Bitcoin Forum
November 19, 2024, 02:06:59 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 »  All
  Print  
Author Topic: BTC-E.COM NICE RECOVERY FROM THE HACK! =)  (Read 51047 times)
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1078



View Profile
July 31, 2012, 02:01:14 AM
 #81

From the BTC-E chat box:

Quote
MrWubbles: now logging in as support to troll more
MrWubbles: dev account has been deleted
MrWubbles: dev account has been deleted
MrWubbles: support is being deleted now
MrWubbles: dumping everyone's wallets
MrWubbles: bitinstant reserves have been leaked for days
MrWubbles: all your base
MrWubbles: I'm Mr Wubbles of wub fame
MrWubbles: Expect Mass Database Leak Soon
MrWubbles: wub database destroyed

That can't be good, but how do we know he wasn't just trollololing?
There is no reason not to suspect a database leak.

The hacker must have gotten the fake USD in either through remote execution or SQL injection. Both these allow access to the database.

What confuses me is why they did not simply hack the BTC in.

They wouldn't be able to withdraw fake BTC.
Why not?
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
July 31, 2012, 02:01:48 AM
 #82

Site is down now.

jwzguy
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1002



View Profile
July 31, 2012, 02:01:53 AM
 #83

Um... no. 2.18 of it to: 12JGzgb7ezdp5UT4EoJN3Spcn3P8fyyFav
http://blockexplorer.com/address/12JGzgb7ezdp5UT4EoJN3Spcn3P8fyyFav
0BTC
Did you get any out successfully?
hazek
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
July 31, 2012, 02:03:12 AM
 #84

Site is down now.

Not for me.

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
tiberiandusk
Hero Member
*****
Offline Offline

Activity: 575
Merit: 500


The North Remembers


View Profile WWW
July 31, 2012, 02:04:35 AM
 #85

From the BTC-E chat box:

Quote
MrWubbles: now logging in as support to troll more
MrWubbles: dev account has been deleted
MrWubbles: dev account has been deleted
MrWubbles: support is being deleted now
MrWubbles: dumping everyone's wallets
MrWubbles: bitinstant reserves have been leaked for days
MrWubbles: all your base
MrWubbles: I'm Mr Wubbles of wub fame
MrWubbles: Expect Mass Database Leak Soon
MrWubbles: wub database destroyed

That can't be good, but how do we know he wasn't just trollololing?
There is no reason not to suspect a database leak.

The hacker must have gotten the fake USD in either through remote execution or SQL injection. Both these allow access to the database.

What confuses me is why they did not simply hack the BTC in.

They wouldn't be able to withdraw fake BTC.
Why not?

They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.

Bitcoin Auction House http://www.BitBid.net BTC - 1EwfBVC6BwA6YeqcYZmm3htwykK3MStW6N | LTC - LdBpJJHj4WSAsUqaTbwyJQFiG1tVjo4Uys Don't get Goxed.
terrytibbs
Hero Member
*****
Offline Offline

Activity: 560
Merit: 501



View Profile
July 31, 2012, 02:05:00 AM
 #86

I think it's time for the anonymous Russians to abandon ship!
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1009


firstbits:1MinerQ


View Profile WWW
July 31, 2012, 02:06:44 AM
 #87

Isn't the BTC-E exchange the one I reported here and said beware some months ago? Or maybe I'm getting mixed up.

Another one of these, "oops we were hacked" scams. Someone there is selling people's BTC on them and the USD will vanish soon. Any users have BTC there that seem to be missing from their account now?

dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1078



View Profile
July 31, 2012, 02:07:58 AM
 #88

From the BTC-E chat box:

Quote
MrWubbles: now logging in as support to troll more
MrWubbles: dev account has been deleted
MrWubbles: dev account has been deleted
MrWubbles: support is being deleted now
MrWubbles: dumping everyone's wallets
MrWubbles: bitinstant reserves have been leaked for days
MrWubbles: all your base
MrWubbles: I'm Mr Wubbles of wub fame
MrWubbles: Expect Mass Database Leak Soon
MrWubbles: wub database destroyed

That can't be good, but how do we know he wasn't just trollololing?
There is no reason not to suspect a database leak.

The hacker must have gotten the fake USD in either through remote execution or SQL injection. Both these allow access to the database.

What confuses me is why they did not simply hack the BTC in.

They wouldn't be able to withdraw fake BTC.
Why not?

They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.

There's no practical difference between "fake" and "real" BTC or USD on an exchange. It can be withdrawn regardless. USD usually is more easily traceable, freezable, and is more dangerous, which is why the hacker could not withdraw that way.
finkleshnorts
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250



View Profile
July 31, 2012, 02:09:55 AM
 #89

OMG... I had 180 Bitcoins there... Jesus...

My latest withdraw at btc-e webpage says "confirmed", but nothing reached my wallet yet.

40 Bitcoins was "sold" there... And 140 Bitcoins are stucked at some point there... In Russia... Damn!

Jesus no, please no...
Yankee (BitInstant)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1000


Charlie 'Van Bitcoin' Shrem


View Profile WWW
July 31, 2012, 02:10:02 AM
 #90

The part of BitInstant reserves being leaked is false, our books are accurate

Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer.

More about me: http://CharlieShrem.com
AndrewBUD
Hero Member
*****
Offline Offline

Activity: 1078
Merit: 502



View Profile WWW
July 31, 2012, 02:12:11 AM
 #91

The excitement around here never ends


▄▄▄███████▄▄▄
▄▄█████▀▀''`▀▀█████▄▄
▄███P'            `YY██▄
▄██P'                  `Y██▄
███'                      `███
███'                         ███
▄██'   ▄█████▄▄  ,▄▄▄▄▄▄▄▄▄▄p   ███
▄██▀  ,████▀P▀███.`██████████P   ▀██▄
███[ ,████ __. ███.   ,▄████▀    ███
███[ ]████████████[  ▄████▀       ███
███[ `████   ,oo2 ▄████▀'       ,███
▀██▄  `████▄▄█████d███████████   ▄██▀
▀██.   `▀▀▀▀▀▀"  Y▀▀▀▀▀▀▀▀▀▀▀  ,██▀
███.                        ,███
▀██▄                      ▄██▀
▀███▄_                 ,███▀
▀███▄▄_          _▄▄███▀
▀▀████▄▄ooo▄▄█████▀
▀▀███████▀▀'

365

TM

EZ365 is a digital ecosystem that combines
the best aspects of online gaming, cryptocurrency
trading
and blockchain education. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

..WHITEPAPER..    ..INVESTOR PITCH..

.Telegram     Twitter   Facebook

                       .'M████▀▀██  ██
                      W█Ws'V██  ██▄▄███▀▀█
                     i█████m.~M████▀▀██  ███
                     d███████Ws'V██  ██████
                     ****M██████m.~███f~~__mW█
          ██▀▀▀████████=  Y██▀▀██W ,gm███████
      g█████▄▄▄██   █A~`_WW Y█  ██!,████████
   g▀▀▀███   ████▀▀`_m████i!████P W███  ██
 _███▄▄▄██▀▀▀███Af`_m███   █W ███A ]███  ██
__ ~~~▀▀▀▀▄▄▄█*f_m██████   ██i!██!i███████
Y█████▄▄▄▄__. i██▀▀▀██████████ █!,██████
 8█  █▀▀█████.!██   ██████████i! █████
 '█  █  █   █W M█▄▄▄██████   ██ !██
  !███▄▄█   ██i'██████████   ██
   Y███████████.]██████████████
   █   ███████b ███   ██████
   Y   █   █▀▀█i!██   ████
    V███   █  █W Y█████
      ~~▀███▄▄▄█['███
            ~~*██

Play

            │
    │      ███
    │      ███
    │      ███
    │   │  ███
   ███  │  ███
   ███ ███ ███
 │  ███ ███ ███
███ ███ ███ ███
███ ███  │   │
███ ███  │   │
 │   │
 │

Trade

           __▄▄████▄▄
     __▄▄███████████████▄▄▄
 _▄▄█████████▀▀~`,▄████████████▄▄▄
 ~▀▀████▀▀~`,_▄▄███████████████▀▀▀
   d█~  =▀███████████████▀▀
   ]█! m▄▄ '~▀▀▀████▀▀~~ ,_▄▄
  ,W█. *████▄▄__ '  __▄▄█████
  !██P  █████████████████████
   W█. - ██████████████████▀
  i██[   ~ ▀▀█████████▀▀▀
 g███!
Y███

Learn
[/tabl
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
July 31, 2012, 02:12:15 AM
 #92

They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.

Dude.  All exchanges use a pooled wallet.  There is no such things "your" BTC or "your BTC" wallet on BTC-E, MtGox or any other exchange.  The exchange simply has one (or more) hot and/or cold wallets.  Then they maintain a database of each user's balance, and trades change those balance.     One could withdraw "fake" BTC just as easily as selling "fake" USD for BTC and withdrawing that.

The likely reason for faking USD is simply because that is the exploit the hacker founds.  Hacker found a way to add USD to his USD balance.  Once had had that why try hacking any further.  Give yourself huge amounts of USD, buy BTC and remove them from the exchange.
TTBit
Legendary
*
Offline Offline

Activity: 1137
Merit: 1001


View Profile
July 31, 2012, 02:12:22 AM
 #93

Um... no. 2.18 of it to: 12JGzgb7ezdp5UT4EoJN3Spcn3P8fyyFav
http://blockexplorer.com/address/12JGzgb7ezdp5UT4EoJN3Spcn3P8fyyFav
0BTC
Did you get any out successfully?

No, that is first few. Waiting for some confirms.

good judgment comes from experience, and experience comes from bad judgment
dree12
Legendary
*
Offline Offline

Activity: 1246
Merit: 1078



View Profile
July 31, 2012, 02:14:15 AM
 #94

They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.

Dude.  All exchanges use a pooled wallet.  There is no such things "your" BTC or "your BTC" wallet on BTC-E, MtGox or any other exchange.  The exchange simply has one (or more) hot and/or cold wallets.  Then they maintain a database of each user's balance, and trades change those balance.     One could withdraw "fake" BTC just as easily as selling "fake" USD for BTC and withdrawing that.

The likely reason for faking USD is simply because that is the exploit the hacker founds.  Hacker found a way to add USD to his USD balance.  Once had had that why try hacking any further.  Give yourself huge amounts of USD, buy BTC and remove them from the exchange.
If it was a SQL injection (extremely likely), it should have been just as easy to add BTC. I suspect the hacker may be intentionally messing with the exchange.
tiberiandusk
Hero Member
*****
Offline Offline

Activity: 575
Merit: 500


The North Remembers


View Profile WWW
July 31, 2012, 02:14:31 AM
 #95

They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.

Dude.  All exchanges use a pooled wallet.  There is no such things "your" BTC or "your BTC" wallet on BTC-E, MtGox or any other exchange.  The exchange simply has one (or more) hot and/or cold wallets.  Then they maintain a database of each user's balance, and trades change those balance.     One could withdraw "fake" BTC just as easily as selling "fake" USD for BTC and withdrawing that.

The likely reason for faking USD is simply because that is the exploit the hacker founds.  Hacker found a way to add USD to his USD balance.  Once had had that why try hacking any further.  Give yourself huge amounts of USD, buy BTC and remove them from the exchange.

I understand all that. What I was saying is that simply putting 50000 in the BTC balance box doesn't mean there is actually 500000 BTC there.

Bitcoin Auction House http://www.BitBid.net BTC - 1EwfBVC6BwA6YeqcYZmm3htwykK3MStW6N | LTC - LdBpJJHj4WSAsUqaTbwyJQFiG1tVjo4Uys Don't get Goxed.
bg002h
Donator
Legendary
*
Offline Offline

Activity: 1466
Merit: 1048


I outlived my lifetime membership:)


View Profile WWW
July 31, 2012, 02:15:54 AM
 #96

Perhaps someone at BTC-E got hacked, and bought all the BTC they could.

If so, they may not be able to withdraw.
I vote hack vs. scam vs. clever stunt by the exchange to get more deposits.

Hardforks aren't that hard. It’s getting others to use them that's hard.
1GCDzqmX2Cf513E8NeThNHxiYEivU1Chhe
adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1037


Trusted Bitcoiner


View Profile WWW
July 31, 2012, 02:17:00 AM
 #97

They wouldn't be able to withdraw any USD since it's fake. Saying you have 500000 fake BTC on BTC-e doesn't mean anything if you don't actually have the keys to those coins in an actual wallet. They used fake USD to buy real BTC then ride off into the sunset laughing.

Dude.  All exchanges use a pooled wallet.  There is no such things "your" BTC or "your BTC" wallet on BTC-E, MtGox or any other exchange.  The exchange simply has one (or more) hot and/or cold wallets.  Then they maintain a database of each user's balance, and trades change those balance.     One could withdraw "fake" BTC just as easily as selling "fake" USD for BTC and withdrawing that.

The likely reason for faking USD is simply because that is the exploit the hacker founds.  Hacker found a way to add USD to his USD balance.  Once had had that why try hacking any further.  Give yourself huge amounts of USD, buy BTC and remove them from the exchange.
If it was a SQL injection (extremely likely), it should have been just as easy to add BTC. I suspect the hacker may be intentionally messing with the exchange.

if BTC-e wasn't protected against  SQL injection.... that's just sad...

adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1037


Trusted Bitcoiner


View Profile WWW
July 31, 2012, 02:17:38 AM
 #98

Perhaps someone at BTC-E got hacked, and bought all the BTC they could.

If so, they may not be able to withdraw.
I vote hack vs. scam vs. clever stunt by the exchange to get more deposits.

i lol'd  Cheesy

Chalkbot
Legendary
*
Offline Offline

Activity: 896
Merit: 1001



View Profile
July 31, 2012, 02:19:18 AM
 #99

Is there a reliable way of knowing how many of these fraudulently purchased BTC made it out of the exchange?
ydenys
Member
**
Offline Offline

Activity: 96
Merit: 10


View Profile
July 31, 2012, 02:20:16 AM
 #100

While mildly exiting, it is actually no fun. Are you, guys, saying that someone can ‘inject’ fake btc into major exchange/service provider, then exchange between the currencies/withdraw and the surplus of the coins would be recorded into the blockchain?
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!