https://bitcointalksearch.org/topic/emergency-ann-bitcoinica-site-is-taken-offline-for-security-investigation-81045Today, we have discovered a suspicious Bitcoin transaction that doesn't seem to be initiated by any one of the company owners. Some of them are not online at the moment so this is not conclusive.
Suspicious transaction:
{
"account" : "",
"address" : "182tGyiczhXSSCTciVujNRkkMw1zQxUVhp",
"category" : "send",
"amount" : -18547.66867623,
"fee" : 0.00000000,
"blockhash" : "00000000000003f6bfd3e2fcbf76091853b28be234b5473a67f89b9d5bee019c",
"blockindex" : 1,
"txid" : "7a22917744aa9ed740faf3068a2f895424ed816ed1a04012b47df7a493f056e8",
"time" : 1336738723
},
We have contacted Rackspace to suspend all our servers and lock down our accounts. All your trading and financial data is safe (as far as I know), apart from the Bitcoin loss.
We have over 80% of our Bitcoins in offline wallets at the moment before the attack. We had to keep a large balance because the withdrawals are huge!
The hacker almost gained access to our Mt. Gox API keys, before I revoke them!
He could get 30,000+ BTC easily if I was asleep, or busy.
It could be a email account compromise. Someone reset the password and gained access to the account. My email account history is normal, not sure about other owners. (Yes, the emails were sent to everyone!)
Our data is kept inact. Any order placed before the shutdown will still be valid. However, no order execution will happen (no zhoutonging either).
If the market moves significantly, we will come up with a proposal to compensate disadvantaged customers once the investigation is complete.
The password reset email was sent to four addresses. I can already confirm that two of them are not compromised. We are waiting for the rest to wake up and check their email accounts. The email account compromise is the direct cause.
Presumably the RS admin console password was retrieved via an email reset, allowing the cracker to then reset the root password on the cluster machines and then log in and fuck things up.
Taken from
http://GLBSE.comGLBSE is under very heavy load
We're aware of the recent break-in at Bitcoinica and believe that GLBSE is also being targeted
We've taken GLBSE offline, including our very small hotwallet(and every bitCent is accounted for), and are taking steps to further secure our system.
We've been operating for over a year without any security incidents.
While you wait, have some fun.
I know all the owners of Bitcoinca personally, in fact I spoke to one of them not a few hours ago.
They have families, live in house, and are not going anywhere.
We don't want to make Bitcoinica a fractional reserve. The sum of margin balance is the absolute minimum of funds we have to keep (so that we can honor every withdrawal request). Since the system is down at the moment, we don't have the knowledge of open positions. We're pretty sure that margin balance can be covered with our off-site reserves, but we are unable to determine value of unpaid unrealized profits and the unpaid swaps.
We will try our best to restore the system by Monday, and we will get back to you with a detailed investigation report and our resolution on impacted customers. Thank you for your patience!
Disclaimer: I'm representing Bitcoinica but I don't control the company any more ever since the corporate reorganization. I'm personally confident that other team members are going to give everyone a fair resolution.
Quick Update
- It's more serious than we thought. We need some additional time to come up with a compensation proposal.
- Likely we will either shut down the platform or re-develop entirely (which will take months instead of days).
- The preliminary decision: reimburse for the full amount, including margin balances and position P/L.
- The root cause of this problem is an email server compromise. The email server belongs to one of our team members.
- Reminder again: Please do not reuse your Bitcoinica passwords as the database server was compromised. Do not click any links in the email. All Bitcoinica announcements will be updated on Bitcoinica website when available.
Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting). However, I'll do my best with the team to resolve this problem as quickly as possible and minimize the impact for the community. I appreciate your patience and understanding.