BTER.com hacked| 7170 BTC stolen | DON'T KEEP YOUR MONEY ON AN EXCHANGE |

[cshelswell]

People keep repeating the mantra "don't keep your bitcoins anywhere but in your own wallet".  It's almost blaming the victim for being so careless about who they trust.  How do these people expect bitcoin commerce to work if businesses are always meant to be fearful of someone taking down an exchange?  How many businesses function in a world where Mastercard, Visa, PayPal, etc could at any moment lose all customer funds?

How is an exchange like bitfinex meant to be funded if no one is ever to keep bitcoins on there to fund leveraged positions and earn interest? 

Agreed. It's a real problem that the only safe thing to do with your btc is do nothing at all

[stdset]

Bter? The same who had 50M NXT stolen and contacted NXT devs to do a rollback? And the same from BitBay, which is just a pump and dump scheme?
http://cointelegraph.com/news/113238/chat-logs-allegedly-show-bter-creating-and-pumping-its-own-coin

Why do people still trust in this shitty exchange?

They indeed contacted NXT devs asking for a rollback, but it was not performed. And they managed to make a deal with the hacker, such that he returned most of stolen NXT in exchange for several hundreds BTC. They took that loss upon themselfs, no clients funds were affected, much like Bitstamp did in the recent hack.
But I don't believe they could survive this time, at least without funds being returned somehow. If it indeed was a coldwallet, there is a limited set of suspects, may be there is some hope.

[rich93]

Bter? The same who had 50M NXT stolen and contacted NXT devs to do a rollback? And the same from BitBay, which is just a pump and dump scheme?
http://cointelegraph.com/news/113238/chat-logs-allegedly-show-bter-creating-and-pumping-its-own-coin

Why do people still trust in this shitty exchange?

They indeed contacted NXT devs asking for a rollback, but it was not performed. And they managed to make a deal with the hacker, such that he returned most of stolen NXT in exchange for several hundreds BTC. They took that loss upon themselfs, no clients funds were affected, much like Bitstamp did in the recent hack.
But I don't believe they could survive this time, at least without funds being returned somehow. If it indeed was a coldwallet, there is a limited set of suspects, may be there is some hope.

They claim to have contacted the police but does anyone know in which country. I think they are registered in the British Virgin Islands. The website said this.

Bter.com is maintained and operated by MaxCloud Inc. which was registered in British Virgin Islands in 2011.

Which country are the owners of MaxCloud Inc. from?

I think the British Virgin Islands is a tax haven and the owner of most companies registered there do not live there.

[hero18688]

Bter? The same who had 50M NXT stolen and contacted NXT devs to do a rollback? And the same from BitBay, which is just a pump and dump scheme?
http://cointelegraph.com/news/113238/chat-logs-allegedly-show-bter-creating-and-pumping-its-own-coin

Why do people still trust in this shitty exchange?

They indeed contacted NXT devs asking for a rollback, but it was not performed. And they managed to make a deal with the hacker, such that he returned most of stolen NXT in exchange for several hundreds BTC. They took that loss upon themselfs, no clients funds were affected, much like Bitstamp did in the recent hack.
But I don't believe they could survive this time, at least without funds being returned somehow. If it indeed was a coldwallet, there is a limited set of suspects, may be there is some hope.

They claim to have contacted the police but does anyone know in which country. I think they are registered in the British Virgin Islands. The website said this.

Bter.com is maintained and operated by MaxCloud Inc. which was registered in British Virgin Islands in 2011.

Which country are the owners of MaxCloud Inc. from?

I think the British Virgin Islands is a tax haven and the owner of most companies registered there do not live there.

Bter.com is a Chinese exchange,located in Shandong Province,China.

[redsn0w]

People keep repeating the mantra "don't keep your bitcoins anywhere but in your own wallet".  It's almost blaming the victim for being so careless about who they trust.  How do these people expect bitcoin commerce to work if businesses are always meant to be fearful of someone taking down an exchange?  How many businesses function in a world where Mastercard, Visa, PayPal, etc could at any moment lose all customer funds?

How is an exchange like bitfinex meant to be funded if no one is ever to keep bitcoins on there to fund leveraged positions and earn interest? 

Agreed. It's a real problem that the only safe thing to do with your btc is do nothing at all

Not this is not true, the problem here is : a lot of people "trust" the various exchange like a bank, the real purpose of an exchange is | deposit the coin > perform the "exchange" altcoin btc or viceversa > and then withdraw.

Maybe you can be unlucky and deposit/withdraw  under the hack attack is being, but this is another story.

[Fernandez]

This is bad news, but not surprising. Nobody should be keeping any significant amount on any exchange. If they can't learn after so many hacks they deserve to lose their money.

[kingscrown]

my infos say it was inside job..

anyways - id say the money is gone.

good i had nothing htere since 1,5 month after bitbay thinge and didnt bring EXCL to the board

[Fernandez]

anyways - id say the money is gone.

Naturally it is gone. Yet another lesson for the community not to keep funds on exchange.

[redsn0w]

anyways - id say the money is gone.

Naturally it is gone. Yet another lesson for the community not to keep funds on exchange.

After a lot of scams/hacks , now I challenge a person to keep their coins for 24 hours in an online exchange. It is really insane, their security is not good.

Do you know only a few exchanges are using multiSig ?

[corsaro]

anyways - id say the money is gone.

Naturally it is gone. Yet another lesson for the community not to keep funds on exchange.

yes, please do not keep bitcoins deposited into exchange. Use your own wallet.

If you need to exchange, deposit just the btc you need to exchange, and immediately after withdraw the exchanged sums

[stdset]

Looking at Bter's 'cold wallet' address: https://blockchain.info/address/1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e we see two outgoing transactions 8 minutes before the hack. Funds were sent to 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 which probably is one of Bter's hot wallet addresses, because there were more outgoing transactions from 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e to that address before, and 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 has huge turnover. Before Feb 14'th, the most recent outgoing transaction from 1M2bv occured on Feb 2'nd, again funds were sent to 17o5z. And before Feb 2'nd the last outgoing transaction from 1M2bv happened on Jan 27'th, i.e. outgoing transactions were quite rare, what makes me believe, they indeed were using that address for cold storage.

[mishax1]

Looking at Bter's 'cold wallet' address: https://blockchain.info/address/1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e we see two outgoing transactions 8 minutes before the hack. Funds were sent to 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 which probably is one of Bter's hot wallet addresses, because there were more outgoing transactions from 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e to that address before, and 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 has huge turnover. Before Feb 14'th, the most recent outgoing transaction from 1M2bv occured on Feb 2'nd, again funds were sent to 17o5z. And before Feb 2'nd the last outgoing transaction from 1M2bv happened on Jan 27'th, i.e. outgoing transactions were quite rare, what makes me believe, they indeed were using that address for cold storage.

That is mostly correct. This page shows that 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87ewas used as a cold storage.

You can also see that 'someone'/something accessed the cold storage about 10 minutes before they took the 7K. Here and Here

[stdset]

If their cold wallet wasn't very cold, and they were infected with a trojan, that likely happened between Feb 2nd and Feb 14th. If it indeed was cold, the funds were stolen by somebody who had access to the wallet, especially during last several days before the hack.

[acquafredda]

People keep repeating the mantra "don't keep your bitcoins anywhere but in your own wallet".  It's almost blaming the victim for being so careless about who they trust.  How do these people expect bitcoin commerce to work if businesses are always meant to be fearful of someone taking down an exchange?  How many businesses function in a world where Mastercard, Visa, PayPal, etc could at any moment lose all customer funds?

How is an exchange like bitfinex meant to be funded if no one is ever to keep bitcoins on there to fund leveraged positions and earn interest? 

Agreed. It's a real problem that the only safe thing to do with your btc is do nothing at all

I totally disagree. The fiat world works in a completely different way. And it's meant to work like that. They say your bank accounts and deposit are "safe" until a certain amount after that they do not guarantee your money back in case of failure, bankruptcy or whatever else.

The thing is that people here in the BTC world understood that this is the new way of getting "money from nothing".

Mt.gox, did that, mintpal did that, I'm not sure about bitstamp, bter probably did that etc.

Hence this is the problem: do we all see that this "legitimate" services which start nice and very well done at the end run away with customers money?
This is happening for cloudmining too. So many scams out there.

This world is very difficult. And we don't even know who we're playing with.

That said, I'll keep my BTC on my wallet. I'm my own guard. I do not need an exchange so far.

My 2 satoshis

[redsn0w]

If their cold wallet wasn't very cold, and they were infected with a trojan, that likely happened between Feb 2nd and Feb 14th. If it indeed was cold, the funds were stolen by somebody who had access to the wallet, especially during last several days before the hack.

I think their cold wallet wasn't a real cold wallet, when it was connected on "internet" it has lost the property of a cold wallet (or am I wrong ?).

[stdset]

If their cold wallet wasn't very cold, and they were infected with a trojan, that likely happened between Feb 2nd and Feb 14th. If it indeed was cold, the funds were stolen by somebody who had access to the wallet, especially during last several days before the hack.

I think their cold wallet wasn't a real cold wallet, when it was connected on "internet" it has lost the property of a cold wallet (or am I wrong ?).

I think we can't be sure for the time being.

[deisik]

Looking at Bter's 'cold wallet' address: https://blockchain.info/address/1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e we see two outgoing transactions 8 minutes before the hack. Funds were sent to 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 which probably is one of Bter's hot wallet addresses, because there were more outgoing transactions from 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e to that address before, and 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 has huge turnover. Before Feb 14'th, the most recent outgoing transaction from 1M2bv occured on Feb 2'nd, again funds were sent to 17o5z. And before Feb 2'nd the last outgoing transaction from 1M2bv happened on Jan 27'th, i.e. outgoing transactions were quite rare, what makes me believe, they indeed were using that address for cold storage.

That is mostly correct. This page shows that 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87ewas used as a cold storage.

This doge wallet has over 4.5 billion dogecoins (which is more then 5% of all doges in circulation), and it hasn't been touched since December, 2014. At least doge owners may have some hope. I mean Bter may actually haven't scammed, otherwise why keep them there?

You can also see that 'someone'/something accessed the cold storage about 10 minutes before they took the 7K. Here and Here

As I said earlier, I had problems withdrawing bitcoins two days prior the hack (had to wait for two hours until my withdrawal request got finally processed), so it may well mean that their cold storage turned into hot wallet...

[stdset]

Their NXT wallets, both hot and cold also look OK:
https://nxtblocks.info/#section/accountId/NXT-LVKY-Q9KY-5Q2Z-AV9JA
https://nxtblocks.info/#section/accountId/NXT-R3V3-2S79-F3ZM-BVXKZ

[stdset]

As I said earlier, I had problems withdrawing bitcoins two days prior the hack (had to wait for two hours until my withdrawal request got finally processed), so it may well mean that their cold storage turned into hot wallet...

There were no outgoing transactions from 1M2bv around Feb 12th.
Edit: Could you check your incoming transaction, where from the funds were sent?

[deisik]

As I said earlier, I had problems withdrawing bitcoins two days prior the hack (had to wait for two hours until my withdrawal request got finally processed), so it may well mean that their cold storage turned into hot wallet...

There were no outgoing transactions from 1M2bv around Feb 12th.
Edit: Could you check your incoming transaction, where from the funds were sent?

I'm afraid not, at least right now, since I had been transferring funds from Bter to Bittrex, and there I can only see the date and sum of the deposit (and it was on the 14th actually, 12:13:55 AM, I just checked). If you give me an address of some blockchain explorer, I would try to find the transaction...

Update: here's the transaction