dree12
Legendary
Offline
Activity: 1246
Merit: 1078
|
|
July 31, 2012, 02:01:14 AM |
|
From the BTC-E chat box: MrWubbles: now logging in as support to troll more MrWubbles: dev account has been deleted MrWubbles: dev account has been deleted MrWubbles: support is being deleted now MrWubbles: dumping everyone's wallets MrWubbles: bitinstant reserves have been leaked for days MrWubbles: all your base MrWubbles: I'm Mr Wubbles of wub fame MrWubbles: Expect Mass Database Leak Soon MrWubbles: wub database destroyed That can't be good, but how do we know he wasn't just trollololing? There is no reason not to suspect a database leak. The hacker must have gotten the fake USD in either through remote execution or SQL injection. Both these allow access to the database. What confuses me is why they did not simply hack the BTC in. They wouldn't be able to withdraw fake BTC. Why not?
|
|
|
|
Bitcoin Oz
|
|
July 31, 2012, 02:01:48 AM |
|
Site is down now.
|
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
July 31, 2012, 02:03:12 AM |
|
Site is down now.
Not for me.
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
tiberiandusk
|
|
July 31, 2012, 02:04:35 AM |
|
From the BTC-E chat box: MrWubbles: now logging in as support to troll more MrWubbles: dev account has been deleted MrWubbles: dev account has been deleted MrWubbles: support is being deleted now MrWubbles: dumping everyone's wallets MrWubbles: bitinstant reserves have been leaked for days MrWubbles: all your base MrWubbles: I'm Mr Wubbles of wub fame MrWubbles: Expect Mass Database Leak Soon MrWubbles: wub database destroyed That can't be good, but how do we know he wasn't just trollololing? There is no reason not to suspect a database leak. The hacker must have gotten the fake USD in either through remote execution or SQL injection. Both these allow access to the database. What confuses me is why they did not simply hack the BTC in. They wouldn't be able to withdraw fake BTC. Why not? They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.
|
|
|
|
terrytibbs
|
|
July 31, 2012, 02:05:00 AM |
|
I think it's time for the anonymous Russians to abandon ship!
|
|
|
|
BkkCoins
|
|
July 31, 2012, 02:06:44 AM |
|
Isn't the BTC-E exchange the one I reported here and said beware some months ago? Or maybe I'm getting mixed up.
Another one of these, "oops we were hacked" scams. Someone there is selling people's BTC on them and the USD will vanish soon. Any users have BTC there that seem to be missing from their account now?
|
|
|
|
dree12
Legendary
Offline
Activity: 1246
Merit: 1078
|
|
July 31, 2012, 02:07:58 AM |
|
From the BTC-E chat box: MrWubbles: now logging in as support to troll more MrWubbles: dev account has been deleted MrWubbles: dev account has been deleted MrWubbles: support is being deleted now MrWubbles: dumping everyone's wallets MrWubbles: bitinstant reserves have been leaked for days MrWubbles: all your base MrWubbles: I'm Mr Wubbles of wub fame MrWubbles: Expect Mass Database Leak Soon MrWubbles: wub database destroyed That can't be good, but how do we know he wasn't just trollololing? There is no reason not to suspect a database leak. The hacker must have gotten the fake USD in either through remote execution or SQL injection. Both these allow access to the database. What confuses me is why they did not simply hack the BTC in. They wouldn't be able to withdraw fake BTC. Why not? They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing. There's no practical difference between "fake" and "real" BTC or USD on an exchange. It can be withdrawn regardless. USD usually is more easily traceable, freezable, and is more dangerous, which is why the hacker could not withdraw that way.
|
|
|
|
finkleshnorts
|
|
July 31, 2012, 02:09:55 AM |
|
OMG... I had 180 Bitcoins there... Jesus...
My latest withdraw at btc-e webpage says "confirmed", but nothing reached my wallet yet.
40 Bitcoins was "sold" there... And 140 Bitcoins are stucked at some point there... In Russia... Damn!
Jesus no, please no...
|
|
|
|
Yankee (BitInstant)
Legendary
Offline
Activity: 1078
Merit: 1000
Charlie 'Van Bitcoin' Shrem
|
|
July 31, 2012, 02:10:02 AM |
|
The part of BitInstant reserves being leaked is false, our books are accurate
|
Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer. More about me: http://CharlieShrem.com
|
|
|
AndrewBUD
|
|
July 31, 2012, 02:12:11 AM |
|
The excitement around here never ends
|
|
|
|
| 365 | TM | | | | EZ365 is a digital ecosystem that combines the best aspects of online gaming, cryptocurrency trading and blockchain education. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | | ..WHITEPAPER.. ..INVESTOR PITCH..
| | | | .'M████▀▀██ ██ W█Ws'V██ ██▄▄███▀▀█ i█████m.~M████▀▀██ ███ d███████Ws'V██ ██████ ****M██████m.~███f~~__mW█ ██▀▀▀████████= Y██▀▀██W ,gm███████ g█████▄▄▄██ █A~`_WW Y█ ██!,████████ g▀▀▀███ ████▀▀`_m████i!████P W███ ██ _███▄▄▄██▀▀▀███Af`_m███ █W ███A ]███ ██ __ ~~~▀▀▀▀▄▄▄█*f_m██████ ██i!██!i███████ Y█████▄▄▄▄__. i██▀▀▀██████████ █!,██████ 8█ █▀▀█████.!██ ██████████i! █████ '█ █ █ █W M█▄▄▄██████ ██ !██ !███▄▄█ ██i'██████████ ██ Y███████████.]██████████████ █ ███████b ███ ██████ Y █ █▀▀█i!██ ████ V███ █ █W Y█████ ~~▀███▄▄▄█['███ ~~*██ | | Play | | | | │ │ ███ │ ███ │ ███ │ │ ███ ███ │ ███ ███ ███ ███ │ ███ ███ ███ ███ ███ ███ ███ ███ ███ │ │ ███ ███ │ │ │ │ │ | | Trade | | | | __▄▄████▄▄ __▄▄███████████████▄▄▄ _▄▄█████████▀▀~`,▄████████████▄▄▄ ~▀▀████▀▀~`,_▄▄███████████████▀▀▀ d█~ =▀███████████████▀▀ ]█! m▄▄ '~▀▀▀████▀▀~~ ,_▄▄ ,W█. *████▄▄__ ' __▄▄█████ !██P █████████████████████ W█. - ██████████████████▀ i██[ ~ ▀▀█████████▀▀▀ g███! Y███ | | Learn |
[/tabl
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
July 31, 2012, 02:12:15 AM |
|
They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.
Dude. All exchanges use a pooled wallet. There is no such things "your" BTC or "your BTC" wallet on BTC-E, MtGox or any other exchange. The exchange simply has one (or more) hot and/or cold wallets. Then they maintain a database of each user's balance, and trades change those balance. One could withdraw "fake" BTC just as easily as selling "fake" USD for BTC and withdrawing that. The likely reason for faking USD is simply because that is the exploit the hacker founds. Hacker found a way to add USD to his USD balance. Once had had that why try hacking any further. Give yourself huge amounts of USD, buy BTC and remove them from the exchange.
|
|
|
|
TTBit
Legendary
Offline
Activity: 1137
Merit: 1001
|
|
July 31, 2012, 02:12:22 AM |
|
No, that is first few. Waiting for some confirms.
|
good judgment comes from experience, and experience comes from bad judgment
|
|
|
dree12
Legendary
Offline
Activity: 1246
Merit: 1078
|
|
July 31, 2012, 02:14:15 AM |
|
They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.
Dude. All exchanges use a pooled wallet. There is no such things "your" BTC or "your BTC" wallet on BTC-E, MtGox or any other exchange. The exchange simply has one (or more) hot and/or cold wallets. Then they maintain a database of each user's balance, and trades change those balance. One could withdraw "fake" BTC just as easily as selling "fake" USD for BTC and withdrawing that. The likely reason for faking USD is simply because that is the exploit the hacker founds. Hacker found a way to add USD to his USD balance. Once had had that why try hacking any further. Give yourself huge amounts of USD, buy BTC and remove them from the exchange. If it was a SQL injection (extremely likely), it should have been just as easy to add BTC. I suspect the hacker may be intentionally messing with the exchange.
|
|
|
|
tiberiandusk
|
|
July 31, 2012, 02:14:31 AM |
|
They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.
Dude. All exchanges use a pooled wallet. There is no such things "your" BTC or "your BTC" wallet on BTC-E, MtGox or any other exchange. The exchange simply has one (or more) hot and/or cold wallets. Then they maintain a database of each user's balance, and trades change those balance. One could withdraw "fake" BTC just as easily as selling "fake" USD for BTC and withdrawing that. The likely reason for faking USD is simply because that is the exploit the hacker founds. Hacker found a way to add USD to his USD balance. Once had had that why try hacking any further. Give yourself huge amounts of USD, buy BTC and remove them from the exchange. I understand all that. What I was saying is that simply putting 50000 in the BTC balance box doesn't mean there is actually 500000 BTC there.
|
|
|
|
bg002h
Donator
Legendary
Offline
Activity: 1466
Merit: 1048
I outlived my lifetime membership:)
|
|
July 31, 2012, 02:15:54 AM |
|
Perhaps someone at BTC-E got hacked, and bought all the BTC they could.
If so, they may not be able to withdraw.
I vote hack vs. scam vs. clever stunt by the exchange to get more deposits.
|
|
|
|
adamstgBit
Legendary
Offline
Activity: 1904
Merit: 1037
Trusted Bitcoiner
|
|
July 31, 2012, 02:17:00 AM |
|
They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.
Dude. All exchanges use a pooled wallet. There is no such things "your" BTC or "your BTC" wallet on BTC-E, MtGox or any other exchange. The exchange simply has one (or more) hot and/or cold wallets. Then they maintain a database of each user's balance, and trades change those balance. One could withdraw "fake" BTC just as easily as selling "fake" USD for BTC and withdrawing that. The likely reason for faking USD is simply because that is the exploit the hacker founds. Hacker found a way to add USD to his USD balance. Once had had that why try hacking any further. Give yourself huge amounts of USD, buy BTC and remove them from the exchange. If it was a SQL injection (extremely likely), it should have been just as easy to add BTC. I suspect the hacker may be intentionally messing with the exchange. if BTC-e wasn't protected against SQL injection.... that's just sad...
|
|
|
|
adamstgBit
Legendary
Offline
Activity: 1904
Merit: 1037
Trusted Bitcoiner
|
|
July 31, 2012, 02:17:38 AM |
|
Perhaps someone at BTC-E got hacked, and bought all the BTC they could.
If so, they may not be able to withdraw.
I vote hack vs. scam vs. clever stunt by the exchange to get more deposits. i lol'd
|
|
|
|
Chalkbot
Legendary
Offline
Activity: 896
Merit: 1001
|
|
July 31, 2012, 02:19:18 AM |
|
Is there a reliable way of knowing how many of these fraudulently purchased BTC made it out of the exchange?
|
|
|
|
ydenys
Member
Offline
Activity: 96
Merit: 10
|
|
July 31, 2012, 02:20:16 AM |
|
While mildly exiting, it is actually no fun. Are you, guys, saying that someone can ‘inject’ fake btc into major exchange/service provider, then exchange between the currencies/withdraw and the surplus of the coins would be recorded into the blockchain?
|
|
|
|
|