Bitcoin Forum
September 19, 2018, 11:50:05 PM *
News: ♦♦ Bitcoin Core users must update to 0.16.3 [Torrent]. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 »  All
  Print  
Author Topic: BTC-E.COM NICE RECOVERY FROM THE HACK! =)  (Read 50601 times)
cryptoanarchist
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000



View Profile
July 31, 2012, 11:57:57 AM
 #301

Whew...well, my BTC withdrawal went through, so I got my coins out of there. I was late to the party so I still have USD and LTC stuck there though.

 Undecided

I'm grumpy!!
1537401005
Hero Member
*
Offline Offline

Posts: 1537401005

View Profile Personal Message (Offline)

Ignore
1537401005
Reply with quote  #2

1537401005
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537401005
Hero Member
*
Offline Offline

Posts: 1537401005

View Profile Personal Message (Offline)

Ignore
1537401005
Reply with quote  #2

1537401005
Report to moderator
01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 500



View Profile
July 31, 2012, 11:58:06 AM
 #302

Ouff!

I was one of the first trading BTC at 39$ each. At first I thought a trading bot went wrong. My $ withdrawal never went trough. Then when I saw every BTC getting drained I knew something was definitely very wrong. Went to bed and now everything seem to have been rolled back.   Cheesy

Stressful event... I really thought a significant part of my BTC was wubbed! That's why I spread all my funds between different exchange and a cold storage wallet.  Shocked


EDIT: I wish my balance is real BTC

Quote
Withdrawal BTC is temporary off.

This might not end well.

EDIT2:

Quote
Dear users of the Exchange Btc-e.com

The exchange is not going to close. We will refund all losses from our reserves.

Neither the servers nor the database were compromised. There were no SQL injections.

At 04:07 MSK (GMT+4) our LR API Secret Key was compromised. It's 16 uppercase, lowercase letters and digits. They may have bruteforced it for long.

Using the key the hacker imitated LR deposits from many accounts and bought up Bitcoins, Namecoins and Litecoins.

We lost our daily volume, approx. 4500 BTC. The attacker couldn't withdraw more
as most BTC were distributed over several offline wallets.

At 10:30 we restored the database to the state it was at 04:00, right before the attack. All trades after 4:00 are reverted.

People who attempted withdrawals before 04:00 MSK will get their funds withdrawn later today.

For people who deposited BTC, LTC and NMC after 04:00 MSK the funds will be put to their balances before market opens.
We are working on the scripts for this.

If you deposited USD after 04:00 MSK you should send us your login, amount and payment system used by email or PM.

Our plan:

1. The trade will be disabled until we restore the balances to the point before market crash.

2. After that, the trade and deposit/withdrawal will be back on, approx. within 1-2 days.

Icq - 610112128
Skype - btc-e.support
E-mail - support@btc-e.com
bitcoinism
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
July 31, 2012, 12:50:17 PM
 #303

Quote
Neither the servers nor the database were compromised. There were no SQL injections.

At 04:07 MSK (GMT+4) our LR API Secret Key was compromised. It's 16 uppercase, lowercase letters and digits. They may have bruteforced it for long.

Using the key the hacker imitated LR deposits from many accounts and bought up Bitcoins, Namecoins and Litecoins.

I wonder how the attack worked... You think there's a way to brute force the API key offline? Did btce or LR allow millions of attempts at guessing it? Probably got hacked some other way.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2044
Merit: 1007

Newbie


View Profile
July 31, 2012, 12:57:06 PM
 #304

Quote
Neither the servers nor the database were compromised. There were no SQL injections.

At 04:07 MSK (GMT+4) our LR API Secret Key was compromised. It's 16 uppercase, lowercase letters and digits. They may have bruteforced it for long.

Using the key the hacker imitated LR deposits from many accounts and bought up Bitcoins, Namecoins and Litecoins.

I wonder how the attack worked... You think there's a way to brute force the API key offline? Did btce or LR allow millions of attempts at guessing it? Probably got hacked some other way.

Seems to me the secret key leaked. I bet that was a fault of LR.
AndrewBUD
Hero Member
*****
Online Online

Activity: 840
Merit: 500



View Profile WWW
July 31, 2012, 01:00:11 PM
 #305

That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"
Unfortunately, it's not problem solved for at least two reasons. First, you can't rollback coin withdrawals. (They may have a similar problem with LR withdrawals, but I doubt it.) Second, you will have customers who will, in many cases justifiably, feel that rolling back legitimate trades rips them off. (You'll also have a bunch of jerks demanding to keep their ill-gotten gains, such as people who deposited BTC, sold them for $50 each, and then tried to withdraw USD. But screw them.)

For example, consider someone who saw the price rise at BTC-e and then bought a Mt. Gox code and then bought bitcoins at Mt. Gox, withdrew them from Gox and deposited them at BTC-e. A rollback would give them their bitcoins back. That still leaves them out the commission they paid for the Gox code plus  two Mt. Gox commissions (buying the bitcoins and then having to sell them). They also may take exchange losses depending on the timing and are left having to withdraw USD from Mt. Gox.
After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back.


I agree..... Some people are just greedy...

Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
July 31, 2012, 01:11:06 PM
 #306

I agree too.

Btw, they had backups, they reverted the trades and they will pay everything, to me it seems BTC-E is facing the problem in the best way. Not like the idiots/scammers of bitcoinica

cryptoanarchist
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000



View Profile
July 31, 2012, 01:11:48 PM
 #307

That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"
Unfortunately, it's not problem solved for at least two reasons. First, you can't rollback coin withdrawals. (They may have a similar problem with LR withdrawals, but I doubt it.) Second, you will have customers who will, in many cases justifiably, feel that rolling back legitimate trades rips them off. (You'll also have a bunch of jerks demanding to keep their ill-gotten gains, such as people who deposited BTC, sold them for $50 each, and then tried to withdraw USD. But screw them.)

For example, consider someone who saw the price rise at BTC-e and then bought a Mt. Gox code and then bought bitcoins at Mt. Gox, withdrew them from Gox and deposited them at BTC-e. A rollback would give them their bitcoins back. That still leaves them out the commission they paid for the Gox code plus  two Mt. Gox commissions (buying the bitcoins and then having to sell them). They also may take exchange losses depending on the timing and are left having to withdraw USD from Mt. Gox.
After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back.


I agree..... Some people are just greedy...

Oh please, it has nothing to do with being greedy (we all are). The trades got rolled back because they weren't real trades. If you sold for $50 of fake LR, you can't expect the exchange to pay you out in real LR.

Btw, they had backups, they reverted the trades and they will pay everything, to me it seems BTC-E is facing the problem in the best way. Not like the idiots/scammers of bitcoinica


BTCe has handled this the best that can be expected. They didn't make the amateur mistakes that Bicoinica SUPPOSEDLY made (inside job).

The eventual outcome of this will be heightened security for LR deposits - that's a good thing.


I'm grumpy!!
EnergyVampire
Full Member
***
Offline Offline

Activity: 210
Merit: 100



View Profile
July 31, 2012, 01:14:13 PM
 #308

Hmm... I'm still a bit confused.
All that noise and only 4500 BTC were stolen?!  Cheesy
I'm guessing LTC and NMC withdrawals were capped as well?

http://blockchain.info/block-index/256991/000000000000076b892483f7c33fe7e44b577ec2f2a5f1bf9df71952a1184578

AndrewBUD
Hero Member
*****
Online Online

Activity: 840
Merit: 500



View Profile WWW
July 31, 2012, 01:17:19 PM
 #309

That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"
Unfortunately, it's not problem solved for at least two reasons. First, you can't rollback coin withdrawals. (They may have a similar problem with LR withdrawals, but I doubt it.) Second, you will have customers who will, in many cases justifiably, feel that rolling back legitimate trades rips them off. (You'll also have a bunch of jerks demanding to keep their ill-gotten gains, such as people who deposited BTC, sold them for $50 each, and then tried to withdraw USD. But screw them.)

For example, consider someone who saw the price rise at BTC-e and then bought a Mt. Gox code and then bought bitcoins at Mt. Gox, withdrew them from Gox and deposited them at BTC-e. A rollback would give them their bitcoins back. That still leaves them out the commission they paid for the Gox code plus  two Mt. Gox commissions (buying the bitcoins and then having to sell them). They also may take exchange losses depending on the timing and are left having to withdraw USD from Mt. Gox.
After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back.


I agree..... Some people are just greedy...

Oh please, it has nothing to do with being greedy (we all are). The trades got rolled back because they weren't real trades. If you sold for $50 of fake LR, you can't expect the exchange to pay you out in real LR.

How do you figure it has nothing to do with being greedy? The second people saw a problem, they ran and tried to sell coins.. How is that not greedy?


cryptoanarchist
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000



View Profile
July 31, 2012, 01:20:25 PM
 #310

Don't forget the worlds most powerful brute force cracking machine is being built, it's hard to know what is safe from some of the mining rigs out there now and there is custom hardware on the way...

Brute Force a 16 character password? I don't think so. Somehow the hacker found it.

I'm grumpy!!
proudhon
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000



View Profile
July 31, 2012, 01:23:11 PM
 #311

My account there has been completely restored.  I guess that site isn't as crappy as everyone makes it out to be.  This is basically the opposite of the MtGox hack crash - i.e. a hack rally.  From what I understand the thief only got away with ~4k BTCs.  That's still a good chunk of change, but it sounds like the exchange is covering it from reserves.
cryptoanarchist
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000



View Profile
July 31, 2012, 01:23:30 PM
 #312


How do you figure it has nothing to do with being greedy? The second people saw a problem, they ran and tried to sell coins.. How is that not greedy?


I disagreed with the statement that people deserved to have their trades rolled back because they should have known the price is wrong - they got rolled back because they weren't real trades.

I didn't say it wasn't "greedy". We all operate in our own self interest (greed). There's nothing wrong with wanting to make more money.

Now if by "greed" you mean being fraudulent, that's a different story.

I'm grumpy!!
AndrewBUD
Hero Member
*****
Online Online

Activity: 840
Merit: 500



View Profile WWW
July 31, 2012, 01:27:33 PM
 #313

Yeah, I am probably thinking more on the terms of fraudulant...




caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1001



View Profile
July 31, 2012, 01:40:17 PM
 #314

Brute Force a 16 character password? I don't think so. Somehow the hacker found it.

Yep. Unless it was not random enough, like the full name of someone in charge or something - but then I wouldn't call it "brute force" any more either.

The password probably leaked somehow. If I were behind BTC-e, I'm not sure I'd put the service back up before figuring out what happened. If somebody had access to the password once and you don't know how he did it, then what's to stop this person from have access to it again?

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
wndrbr3d
Hero Member
*****
Offline Offline

Activity: 817
Merit: 500


The Premier Digital Asset Management Ecosystem


View Profile
July 31, 2012, 01:55:28 PM
 #315

It looks like some hacker/scammer injected a huge amount of FAKE capital and bought the ACTUAL coins on the market.

I don't think a hack like this means they have access to the wallet, it just looks like they pumped a bunch of funny money USD into the market to make the transactions legit. I suspect the coins are giggity-gone at this point.

I love being right  Tongue



▄▄           ▄▄▄▄▄▄             ▄▄▄▄▄▄           ▄▄         ▄▄        ▄▄             ▄▄▄▄▄▄            ▄▄                  ▄             ▄▄▄▄▄▄▄ 
██        ▄██▀▀▀▀▀▀██        ▄██▀▀▀▀▀▀██▄        ███▄       ██        ██          ▄██▀▀▀▀▀▀██▄         ██                 ███            ██▀▀▀▀██▄
██       ██▀                ██▀        ▀██       █████▄     ██        ██         ██▀        ▀██        ██                ██ ██           ██     ██
██      ▐█▌                ▐█▌          ▐█▌      ██ ▀███▄   ██        ██        ▐█▌          ▐█▌       ██               ██   ██          ██▄▄▄▄█▀
██      ▐█▌                ▐█▌          ▐█▌      ██   ▀███▄ ██        ██        ▐█▌          ▐█▌       ██              ██     ██         ██▀▀▀▀██▄
██       ██▄                ██▄        ▄██       ██     ▀█████        ██         ██▄      ▄▄  █        ██             ██       ██        ██     ██
██        ▀██▄▄▄▄▄▄██        ▀██▄▄▄▄▄▄██▀        ██       ▀███        ██          ▀██▄▄▄▄▄ ██          ██▄▄▄▄▄▄      ██         ██       ██▄▄▄▄██▀
▀▀           ▀▀▀▀▀▀             ▀▀▀▀▀▀           ▀▀         ▀▀        ▀▀             ▀▀▀▀▀  ▀▀         ▀▀▀▀▀▀▀▀     ▀▀           ▀▀      ▀▀▀▀▀▀▀ 
           ▄▄███▄▄
     ▄▄███████████▄▄
 ▄▄███████████████████▄▄
███████████▌ ▐███████████
██▌ ▐███████ ███████▌ ▐██
███ ████▀▀██ ██▀▀████ ███
███ ██▀▄████ ████▄▀██ ███
███ ██ █████ █████ ██ ███
███ ██ █████ █████ ██ ███
███ ██ █████ █████ ██ ███
 ▀▀ ██ █████ █████ ██ ▀▀
     ▀ █████ █████ ▀
         ▀▀█ █▀▀
The Premier   ───────────────────
Digital Asset Management Ecosystem
────────   Powered by the ICNQ Token


▾  Medium
▾  Twitter
▾  LinkedIn
▾  Subscribe


.I C N Q   T O K E N.

The Token for Digital Asset Management
01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 500



View Profile
July 31, 2012, 01:58:55 PM
 #316

This event should remind everyone to change their password on BTC-E as a precaution. Or anywhere else the same password is used.
proudhon
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000



View Profile
July 31, 2012, 01:59:02 PM
 #317

It looks like some hacker/scammer injected a huge amount of FAKE capital and bought the ACTUAL coins on the market.

I don't think a hack like this means they have access to the wallet, it just looks like they pumped a bunch of funny money USD into the market to make the transactions legit. I suspect the coins are giggity-gone at this point.

I love being right  Tongue

Yeah, basically this is the opposite of the MtGox hack where lots of fake BTC were sold (price goes down).  This time lots of fake USD were sold (price goes up).
runeks
Legendary
*
Offline Offline

Activity: 952
Merit: 1000



View Profile WWW
July 31, 2012, 02:01:02 PM
 #318

Everybody, please, repeat after me:

"The bitcoins I have on an exchange are not my bitcoins. They are an obligation of the exchange to pay me back said number of bitcoins."

If the exchange gets hacked and loses its bitcoins, it cannot meet that obligation, and you will have no bitcoins to withdraw. Hence, they were not and are not your bitcoins, they belonged to the exchange and now, possibly, to the hacker.

It's like having money in a bank without deposit insurance. It's not actually your money, it's a bank's obligation to pay you back the money on demand. Will they be able to meet that obligation? Who knows.
proudhon
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000



View Profile
July 31, 2012, 02:03:50 PM
 #319

Everybody, please, repeat after me:

"The bitcoins I have on an exchange are not my bitcoins. They are an obligation of the exchange to pay me back said number of bitcoins."

If the exchange gets hacked and loses its bitcoins, it cannot meet that obligation, and you will have no bitcoins to withdraw. Hence, they were not and are not your bitcoins, they belonged to the exchange.

It's like having money in a bank without deposit insurance. It's not actually your money, it's a bank's obligation to pay you back the money on demand. Will they be able to meet that obligation? Who knows.

+1
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1031



View Profile
July 31, 2012, 02:04:34 PM
 #320

Everybody, please, repeat after me:

"The bitcoins I have on an exchange are not my bitcoins. They are an obligation of the exchange to pay me back said number of bitcoins."

If the exchange gets hacked and loses its bitcoins, it cannot meet that obligation, and you will have no bitcoins to withdraw. Hence, they were not and are not your bitcoins, they belonged to the exchange.

It's like having money in a bank without deposit insurance. It's not actually your money, it's a bank's obligation to pay you back the money on demand. Will they be able to meet that obligation? Who knows.
They are still your bitcoins, because they can be used as them on demand. That's like saying the money I have at the bank is not my money. Really, all money is just an obligation of someone to pay me back for something.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!