BTER.com hacked| 7170 BTC stolen | DON'T KEEP YOUR MONEY ON AN EXCHANGE |

[stdset]

Forget what I said, that doesn't make sense, since the funds went directly from the cold wallet to the hackers address and not to the hot wallet.

So I looks like the "hacker" didn't have access to the hot wallet or it wasn't in his interest to empty it.

17o5z is one of Bter's hot wallet addresses.

[redsn0w]

Google translate on their Weibo page suggests that the hacker compromised the mechanism for refilling the hot wallet from the 'cold', allowing them to empty it.

That might explain the two transaction 10 minutes prior the 7K. 1 and 2

Forget what I said, that doesn't make sense, since the funds went directly from the cold wallet to the hackers address and not to the hot wallet.

So I looks like the "hacker" didn't have access to the hot wallet or it wasn't in his interest to empty it.

It is most probably the first option, the hacker didn't have the access to their hot wallet, and this is demonstrate that the cold wallet it was not a real cold wallet. I think these are the three possible scenarios (maybe) :

1) a bad generation of the cold wallet's addresses,
2) an error/mistake of an employee, that had connected the cold wallet to "internet",
3) An inside job.

[mishax1]

Forget what I said, that doesn't make sense, since the funds went directly from the cold wallet to the hackers address and not to the hot wallet.

So I looks like the "hacker" didn't have access to the hot wallet or it wasn't in his interest to empty it.

17o5z is one of Bter's hot wallet addresses.

That's why I said "the funds went directly from the cold wallet to the hackers address and not to the hot wallet"

But everything is a big "MAYBE" and we are only speculating..  

[stdset]

It is most probably the first option, the hacker didn't have the access to their hot wallet, and this is demonstrate that the cold wallet it was not a real cold wallet. I think (maybe) :

1) a bad generation of the cold wallet's addresses,
2) an error/mistake of an employee, that had connected the cold wallet to "internet",
3)An inside job.

1) I think this option is the least probable among others.
2) Just connection is unlikely to be enough. They must have had a trojan in their 'cold' wallet system. What they were using their 'cold' wallet for, to get infected??? BTW if this option is really what happened, they likely were infected between Feb 2nd and Feb 14th.
3) Must be thoroughly investigated in any cold wallet theft case.

[tee-rex]

Forget what I said, that doesn't make sense, since the funds went directly from the cold wallet to the hackers address and not to the hot wallet.

So I looks like the "hacker" didn't have access to the hot wallet or it wasn't in his interest to empty it.

17o5z is one of Bter's hot wallet addresses.

What are the other bter's hot wallet addresses and will this list be exhaustive? How many bitcoins do they have in total right now?

[stdset]

Forget what I said, that doesn't make sense, since the funds went directly from the cold wallet to the hackers address and not to the hot wallet.

So I looks like the "hacker" didn't have access to the hot wallet or it wasn't in his interest to empty it.

17o5z is one of Bter's hot wallet addresses.

What are the other bter's hot wallet addresses and will this list be exhaustive? How many bitcoins do they have in total right now?

I think it's hard to compile an exhaustive list.
Here are some of their addresses though:
http://www.walletexplorer.com/wallet/Bter.com/addresses
http://www.walletexplorer.com/wallet/Bter.com-output/addresses

[dwma]

Meh we have to move to decentralized exchanges.  No one will ever be able to figure out what happened for sure...

[tee-rex]

Forget what I said, that doesn't make sense, since the funds went directly from the cold wallet to the hackers address and not to the hot wallet.

So I looks like the "hacker" didn't have access to the hot wallet or it wasn't in his interest to empty it.

17o5z is one of Bter's hot wallet addresses.

What are the other bter's hot wallet addresses and will this list be exhaustive? How many bitcoins do they have in total right now?

I think it's hard to compile an exhaustive list.
Here are some of their addresses though:
http://www.walletexplorer.com/wallet/Bter.com/addresses
http://www.walletexplorer.com/wallet/Bter.com-output/addresses

This address (17o5z) gets credited in the amount of exactly 10 bitcoins every day since the hack from a lot of small wallets. What could they be doing, maybe selling fiat in an effort to accumulate a bitcoin "misery" fund?

[stdset]

This address (17o5z) gets credited in the amount of exactly 10 bitcoins every day since the hack from a lot of small wallets. What could they be doing, maybe selling fiat in an effort to accumulate a bitcoin "misery" fund?

BTW, in order to continue using their hot wallet, they must be absolutely 100% sure it's not compromised. Otherwise they should have moved all BTC left in the hot wallet to a new wallet.

[tee-rex]

This address (17o5z) gets credited in the amount of exactly 10 bitcoins every day since the hack from a lot of small wallets. What could they be doing, maybe selling fiat in an effort to accumulate a bitcoin "misery" fund?

BTW, in order to continue using their hot wallet, they must be absolutely 100% sure it's not compromised. Otherwise they should have moved all BTC left in the hot wallet to a new wallet.

In the case of bter I wouldn't be that sure. Remember, they have already been hacked two times, so it won't come as surprise if this wallet gets hacked next too.

Who hasn't yet hacked bter?

[bitcoinmar]

Meh we have to move to decentralized exchanges.  No one will ever be able to figure out what happened for sure...

Yes I agree these are killing frequently and no action against them I lost too much in Mintpal and now in bter now never going to any bitcoin or altcoin exchange

[blueshoe]

But there exist no decentral exchange for altcoins. the Assetsystem with nxt or bts i find to uncomfortable. we need something like a torrentsystem. but the blockchains are to slow for trading. And i dont see why i should hold altcoins without trading ...

[stdset]

BTW, in order to continue using their hot wallet, they must be absolutely 100% sure it's not compromised.

What would be the case if they 'hacked' themselfs.

[cazkooo]

BTW, in order to continue using their hot wallet, they must be absolutely 100% sure it's not compromised.

What would be the case if they 'hacked' themselfs.

indeed it seems like they are hacking themselves, but lets see their next action, if they intended to refund their customer then it would be seems like they are really got hacked

[blueshoe]

You think all too complicated. The normal case is a criminal, child abduction, a ransom note. Done. More, it does not need to make an exchange office broken. There are millions of criminals who can do that.

[Cassius]

But there exist no decentral exchange for altcoins. the Assetsystem with nxt or bts i find to uncomfortable. we need something like a torrentsystem. but the blockchains are to slow for trading. And i dont see why i should hold altcoins without trading ...

InstantDEX, any day now. Built on top of NXT AE and Multigateway, but near-realtime. Should be in beta very soon.

[redsn0w]

It is most probably the first option, the hacker didn't have the access to their hot wallet, and this is demonstrate that the cold wallet it was not a real cold wallet. I think (maybe) :

1) a bad generation of the cold wallet's addresses,
2) an error/mistake of an employee, that had connected the cold wallet to "internet",
3)An inside job.

1) I think this option is the least probable among others.
2) Just connection is unlikely to be enough. They must have had a trojan in their 'cold' wallet system. What they were using their 'cold' wallet for, to get infected??? BTW if this option is really what happened, they likely were infected between Feb 2nd and Feb 14th.
3) Must be thoroughly investigated in any cold wallet theft case.

1) it depends of what wallet they have used to generate bitcoin addresses,
2) It is called "cold wallet" and it never should be never connected on internet,
3) this is the most probable "option" but we should wait some news from them.

Their weibo/twitter profile has not yet been updated.

[tee-rex]

It is most probably the first option, the hacker didn't have the access to their hot wallet, and this is demonstrate that the cold wallet it was not a real cold wallet. I think (maybe) :

1) a bad generation of the cold wallet's addresses,
2) an error/mistake of an employee, that had connected the cold wallet to "internet",
3)An inside job.

1) I think this option is the least probable among others.
2) Just connection is unlikely to be enough. They must have had a trojan in their 'cold' wallet system. What they were using their 'cold' wallet for, to get infected??? BTW if this option is really what happened, they likely were infected between Feb 2nd and Feb 14th.
3) Must be thoroughly investigated in any cold wallet theft case.

1) it depends of what wallet they have used to generate bitcoin addresses,
2) It is called "cold wallet" and it never should be never connected on internet,
3) this is the most probable "option" but we should wait some news from them.

Their weibo/twitter profile has not yet been updated.

I don't quite understand what you mean here by "it should be never connected on internet". How on earth are you going to fill hot wallets from it if it is never to be connected to the Internet?

They did connect it and got forfeited, but this is quite another story.

[redsn0w]

It is most probably the first option, the hacker didn't have the access to their hot wallet, and this is demonstrate that the cold wallet it was not a real cold wallet. I think (maybe) :

1) a bad generation of the cold wallet's addresses,
2) an error/mistake of an employee, that had connected the cold wallet to "internet",
3)An inside job.

1) I think this option is the least probable among others.
2) Just connection is unlikely to be enough. They must have had a trojan in their 'cold' wallet system. What they were using their 'cold' wallet for, to get infected??? BTW if this option is really what happened, they likely were infected between Feb 2nd and Feb 14th.
3) Must be thoroughly investigated in any cold wallet theft case.

1) it depends of what wallet they have used to generate bitcoin addresses,
2) It is called "cold wallet" and it never should be never connected on internet,
3) this is the most probable "option" but we should wait some news from them.

Their weibo/twitter profile has not yet been updated.

I don't quite understand what you mean here by "it should be never connected on internet". How on earth are you going to fill hot wallets from it if it is never to be connected to the Internet?

Simple , you create/sign the transaction offline and then you "broadcast" it on another pc (connected on internet). Do you know this "technique" ?

Here an example with "electrum"  : https://electrum.org/offline_wallets.html  and here a thread : https://bitcointalk.org/index.php?topic=651344.msg7306076#msg7306076  (with bitcoind).

[tee-rex]

It is most probably the first option, the hacker didn't have the access to their hot wallet, and this is demonstrate that the cold wallet it was not a real cold wallet. I think (maybe) :

1) a bad generation of the cold wallet's addresses,
2) an error/mistake of an employee, that had connected the cold wallet to "internet",
3)An inside job.

1) I think this option is the least probable among others.
2) Just connection is unlikely to be enough. They must have had a trojan in their 'cold' wallet system. What they were using their 'cold' wallet for, to get infected??? BTW if this option is really what happened, they likely were infected between Feb 2nd and Feb 14th.
3) Must be thoroughly investigated in any cold wallet theft case.

1) it depends of what wallet they have used to generate bitcoin addresses,
2) It is called "cold wallet" and it never should be never connected on internet,
3) this is the most probable "option" but we should wait some news from them.

Their weibo/twitter profile has not yet been updated.

I don't quite understand what you mean here by "it should be never connected on internet". How on earth are you going to fill hot wallets from it if it is never to be connected to the Internet?

Simple , you create/sign the transaction offline and then you "broadcast" it on another pc (connected on internet). Do you know this "technique" ?

It seems that "this way" your cold wallet still gets effectively "connected" (even through an intermediary) to the Internet in the end, though this "connection" may not be direct in terms of time. Do I still miss something?