Bitcoin Forum
November 16, 2024, 05:25:41 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
Author Topic: Bitcoinica MtGox account compromised  (Read 156012 times)
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
July 13, 2012, 01:06:54 PM
 #121

What about refusing to raise those limits at MtGox if two steps authentication isn't used?
this a million times. how about it, Gox?

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
Maria
Sr. Member
****
Offline Offline

Activity: 832
Merit: 250



View Profile
July 13, 2012, 01:07:18 PM
 #122

Hi everyone

We are once again very sorry to hear what's happening to many of you and that once again Bitconica has been the victim of a theft.

As far as Mt.Gox is concerned and as Genjix explained, we did not suffer any breach or any hack, all other account are safe and the thief only targeted Bitconica's account. Mark (MagicalTux) has been in contact with many Bitcoin players since this announcement and offered any help we can give, but unfortunately all funds (USD & BTC) are no longer within our reach.

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Despite our effort on securing Mt.Gox and protecting everyone's asset I would like to remind everyone that it is also your responsibility to secure your account with a very strong password and use either a Yubikey or Google Auth (You can even use both at the same time).

Of course and within our capacity we at Mt.Gox are ready to give a hand in anyway we can to help Bitconica's team.

Mt.Gox

So you Verified and lifted the limits to the Max for a 17 year old boy, Bruno there goes your unanswered question about Mtgox approving minors.

Zhoutong, In my eyes you are the one to blame because this is your fault for not letting me know you was going to sell bitcoinica to intersango. You lied and sold private property trusted in your hands. Unfortunately somebody has to take responsibility for my 16,000 missing bitcoins.

Mtgox, you verify a 17 year old, is that legal to do? Please answer.

Maria.

ninjarobot
Hero Member
*****
Offline Offline

Activity: 761
Merit: 500


Mine Silent, Mine Deep


View Profile
July 13, 2012, 01:09:59 PM
 #123

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Thanks for the update. Can you please clarify when the theft occurred?
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
July 13, 2012, 01:10:33 PM
 #124

/bitcoinica_legacy/.git/logs/HEAD
Code:
0000000000000000000000000000000000000000 939e877106a5bd479f350adc6d9e4170c62df8f3 genjix <genjix@nite.(none)> 1338505438 +0200	clone: from git@github.com:bitcoinica/bitcoinica_legacy.git

hmmm... so, it was genjix who leaked the Bitcoinica source code?
That unix timestamp is Thu, 31 May 2012 23:03:58 GMT

That source code came from github, not from the deleted servers. On that date the servers were already gone.

Genjix, please explain this.

And it was also genjix who packed that tar file 6 days ago as pointed by bitclown a few posts above mine
Code:
$ tar -jtvf bitcoinica.tar.bz2 | head -n1
drwxr-xr-x genjix/genjix     0 2012-07-07 20:18 bitcoinica_legacy/

He has some splainin' to do, allright Wink
Mt.Gox Support
VIP
Sr. Member
*
Offline Offline

Activity: 308
Merit: 250



View Profile
July 13, 2012, 01:13:25 PM
 #125

Hi everyone

We are once again very sorry to hear what's happening to many of you and that once again Bitconica has been the victim of a theft.

As far as Mt.Gox is concerned and as Genjix explained, we did not suffer any breach or any hack, all other account are safe and the thief only targeted Bitconica's account. Mark (MagicalTux) has been in contact with many Bitcoin players since this announcement and offered any help we can give, but unfortunately all funds (USD & BTC) are no longer within our reach.

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Despite our effort on securing Mt.Gox and protecting everyone's asset I would like to remind everyone that it is also your responsibility to secure your account with a very strong password and use either a Yubikey or Google Auth (You can even use both at the same time).

Of course and within our capacity we at Mt.Gox are ready to give a hand in anyway we can to help Bitconica's team.

Mt.Gox

So you Verified and lifted the limits to the Max for a 17 year old boy, Bruno there goes your unanswered question about Mtgox approving minors.

Zhoutong, In my eyes you are the one to blame because this is your fault for not letting me know you was going to sell bitcoinica to intersango. You lied and sold private property trusted in your hands. Unfortunately somebody has to take responsibility for my 16,000 missing bitcoins.

Mtgox, you verify a 17 year old, is that legal to do? Please answer.

Maria.

Let's clarify the situation, Bitcoinica is not verified as an individual but as a company.

Mt.Gox : The Leading International Bitcoin Exchange.
Mt.Gox Merchant Solutions : https://mtgox.com/merchant
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
July 13, 2012, 01:17:54 PM
 #126

Isn't it amazing that users with AML verification completed struggle to get $5k transfered out of MtGox, sometimes having to wait several weeks for the funds and somehow one "hacker" withdraws almost half a million quickly without anyone noticing?
Double standards much?
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
July 13, 2012, 01:18:24 PM
 #127

/bitcoinica_legacy/.git/logs/HEAD
Code:
0000000000000000000000000000000000000000 939e877106a5bd479f350adc6d9e4170c62df8f3 genjix <genjix@nite.(none)> 1338505438 +0200	clone: from git@github.com:bitcoinica/bitcoinica_legacy.git

hmmm... so, it was genjix who leaked the Bitcoinica source code?
That unix timestamp is Thu, 31 May 2012 23:03:58 GMT

That source code came from github, not from the deleted servers. On that date the servers were already gone.

Wasn't he in Germany at the the time of the hack?
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
July 13, 2012, 01:18:56 PM
 #128

*checks bitcoinica source code for intersango admin password

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
July 13, 2012, 01:20:37 PM
 #129

/bitcoinica_legacy/.git/logs/HEAD
Code:
0000000000000000000000000000000000000000 939e877106a5bd479f350adc6d9e4170c62df8f3 genjix <genjix@nite.(none)> 1338505438 +0200	clone: from git@github.com:bitcoinica/bitcoinica_legacy.git

hmmm... so, it was genjix who leaked the Bitcoinica source code?
That unix timestamp is Thu, 31 May 2012 23:03:58 GMT

That source code came from github, not from the deleted servers. On that date the servers were already gone.

Wasn't he in Germany at the the time of the hack?

I heard they were all sleeping at 2 pm GMT+1, when the hack happened Roll Eyes
Mt.Gox Support
VIP
Sr. Member
*
Offline Offline

Activity: 308
Merit: 250



View Profile
July 13, 2012, 01:21:42 PM
 #130

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Thanks for the update. Can you please clarify when the theft occurred?

Unfortunately I am no longer at the office (10:21pm), and I do not have access to such data outside of the office.

Mt.Gox : The Leading International Bitcoin Exchange.
Mt.Gox Merchant Solutions : https://mtgox.com/merchant
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
July 13, 2012, 01:23:56 PM
 #131

(40k BTC and 40K USD - the mtgox daily limits)

40k USD and 40k BTC were stolen (~350k USD).

Just to make sure that I am not missing anything. They were able to transfer out 40k in USD?? to where?

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
tbcoin
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile WWW
July 13, 2012, 01:24:04 PM
 #132

Hi everyone

We are once again very sorry to hear what's happening to many of you and that once again Bitconica has been the victim of a theft.

As far as Mt.Gox is concerned and as Genjix explained, we did not suffer any breach or any hack, all other account are safe and the thief only targeted Bitconica's account. Mark (MagicalTux) has been in contact with many Bitcoin players since this announcement and offered any help we can give, but unfortunately all funds (USD & BTC) are no longer within our reach.

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Despite our effort on securing Mt.Gox and protecting everyone's asset I would like to remind everyone that it is also your responsibility to secure your account with a very strong password and use either a Yubikey or Google Auth (You can even use both at the same time).

Of course and within our capacity we at Mt.Gox are ready to give a hand in anyway we can to help Bitconica's team.

Mt.Gox

-- EDIT --

We would like to stress that Mt.Gox Verified Bitconica as a Company and NOT as an Individual.


Bitcoins ok, but how 40k dollars disappear? how withdrawn? I do not know how mtgox codes work, but you can not really know where are redeemed? Other options dwolla? OKPAY? Bitinstant? LR? I really can't believe that you can move dollars without knowing where, how and to whom.

Sorry for my bad english Wink
Bitcoin card for deposit and payment + Little POS
Donations:1N65efiNUhH6sEQg7Z6oUC76kJS9Yhevyf
bremer-btc-user
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
July 13, 2012, 01:25:00 PM
 #133

ok, you guys are very funny, while we are waiting weeks and weeks to get back from you what is ours, you are worried about :

- legal issues
- reasonable concepts of making payouts
- avoiding to payout malicious claims
- not knowing about who is in reponse for whatever

and within the same time you let yourself steal again in remarkable parts whats left to payout?
And this after more than two months time to secure the status Quo after the hack that lead to suspending the page and the business?

Do you really think this is believable?

proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1311



View Profile
July 13, 2012, 01:26:26 PM
 #134

We are actively losing money from dealing with the payouts.

Sorry, I know this is horrible, but I don't know what else to do at this point but laugh.  This statement at the end cracked me up.  There are some other people, I think, who will have actively lost money...

At this point it'd probably be better for all of you to just walk away.  Donate what's left to the faucet and deal with the legal consequences.  I'm sure for you guys that'll be significantly easier to deal with than securing the bitcoins you have remaining and attempting to refund anyone their money.

Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
ninjarobot
Hero Member
*****
Offline Offline

Activity: 761
Merit: 500


Mine Silent, Mine Deep


View Profile
July 13, 2012, 01:28:37 PM
 #135

No, this is not the users' fault. Why should the bitcoinica users eat all the loss?

+1

It makes no sense to make us eat the loss. That is their own fault. They need to all stop taking a paycheck like Zhou did and/or start eating muesli with even cheaper milk and cough up the money out of pocket.

Some of us have undeniable proof and we want our money back.

Actually they need to honor their terms of use their clients agreed to and if they didn't make any guarantees about security they're off the hook and it's the client's fault for putting money someplace where such guarantees weren't made.

From the Bitcoinica ToS:

Quote
[12] Limitation of Liability

IN NO EVENT SHALL BITCOINICA, ITS OFFICERS, DIRECTORS OR EMPLOYEES BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR WEB SITE, OUR SERVICES OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE) EXCEPT AS STATED IN THIS AGREEMENT. THE LIABILITY OF BITCOINICA, ITS OFFICERS, DIRECTORS OR EMPLOYEES, TO YOU OR ANY THIRD PARTIES IN ANY PROVEN CIRCUMSTANCE IS LIMITED TO THE AMOUNT OF MONEY YOU TRANSFERRED OR DEPOSITED IN YOUR ACCOUNT AT BITCOINICA IN RELATION TO THE TRANSACTION GIVING RISE TO SUCH LIABILITY. In the case where you make funds available for trading via a voucher, "coupon code", or similar from another financial service, banking institution or exchange, you acknolwedge that you are providing Bitcoinica access to those funds for trading purposes only and that the originating financial institution is the holder of such deposits. Bitcoinica is not liable for any loss if such institutions fail in honoring withdrawal of customer funds.
Vod
Legendary
*
Offline Offline

Activity: 3892
Merit: 3166


Licking my boob since 1970


View Profile WWW
July 13, 2012, 01:31:21 PM
 #136

40k USD and 40k BTC were stolen (~350k USD).

"Stolen"?  Police report or it didn't happen.

I post for interest - not signature spam.
https://elon.report - new BPI Reports!
https://vod.fan - fast/free image sharing - coming Nov
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
July 13, 2012, 01:34:32 PM
 #137

One does not simply transfer 40 grand in Mordor.

flower1024
Legendary
*
Offline Offline

Activity: 1428
Merit: 1000


View Profile
July 13, 2012, 01:34:57 PM
 #138

TOS does not break local law
LP does not help if the businness owners do BS
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
July 13, 2012, 01:35:18 PM
 #139

Quote
[12] Limitation of Liability

IN NO EVENT SHALL BITCOINICA, ITS OFFICERS, DIRECTORS OR EMPLOYEES BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR WEB SITE, OUR SERVICES OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE) EXCEPT AS STATED IN THIS AGREEMENT. THE LIABILITY OF BITCOINICA, ITS OFFICERS, DIRECTORS OR EMPLOYEES, TO YOU OR ANY THIRD PARTIES IN ANY PROVEN CIRCUMSTANCE IS LIMITED TO THE AMOUNT OF MONEY YOU TRANSFERRED OR DEPOSITED IN YOUR ACCOUNT AT BITCOINICA IN RELATION TO THE TRANSACTION GIVING RISE TO SUCH LIABILITY. In the case where you make funds available for trading via a voucher, "coupon code", or similar from another financial service, banking institution or exchange, you acknolwedge that you are providing Bitcoinica access to those funds for trading purposes only and that the originating financial institution is the holder of such deposits. Bitcoinica is not liable for any loss if such institutions fail in honoring withdrawal of customer funds.

Shouldn't you have put this part in bold:
Quote
IN NO EVENT SHALL BITCOINICA, ITS OFFICERS, DIRECTORS OR EMPLOYEES BE LIABLE FOR LOST PROFITS OR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH OUR WEB SITE, OUR SERVICES OR THIS AGREEMENT (HOWEVER ARISING, INCLUDING NEGLIGENCE)

Face it people. You agreed to use a service without even a promise that they'll be liable to you if they are negligent. So if you're looking for the guilty you need only look in the mirror.
You're reading it wrong. That statement you posted is not undoing the first in bold. First is to do with 'deposits' and the second with your 'earnings' or lack thereof.

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
vampire
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
July 13, 2012, 01:37:36 PM
 #140

So let me see:

So so called security experts:

Use a mailing list for admin access
Don't disable remote root on VPS
Don't have have offsite backups in 3 different physical location, encrypted
Don't use unique passwords for their accounts
Don't secure their clients' money with two factor authentication
Don't change passwords after their compromise

Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!