Bitcoinica MtGox account compromised

[ninjarobot]

This has been one of the most stressful situations with maximum suffering I have ever experienced. I am furious and I hope everyone involved putting us through this gets what's due to them. Karma is a bitch, you fucking wankers.

Right. Because this has not been the most stressful time of my life.

I have physical health problems and need to see a doctor, but haven't had the time. On the forums I'm called a scammer and repeatedly insulted. Someone is trying to sue us. My bank gave me crap and held my money. I was borrowing cash from friends and spent 3 days eating bad muesli and cheap milk. I lost a lot of code by accident. I put a lot of work into the bitcoin.org clients page to make everything fairer, and now it will be removed, helping to recentralise bitcoin again. Electrum maybe has a security flaw and Macs have random problems. The conference needs the CFP announced soon, but I have to deal with Bitcoinica first. My health is suffering and im getting headaches. Right now is the first time I'm feeling depression, and I'm a little worried because I've never had it before but my father did. I emailed a health professional and they advised me to seek help. I've started sleeping very long, being very lethargic and apathetic. When the Bitcoinica thing first happened, I was considering suicide until Tihan said he had the funds.

Genjix, out of all Bitcoinica folks I've dealt with you've shown the most integrity. I have no intention of shooting the messenger. My anger is direct at Bitcoinica LP (whoever owns it) and the continued mismanagement of this situation. Please keep updating your customers with facts (however bad they are). All we care about is 1) getting our money back and 2) the truth. So take a breath and try to keep doing the right thing. You are OK.

[1713992394]

1713992394

[1713992394]

1713992394

[Bitcoin Oz]

So sad.

[superfastkyle]

Does anyone actually believe this? They stole 40,000 usd from gox? Then it can be tracked plain and simple. But I'm sure no police report will be filed, because nothing was really stolen. Thats ignoring the fact that mtgox says they approve manually large withdrawals. Where is the 40,000btc? if its still in gox, gox can take it back if not where is it in the blockchain. The bitcoinica scammers really are getting careless now with their claims

[flower1024]

Does anyone actually believe this? They stole 40,000 usd from gox? Then it can be tracked plain and simple. But I'm sure no police report will be filed, because nothing was really stolen. Thats ignoring the fact that mtgox says they approve manually large withdrawals. Where is the 40,000btc? if its still in gox, gox can take it back if not where is it in the blockchain. The bitcoinica scammers really are getting careless now with their claims

maybe multiple small gox codes which where used to buy btc from different accounts and afterwards withdrawn immediatly?
but i am also not sure if i should believe it.

[superfastkyle]

I also love the implications of health issues. As someone who has been screwed several times by eBayers, every time its always oh I've been in the hospital, or I've been visiting my parents funeral. Its really the oldest story in the book to buy time

[bitclown]

Genjix, out of all Bitcoinica folks I've dealt with you've shown the most integrity. I have no intention of shooting the messenger. My anger is direct at Bitcoinica LP (whoever owns it) and the continued mismanagement of this situation. Please keep updating your customers with facts (however bad they are). All we care about is 1) getting our money back and 2) the truth. So take a breath and try to keep doing the right thing. You are OK.

+1. While the other rats have apparently fled, genjix have kept us informed, knowing he'd get the beating too.

Now I just want to know how someone can possible get away with withdrawing such amounts of fiat and bits from Mt. Gox. We've all seen the threads about locked accounts and draconian coin tracking over there, but this heist didn't set off any alarms?

I also love the implications of health issues. As someone who has been screwed several times by eBayers, every time its always oh I've been in the hospital, or I've been visiting my parents funeral. Its really the oldest story in the book to buy time

Genjix has a solid track record measured in both code and action in this community.

[ribuck]

I also love the implications of health issues. As someone who has been screwed several times by eBayers, every time its always oh I've been in the hospital, or I've been visiting my parents funeral. Its really the oldest story in the book to buy time

If you knew genjix, you wouldn't say that. He may have handled the whole Bitcoinica thing sub-optimally, but he didn't lie to people.

[hatshepsut]

If you knew genjix,

I wish I did right now.

[HorseRider]

No, this is not the users' fault. Why should the bitcoinica users eat all the loss?

[Transisto]

Updated my post, #2

[markm]

How many attempts does LastPass give people to enter their password before locking the account?

It seems almost impossibly unlikely that a hacker happened on the correct password to LastPass in the three attempts or so they probably allow.

Is LastPass being criminally negligent maybe, allowing hackers to automatically try every password and every gobbledegook string they found anywhere in Bitcoinica's records and source code?

What the hell would make some string from some code someplace be one of the first three guesses a hacker would try?

It seems far far more probable that the guy who set the LastPass password is the thief or a co-conspirator of the thief or (damn I hate providing ready made excuses for the guy) a keylogger or somesuch was used to discover the password.

There is just pretty much no reason at all to try such a stupid guess as to the LastPass password. You'd have to already know it is the right one to even consider trying it.

I really hate this crap, I do not ever want anyone putting more than 1/3 of their savings into my server. The fact that some idiot probably will anyway if there seems to be profit to be made by doing so makes me want to run three separate servers and divide everyone's balances among them or just bury all the assets backing the tokens in a timecapsule and let in and out exchange be done by third party marketmakers.

Oh and Genjix, if you didn't do it don't let it get to you. The weird stories one hears about how bitcoins managed to vanish make me paranoid that someone is going to spill their coffee and it will track all over the floor and "accidentally" spell out my private keys or something, it seems about as likely as the stuff that happens all the time around bitcoins thus not unlikely at all presumably. So don't assume anyone else didn't do it just because you didn't, either.

-MarkM-

[Gabi]

Hacked, no backup and then hacked again?



This is a scam, i no more believe the hacking bullshit 

[kiba]

WTF man? Why aren't the bitcoin stored in a cold wallet?

[Grouver (BtcBalance)]

@DarkEmi @hatshepsut  and all others.
Sorry to put you up front with the hard truth, buth...
Rule #1: Don't invest money you cannot afford to lose.
I am pretty sure iam not the first one that tells you this right?

[hatshepsut]

No, this is not the users' fault. Why should the bitcoinica users eat all the loss?

+1

It makes no sense to make us eat the loss. That is their own fault. They need to all stop taking a paycheck like Zhou did and/or start eating muesli with even cheaper milk and cough up the money out of pocket.

Some of us have undeniable proof and we want our money back.

[OneEyed]

WTF man? Why aren't the bitcoin stored in a cold wallet?

Bitcoinica didn't have any of my bitcoins so I'm just an observer, but why don't we see a message saying that the remaining ones are now at last stored in a cold wallet? Isn't it the case now? I have the feeling that people "in charge" only talk about the past, never about the present or the future.

[Gabi]

WTF man? Why aren't the bitcoin stored in a cold wallet?

This is a scam 

[defxor]

Edit: The API key was changed, but someone had a LastPass account with the same password as that, and was actively updating it with new passwords.

It's unlikely that anyone who uses LastPass would actively use an external string as master password without understanding the security implications.

It's likely it was done on purpose.

[flatfly]

How many attempts does LastPass give people to enter their password before locking the account?

It seems almost impossibly unlikely that a hacker happened on the correct password to LastPass in the three attempts or so they probably allow.

Is LastPass being criminally negligent maybe, allowing hackers to automatically try every password and every gobbledegook string they found anywhere in Bitcoinica's records and source code?

What the hell would make some string from some code someplace be one of the first three guesses a hacker would try?

It seems far far more probable that the guy who set the LastPass password is the thief or a co-conspirator of the thief or (damn I hate providing ready made excuses for the guy) a keylogger or somesuch was used to discover the password.

There is just pretty much no reason at all to try such a stupid guess as to the LastPass password. You'd have to already know it is the right one to even consider trying it.

I really hate this crap, I do not ever want anyone putting more than 1/3 of their savings into my server. The fact that some idiot probably will anyway if there seems to be profit to be made by doing so makes me want to run three separate servers and divide everyone's balances among them or just bury all the assets backing the tokens in a timecapsule and let in and out exchange be done by third party marketmakers.

Oh and Genjix, if you didn't do it don't let it get to you. The weird stories one hears about how bitcoins managed to vanish make me paranoid that someone is going to spill their coffee and it will track all over the floor and "accidentally" spell out my private keys or something, it seems about as likely as the stuff that happens all the time around bitcoins thus not unlikely at all presumably. So don't assume anyone else didn't do it just because you didn't, either.

-MarkM-

LastPass uses offline (aka client-side) authentication, so basically you get unlimited attempts at guessing a password. This is not a bad thing per se, provided the password is strong enough and *randomly generated*.

[kronosvl]

I think this is a dream. While I didn't have money on bitoinica this amount of fail is just impossible.

At least MtGox imposes some limits, otherwise all the money would have vanished.