Bitcoin Forum
December 07, 2016, 06:42:10 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 »  All
  Print  
Author Topic: Public STATEMENT Regarding Bitcoinica account hack at MtGox  (Read 67285 times)
sarpar
Member
**
Offline Offline

Activity: 100


View Profile
July 27, 2012, 01:15:14 PM
 #361

is anyone committing these all of these threads to pastebin or elsewhere ?  As posts seem to be removed from time to time this will all be relevant when these cases go to court.

WHAT IF...


...their bitcointalk.org-account got hacked?  Cheesy

I openly boycott the Bitcoinica Consultancy team or Intersango: Donald Norman, Patrick Strateman and Amir Taaki
1481136130
Hero Member
*
Offline Offline

Posts: 1481136130

View Profile Personal Message (Offline)

Ignore
1481136130
Reply with quote  #2

1481136130
Report to moderator
1481136130
Hero Member
*
Offline Offline

Posts: 1481136130

View Profile Personal Message (Offline)

Ignore
1481136130
Reply with quote  #2

1481136130
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481136130
Hero Member
*
Offline Offline

Posts: 1481136130

View Profile Personal Message (Offline)

Ignore
1481136130
Reply with quote  #2

1481136130
Report to moderator
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 27, 2012, 02:17:20 PM
 #362

I'm just going to drop a quick note on here, that my MTGox account was compromised within a matter of days from this hack happening. And I had over 1,800 BTC stolen from me. It may or may not be related, but the timing is a bit too close to ignore completely.

I wonder if any others were compromised as well?

I've contacted aurumxchange and zhoutong directly to see if they have anything to offer, and if they are willing to cooperate with the already open investigation with law enforcement from my end (I have an open investigation by the Cyber Crime division of my local law enforcement here). Regardless, I will be directing the investigators to this information for any potential correlation.

Pointing them here for your investigation is going to do nothing other than fill their leads list with a bunch of FUD.

MTGOX account(s) were not compromised!

Someone had the LOGIN credentials for Bitcoinica's account because their LastPass account that held all their MtGox and other logins was BREACHED (not hacked or compromised either).

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
July 27, 2012, 02:58:17 PM
 #363

I'm just going to drop a quick note on here, that my MTGox account was compromised within a matter of days from this hack happening. And I had over 1,800 BTC stolen from me. It may or may not be related, but the timing is a bit too close to ignore completely.

I wonder if any others were compromised as well?

I've contacted aurumxchange and zhoutong directly to see if they have anything to offer, and if they are willing to cooperate with the already open investigation with law enforcement from my end (I have an open investigation by the Cyber Crime division of my local law enforcement here). Regardless, I will be directing the investigators to this information for any potential correlation.

1800 BTC ?

No two-factor identification ?

Good luck on the investigation, if you can, please update the community.

Any knowledge about which attack vector was used to get into your account ?
paulie_w
Sr. Member
****
Offline Offline

Activity: 420


View Profile
July 27, 2012, 03:12:16 PM
 #364

i just want to say that it makes me sad to see this thread every time i login here Sad

please don't kill bitcoin with all of this stupidity.

on the one hand, i hope you guys figure it out so there is some notion of accountability within the community.

but on the other hand, i feel like any conclusion is going to be inconclusive, and you're just going to ruin good reputations and good people by wasting all this time on a witch hunt.

next time some great new bitcoin web app develops, i hope you will not all be so quick to deposit your entire cache of 'coin...
Gyrsur
Legendary
*
Offline Offline

Activity: 1498


#BEL+++++


View Profile WWW
July 27, 2012, 03:16:44 PM
 #365

i just want to say that it makes me sad to see this thread every time i login here Sad

please don't kill bitcoin with all of this stupidity.

on the one hand, i hope you guys figure it out so there is some notion of accountability within the community.

but on the other hand, i feel like any conclusion is going to be inconclusive, and you're just going to ruin good reputations and good people by wasting all this time on a witch hunt.

next time some great new bitcoin web app develops, i hope you will not all be so quick to deposit your entire cache of 'coin...

a girl!!

Clipse
Hero Member
*****
Offline Offline

Activity: 504


View Profile
July 27, 2012, 03:22:47 PM
 #366

i just want to say that it makes me sad to see this thread every time i login here Sad

please don't kill bitcoin with all of this stupidity.

on the one hand, i hope you guys figure it out so there is some notion of accountability within the community.

but on the other hand, i feel like any conclusion is going to be inconclusive, and you're just going to ruin good reputations and good people by wasting all this time on a witch hunt.

next time some great new bitcoin web app develops, i hope you will not all be so quick to deposit your entire cache of 'coin...

Since you are new I will forgive you for wanting this to get out of the limelight however this needs to stay in the limelight until there is closure.

Closure on this disease is far more likely to save bitcoin than destroy it, we saw heists such as this with the mybitcoin fiasco last year and it lost limelight far too early without anyone held accountable and that needs to change immediately.

...In the land of the stale, the man with one share is king... >> Clipse

We pay miners at 130% PPS | Signup here : Bonus PPS Pool (Please read OP to understand the current process)
Glasswalker
Sr. Member
****
Offline Offline

Activity: 350



View Profile WWW
July 27, 2012, 03:28:58 PM
 #367

Pointing them here for your investigation is going to do nothing other than fill their leads list with a bunch of FUD.

MTGOX account(s) were not compromised!

Someone had the LOGIN credentials for Bitcoinica's account because their LastPass account that held all their MtGox and other logins was BREACHED (not hacked or compromised either).

I never said they were, the same method was used to access my account within a few days of this one. I simply stated the timing is close enough to warrant looking into it. Since in this case they have more evidence than was able to be gathered in my case (for example check some of the IPs logged by these individuals and confirm them against the IPs used in my case, if any coincide, it MAY imply a relationship). I'm not jumping to conclusions, but it is a potential valid lead.

1800 BTC ?

No two-factor identification ?

Good luck on the investigation, if you can, please update the community.

Any knowledge about which attack vector was used to get into your account ?

It could be noted that in this case the individual didn't have 2factor either, in order for someone to be able to up and withdraw their funds using an "aquired" login credential. And they were sitting on MUCH more funds than my 1800.

And yes I hope the investigation turns up something, dealing with law enforcement is a slow process though, so it's slow gaining traction.

I do fully intend to update the community as I get more info.

As for an attack vector, no, I have yet to identify where they got the login credentials.

Thanks!

Just trying to make Bitcoin a Success... One crazy project at a time. (13rwPKskyATcAq3PpnCikfFG8989DQ8M3c)
HashVoodoo Open Source FPGA Mining Bitstream: https://github.com/pmumby/hashvoodoo-fpga-bitcoin-miner
paulie_w
Sr. Member
****
Offline Offline

Activity: 420


View Profile
July 27, 2012, 03:34:12 PM
 #368

i just want to say that it makes me sad to see this thread every time i login here Sad

please don't kill bitcoin with all of this stupidity.

on the one hand, i hope you guys figure it out so there is some notion of accountability within the community.

but on the other hand, i feel like any conclusion is going to be inconclusive, and you're just going to ruin good reputations and good people by wasting all this time on a witch hunt.

next time some great new bitcoin web app develops, i hope you will not all be so quick to deposit your entire cache of 'coin...

Since you are new I will forgive you for wanting this to get out of the limelight however this needs to stay in the limelight until there is closure.

Closure on this disease is far more likely to save bitcoin than destroy it, we saw heists such as this with the mybitcoin fiasco last year and it lost limelight far too early without anyone held accountable and that needs to change immediately.

you're probably right, and i guess every great project has its growing pains, but it's still awful to watch.

i really love bitcoin and think it can change the world. if it ends up never being able to climb out of obscurity because of stuff like this (read: the bad publicity that it causes), then i think that's a real shame.
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 966


BCJ


View Profile
July 27, 2012, 03:45:54 PM
 #369

This is just like any good train wreck or bad traffic accident.  Everyone is rubbernecking because this is where all the drama is.  However there are a lot of smart and talented people doing incredible and useful and helpful things in the community, fortunately, they don't spend their days reading and analyzable and responding to every post in some of these sections.

But as someone said, this is better then cable television.

1QaZxSw2
Member
**
Offline Offline

Activity: 90



View Profile
July 27, 2012, 05:39:00 PM
 #370

EDIT: Moved to separate thread here https://bitcointalk.org/index.php?topic=96086.0

If any of us want bitcoin to succeed, we need to achieve the following:

Establish security and auditing standards that bitcoin companies and comply with. This can be publicly posted and edited and companies can post a statement of compliance such as: Complies with bitcoin security standard V2.1

The goal of this is to ensure bitcoin can self-regulate instead of running to the government and begging to be saved from the bad guys. I'm not anti-government regulations per se, but calling in the government to regulate a brand new industry will most certainly stifle innovation.

While there seems to be circumstantial evidence to suggest ZT may have either been a naughty boy or just plain stupid, we need to proceed judiciously. Note that accusations are easy, and tomorrow anyone here with any business could be accused of wrong doing should something go wrong.

We need to put in place transparency and self-regulation so that rampant speculation will have no place.

For example:
V0.1 of Bitcoin Operations & Security Standard (BOSS 0.1)

Users:
1. Every account has 2-factor authentication. [This prevents fraudulent claims of password theft etc]
2. All passwords are salted and hashed. [Mitigates loss due to/claim of lost password db]
3. All users who store more than 1000BTC or $10000 USD need to provide scanned copy of govt id. [Large amounts attract theft. Disclosing your identity may be the only way to protect yourself. Prevents Govt coming after corporations for money laundering.]
4. Maximum daily withdrawals are set based on corporate policy. 1000BTC and $10000 recommended. Larger amounts may be allowed after a phone call and verification. [This prevents large losses in case of password theft]
4.a. Optional: withdrawals should go to the same wallet deposits were made from. Customer can always withdraw full amount to the originating wallet, change the designated outgoing wallet and replace the funds as necessary for financial privacy and security. [For some businesses such as mixing services, this makes no sense]

Companies:
5. All Corporate funds are strictly separated from Customer funds. [This makes embezzlement easy to detect and prevents accidental losses]
6. Most BTC are stored in cold wallets. [Prevents large losses due to root privilege compromise]
7. The cold wallets containing more than 1000BTC keys are split among at least 2 officers of the company, so that no one person can withdraw from a cold wallet. Steps should be taken to ensure that these keys portions are not shared and not lost if one of the officers dies or exits the company.
8. Other cold wallets have a maximum amount of 1000BTC beyond which it should split into two cold wallets. [This puts an upper limit on loss from actions of an unscrupulous officer of a company.]
9. Companies will take user privacy very seriously and will not air issues in a public forum. As appropriate, resolve issues with the customer or contact law enforcement. [This will build confidence in bitcoin businesses and prevent slander/accusations of slander]
10. Where appropriate, companies should insure against losses of user funds from theft, loss of keys, disruption of operations, etc. This does not apply to trading losses caused by user's own actions. [Builds confidence and permits outside entity, i.e. the insurance company to audit security procedures]
1QaZxSw2
Member
**
Offline Offline

Activity: 90



View Profile
July 27, 2012, 05:51:26 PM
 #371

The goals of BOSS are:


1. Set a standard expectation regarding security and operating procedures.
2. Eliminate, reduce and mitigate losses due to theft or corporate wrongdoing
3. Eliminate, reduce and mitigate losses due to customer action or fraud.
4. Ensure the most up to date security mechanisms are in place.

The fiat financial world is heavily regulated because they had to learn all their lessons the hard way. We don't need to. We should simply apply the lessons here and make BTC a far better product.
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 27, 2012, 06:14:19 PM
 #372

Pointing them here for your investigation is going to do nothing other than fill their leads list with a bunch of FUD.

MTGOX account(s) were not compromised!

Someone had the LOGIN credentials for Bitcoinica's account because their LastPass account that held all their MtGox and other logins was BREACHED (not hacked or compromised either).

I never said they were, the same method was used to access my account within a few days of this one. I simply stated the timing is close enough to warrant looking into it. Since in this case they have more evidence than was able to be gathered in my case (for example check some of the IPs logged by these individuals and confirm them against the IPs used in my case, if any coincide, it MAY imply a relationship). I'm not jumping to conclusions, but it is a potential valid lead.

My point was simply that your case and the Bitcoinica case are no more similar than if a car got stolen in Texas and a car got stolen in the UK and both times the thieves had the keys to the cars. Pointing an investigator to one car theft is in no way helpful in solving the other. Nither one would answer the investigator's main questions; "How did the thief gain the keys?", "And where did the thief take the car to?"

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
check_status
Full Member
***
Offline Offline

Activity: 196


Web Dev, Db Admin, Computer Technician


View Profile
July 27, 2012, 06:20:55 PM
 #373

The goals of BOSS are:


1. Set a standard expectation regarding security and operating procedures.
2. Eliminate, reduce and mitigate losses due to theft or corporate wrongdoing
3. Eliminate, reduce and mitigate losses due to customer action or fraud.
4. Ensure the most up to date security mechanisms are in place.

The fiat financial world is heavily regulated because they had to learn all their lessons the hard way. We don't need to. We should simply apply the lessons here and make BTC a far better product.

Are you going to set up the agile and scrum?

For Bitcoin to be a true global currency the value of BTC needs always to rise.
If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76.
P2Pool Server List | How To's and Guides Mega List |  1EndfedSryGUZK9sPrdvxHntYzv2EBexGA
1QaZxSw2
Member
**
Offline Offline

Activity: 90



View Profile
July 27, 2012, 06:22:59 PM
 #374

Quote
Are you going to set up the agile and scrum?

I was thinking more like a GPL type process. A publicly known standard that can be referred to, complied with and audited against.
malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 1624



View Profile
July 27, 2012, 09:20:06 PM
 #375

is anyone committing these all of these threads to pastebin or elsewhere ?  As posts seem to be removed from time to time this will all be relevant when these cases go to court.

Maybe the forum administration will be able to find deleted posts if they are not deleted from the database, or if they are, by restoring its backup (I heard the forum's backup is done pretty often).
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
July 28, 2012, 03:52:08 PM
 #376

is anyone committing these all of these threads to pastebin or elsewhere ?  As posts seem to be removed from time to time this will all be relevant when these cases go to court.

Maybe the forum administration will be able to find deleted posts if they are not deleted from the database, or if they are, by restoring its backup (I heard the forum's backup is done pretty often).
Deleted posts are only ever hidden from the public, despite the button being called "delete". They can be unhidden just as easily.

BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 966


BCJ


View Profile
July 28, 2012, 03:57:46 PM
 #377

The forum is managed in the US but hosted in Japan.  Wonder what the legality is of complying with Subpoenas. There is probably also a Fed or NSA geek already monitoring  and mirroring this board.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
July 28, 2012, 04:01:15 PM
 #378

The forum is managed in the US but hosted in Japan.  Wonder what the legality is of complying with Subpoenas. There is probably also a Fed or NSA geek already monitoring  and mirroring this board.
Try again: http://whois.domaintools.com/50.97.137.52
Hosted at Softlayer in Dallas. Whois protected by a canadian company.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
MrTeal
Legendary
*
Offline Offline

Activity: 1246


View Profile
July 28, 2012, 04:11:38 PM
 #379

is anyone committing these all of these threads to pastebin or elsewhere ?  As posts seem to be removed from time to time this will all be relevant when these cases go to court.

Maybe the forum administration will be able to find deleted posts if they are not deleted from the database, or if they are, by restoring its backup (I heard the forum's backup is done pretty often).
Deleted posts are only ever hidden from the public, despite the button being called "delete". They can be unhidden just as easily.

What about edited posts?
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 966


BCJ


View Profile
July 28, 2012, 04:18:29 PM
 #380

The forum is managed in the US but hosted in Japan.  Wonder what the legality is of complying with Subpoenas. There is probably also a Fed or NSA geek already monitoring  and mirroring this board.
Try again: http://whois.domaintools.com/50.97.137.52
Hosted at Softlayer in Dallas. Whois protected by a canadian company.

Interesting.  I thought I saw a whois and/or read discussion that bitcoin.org talk was hosted by Tibanne Co. Ltd??
Has that changed recently?
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!