01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
July 31, 2012, 11:58:06 AM Last edit: July 31, 2012, 12:39:42 PM by 01BTC10 |
|
Ouff! I was one of the first trading BTC at 39$ each. At first I thought a trading bot went wrong. My $ withdrawal never went trough. Then when I saw every BTC getting drained I knew something was definitely very wrong. Went to bed and now everything seem to have been rolled back. Stressful event... I really thought a significant part of my BTC was wubbed! That's why I spread all my funds between different exchange and a cold storage wallet. EDIT: I wish my balance is real BTCWithdrawal BTC is temporary off. This might not end well. EDIT2: Dear users of the Exchange Btc-e.com The exchange is not going to close. We will refund all losses from our reserves. Neither the servers nor the database were compromised. There were no SQL injections. At 04:07 MSK (GMT+4) our LR API Secret Key was compromised. It's 16 uppercase, lowercase letters and digits. They may have bruteforced it for long. Using the key the hacker imitated LR deposits from many accounts and bought up Bitcoins, Namecoins and Litecoins. We lost our daily volume, approx. 4500 BTC. The attacker couldn't withdraw more as most BTC were distributed over several offline wallets. At 10:30 we restored the database to the state it was at 04:00, right before the attack. All trades after 4:00 are reverted. People who attempted withdrawals before 04:00 MSK will get their funds withdrawn later today. For people who deposited BTC, LTC and NMC after 04:00 MSK the funds will be put to their balances before market opens. We are working on the scripts for this. If you deposited USD after 04:00 MSK you should send us your login, amount and payment system used by email or PM. Our plan: 1. The trade will be disabled until we restore the balances to the point before market crash. 2. After that, the trade and deposit/withdrawal will be back on, approx. within 1-2 days. Icq - 610112128 Skype - btc-e.support E-mail - support@btc-e.com
|
|
|
|
bitcoinism
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 31, 2012, 12:50:17 PM |
|
Neither the servers nor the database were compromised. There were no SQL injections.
At 04:07 MSK (GMT+4) our LR API Secret Key was compromised. It's 16 uppercase, lowercase letters and digits. They may have bruteforced it for long.
Using the key the hacker imitated LR deposits from many accounts and bought up Bitcoins, Namecoins and Litecoins. I wonder how the attack worked... You think there's a way to brute force the API key offline? Did btce or LR allow millions of attempts at guessing it? Probably got hacked some other way.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
July 31, 2012, 12:57:06 PM |
|
Neither the servers nor the database were compromised. There were no SQL injections.
At 04:07 MSK (GMT+4) our LR API Secret Key was compromised. It's 16 uppercase, lowercase letters and digits. They may have bruteforced it for long.
Using the key the hacker imitated LR deposits from many accounts and bought up Bitcoins, Namecoins and Litecoins. I wonder how the attack worked... You think there's a way to brute force the API key offline? Did btce or LR allow millions of attempts at guessing it? Probably got hacked some other way. Seems to me the secret key leaked. I bet that was a fault of LR.
|
|
|
|
AndrewBUD
|
|
July 31, 2012, 01:00:11 PM |
|
That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"
Unfortunately, it's not problem solved for at least two reasons. First, you can't rollback coin withdrawals. (They may have a similar problem with LR withdrawals, but I doubt it.) Second, you will have customers who will, in many cases justifiably, feel that rolling back legitimate trades rips them off. (You'll also have a bunch of jerks demanding to keep their ill-gotten gains, such as people who deposited BTC, sold them for $50 each, and then tried to withdraw USD. But screw them.) For example, consider someone who saw the price rise at BTC-e and then bought a Mt. Gox code and then bought bitcoins at Mt. Gox, withdrew them from Gox and deposited them at BTC-e. A rollback would give them their bitcoins back. That still leaves them out the commission they paid for the Gox code plus two Mt. Gox commissions (buying the bitcoins and then having to sell them). They also may take exchange losses depending on the timing and are left having to withdraw USD from Mt. Gox. After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back. I agree..... Some people are just greedy...
|
|
|
|
| 365 | TM | | | | EZ365 is a digital ecosystem that combines the best aspects of online gaming, cryptocurrency trading and blockchain education. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | | ..WHITEPAPER.. ..INVESTOR PITCH..
| | | | .'M████▀▀██ ██ W█Ws'V██ ██▄▄███▀▀█ i█████m.~M████▀▀██ ███ d███████Ws'V██ ██████ ****M██████m.~███f~~__mW█ ██▀▀▀████████= Y██▀▀██W ,gm███████ g█████▄▄▄██ █A~`_WW Y█ ██!,████████ g▀▀▀███ ████▀▀`_m████i!████P W███ ██ _███▄▄▄██▀▀▀███Af`_m███ █W ███A ]███ ██ __ ~~~▀▀▀▀▄▄▄█*f_m██████ ██i!██!i███████ Y█████▄▄▄▄__. i██▀▀▀██████████ █!,██████ 8█ █▀▀█████.!██ ██████████i! █████ '█ █ █ █W M█▄▄▄██████ ██ !██ !███▄▄█ ██i'██████████ ██ Y███████████.]██████████████ █ ███████b ███ ██████ Y █ █▀▀█i!██ ████ V███ █ █W Y█████ ~~▀███▄▄▄█['███ ~~*██ | | Play | | | | │ │ ███ │ ███ │ ███ │ │ ███ ███ │ ███ ███ ███ ███ │ ███ ███ ███ ███ ███ ███ ███ ███ ███ │ │ ███ ███ │ │ │ │ │ | | Trade | | | | __▄▄████▄▄ __▄▄███████████████▄▄▄ _▄▄█████████▀▀~`,▄████████████▄▄▄ ~▀▀████▀▀~`,_▄▄███████████████▀▀▀ d█~ =▀███████████████▀▀ ]█! m▄▄ '~▀▀▀████▀▀~~ ,_▄▄ ,W█. *████▄▄__ ' __▄▄█████ !██P █████████████████████ W█. - ██████████████████▀ i██[ ~ ▀▀█████████▀▀▀ g███! Y███ | | Learn |
[/tabl
|
|
|
Gabi
Legendary
Offline
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
|
|
July 31, 2012, 01:11:06 PM |
|
I agree too.
Btw, they had backups, they reverted the trades and they will pay everything, to me it seems BTC-E is facing the problem in the best way. Not like the idiots/scammers of bitcoinica
|
|
|
|
cryptoanarchist
Legendary
Offline
Activity: 1120
Merit: 1003
|
|
July 31, 2012, 01:11:48 PM |
|
That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"
Unfortunately, it's not problem solved for at least two reasons. First, you can't rollback coin withdrawals. (They may have a similar problem with LR withdrawals, but I doubt it.) Second, you will have customers who will, in many cases justifiably, feel that rolling back legitimate trades rips them off. (You'll also have a bunch of jerks demanding to keep their ill-gotten gains, such as people who deposited BTC, sold them for $50 each, and then tried to withdraw USD. But screw them.) For example, consider someone who saw the price rise at BTC-e and then bought a Mt. Gox code and then bought bitcoins at Mt. Gox, withdrew them from Gox and deposited them at BTC-e. A rollback would give them their bitcoins back. That still leaves them out the commission they paid for the Gox code plus two Mt. Gox commissions (buying the bitcoins and then having to sell them). They also may take exchange losses depending on the timing and are left having to withdraw USD from Mt. Gox. After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back. I agree..... Some people are just greedy... Oh please, it has nothing to do with being greedy (we all are). The trades got rolled back because they weren't real trades. If you sold for $50 of fake LR, you can't expect the exchange to pay you out in real LR. Btw, they had backups, they reverted the trades and they will pay everything, to me it seems BTC-E is facing the problem in the best way. Not like the idiots/scammers of bitcoinica
BTCe has handled this the best that can be expected. They didn't make the amateur mistakes that Bicoinica SUPPOSEDLY made (inside job). The eventual outcome of this will be heightened security for LR deposits - that's a good thing.
|
I'm grumpy!!
|
|
|
|
AndrewBUD
|
|
July 31, 2012, 01:17:19 PM |
|
That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"
Unfortunately, it's not problem solved for at least two reasons. First, you can't rollback coin withdrawals. (They may have a similar problem with LR withdrawals, but I doubt it.) Second, you will have customers who will, in many cases justifiably, feel that rolling back legitimate trades rips them off. (You'll also have a bunch of jerks demanding to keep their ill-gotten gains, such as people who deposited BTC, sold them for $50 each, and then tried to withdraw USD. But screw them.) For example, consider someone who saw the price rise at BTC-e and then bought a Mt. Gox code and then bought bitcoins at Mt. Gox, withdrew them from Gox and deposited them at BTC-e. A rollback would give them their bitcoins back. That still leaves them out the commission they paid for the Gox code plus two Mt. Gox commissions (buying the bitcoins and then having to sell them). They also may take exchange losses depending on the timing and are left having to withdraw USD from Mt. Gox. After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back. I agree..... Some people are just greedy... Oh please, it has nothing to do with being greedy (we all are). The trades got rolled back because they weren't real trades. If you sold for $50 of fake LR, you can't expect the exchange to pay you out in real LR. How do you figure it has nothing to do with being greedy? The second people saw a problem, they ran and tried to sell coins.. How is that not greedy?
|
|
|
|
| 365 | TM | | | | EZ365 is a digital ecosystem that combines the best aspects of online gaming, cryptocurrency trading and blockchain education. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | | ..WHITEPAPER.. ..INVESTOR PITCH..
| | | | .'M████▀▀██ ██ W█Ws'V██ ██▄▄███▀▀█ i█████m.~M████▀▀██ ███ d███████Ws'V██ ██████ ****M██████m.~███f~~__mW█ ██▀▀▀████████= Y██▀▀██W ,gm███████ g█████▄▄▄██ █A~`_WW Y█ ██!,████████ g▀▀▀███ ████▀▀`_m████i!████P W███ ██ _███▄▄▄██▀▀▀███Af`_m███ █W ███A ]███ ██ __ ~~~▀▀▀▀▄▄▄█*f_m██████ ██i!██!i███████ Y█████▄▄▄▄__. i██▀▀▀██████████ █!,██████ 8█ █▀▀█████.!██ ██████████i! █████ '█ █ █ █W M█▄▄▄██████ ██ !██ !███▄▄█ ██i'██████████ ██ Y███████████.]██████████████ █ ███████b ███ ██████ Y █ █▀▀█i!██ ████ V███ █ █W Y█████ ~~▀███▄▄▄█['███ ~~*██ | | Play | | | | │ │ ███ │ ███ │ ███ │ │ ███ ███ │ ███ ███ ███ ███ │ ███ ███ ███ ███ ███ ███ ███ ███ ███ │ │ ███ ███ │ │ │ │ │ | | Trade | | | | __▄▄████▄▄ __▄▄███████████████▄▄▄ _▄▄█████████▀▀~`,▄████████████▄▄▄ ~▀▀████▀▀~`,_▄▄███████████████▀▀▀ d█~ =▀███████████████▀▀ ]█! m▄▄ '~▀▀▀████▀▀~~ ,_▄▄ ,W█. *████▄▄__ ' __▄▄█████ !██P █████████████████████ W█. - ██████████████████▀ i██[ ~ ▀▀█████████▀▀▀ g███! Y███ | | Learn |
[/tabl
|
|
|
cryptoanarchist
Legendary
Offline
Activity: 1120
Merit: 1003
|
|
July 31, 2012, 01:20:25 PM |
|
Don't forget the worlds most powerful brute force cracking machine is being built, it's hard to know what is safe from some of the mining rigs out there now and there is custom hardware on the way...
Brute Force a 16 character password? I don't think so. Somehow the hacker found it.
|
I'm grumpy!!
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
July 31, 2012, 01:23:11 PM |
|
My account there has been completely restored. I guess that site isn't as crappy as everyone makes it out to be. This is basically the opposite of the MtGox hack crash - i.e. a hack rally. From what I understand the thief only got away with ~4k BTCs. That's still a good chunk of change, but it sounds like the exchange is covering it from reserves.
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
cryptoanarchist
Legendary
Offline
Activity: 1120
Merit: 1003
|
|
July 31, 2012, 01:23:30 PM |
|
How do you figure it has nothing to do with being greedy? The second people saw a problem, they ran and tried to sell coins.. How is that not greedy?
I disagreed with the statement that people deserved to have their trades rolled back because they should have known the price is wrong - they got rolled back because they weren't real trades. I didn't say it wasn't "greedy". We all operate in our own self interest (greed). There's nothing wrong with wanting to make more money. Now if by "greed" you mean being fraudulent, that's a different story.
|
I'm grumpy!!
|
|
|
AndrewBUD
|
|
July 31, 2012, 01:27:33 PM |
|
Yeah, I am probably thinking more on the terms of fraudulant...
|
|
|
|
| 365 | TM | | | | EZ365 is a digital ecosystem that combines the best aspects of online gaming, cryptocurrency trading and blockchain education. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | | ..WHITEPAPER.. ..INVESTOR PITCH..
| | | | .'M████▀▀██ ██ W█Ws'V██ ██▄▄███▀▀█ i█████m.~M████▀▀██ ███ d███████Ws'V██ ██████ ****M██████m.~███f~~__mW█ ██▀▀▀████████= Y██▀▀██W ,gm███████ g█████▄▄▄██ █A~`_WW Y█ ██!,████████ g▀▀▀███ ████▀▀`_m████i!████P W███ ██ _███▄▄▄██▀▀▀███Af`_m███ █W ███A ]███ ██ __ ~~~▀▀▀▀▄▄▄█*f_m██████ ██i!██!i███████ Y█████▄▄▄▄__. i██▀▀▀██████████ █!,██████ 8█ █▀▀█████.!██ ██████████i! █████ '█ █ █ █W M█▄▄▄██████ ██ !██ !███▄▄█ ██i'██████████ ██ Y███████████.]██████████████ █ ███████b ███ ██████ Y █ █▀▀█i!██ ████ V███ █ █W Y█████ ~~▀███▄▄▄█['███ ~~*██ | | Play | | | | │ │ ███ │ ███ │ ███ │ │ ███ ███ │ ███ ███ ███ ███ │ ███ ███ ███ ███ ███ ███ ███ ███ ███ │ │ ███ ███ │ │ │ │ │ | | Trade | | | | __▄▄████▄▄ __▄▄███████████████▄▄▄ _▄▄█████████▀▀~`,▄████████████▄▄▄ ~▀▀████▀▀~`,_▄▄███████████████▀▀▀ d█~ =▀███████████████▀▀ ]█! m▄▄ '~▀▀▀████▀▀~~ ,_▄▄ ,W█. *████▄▄__ ' __▄▄█████ !██P █████████████████████ W█. - ██████████████████▀ i██[ ~ ▀▀█████████▀▀▀ g███! Y███ | | Learn |
[/tabl
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
July 31, 2012, 01:40:17 PM |
|
Brute Force a 16 character password? I don't think so. Somehow the hacker found it.
Yep. Unless it was not random enough, like the full name of someone in charge or something - but then I wouldn't call it "brute force" any more either. The password probably leaked somehow. If I were behind BTC-e, I'm not sure I'd put the service back up before figuring out what happened. If somebody had access to the password once and you don't know how he did it, then what's to stop this person from have access to it again?
|
|
|
|
wndrbr3d
|
|
July 31, 2012, 01:55:28 PM |
|
It looks like some hacker/scammer injected a huge amount of FAKE capital and bought the ACTUAL coins on the market.
I don't think a hack like this means they have access to the wallet, it just looks like they pumped a bunch of funny money USD into the market to make the transactions legit. I suspect the coins are giggity-gone at this point.
I love being right
|
|
|
|
01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
July 31, 2012, 01:58:55 PM |
|
This event should remind everyone to change their password on BTC-E as a precaution. Or anywhere else the same password is used.
|
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
July 31, 2012, 01:59:02 PM |
|
It looks like some hacker/scammer injected a huge amount of FAKE capital and bought the ACTUAL coins on the market.
I don't think a hack like this means they have access to the wallet, it just looks like they pumped a bunch of funny money USD into the market to make the transactions legit. I suspect the coins are giggity-gone at this point.
I love being right Yeah, basically this is the opposite of the MtGox hack where lots of fake BTC were sold (price goes down). This time lots of fake USD were sold (price goes up).
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
runeks
Legendary
Offline
Activity: 980
Merit: 1008
|
|
July 31, 2012, 02:01:02 PM |
|
Everybody, please, repeat after me:
"The bitcoins I have on an exchange are not my bitcoins. They are an obligation of the exchange to pay me back said number of bitcoins."
If the exchange gets hacked and loses its bitcoins, it cannot meet that obligation, and you will have no bitcoins to withdraw. Hence, they were not and are not your bitcoins, they belonged to the exchange and now, possibly, to the hacker.
It's like having money in a bank without deposit insurance. It's not actually your money, it's a bank's obligation to pay you back the money on demand. Will they be able to meet that obligation? Who knows.
|
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
July 31, 2012, 02:03:50 PM |
|
Everybody, please, repeat after me:
"The bitcoins I have on an exchange are not my bitcoins. They are an obligation of the exchange to pay me back said number of bitcoins."
If the exchange gets hacked and loses its bitcoins, it cannot meet that obligation, and you will have no bitcoins to withdraw. Hence, they were not and are not your bitcoins, they belonged to the exchange.
It's like having money in a bank without deposit insurance. It's not actually your money, it's a bank's obligation to pay you back the money on demand. Will they be able to meet that obligation? Who knows.
+1
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
dree12
Legendary
Offline
Activity: 1246
Merit: 1077
|
|
July 31, 2012, 02:04:34 PM |
|
Everybody, please, repeat after me:
"The bitcoins I have on an exchange are not my bitcoins. They are an obligation of the exchange to pay me back said number of bitcoins."
If the exchange gets hacked and loses its bitcoins, it cannot meet that obligation, and you will have no bitcoins to withdraw. Hence, they were not and are not your bitcoins, they belonged to the exchange.
It's like having money in a bank without deposit insurance. It's not actually your money, it's a bank's obligation to pay you back the money on demand. Will they be able to meet that obligation? Who knows.
They are still your bitcoins, because they can be used as them on demand. That's like saying the money I have at the bank is not my money. Really, all money is just an obligation of someone to pay me back for something.
|
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
July 31, 2012, 02:12:26 PM |
|
Everybody, please, repeat after me:
"The bitcoins I have on an exchange are not my bitcoins. They are an obligation of the exchange to pay me back said number of bitcoins."
If the exchange gets hacked and loses its bitcoins, it cannot meet that obligation, and you will have no bitcoins to withdraw. Hence, they were not and are not your bitcoins, they belonged to the exchange.
It's like having money in a bank without deposit insurance. It's not actually your money, it's a bank's obligation to pay you back the money on demand. Will they be able to meet that obligation? Who knows.
They are still your bitcoins, because they can be used as them on demand. That's like saying the money I have at the bank is not my money. Really, all money is just an obligation of someone to pay me back for something. I don't think you read what he wrote very carefully. In a simple practical sense, a bitcoin is yours if you control its disbursement. If an exchange gets hacked and all its bitcoins stolen, and you had bitcoins on the exchange, you no longer have the ability to disburse those bitcoins. In other words, they're not yours anymore. And, as runeks pointed out, there's a big difference between money in a BTC exchange and money in a bank. Typically you have some state backed deposit insurance with the later. There is no such infrastructure in place for bitcoin, and there likely will never be.
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
|