Bitcoin is a hackers dream

[repentance]

Wow, I wasn't aware that you can withdraw 40kBTC and 40kUSD while having an anonymous account at MtGox. The same MtGox that is known for their extensively KYC and AML... Maybe you know something that we dont?

It wasn't an anonymous account which withdrew the money.  It was the Bitcoinica account which had trusted status - at one point the limits for trusted status were $100,000 and BTC 40,000 daily.  They've been revised since then and yet again after the hack.  you need to remember that as far as MtGox's computer was concerned it was Bitoinica making the withdrawals and Bitcoinica had a history of moving large amounts on and off MtGox.  It's possible that there even more funds in the Bitcoinica account but the hacker was unable to access them because of the daily limits.

[1714113414]

1714113414

[1714113414]

1714113414

[1714113414]

1714113414

[repentance]

And about the Bitcoins, it would have been easy for MtGox to tell us the transaction ID, but they choose to astonish some Japanese police officer with such information, IF they even filed that report.

Whoever took the funds is laundering money.  There are massive penalties for disclosing information related to money laundering investigations.

[aq]

Wow, I wasn't aware that you can withdraw 40kBTC and 40kUSD while having an anonymous account at MtGox. The same MtGox that is known for their extensively KYC and AML... Maybe you know something that we dont?

It wasn't an anonymous account which withdrew the money.  It was the Bitcoinica account which had trusted status - at one point the limits for trusted status were $100,000 and BTC 40,000 daily.  They've been revised since then and yet again after the hack.  you need to remember that as far as MtGox's computer was concerned it was Bitoinica making the withdrawals and Bitcoinica had a history of moving large amounts on and off MtGox.  It's possible that there even more funds in the Bitcoinica account but the hacker was unable to access them because of the daily limits.

I think you missed this:

As I said we know how and where the USD moved, so yes.

They know to whom the funds have been transferred.

[repentance]

I think you missed this:

As I said we know how and where the USD moved, so yes.

They know to whom the funds have been transferred.

Where does not equal whom.  We have no idea what method of withdrawal was used for the USD, but it';s unlikely that the hacker tried to get it payed into their bank account.

[aq]

I think you missed this:

As I said we know how and where the USD moved, so yes.

They know to whom the funds have been transferred.

Where does not equal whom.  We have no idea what method of withdrawal was used for the USD, but it';s unlikely that the hacker tried to get it payed into their bank account.

While unlikely, we don't know it. Keep in mind, that all those more or less anonymous withdraws take weeks, so either MtGox helped to speed this up, in which case they very much know with whom they dealt, or yes it was redrawn to some bank account.

[DeathAndTaxes]

I think you missed this:

As I said we know how and where the USD moved, so yes.

They know to whom the funds have been transferred.

Where does not equal whom.  We have no idea what method of withdrawal was used for the USD, but it';s unlikely that the hacker tried to get it payed into their bank account.

While unlikely, we don't know it. Keep in mind, that all those more or less anonymous withdraws take weeks, so either MtGox helped to speed this up, in which case they very much know with whom they dealt, or yes it was redrawn to some bank account.

Or it was transferred to a handful of throw away account w/ fake info and used to buy BTC and removed from the site.
Or it was transferred to Accrum Exchange and used to buy Liberty Reserve.

Lots of methods to get USD off MtGox nearly instantly.  Not all of them are low cost but I doubt any thief was worried about that.

The idea that the thief did a wire transfer to their personal bank account is just stupid.

[aq]

Or it was transferred to Accrum Exchange and used to buy Liberty Reserve.

I think Aurum Exchange is not that anonymously. If this was the case, they could probably identify the hacker, once given some information. But because all information that could lead to the hacker is classified by MtGox we will never know.

The idea that the thief did a wire transfer to their personal bank account is just stupid.

I agree, but even then, have you ever seen single police investigation in Bitcoin land? There have been a number of heists and not a single one. So why now? Why  do you believe, that it will be different this time?

BTW, it is still be possible that one of the involved parties (Consultancy,Zhou,Tihan,...) was withdrawing.
The community could recognize some account number or anything. I doubt that some complete Bitcoin-virgin that did steal this.
I give you an example: someone recognized Zhou exchanging some 40k$ LR to RMB for some bad rate in a hurry a day after the theft. Zhou said it was unrelated, but this shows that a community can recognize way more than some astonished local Japanese police officer.

[Matthew N. Wright]

Even though aq is making glaring assumptions and seems to be hell bent on ignoring reason, I think the gist of the message is 100% true. Never before has it been so profitable (and risk-free) to hack.

We are only seeing the beginning people. Bitcoin will push hackers and technology through greed alone. SHA256 could be cracked/exploited.

[niko]

Bitcoin is really a hackers dream.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker.
This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.
Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

Welcome to crypto-anarchy! The future is already here.

A. If you go after the hacker... there will be 10 more in line behind him.

A. Going after the hackers protects a bad service.

B. If you go after the service provider... the next 10 hackers will be unsuccessful.

B. Going after the service provider ensures a better service is provided in the future.

A. If you go after the thief, he will be ultimately unsuccessful in his plan, and others will think twice if theft is worth the consequences. Going after thieves protects honest people from becoming victims.

B. If you go after service provider (assuming no criminal negligence or insider jobs, in which case A applies), you will punish the victim - and we are talking potentially devastating consequences for their careers, families, and health. Other service providers will boost up security out of fear, and outsource the cost to third parties or to customers. Thieves will have nothing to fear, and will now have to either step up their efforts or find another victim. Either way, more shitty situations which could have been avoided with option A.

I tend to agree with OP.

[Matthew N. Wright]

Bitcoin is really a hackers dream.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker.
This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.
Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

And how is that different from cash, exactly ?

Hack a USD bank, lose your life.
Hack a BTC bank, lose your OTC reputation lol

[aq]

Bitcoin is really a hackers dream.

Last year, some hacker managed to steal huge funds from mybitcoin.com. How got blamed? The operator of mybitcoin.com. No one cared about the actual hacker.
This year, a hacker stole 45k from Bitcoinica. Everyone blamed the operators. The owners replaced the funds. No one cared about the actual hacker.
Now recently more funds where stolen from Bitcoinica. MtGox even knows who the hacker is, but "of course" cannot share this information. So same thing as every time, no one cares about the actual hacker. Everyone blames the operators and tries to lynch them.

Conclusion: In the Bitcoin world it is OK to steal, the blame will always be on the victim. A hacker can even use his real name and real address, and still no one cares. Blame and lawsuits are always on the victims...

And how is that different from cash, exactly ?

Hack a USD bank, lose your life.
Hack a BTC bank, lose your OTC reputation lol

Now that would be a great development, because currently we have it this way:
Hack a USD bank, lose your life.
Hack a BTC bank, be completely ignored and happily spend the coins.

[MagicalTux]

As I said we know how and where the USD moved, so yes.

And about the Bitcoins, it would have been easy for MtGox to tell us the transaction ID, but they choose to astonish some Japanese police officer with such information, IF they even filed that report.

Some Japanese police officiers, our lawyers, and the people at Bitcoinica, plus the people who have helped during the investigation.

About the Bitcoins, we could share the transaction IDs, but I'm pretty sure everyone already got them (a 40k BTC tx is easy to locate)

[Transisto]

Hopefully Bitcoin teaches people personal responsibility. I doubt it, but one can dream.

It's so ridiculously easy to secure your own coins, if yours are stolen, you've made a mistake. This isn't blaming the victim, it's stating a fact.

The world is a harsh place full of people who will do whatever they can to get an advantage. This probably isn't going to change anytime in the near future, so the answer is to protect yourself.

Personally, I feel it's far easier and far cheaper to secure Bitcoins than any other asset I can think of. With some minimal effort you can raise the bar for wallet theft so high that it is practically impossible to have your coins stolen. I'm speaking of encrypted wallet fragments located in different physical locations under lock and key. I'd like to see someone hack that.

TL;DR: The Bitcoin user has the option to make his coins impossible to hack, for all practical purposes. A hacker's dream, I think not. A fool and his money are soon parted.

Sorry I don't buy the bolded parts.
The software part I agree can make it "virtually" impossible to steal, but there always is a physical and mental part that is near impossible to secure without high costs and high inconveniences.

_{A good way to make your coins practically impossible to steal is to send them to a random address...}

[zhoutong]

I give you an example: someone recognized Zhou exchanging some 40k$ LR to RMB for some bad rate in a hurry a day after the theft. Zhou said it was unrelated, but this shows that a community can recognize way more than some astonished local Japanese police officer.

Since my name has been mentioned I would just reply in this thread anyway. I'll explain this, for once and for all.

As I explained in the QQ Group where the trades happened, I was cashing out for a Singaporean friend who has $100K in total in several LR accounts. I was able to get much better USD/SGD exchange rates than any bank customers. (I was able to get "interbank" rates: https://bitcointalk.org/index.php?topic=76156.0)

I was not "in a hurry". Even on today I have done a deal with someone. (7 days is not "hurry".)

The rate was not bad. Most e-currency exchanges charge 1.5%-2% plus wire fees (about $50 per transaction including routing fees). USD/CNY exchange rate is highly stable and I can access to discounted exchange rate through my Chinese bank as well. I actually got a better deal.

And it's definitely not $40K (which is the stolen USD amount that Bitcoinica claims). I have also placed a single $40K AurumXchange order during the same period.

I still have an operating business in Singapore (http://www.sgitcoin.com/) and this service is actually quite popular (top Google result for "buy bitcoin in singapore"). Therefore I regularly deal with foreign exchange, money transfers and e-currencies.

This kind of transactions are very common to me. It happens all the time before the hack. (For example, trading over $20K with UserXXX: https://bitcointalk.org/index.php?topic=93109.msg1039996#msg1039996)

[Gabi]

Lol this thread is so fail. Let's speak about the hundreds or thousands of billions of dollars and euro scammed and hacked every year?

[Kluge]

Hopefully Bitcoin teaches people personal responsibility. I doubt it, but one can dream.

It's so ridiculously easy to secure your own coins, if yours are stolen, you've made a mistake. This isn't blaming the victim, it's stating a fact.

The world is a harsh place full of people who will do whatever they can to get an advantage. This probably isn't going to change anytime in the near future, so the answer is to protect yourself.

Personally, I feel it's far easier and far cheaper to secure Bitcoins than any other asset I can think of. With some minimal effort you can raise the bar for wallet theft so high that it is practically impossible to have your coins stolen. I'm speaking of encrypted wallet fragments located in different physical locations under lock and key. I'd like to see someone hack that.

TL;DR: The Bitcoin user has the option to make his coins impossible to hack, for all practical purposes. A hacker's dream, I think not. A fool and his money are soon parted.

Worth noting in Bitcoinland, there just isn't much money floating around. The current BTC market cap could not even purchase the world's 15th most expensive yacht. Much (if not most) business is done between people with little to no experience in the sector they're trading in. Security is surprisingly lacking when you assume everyone is a well-read nerd with plenty of time and money, but much more expected thinking most Bitcoin-related businesses are 3 years old or newer, start with the standard start-up budget of near-nothing, do not have profits able to justify hiring serious, experienced security experts, and having business operators with as much experience in their sector as their business has existed.

Hard to imagine this problem not getting better, even without shifting responsibility onto governments instead of those who permitted victimization. Even if Bitcoinica ops do not learn from mistakes, other ops will. MtGox did not need two more tens-of-thousands-worth-of-USD hacks to realize they needed to beef up security in a dramatic fashion, and they did  not need the government tracking down a cyber-criminal in Moldova to do so, nor to repay customers.

[N12]

Bitcoin so far has been a great distributory tool in moving value from honest people to hackers, thiefs, and scammers. You could say it's a way to destroy wealth.

[niko]

I think OP was referring to the mindset of certain Bitcoin users, not criticizing btc itself. Apparently many think that it's perfectly ok to steal, and to let thieves operate without any consequences.

[phungus]

This is definitely a big, huge learning experience for all of us, for sure. :-)


-p

[niko]

I think OP was referring to the mindset of certain Bitcoin users, not criticizing btc itself. Apparently many think that it's perfectly ok to steal, and to let thieves operate without any consequences.

Then the thread should be titled: "A few individuals are a hackers dream".

If there was a poll thread asking if the Bitcoinica thieves should be punished if caught, I'm sure the overwhelming majority would vote yes.

And yet most of time and resources seem to be dedicated to bashing the victims.