'm not financially related to Bitcoinica, and I should never be liable for any debt of the company. I am willing to join any lawsuit against Bitcoin/Bitcoinica Consultancy Ltd and/or Bitcoinica LP as a claimant, and I also possess important but secretive documents that can only be revealed in court.

I want to do whatever I can to help you, and help myself.

How much did you make on the sale of Bitcoinica?

I want to tell you, but I can't. It's the only thing NDA'd.

All I can say is, the money isn't enough to compensate for my unhappiness and worries during this period.

Well if that lawsuit comes up then it will probably become public anyway.  You should probably get an attorney if yo have not already, and the attorney will tell you to stop talking on this forum and making public statements.  I know you want to protect your reputation but forget about that.

You should really talk to an attorney that knows a thing about business organization laws.  If you made any mistake during the initial creation of bitcoinica in Delaware and how it was sold then you may still be liable even if you had no access to the financials.

Introducing constraints to the economy only serves to limit what can be economical.
dancingnancy
Sr. Member
****
Offline Offline

Activity: 407


View Profile
July 24, 2012, 06:23:24 AM
 #716

I am not sure of the majority consensus, but I believe ZT.  If you ever find yourself needing money, if I were you, and I am def. not, would just make a new bitcoinica with your new knowledge of past mistakes.  Let's just say you are the scammer/hacker.  If your next exchange got taken like this again and additionally no one gets paid back, well you can believe people will come for you that time.

I would most likely sign up today if I knew you put enough work into making it better than before security wise.
repentance
Hero Member
*****
Offline Offline

Activity: 840


View Profile
July 24, 2012, 06:31:21 AM
 #717


You should really talk to an attorney that knows a thing about business organization laws.  If you made any mistake during the initial creation of bitcoinica in Delaware and how it was sold then you may still be liable even if you had no access to the financials.

Zhou did not sell the Delaware entity (xWaylab Inc).

Quote
If you ever find yourself needing money, if I were you, and I am def. not, would just make a new bitcoinica with your new knowledge of past mistakes.

Wouldn't mind betting that there was a covenant in restraint of trade in the sale contract which restrains Zhou from establishing a similar business for a specified period (he sold the IP, so he can't just use that without permission).

And yeah, if you look at the early business histories of some well known entrepreneurs, you'll find some shocking failures among them as well as downright illegal activity.  Nobody even remembers them now - in the wake of subsequent success, they've become campfire stories to be chuckled over.

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
July 24, 2012, 06:37:40 AM
 #718


You should really talk to an attorney that knows a thing about business organization laws.  If you made any mistake during the initial creation of bitcoinica in Delaware and how it was sold then you may still be liable even if you had no access to the financials.

Zhou did not sell the Delaware entity (xWaylab Inc).

Well whatever it was that was sold.  I remember sometime in Nov or Dec a post by zhoutong stating that he was not interested in partnering or selling the site, yet in the resignation letter the sale already had or was happening.

Introducing constraints to the economy only serves to limit what can be economical.
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
July 24, 2012, 07:08:32 AM
 #719


You should really talk to an attorney that knows a thing about business organization laws.  If you made any mistake during the initial creation of bitcoinica in Delaware and how it was sold then you may still be liable even if you had no access to the financials.

Zhou did not sell the Delaware entity (xWaylab Inc).

Well whatever it was that was sold.  I remember sometime in Nov or Dec a post by zhoutong stating that he was not interested in partnering or selling the site, yet in the resignation letter the sale already had or was happening.

I personally trust the buyer and I would bear every responsibility if there were any problems. If Tihan didn't pay for the Linode hack, I would, because it would be my fault to push the responsibility to an unannounced acquirer.

However, I don't trust Patrick, Amir or Donald and I immediately announced it when the change of ownership happens. It's not my decision to contract them either. There is no secret at all in the last change of ownership.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 24, 2012, 07:15:05 AM
 #720

Wouldn't mind betting that there was a covenant in restraint of trade in the sale contract which restrains Zhou from establishing a similar business for a specified period (he sold the IP, so he can't just use that without permission).
I doubt there's any entity remaining with the ability or will to enforce that restriction. Since they're not doing business, what would their damages be?

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 [36] 37 38 39 40 41 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!