Bitcoin Forum
March 28, 2024, 11:09:16 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [20] 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
Author Topic: Bitcoinica MtGox account compromised  (Read 155928 times)
bitcoinBull
Legendary
*
Offline Offline

Activity: 826
Merit: 1001


rippleFanatic


View Profile
July 14, 2012, 01:48:53 AM
 #381

@BitcoinBull  I assume by 'box' you mean his personal computer?

More likely his VPS (virtual private server), which he explained was the cause of the last breach. He said he gives many "noobs" from #C++, etc access to that VPS.


genjix's box was hacked? Who told you that? Shocked

So, the simplest explanation is the one you gave and not that genjix himself leaked the source code? Roll Eyes

Given his history, I think incompetence is more likely than malice, definitely in genjix's case.

That patrick would walk away right now looks suspicious, if he were a smart thief he would come back and finish the claims so everyone gets their 66% (like myBitcoin). So in a counter-intuitive way, I think that he "walked away" in anger/frustration is actually a sign that it wasn't an inside job. Its very plausible and at least equally likely that there was another thief IMO (see below)...



I think the probability is about the same as finding a sha-256 collision in bitcoin   Smiley

So its probably silly to imagine it happened. Compare the chance of an inside job (someone told the thief where to look or told them the actual password) or a keylogger (etc) type attack was used to discover it, in such cases the fact one can find it in the source code is merely a red herring, whether deliberately dyed red or merely accidentally happening to be red.

-MarkM-


I didnt see a "lastpass master pasword " label on that string.

This.

Was ANYONE here even aware that the bitcoinica source code had been leaked, prior to genjix's OP on this thread?

Plugging the file URL into Google gives only a handful of results, with this thread being the earliest incidence of it, as far as I can tell.

That, plus the fact that the tar file appears to have been packed by username genjix.

Additionally, there's the fact that the lastpass password was supposedly the MtGOX KEY (username) and not the SECRET. A bizarre thing to do, which smells more like it's a fuck-up in an attempt to make up a plausible hack story.

The whole story is just too cute for me.


The source code was leaked on reddit almost a week ago (0 points from 9 downvotes, that's why I personally missed it).

It is plausible that someone would try the mtgox api key as the LastPass password. A very lucky someone could've confirmed months ago that info@bitcoinica.com was a LastPass account, because LastPass tells you if you try log-in with an invalid username/e-mail ("Unknown e-mail address") or if its a valid LastPass account ("Invalid password").

So when the source code was leaked, they saw the API key and decided to try it.


College of Bucking Bulls Knowledge
1711624156
Hero Member
*
Offline Offline

Posts: 1711624156

View Profile Personal Message (Offline)

Ignore
1711624156
Reply with quote  #2

1711624156
Report to moderator
Even if you use Bitcoin through Tor, the way transactions are handled by the network makes anonymity difficult to achieve. Do not expect your transactions to be anonymous unless you really know what you're doing.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711624156
Hero Member
*
Offline Offline

Posts: 1711624156

View Profile Personal Message (Offline)

Ignore
1711624156
Reply with quote  #2

1711624156
Report to moderator
1711624156
Hero Member
*
Offline Offline

Posts: 1711624156

View Profile Personal Message (Offline)

Ignore
1711624156
Reply with quote  #2

1711624156
Report to moderator
1711624156
Hero Member
*
Offline Offline

Posts: 1711624156

View Profile Personal Message (Offline)

Ignore
1711624156
Reply with quote  #2

1711624156
Report to moderator
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
July 14, 2012, 01:54:43 AM
 #382

genjix's box was hacked? Who told you that? Shocked

So, the simplest explanation is the one you gave and not that genjix himself leaked the source code? Roll Eyes

Given his history, I think incompetence is more likely than malice, definitely in genjix's case.

That patrick would walk away right now looks suspicious, if he were a smart thief he would come back and finish the claims so everyone gets their 66% (like myBitcoin). So in a counter-intuitive way, I think that he "walked away" in anger/frustration is actually a sign that it wasn't an inside job. Its very plausible and at least equally likely that there was another thief IMO (see below)...


I agree with you on this one. If it was an inside job, and I'm not saying it is(I mean the thefts, not the source code leak), it was from someone else and not Patrick or Amir. They would have to be completely nuts to screw up on something that would tarnish their reputation in this manner.
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
July 14, 2012, 01:56:00 AM
 #383

This whole mess should have been in the hands of a third party administrator long ago and at the very least a police report filed.

Setting up a company is the essence of government interference and to turn around and to claim you dont believe in government interference after you do that doesnt make sense, which is the reason they claim they never filed a police report.

Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
July 14, 2012, 02:08:19 AM
 #384

Adding to my previous post agreeing with bitcoinBull. If it was an inside job it wasn't Patrick or Amir.

First we had this.
https://bitcointalk.org/index.php?topic=81045.msg894435#msg894435
Quote
Please don't blame genjix. It's definitely not his fault.

He's not in our mailing list so it couldn't be him.

Well, shit just happens and it's not anyone's fault or incompetence here. I'm the only guy awake when the incident happens.

and now we have this
Posting an update soon.

good news?

If it's related to my previous email to the Bitcoinica team, no, it's a bad news.

This was a pointless and malicious comment.

Are you trying to further harm their reputation or your own? Because they're not entirely separate.

No, I was merely stating a fact. I discovered something unusual and I emailed them. They promised an update. And that's it.

I don't have the right to update you publicly because I have some advantage in obtaining insider information.

I'm not part of the "bad news" and I'm not involved in Bitcoinica. If I didn't tell them they will discover the problem anyway.

Someone care to explain to a dumb guy(me) how is it that a guy who isn't "involved in Bitcoinica" discovers a theft of almost $400k before the ones who are involved in Bitcoinica?
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
July 14, 2012, 02:12:20 AM
 #385

Adding to my previous post agreeing with bitcoinBull. If it was an inside job it wasn't Patrick or Amir.

First we had this.
https://bitcointalk.org/index.php?topic=81045.msg894435#msg894435
Quote
Please don't blame genjix. It's definitely not his fault.

He's not in our mailing list so it couldn't be him.

Well, shit just happens and it's not anyone's fault or incompetence here. I'm the only guy awake when the incident happens.

and now we have this
Posting an update soon.

good news?

If it's related to my previous email to the Bitcoinica team, no, it's a bad news.

This was a pointless and malicious comment.

Are you trying to further harm their reputation or your own? Because they're not entirely separate.

No, I was merely stating a fact. I discovered something unusual and I emailed them. They promised an update. And that's it.

I don't have the right to update you publicly because I have some advantage in obtaining insider information.

I'm not part of the "bad news" and I'm not involved in Bitcoinica. If I didn't tell them they will discover the problem anyway.

Someone care to explain to a dumb guy(me) how is it that a guy who isn't "involved in Bitcoinica" discovers a theft of almost $400k before the ones who are involved in Bitcoinica?

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490
Merit: 502


View Profile WWW
July 14, 2012, 02:14:32 AM
 #386

Adding to my previous post agreeing with bitcoinBull. If it was an inside job it wasn't Patrick or Amir.

First we had this.
https://bitcointalk.org/index.php?topic=81045.msg894435#msg894435
Quote
Please don't blame genjix. It's definitely not his fault.

He's not in our mailing list so it couldn't be him.

Well, shit just happens and it's not anyone's fault or incompetence here. I'm the only guy awake when the incident happens.

and now we have this
Posting an update soon.

good news?

If it's related to my previous email to the Bitcoinica team, no, it's a bad news.

This was a pointless and malicious comment.

Are you trying to further harm their reputation or your own? Because they're not entirely separate.

No, I was merely stating a fact. I discovered something unusual and I emailed them. They promised an update. And that's it.

I don't have the right to update you publicly because I have some advantage in obtaining insider information.

I'm not part of the "bad news" and I'm not involved in Bitcoinica. If I didn't tell them they will discover the problem anyway.

Someone care to explain to a dumb guy(me) how is it that a guy who isn't "involved in Bitcoinica" discovers a theft of almost $400k before the ones who are involved in Bitcoinica?

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).


Quote
From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
July 14, 2012, 02:17:32 AM
 #387

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).


Quote
From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc
You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.


If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
July 14, 2012, 02:20:19 AM
 #388

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).


Quote
From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc
You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.



Someone needs to explain this...

rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
July 14, 2012, 02:20:54 AM
 #389

Lrn 2 timezone

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1225


Away on an extended break


View Profile
July 14, 2012, 02:25:24 AM
 #390

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).


Quote
From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc
You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.



Someone needs to explain this...
Time zones.
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490
Merit: 502


View Profile WWW
July 14, 2012, 02:26:34 AM
 #391

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).


Quote
From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc
You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.



All times are in UTC+8 (as I'm traveling in Singapore at the moment).

I notified Bitcoinica team at Friday, 13 July 2012 9:14:51 AM.

I posted later, when genjix promised a response.

If you convert all the time to UTC there shouldn't be any problems.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
July 14, 2012, 02:26:42 AM
 #392

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).


Quote
From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc
You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.



Someone needs to explain this...
Time zones.

All times are in UTC+8 (as I'm traveling in Singapore at the moment).

I notified Bitcoinica team at Friday, 13 July 2012 9:14:51 AM.

I posted later, when genjix promised a response.

If you convert all the time to UTC there shouldn't be any problems.

*double thumbs up* for different timezones.  I'd still like to know where the breech was that led to someone acquiring the source code to begin with.....

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
Clipse
Hero Member
*****
Offline Offline

Activity: 504
Merit: 502


View Profile
July 14, 2012, 02:29:05 AM
 #393

you're assuming we know what ZT's bad news was. It is possible he contacted them about the source code leak. Or god only knows what.

No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).


Quote
From: Bitcoinica Sucks <bitcoinicasucks@hotmail.com>
To: verify@bitcoinica.com
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc
You posted on the 12th you had bad news about an email you received on the 13th? I'm not following something right here, sorry.



Someone needs to explain this...
Time zones.

All times are in UTC+8 (as I'm traveling in Singapore at the moment).

I notified Bitcoinica team at Friday, 13 July 2012 9:14:51 AM.

I posted later, when genjix promised a response.

If you convert all the time to UTC there shouldn't be any problems.

*double thumbs up* for different timezones.  I'd still like to know where the breech was that led to someone acquiring the source code to begin with.....

Probably the office cleaning lady email account got hacked, was likely also on the bitcoinica email list.

Im assuming they have an office.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
MrTeal
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
July 14, 2012, 02:30:30 AM
 #394

tbcoin
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile WWW
July 14, 2012, 02:32:28 AM
 #395

this is unbelievable ...

What sense does it reuse a password like that (which is in PLAIN TEXT in the source code) and in SO EXTREMELY SENSITIVE service like lastpas ¿? ¿? ¿? ¿? ¿? is absurd. And above it looks like it was himself genjix who posted the source code (cry facepalm)

Sorry for my bad english Wink
Bitcoin card for deposit and payment + Little POS
Donations:1N65efiNUhH6sEQg7Z6oUC76kJS9Yhevyf
markm
Legendary
*
Offline Offline

Activity: 2940
Merit: 1090



View Profile WWW
July 14, 2012, 02:37:14 AM
 #396

Ok here's another millinery product of thinly crafted tin:

Genjix's machine is PWNd and if sniffing/keylogging there wouldn't have sniffed the password so is someone else's.

Likely the machine(s) was/were PWNd, the password sniffed, then while wondering what would be the best moment to drop the shoe the password was noticed to be in the source code so the idea of releasing the code came up. Throw in a friday the 13th coming up and the plan is born.

The PWNing would maybe have happened way back when the messages in the blockchain were placed saying some big more to come thing was still to come (I forget the exact wording).

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
July 14, 2012, 02:38:56 AM
 #397


No. I received this email. I was still in the verify@bitcoinica.com mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).


I totally believe in this, after reading everyone complaining that they sent email to verify@bitcoinica.com and almost never got an answer, which wasn't the case when they emailed genjix at the gmail lol
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
July 14, 2012, 02:44:30 AM
 #398

If the lawsuit goes through they will simply declare bankruptcy. I dont know if you can be the director of other companies while bankrupt.

rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
July 14, 2012, 02:45:06 AM
 #399

http://fakebookstatus.com/ Awesome lol

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
repentance
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
July 14, 2012, 03:06:43 AM
 #400

If the lawsuit goes through they will simply declare bankruptcy. I dont know if you can be the director of other companies while bankrupt.

In which case all of the assets of the company would be in the control of a liquidator/administrator/receiver who can reverse any transactions - including the transfer of assets and any preferential payments - which took place during the look-back period.  Perhaps even more importantly, there would be a full and open accounting of everything which took place in the lead up to the insolvency.

You generally cannot be a director of a company while you're personally bankrupt.  You're not automatically excluded from being a director of a company if a previous company of which you were a director became insolvent (although people can and do get barred from being company directors by regulatory authorities).

All I can say is that this is Bitcoin. I don't believe it until I see six confirmations.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [20] 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!