Bitcoinica MtGox account compromised

[tbcoin]

Reviewing the dendrogram of the theft(https://blockchain.info/tree/11978606), these hackers seem more careless, If I'm right they move bitcoins between addresses that have been used, with multiple transactions that reveal more addresses of the same wallet, addresses that receive payments from pools etc ...

Given that more than an planned attack was opportunism in the wake of the publication of source code, it may have been precipitated.


If someone bothers to report them may even catch.

[1713287147]

1713287147

[1713287147]

1713287147

[1713287147]

1713287147

[1713287147]

1713287147

[bitcoinBull]

Reviewing the dendrogram of the theft(https://blockchain.info/tree/11978606), these hackers seem more careless, If I'm right they move bitcoins between addresses that have been used, with multiple transactions that reveal more addresses of the same wallet, addresses that receive payments from pools etc ...

Given that more than an planned attack was opportunism in the wake of the publication of source code, it may have been precipitated.


If someone bothers to report them may even catch.

They are giving away some funds already, 100btc went to zhoutong's new donation wallet (zhou is promising to match donated funds). But yes, this individual is much less sophisticated than the linode hacker and therefore more likely to be identified (and we know he's reading this forum).

[tbcoin]

Reviewing the dendrogram of the theft(https://blockchain.info/tree/11978606), these hackers seem more careless, If I'm right they move bitcoins between addresses that have been used, with multiple transactions that reveal more addresses of the same wallet, addresses that receive payments from pools etc ...

Given that more than an planned attack was opportunism in the wake of the publication of source code, it may have been precipitated.


If someone bothers to report them may even catch.

They are giving away some funds already, 100btc went to zhoutong's new donation wallet (zhou is promising to match donated funds). But yes, this individual is much less sophisticated than the linode hacker and therefore more likely to be identified (and we know he's reading this forum).

zhou and the other yes, but there are also transactions> 1000BTC, I doubt they are donations.

Let's wait and see what happens, given that there are dollars involved will surely be easier to take legal action.

[wareen]

Mybitcoin was an obvious anonymous hack. Bitcoinica has created an impression of them being the most  reputable institution in the Bitcoin world, registered with NZ's financial regulation authorites, having CTO "with specialisation in information security", "never compromised", venture capital funded etc...  these are VERY different things.

I agree these are different things, but:

Blame the victim is never a good argument.

(emphasis mine)

You even said that this also applies to the pirateat40 case which should at least raise as many red flags as MyBitcoin.

Look, I just don't see much value in adding insult to injury - no matter how the injury came about!
You blamed the victims of MyBitcoin back then, now you're saying that blaming victims is never a good thing. Feel free to point out the whole dozen of my logical fallacies if you will - this is going too far off-topic already so I'm gonna leave it at that.

[tbcoin]

Intersango, security experts

oh haha, I needed that laugh, thanks 

Okay I laughed but said zhou and were really in a cold wallet, then surely he moved for refunds.

I am not defending, after so many security problems, it seems absurd and unnecessary to have these amounts in mtgox, among many other absurdities

[wareen]

Let me get this straight. The poor guy is not eating well, isn't sleeping well, there's a major debacle going on, and he's the key player making sure that people get their money back with the use of an outdated computer. But he's able to attend a hacking convention in Berlin which, if I still remember my geography, is not in the UK.

Genjix moved to Berlin some months ago - that's not a vacation. Also the Bitcoin-hackathon there was long since planned and announced by him.

[Bitcoin Oz]

Goxxed and Zhoutonged all at one time.

[tbcoin]

So ... if they have stolen a third of the money destined for claims ...

First, this does not include private capital of bitcoinica and since have robbed them of their errors, are private funds that must suffer the 40k btc / usd, not our deposits. I don't understand why pay 50% and less than a reduction to 30%

Second, is the third of the money claimed?, or a third of the 50% they were paying? Because it is very different

[finway]

I seriously doubt this. This must be an inside job!

[repentance]

So ... if they have stolen a third of the money destined for claims ...

First, this does not include private capital of bitcoinica and since have robbed them of their errors, are private funds that must suffer the 40k btc / usd, not our deposits. I don't understand why pay 50% and less than a reduction to 30%

Second, is the third of the money claimed?, or a third of the 50% they were paying? Because it is very different

You're assuming that Bitcoinica has any capital reserves, which is not the case if what Zhou has been saying all along is true - which is that Tihan injected his own money to cover the losses from the Linode hack and further injected some funds to cover some of the losses from the May intrusion.  Those injections of funds were purely to cover losses.  Zhou was quite clear that without that money Bitcoinica did not have enough assets to settle the total amount owed after the May intrusion.

It sounds like a forced reduction of 30%, which means that people would receive a total of 70% of what they are owed (so anyone who has already received 50% would get another 20% when everything has been processed).  Personally, at this stage of the game I wouldn't believe any numbers which aren't determined and verified by an independent auditor.

Found this gem by Tihan elsewhere.

http://news.ycombinator.com/item?id=4239859

Bitcoinica is far the most toxic investment of my career. I still applaude founder Zhou Tong's bravery for creating it and wish dearly that the change in management had never taken place.

[JoelKatz]

Further, as you implied, if the seller received compensation significantly higher than the true NPV/MTM of the equity, the difference may likely be subject to legal claims even if Zhoutong acted in good faith if the current owners convinced Zhoutong to sell his company so the current owners can strip/steal all the deposits (as the non-disclosure of the ownership transfer was proximate cause for the loss).

This is possible. Even if Zhoutong received a fair price, he could still theoretically be held liable for negligently transferring control over the assets of his depositors.

From the facts known to me, this seems like an extremely unlikely way for events to turn. It seems, at least to me, that Zhoutong negotiated in good faith, believed the people he were dealing with were more competent than him to run the business, and had no reason to suspect any of the future problems. I don't know whether his compensation was fair or not, but I understand he was motivated to sell, so it's unlikely he was paid more than the business was worth.

[556j]

PS: Please forgive for posting so often in this thread with what looks like on the surface to be nonsense but, because of the nature of this beast, it's warranted.

It's really not, though. It's like your life revolves around finding some drama in the bitcoin community. Give it a rest go outside and play some golf or whatever old people do these days. Spare us your verbal diarrhea. Your conspiracies and "gotcha" posts are uninformed and universally wrong. I'll leave you with two of my favorite quotes.

"A wise man speaks because he has something to say; a fool because he has to say something."

&

"Conspiracy is easier to understand than complexity"

[jcp]

This is possible. Even if Zhoutong received a fair price, he could still theoretically be held liable for negligently transferring control over the assets of his depositors.

From the facts known to me, this seems like an extremely unlikely way for events to turn. It seems, at least to me, that Zhoutong negotiated in good faith, believed the people he were dealing with were more competent than him to run the business, and had no reason to suspect any of the future problems. I don't know whether his compensation was fair or not, but I understand he was motivated to sell, so it's unlikely he was paid more than the business was worth.

It doesn't matter. I'm not talking about theoreticals, the facts you and I know regarding the ownership transfer is slim-to-none and that's one of the fundamental problems. To postulate that he was not paid more than what the company was worth is indicative of illusory self-confidence in knowledge, unless you are privy to non-public facts that have not been disclosed here (if so, I'm sure people that have lost money would love to know).

If I did not make it clear enough, the lack of public knowledge of ownership transfer creates serious potential for negligence claims against Zhoutong (as he has a fiduciary duty to deposit holders). Transfer of a money service to another entity which has different credit risk/security expertise without disclosure, then having the new entity defaulting on debts is an open and shut case of proximate cause, I disagree with the opinion that it's an unlikely avenue of pursuit in the event of actual default.

To reiterate, assuming that Zhoutong has zero involvement with the theft/loss-of-funds, it is in his personal best interests to ensure/advocate that everyone gets paid back in full.

[muyuu]

Reviewing the dendrogram of the theft(https://blockchain.info/tree/11978606), these hackers seem more careless, If I'm right they move bitcoins between addresses that have been used, with multiple transactions that reveal more addresses of the same wallet, addresses that receive payments from pools etc ...

Given that more than an planned attack was opportunism in the wake of the publication of source code, it may have been precipitated.


If someone bothers to report them may even catch.

It looks to me like they are tainting random innocent people.

It remains to be seen if they have done things "properly" or not.

[Technomage]

I feel really sad for the people involved, on both sides. Most likely both Bitcoinica and Bitcoin Consultancy will end up being sued big time and I actually support that. What happened was criminal negligence. There is a possibility of an inside job as well and Tihan should be the one to be investigated but so should the Intersango boys. It's an excuse at this point to say that "we didn't know". That counts for little, I hope.

We'll see what happens, I do think that this will become the first major legal case related to Bitcoin, especially now that USD was also stolen. It's going to be interesting. I support the victims (the depositors) and I hope that both Tihan (mostly him) and Bitcoin Consultancy (they are responsible as well at this point) get what they deserve.

As a final note I'll say that I didn't have a single BTC or USD at Bitcoinica. If I had, it would've been small amounts. The depositors need to blame themselves as well for trusting large amounts to a potential bucket shop but the level of absurdness with these "hacks" (a better word is criminal negligence or an inside job) is such that I'm actually supporting the victims now. Bitcoinica and everyone related to it need to be sued in every relevant jurisdiction.

[JoelKatz]

Bitcoinica and everyone related to it need to be sued in every relevant jurisdiction.

Unfortunately, I reluctantly find that I have to agree. Anyone considering building a similar service needs to understand that they need to make securing deposits a top priority. It can't be a "we'll get around to it when we get a chance" kind of thing. It costs money to do this right, and the people who do it right will lose business to the people who do it wrong unless there are penalties for doing it wrong.

What we really need is independent auditing of exchanges, ewallets, and similar services. We need independent third parties who can affirm, on a regular basis, that these businesses have assets that exceed their obligations.

[dizzy1]

The question remains why there hasnt been a police report initiated by the owners of bitcoinica. Shouldnt it be them and not yourself that initiates such a thing ? When else do you arbitrarily "inform the police " without the actual people involved doing it ?

We are still discussing this with our legal counsel actually, however filing the theft details pre-emptively from our side may make things easier and faster, and may protect us and our other customers too.

Japan local time when post was:

7:45 AM
Saturday, July 21, 2012
( observing Standard Time )

(Sorry for the 12pt font size)

~Bruno~

Last time I checked, Japan is not a week in the future.

[aq]

I feel really sad for the people involved, on both sides. Most likely both Bitcoinica and Bitcoin Consultancy will end up being sued big time and I actually support that. What happened was criminal negligence. There is a possibility of an inside job as well and Tihan should be the one to be investigated but so should the Intersango boys. It's an excuse at this point to say that "we didn't know". That counts for little, I hope.

We'll see what happens, I do think that this will become the first major legal case related to Bitcoin, especially now that USD was also stolen. It's going to be interesting. I support the victims (the depositors) and I hope that both Tihan (mostly him) and Bitcoin Consultancy (they are responsible as well at this point) get what they deserve.

As a final note I'll say that I didn't have a single BTC or USD at Bitcoinica. If I had, it would've been small amounts. The depositors need to blame themselves as well for trusting large amounts to a potential bucket shop but the level of absurdness with these "hacks" (a better word is criminal negligence or an inside job) is such that I'm actually supporting the victims now. Bitcoinica and everyone related to it need to be sued in every relevant jurisdiction.

Yeah, I can confirm that there will be a lawsuit and the targets will not be limited to tihan and intersango. it seems they are going to try to lock down gox as well. i dont think they will get that lucky but it seems the net being cast out is massive...

So maybe you succeed in harming/destroying 2/3 of the Bitcoin secondary infrastructure and then we will have these $2 a Bitcoin rate again.
Only question remaining is where can we short it?

[BitcoinBug]

My first post here. I agree that this looks like inside job at worst or incredible negligence (for security counscious group) at best. I hope this all will be handled without too much collateral damage to bitcoin community, specially Roger Ver.

I only have one question for Consultancy: "How do you know the hacker got the MtGox password from LastPass and what its master passsword was?"

As for the lawsuit... I don't think there will be a massive lawsuit, as some believe, if at all. We'll see.

P.S.: When Bitcoinica registered, things looked really well from the outside. I was seriously thinking about depositing some EUR there. I'm glad I didn't.

[Bitcoin Oz]

If gox goes down you can always use intersango...